Guest host:

• Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud

Guest:

• John Rogers, CISO @ MSCI

Topics:

• Can you briefly walk us through your CISO career path?
• What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them?
• What are the biggest cloud security challenges CISOs are facing today, and how are those evolving?
• Given the rapid change of pace in emerging tech, such as what we’ve seen in the last year or so with gen AI, how do you balance the need to address short-term or imminent issues vs those that are long-term or emergent risks?
• What advice do you have for how CISOs can communicate the importance of anticipating threats to their boards and executives?
• So, how to be a forward looking and strategic yet not veer into dreaming, paranoia and imaginary risks? How to be futuristic yet realistic?
• The CISO role as an official title is a relatively new one, what steps have you taken to build credibility and position yourself for having a seat at the table?

Resources:

• ATT&CK Framework
• EP189 How Google Does Security Programs at Scale: CISO Insights
• EP129 How CISO Cloud Dreams and Realities Collide
• EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen!
• EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?

Guest:

• Bob Blakley, Co-founder and Chief Product Officer of Mimic

Topics:

• Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right?
• What makes ransomware a unique security problem?
• What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)?
• Are there new ways to solve it?
• Is this really a problem that a startup is positioned to solve? Aren’t large infrastructure owners better positioned for this? In fact, why haven't existing solutions solved this?
• Is this really a symptom of a bigger problem? What is that problem?
• What made you personally want to get into this space, other than the potential upside of solving the problem?

Resources:

• EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud
• EP89 Can We Escape Ransomware by Migrating to the Cloud?
• EP45 VirusTotal Insights on Ransomware Business and Technology
• EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators
• EP7 No One Expects the Malware Inquisition
• Anderson Report (July 1972)
• “The Innovator Dilemma” book
• “Odyssey” book (yes, really)
• Crowdstrike External Technical Root Cause Analysis — Channel File 291 (yes, that one)

Guest:

• Allan Liska, CSIRT at Recorded Future, now part of Mastercard

Topics:

• Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape?
• It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, their organizational structures, and their financial motivations?
• Ransomware gangs are becoming increasingly aggressive in their extortion tactics. Can you shed some light on these new tactics, such as data leaks, DDoS attacks, and threats to contact victims' customers or partners?
• What specific challenges and considerations arise when dealing with ransomware in cloud environments, and how can organizations adapt their security strategies to mitigate these risks?
• What are the key factors to consider when deciding whether or not to pay the ransom?
• What is the single most important piece of advice you would give to organizations looking to bolster their defenses against ransomware?

Resources:

• Video (LinkedIn, YouTube)
• 2024 Data Breach Investigations Report
• EP89 Can We Escape Ransomware by Migrating to the Cloud?
• EP45 VirusTotal Insights on Ransomware Business and Technology
• EP29 Future of EDR: Is It Reason-able to Suggest XDR?
• EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators