Skip to main content
The Cyber Security Transformation Podcast

The Cyber Security Transformation Podcast

By Corix Partners

Become a Paid Subscriber: https://podcasters.spotify.com/pod/show/tcybercast/subscribe JC Gaillard and his guests share their views on both the interesting cybersecurity news stories of the week and their own experiences. Now entering its fourth series with a stronger focus on cyber security leadership, governance and related board-level matters Released every Thursday
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Cyber security skills gap - what skills gap?

The Cyber Security Transformation PodcastSep 11, 2020

Series 5 - "Looking Back at the Role of the Virtual CISO and the Reality of Small Firms" - Episode 4

Series 5 - "Looking Back at the Role of the Virtual CISO and the Reality of Small Firms" - Episode 4

In this episode, ⁠JC Gaillard⁠ looks back at the role of the virtual CISO and in particular why many small firms would often benefit from looking internally first, before jumping to externalised cybersecurity solutions; read his original article on the theme ⁠⁠here

Mar 27, 202407:50
Series 5 - "Cybersecurity is Not Working: Time to Try Something Else" - Episode 3

Series 5 - "Cybersecurity is Not Working: Time to Try Something Else" - Episode 3

In this episode, JC Gaillard continues his journey across cybersecurity governance matters, and in particular he goes back to the construction of the role of the CISO and why it is essential to put it back in its historical perspective; read his original article on the theme ⁠here

Mar 21, 202409:50
Series 5 - "Don’t Expect Cybersecurity to Work in Firms where Nothing Does" - Episode 2

Series 5 - "Don’t Expect Cybersecurity to Work in Firms where Nothing Does" - Episode 2

In this episode, JC Gaillard continues to explore cybersecurity governance and in particular, why it is essential to place it in a broader corporate governance context; read his original article on the theme ⁠here

Mar 14, 202408:22
Series 5 - "Cybersecurity Governance, Compliance and Window-Dressing" - Episode 1

Series 5 - "Cybersecurity Governance, Compliance and Window-Dressing" - Episode 1

In this first episode of the series, JC Gaillard explores issues around cybersecurity governance and ownership and in particular, why cyber resilience needs clear accountability from the top; read his original article on the theme here


The UK Government "call for views" around a proposed "Cyber Governance Code of Practice" mentioned in the episode can be found here

Mar 07, 202410:34
Series 4 - Final Episode in the Series - "One Last Look at the Role of the Board around Cybersecurity" - Episode 24
Oct 26, 202311:59
Series 4 - "Cybersecurity, Cycles and Predictions" - Episode 23

Series 4 - "Cybersecurity, Cycles and Predictions" - Episode 23

As we reach that time in the journalistic calendar where predictions for the year to come start to appear, JC Gaillard reflects on what it means for the cybersecurity industry and the real cycles over which it has been evolving

Oct 19, 202307:49
Series 4 - "Everybody is talking about Cyber Resilience, but what do they really mean?" - Episode 22
Oct 12, 202312:13
Series 4 - "The Board needs to own cybersecurity in business terms, not in technology terms" - Episode 21
Oct 05, 202312:29
Series 4 - "The Relationship between the CISO and the Board: What's Really Going On?" - Episode 20
Sep 28, 202310:09
Series 4 - "The Cybersecurity Spiral of Failure" - Episode 19
Sep 21, 202308:28
Series 4 - "A Recruitment Perspective on the Role of the CISO" - with guest Owanate Bestman - Episode 18
Sep 14, 202326:27
Series 4 - "Why are we still talking about the reporting line of the CISO?" - with guest Mark Segelov - Episode 17
Sep 07, 202320:05
Series 4 - "Is it time to accept that the role of the CISO may be failing? - part 2" - Episode 16
Aug 31, 202312:49
Series 4 - "The Key Ingredients of a Successful GRC Programme" - Episode 15
Aug 24, 202307:17
Series 4 - "Is it time to accept that the role of the CISO may be failing?" - Episode 14
Aug 17, 202308:53
Series 4 - "From Vendor Risk to Supply Chain Risk - Part 2" - with guest Richard Preece - Episode 13

Series 4 - "From Vendor Risk to Supply Chain Risk - Part 2" - with guest Richard Preece - Episode 13

In this episode, JC Gaillard and Richard Preece continue their exchanges initiated in Episode 6 of this series around supply chain risk and comment on the outcome of the Security Transformation Research Foundation meeting in late June

Aug 10, 202319:57
Series 4 - "The Cybersecurity Numbers Game is a Dangerous One for CISOs" - Episode 12
Aug 03, 202308:15
Series 4 - "A Reality Check Around Cybersecurity Benchmarking" - Episode 11

Series 4 - "A Reality Check Around Cybersecurity Benchmarking" - Episode 11

In this episode, JC Gaillard looks at the challenges involved with cybersecurity benchmarking, and why the CISOs need to be careful when answering what could be a politically loaded question

Jul 27, 202307:47
Series 4 - "The Momentum Building Behind the Role of the CSO" - Episode 10

Series 4 - "The Momentum Building Behind the Role of the CSO" - Episode 10

In this episode, JC Gaillard explores the momentum behind the role of the Chief Security Officer and why it starts to make sense in many firms to evolve the role of the CISO and return it to its native technical content

Jul 20, 202308:13
Series 4 - "Creating Transformational Dynamics around Cybersecurity" - Episode 9
Jul 13, 202307:58
Series 4 - "The CISO and the Board" - Episode 8
Jul 06, 202308:12
Series 4 - "Dispelling Some Myths around Cybersecurity for Small Businesses" - Episode 7
Jun 29, 202309:27
Series 4 - "From Vendor Risk to Supply Chain Risk" - with guest Richard Preece - Episode 6

Series 4 - "From Vendor Risk to Supply Chain Risk" - with guest Richard Preece - Episode 6

In this episode, JC Gaillard and guest Richard Preece start exploring the various dimensions involved in managing supply chain risk, what it means for businesses, and how it differs from traditional vendor risk.

Jun 22, 202311:43
Series 4 - "There Are Just Too Many Security Tools and Products" - Episode 5
Jun 15, 202307:35
Series 4 - "The When-Not-If Paradigm: Blessing or Curse for the CISO?" - Episode 4
Jun 08, 202308:35
Series 4 - "What's going on with CISOs and their budgets?" - Episode 3
Jun 01, 202308:48
Series 4 - "Zero-Trust is not about Zero; it's about Trust" - Episode 2
May 25, 202309:08
Series 4 - "Time to Go Back to Basics with Cyber Security" - Episode 1
May 18, 202309:25
Series 3 - "Process and People first, then Technology" - Episode 24

Series 3 - "Process and People first, then Technology" - Episode 24

JC Gaillard reaches the final episode in this third series of the Corix Partners Cyber Security Transformation Podcast, and revisits a few key aspects highlighted throughout the series, in particular the importance of the "Process and People first, then Technology" principle

Oct 18, 202207:45
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23

JC Gaillard continues to analyze the way the various aspects highlighted in earlier episodes of the Series are interlinked; in this episode, he goes back to the "when-not-if" paradigm around cyber attacks and why tactical and strategic execution is paramount for the new CISO

Oct 11, 202209:42
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22

JC Gaillard reaches the final episodes in this Series and starts to look at how the various aspects highlighted in earlier episodes are interlinked; in this episode, the key traits senior execs and Board members need to focus on when hiring a new CISO

Oct 04, 202212:37
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21

JC Gaillard looks at the way the cyber security agenda needs to be framed at Board level, to enable the best positioning of the role and profile of the new CISO ahead of the "First 100 Days"

Sep 27, 202212:43
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20

JC Gaillard digs into the concept and definition of a Security Operating Model, why it needs to underpin the "First 100 Days of the New CISO", and why "Process and People first, then Technology" has to be the main guiding principle here

Sep 20, 202209:38
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19

JC Gaillard continues exploring a few specific topics surrounding the "First 100 Days of the New CISO"; in this episode, the reporting line of the CISO, why it matters and how to determine which would work best

Sep 13, 202212:19
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18

As part of his continuing exploration of the "First 100 Days of the New CISO", JC Gaillard looks into the profile of the CISO and why management experience is of paramount importance, over and above technical knowledge.

Sep 05, 202209:04
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17

JC Gaillard continues exploring the topics surrounding the "First 100 Days of the New CISO"; in this episode, he dives into the aspects surrounding the tenure of the CISO and why it is key to driving security transformation

Aug 30, 202210:57
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell

JC Gaillard is joined by Head of Cyber and Information Security at Swansea University Neil Cordell, to discuss his real-life experience of taking up a new CISO position in the midst of the Covid pandemic, and the lessons that can be learnt about bringing all stakeholders on board the cyber security transformation journey

Neil's details can be found here on Linkedin >> https://www.linkedin.com/in/neilcordell/


Aug 23, 202225:51
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15

JC Gaillard reaches the end of his exploration of the "First 100 Days of the New CISO" and before moving on to a number of episodes with guests on the theme, he digs into "expectations vs. reality" and explores the root causes of the disconnect which may exist between what the CISO finds on arrival and what they were sold at interview time

Aug 16, 202210:39
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14

JC Gaillard continues its exploration of the "First 100 Days of the New CISO" with an analysis on how tactical firefighting and the unavoidable handling of cybersecurity incidents must not be seen just as a "curse" throughout the first 100 days, but can be used to build up trust with stakeholders

Aug 09, 202211:32
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13

JC Gaillard reaches the end of the "6 days-6 weeks-6 months" cycle he explored around "The First 100 Days of the New CISO", and looks at what happens next, and how CISOs can continue to drive change

Aug 02, 202209:41
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12

JC Gaillard reaches the "6 months" part of his journey throughout the "First 100 Days of the New CISO"; in this episode, how to build an execution framework to support the strategic vision defined earlier, and why governance is key at this stage to support lasting change

Jul 26, 202215:15
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11

JC Gaillard continues developing his "6 days - 6 weeks - 6 months" model, framing the first 100 days of the new CISO; in this episode, the six weeks horizon, and how to continue building a strategic framework addressing the key challenges of the new CISO role

Jul 19, 202215:08
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10

JC Gaillard continues to look back at his 2017-2018 series of articles about "The First 100 Days of the New CISO"; in this episode, he looks into the challenges of the first week, and why it is key to understand the firm, its people and its culture from the start

Jul 12, 202213:55
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 9

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 9

We enter the second part of our third series and JC Gaillard starts exploring and revisiting his 2017-2018 series of articles entitled "The First 100 Days of the New CISO"; in this episode, why context is key and how to assess it, looking in turn at the profile of the person, the nature of the role and the maturity of the firm

Jul 05, 202210:14
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 8

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 8

JC Gaillard reaches the final part in the re-examination of his 2015 series titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to think in terms of process first when architecting a cyber security practice, and not in terms of technical tools

Jun 28, 202208:36
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 7

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 7

JC Gaillard reaches the 7th key management pitfall to avoid in his re-assessment of his 2015 series of articles entitled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look at cyber security as a structured practice, and not just a collection of tactical activities and technical projects

Jun 21, 202211:37
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 6

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 6

JC Gaillard reaches a key point in his journey through the 8 key management pitfalls for CIOs and CTOs to avoid when building or rebuilding cyber security practices; in this episode, why it is key to see cyber security not just as a technology discipline, and to build it as a cross-silo practice from the start

Jun 14, 202210:33
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice - Episode 5

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice - Episode 5

JC Gaillard moves onto his 5th key management pitfall to avoid when building or rebuilding effective and efficient cyber security practices; in this episode, why it is key to think in terms of operating model and work with all stakeholders including HR, in the definition and distribution of cyber security accountabilities and responsibilities

Jun 07, 202211:36
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 4

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 4

JC Gaillard continues his re-examination of his 2015 series of articles titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look beyond the short term and think in terms of process to drive effective and lasting change

May 31, 202210:48
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 3

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 3

JC Gaillard continues exploring and updating his 2015 series on the "CIO Guide to a Successful Cyber Security Practice"; in this episode, why throwing money at the problem is rarely the solution to maturity development around cyber security and why trust is paramount in the relation between the CISO and senior execs

May 24, 202211:31