ISACA Podcast
Industry Spotlight - Todd Fitzgerald

Industry Spotlight - Todd Fitzgerald

August 11, 2022

Cybersecurity leader, author, and host of the CISO Stories podcast, Todd Fitzgerald sits down with ISACA’s Chelsey Byrd to discuss his extensive career journey in security, his best-selling book, CISO COMPASS, and how a make-believe FBI club connects directly to his career passions today.

As one of ISACA’s top-rated speakers, Todd gives tips and techniques for the best way to prepare for a speaking event, how to engage the audience, and some entertaining moments and behind-the-scenes accounts from conferences!

Named the Chicago CISO of the Year and ranked Top 50 IS Executive in 2016 and 2017, Todd offers listeners his best career advice, ways to stay aware of current business trends, and much more.

Listen now to this episode of ISACA’s Industry Spotlight.

To listen to CISO Stories, visit https://securityweekly.com/category-shows/the-ciso-stories-podcast/.

To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

Advancing Digital Trust Through Audit and Assurance

Advancing Digital Trust Through Audit and Assurance

August 9, 2022

A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors.

For more information, go to https://isaca.org/digital-trust

Managing Security Across Disparate Database Technologies

Managing Security Across Disparate Database Technologies

August 4, 2022

We usually think about the most efficient way to do things while working in production environments. Still, often employees forget about an insecure environment once the work has been completed and they have moved on to another project.

“We don’t always need to audit things; sometimes you can gauge risk by having a conversation with stakeholders…on how they manage databases,” says Adam Kohnke, Cybersecurity Architect for Charter Next Generation.

Adam joins ISACA’s Jon Brandt in this episode to discuss his recently released ISACA Journal article, “Managing Security Across Disparate Database Technologies.” Adam breaks down best practices for User Access Management, Encryption, and Logging. He comments on the best ways to start the conversation about security beyond what management considers vital for IT.

Tune in now for the full episode!

To read the full article, visit www.isaca.org/managing-security-across-disparate-database-technologies.

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts 

Implementing Emerging Technologies: Agile SDLC Still Works

Implementing Emerging Technologies: Agile SDLC Still Works

August 2, 2022

AI is a part of our everyday life. What's The Risk LLC's Cindy Baxter gives ISACA's Kevin Keh examples of modern media like the movies Free Guy, Ron’s Gone Wrong and The Matrix, and how they relate to AI-related risk factors, and they ask the questions, what is true? what is the data we are looking at? AI is about data accuracy and reputational risk, and Cindy discusses how to manage frameworks, create meaningful check points and intended outcomes six months or 2 years later that are spot on for what an organization intended. Cindy strongly believes that you always get a better outcome with diversity, because people from diverse backgrounds and life experiences create different ways to learn and produce innovative ideas and avoid rework.

To read Cindy's full article, visit: www.isaca.org/implementing-emerging-technologies

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

ISACA Live: Managing Supply Chain Risk with Richard Hollis

ISACA Live: Managing Supply Chain Risk with Richard Hollis

July 28, 2022

ISACA's risk expert Paul Phillips and Richard Hollis, CEO of Risk Factory and an ISACA Conference Europe speaker, examine top cyber risks impacting the supply chain, steps organizations need to take to manage supply chain risk, and important steps to take in the contract process.

Be sure to like, comment, and subscribe for more ISACA Productions content.

Industry Spotlight - Pam Nigro

Industry Spotlight - Pam Nigro

July 26, 2022

On this episode of Industry Spotlight, ISACA's outgoing Board Chair, Greg Touhill, introduces the 2022-23 Board Chair, Pam Nigro. They trade stories from their careers, Pam's thoughts on the future of ISACA, how Game of Thrones relates to Cybersecurity, and Greg shares his favorite moments from his tenure.

To read Pam's welcome letter, go to: www.isaca.org/letter-from-the-incoming-board-chair

To listen to more ISACA Podcasts, go to: www.isaca.org/podcasts 

The Impact of People on the Information Technology Landscape

The Impact of People on the Information Technology Landscape

July 21, 2022

In this episode, ISACA’s Jon Brandt chats with Thomas Lenzenhofer, Business Development Manager at Cisco, about his new ISACA article titled, “The Impact of People on Today’s Information Security Landscape.”

With over 20 years of industry experience, Thomas has a wealth of knowledge to share with ISACA listeners. The security of an organization is a serious matter, and Thomas gives a vivid scenario from his recent ISACA Journal article about how an attack on a country's health care system could be massively disruptive to the daily functions of staff computer systems, possibly causing employees not to receive payroll. Thomas also gives examples of how to properly train staff to avoid an event like this and says that security is a business enabler from the top-down. Tune in now!

To read Thomas' ISACA article, visit: www.isaca.org/impact-of-people-on-information-security-landscape

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part II

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part II

July 19, 2022

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part I

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part I

July 14, 2022

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

Smarter Testing = Safer Digital Experiences

Smarter Testing = Safer Digital Experiences

July 12, 2022

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing?  In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats.

We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding.

For more information go to https://trust.adobe.com

Be sure to like, comment, and subscribe for more ISACA Productions content.

Podbean App

Play this podcast on Podbean App