This episode features Dr. Peter Trim, a Reader in Marketing and Security Management at the University of London’s Birkbeck Business School. Dr. Trim has published a dozen books, and his most recent (2023) focuses on Strategic Cyber Security Risk Management. Cybersecurity best practices began in the UK with British Standard 7799, which morphed into ISO 27001/002. Dr. Trim discusses the necessity for a collective approach in cybersecurity and the need to maintain an international perspective. His work endeavors to link cyber risk management theory with practical application through use cases and simulation exercises. We explore the need for improved private sector interaction with academia and the need to integrate cybersecurity risk management content in interdisciplinary curricula.

In this episode of ADCG on Privacy & Security podcast, host Jody Westby is joined by Sabrina Gross, regional director of strategic partners at Veridas. Sabrina has worked globally and spent 15 years working with law enforcement agencies in Europe, the Middle East, and Africa. At Veridas, Sabrina focuses on cutting-edge technologies that are used for authentication and to prevent identity fraud. We discuss the importance of having a choice of authentication options, limitations of various devices, the pros and cons of facial recognition, fingerprints, and voice as authentication methods, what companies should look for in a biometrics provider, security factors, customer preferences, and more. We drill down into the role of state privacy laws and the circumstances under which a business should consider multiple, layered verification methods.

This episode of the ADCG Privacy and Cybersecurity Podcast features Ken Westin, Field CISO for Panther Labs. Ken has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. We discuss how the lack of good application and data inventories impact incident response. When data is spread across data centers, clouds, and SaaS providers, it becomes difficult to track and trace an incident and understand its impact, but it becomes especially hard if the data involves confidential or proprietary business data that is not tracked by privacy officers or if it includes sensitive data that may involve regulators. The recent MOVEit breach, which involved software used to transfer sensitive data between servers, systems, and applications, provided rich lessons in the need for data asset inventories and SIEMs that can correlate data across providers and platforms.

This episode features Scott Giordano, former vice president and general counsel for Spirion who has more than 25 years of legal, technology, and risk management expertise and was one of the first attorneys to jump into artificial intelligence. We will discuss the implications of AI for privacy and information security, current US state laws, the EU AI Act, and what companies can do to prepare for “AI everywhere.” Scott also discusses the recent “Career Essentials in Generative AI” course he took, which is offered by Microsoft and LinkedIn.

In this episode, Jody Westby interviews Gerry Stegmaier, a partner in ReedSmith’s Tech & Data Group. Gerry focuses on digital issues, corporate governance, incident response, privacy, and cybersecurity matters, plus other areas. We discuss the new SEC Cybersecurity Risk Management Rule for public companies, how it differs from the proposed rule, key requirements and compliance deadlines, and the practical impact on cyber incident disclosures, identifying and disclosing material cyber risks, and how boards and C-suites will approach cyber governance.