The Cyber Security Transformation Podcast
By Corix Partners
The Cyber Security Transformation PodcastJun 01, 2023
Series 5 - "Large Enterprises Can’t Cope With More Cybersecurity Tools" - Episode 11
In this episode, JC Gaillard goes back to the topic of security tools proliferation discussed in previous series and highlights why it should be central to the role of the CISO to build a vision and a product strategy, and drive the decluttering of cybersecurity landscapes
Series 5 - "Leadership: The Real Secret Sauce for the CISO" - Episode 10
In this episode, JC Gaillard looks back at the role of the CISO, how it has evolved over the past two decades and where the priorities should be to drive real and lasting transformation around cybersecurity; read his interview on the theme here
Series 5 - "Time to Start Focusing on the Decluttering of the Cyber Security Toolkit Landscape" - Episode 9
In this episode, JC Gaillard looks back a the cybersecurity toolkit landscape and the issues already highlighted in earlier series of the podcast and put things in perspective around the need to declutter; read his interview on the theme here
Series 5 - "Why Are Security Vendors So Obsessed with Board Attention?" - Episode 8
In this episode, JC Gaillard explores the relationship between cybersecurity vendors and Board oversight, why they appear to be so driven by it and where their arguments often appear to be flawed; read his article on the theme here
Series 5 - "A Look Back at the Role of the Board around Cybersecurity Oversight" - Episode 7
Series 5 - "Generative AI and Cybersecurity: The Big Untold Problem" - Episode 6
In this episode, JC Gaillard makes a rare foray in the field of Artificial Intelligence and generative AI and highlights what he sees as the big untold problem at the heart of many discussions on the theme; read his article on the theme here on Forbes
Series 5 - "From Threat to Risk: A "threat" is not a "risk" if you are well protected" - Episode 5
In this episode, JC Gaillard talks around the concept of risk and the importance of using accurate and rigourous language around those aspects across the cybersecurity industry; read more about the approach he highlights in this whitepaper
Series 5 - "Looking Back at the Role of the Virtual CISO and the Reality of Small Firms" - Episode 4
In this episode, JC Gaillard looks back at the role of the virtual CISO and in particular why many small firms would often benefit from looking internally first, before jumping to externalised cybersecurity solutions; read his original article on the theme here
Series 5 - "Cybersecurity is Not Working: Time to Try Something Else" - Episode 3
In this episode, JC Gaillard continues his journey across cybersecurity governance matters, and in particular he goes back to the construction of the role of the CISO and why it is essential to put it back in its historical perspective; read his original article on the theme here
Series 5 - "Don’t Expect Cybersecurity to Work in Firms where Nothing Does" - Episode 2
In this episode, JC Gaillard continues to explore cybersecurity governance and in particular, why it is essential to place it in a broader corporate governance context; read his original article on the theme here
Series 5 - "Cybersecurity Governance, Compliance and Window-Dressing" - Episode 1
In this first episode of the series, JC Gaillard explores issues around cybersecurity governance and ownership and in particular, why cyber resilience needs clear accountability from the top; read his original article on the theme here
The UK Government "call for views" around a proposed "Cyber Governance Code of Practice" mentioned in the episode can be found here
Series 4 - Final Episode in the Series - "One Last Look at the Role of the Board around Cybersecurity" - Episode 24
In this final episode of Series 4, JC Gaillard goes back to the role of the Board in relation to cybersecurity and clarifies a number of aspects from earlier episodes; read his original article on the theme here
Series 4 - "Cybersecurity, Cycles and Predictions" - Episode 23
As we reach that time in the journalistic calendar where predictions for the year to come start to appear, JC Gaillard reflects on what it means for the cybersecurity industry and the real cycles over which it has been evolving
Series 4 - "Everybody is talking about Cyber Resilience, but what do they really mean?" - Episode 22
In this episode, JC Gaillard explores the meaning of cyber resilience across the industry, why some many people use the term to mean so many different things and what can be done to harmonise the approach to the concept; read his original (2019) article on the theme here
Series 4 - "The Board needs to own cybersecurity in business terms, not in technology terms" - Episode 21
In this episode, JC Gaillard goes back to the discussions in Episode 14 and 16 and continues to analyse the comments received in response to his earlier article around the failed role of the CISO; in this episode, more on the role of the Board and why it needs to own cybersecurity in business terms, not in technology terms.
Series 4 - "The Relationship between the CISO and the Board: What's Really Going On?" - Episode 20
In this episode, JC Gaillard starts to explore the nature and the mechanics of the relationship between the CISO and the Board, in the light of two recent surveys and their conflicting headlines; References: The ComputerWeekly article mentioned in the episode can be found here; The InfoSecurityMag article can be found here; and the Proofpoint report "Cybersecurity: The 2023 Board Perspective" here
Series 4 - "The Cybersecurity Spiral of Failure" - Episode 19
In this episode, JC Gaillard looks back at what has been happening in some large organisations around cybersecurity across the last two decades, and at the dynamics of what he has been calling the "cybersecurity spiral of failure"; read his original article on the theme here
Series 4 - "A Recruitment Perspective on the Role of the CISO" - with guest Owanate Bestman - Episode 18
In this episode, JC Gaillard looks back at the role of the CISO in the light of discussions on the theme in the last few episodes, and takes a recruitment perspective on the role, its history and its evolution with guest and recruitmemnt specialist Owanate Bestman; some of JC's views on the topic can be found here; Owanate's profile can be found here
Series 4 - "Why are we still talking about the reporting line of the CISO?" - with guest Mark Segelov - Episode 17
In this episode, JC Gaillard and guest Mark Segelov look back at the reporting line of the CISO, and why it is still a hot topic of discussion amongst cybersecurity professionals; JC's views on the topic can be found in those 2 pieces from 2017 and 2018, which are revisited in the podcast; Mark's Linkedin profile can be found here
Series 4 - "Is it time to accept that the role of the CISO may be failing? - part 2" - Episode 16
In this episode, JC Gaillard goes back to the content of Episode 14 and explores a number of comments received on Linkedin around the associated article, and in particular, how the role of the CSO needs to be conceived and positioned, and the importance of a structured cybersecurity operating model
Series 4 - "The Key Ingredients of a Successful GRC Programme" - Episode 15
In this episode, JC Gaillard looks back at IT GRC programmes, why they often fail, and why integration of business threats, technology risks, controls and protective measures is key to success; read his original article on the theme here.
Series 4 - "Is it time to accept that the role of the CISO may be failing?" - Episode 14
In this episode, JC Gaillard revisits earlier discussions around the role of the CISO, highlighting issues with the historical construction of the role and why a CSO role may be the way forward in some firms; read his original article on the theme here
Series 4 - "From Vendor Risk to Supply Chain Risk - Part 2" - with guest Richard Preece - Episode 13
In this episode, JC Gaillard and Richard Preece continue their exchanges initiated in Episode 6 of this series around supply chain risk and comment on the outcome of the Security Transformation Research Foundation meeting in late June
Series 4 - "The Cybersecurity Numbers Game is a Dangerous One for CISOs" - Episode 12
In this episode, JC Gaillard revisits two apparently conflicting vendor surveys and explores how playing the cybersecurity numbers game can leave CISOs weakened and exposed; read his original article on the theme here
Series 4 - "A Reality Check Around Cybersecurity Benchmarking" - Episode 11
In this episode, JC Gaillard looks at the challenges involved with cybersecurity benchmarking, and why the CISOs need to be careful when answering what could be a politically loaded question
Series 4 - "The Momentum Building Behind the Role of the CSO" - Episode 10
In this episode, JC Gaillard explores the momentum behind the role of the Chief Security Officer and why it starts to make sense in many firms to evolve the role of the CISO and return it to its native technical content
Series 4 - "Creating Transformational Dynamics around Cybersecurity" - Episode 9
Series 4 - "The CISO and the Board" - Episode 8
In this episode, JC Gaillard looks back at a recent survey from IANS Research and questions whether you should really expect your current CISO to sit on the Board; read his original article on the theme here
Series 4 - "Dispelling Some Myths around Cybersecurity for Small Businesses" - Episode 7
In this episode, JC Gaillard addresses the challenges of cybersecurity for small and mid-size businesses and in particular how a number of misconceptions still lead to the adverse prioritisation of security matters and protective measures; read his original article on the theme here
Series 4 - "From Vendor Risk to Supply Chain Risk" - with guest Richard Preece - Episode 6
In this episode, JC Gaillard and guest Richard Preece start exploring the various dimensions involved in managing supply chain risk, what it means for businesses, and how it differs from traditional vendor risk.
Series 4 - "There Are Just Too Many Security Tools and Products" - Episode 5
In this episode, JC Gaillard looks back at the state of the cybersecurity industry and analyzes possible reasons behind the proliferation of security tools and services, and the problems it creates for large organizations; read his original article on the theme here
Series 4 - "The When-Not-If Paradigm: Blessing or Curse for the CISO?" - Episode 4
In this episode, JC Gaillard goes back to the "when-not-if" paradigm around cyber attacks, which he mentioned in previous episodes, and explores its impact for the CISO; read his original article on the theme here
Series 4 - "What's going on with CISOs and their budgets?" - Episode 3
In this third episode of our fourth series, JC Gaillard looks back at cybersecurity budgets and analyzes the reasons behind the considerable underspent highlighted by a recent survey; read his original article on the theme here
Series 4 - "Zero-Trust is not about Zero; it's about Trust" - Episode 2
JC Gaillard looks back at a number of aspects involving zero-trust technology and why putting technology first is probably the biggest mistake you can make in that space; read his original article on the theme here
Series 4 - "Time to Go Back to Basics with Cyber Security" - Episode 1
Welcome to the 1st episode of our 4th Series - JC Gaillard starts to look back at the various topics that have been catching his eye since the end of the previous series: In this episode, why it is key to look beyond the hype on a number of tech matters and refocus our approach to cyber security on key concepts; read his original article on the theme here
Series 3 - "Process and People first, then Technology" - Episode 24
JC Gaillard reaches the final episode in this third series of the Corix Partners Cyber Security Transformation Podcast, and revisits a few key aspects highlighted throughout the series, in particular the importance of the "Process and People first, then Technology" principle
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23
JC Gaillard continues to analyze the way the various aspects highlighted in earlier episodes of the Series are interlinked; in this episode, he goes back to the "when-not-if" paradigm around cyber attacks and why tactical and strategic execution is paramount for the new CISO
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22
JC Gaillard reaches the final episodes in this Series and starts to look at how the various aspects highlighted in earlier episodes are interlinked; in this episode, the key traits senior execs and Board members need to focus on when hiring a new CISO
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21
JC Gaillard looks at the way the cyber security agenda needs to be framed at Board level, to enable the best positioning of the role and profile of the new CISO ahead of the "First 100 Days"
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20
JC Gaillard digs into the concept and definition of a Security Operating Model, why it needs to underpin the "First 100 Days of the New CISO", and why "Process and People first, then Technology" has to be the main guiding principle here
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19
JC Gaillard continues exploring a few specific topics surrounding the "First 100 Days of the New CISO"; in this episode, the reporting line of the CISO, why it matters and how to determine which would work best
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18
As part of his continuing exploration of the "First 100 Days of the New CISO", JC Gaillard looks into the profile of the CISO and why management experience is of paramount importance, over and above technical knowledge.
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17
JC Gaillard continues exploring the topics surrounding the "First 100 Days of the New CISO"; in this episode, he dives into the aspects surrounding the tenure of the CISO and why it is key to driving security transformation
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell
JC Gaillard is joined by Head of Cyber and Information Security at Swansea University Neil Cordell, to discuss his real-life experience of taking up a new CISO position in the midst of the Covid pandemic, and the lessons that can be learnt about bringing all stakeholders on board the cyber security transformation journey
Neil's details can be found here on Linkedin >> https://www.linkedin.com/in/neilcordell/
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15
JC Gaillard reaches the end of his exploration of the "First 100 Days of the New CISO" and before moving on to a number of episodes with guests on the theme, he digs into "expectations vs. reality" and explores the root causes of the disconnect which may exist between what the CISO finds on arrival and what they were sold at interview time
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14
JC Gaillard continues its exploration of the "First 100 Days of the New CISO" with an analysis on how tactical firefighting and the unavoidable handling of cybersecurity incidents must not be seen just as a "curse" throughout the first 100 days, but can be used to build up trust with stakeholders
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13
JC Gaillard reaches the end of the "6 days-6 weeks-6 months" cycle he explored around "The First 100 Days of the New CISO", and looks at what happens next, and how CISOs can continue to drive change
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12
JC Gaillard reaches the "6 months" part of his journey throughout the "First 100 Days of the New CISO"; in this episode, how to build an execution framework to support the strategic vision defined earlier, and why governance is key at this stage to support lasting change
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11
JC Gaillard continues developing his "6 days - 6 weeks - 6 months" model, framing the first 100 days of the new CISO; in this episode, the six weeks horizon, and how to continue building a strategic framework addressing the key challenges of the new CISO role
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10
JC Gaillard continues to look back at his 2017-2018 series of articles about "The First 100 Days of the New CISO"; in this episode, he looks into the challenges of the first week, and why it is key to understand the firm, its people and its culture from the start