Sign up to save your podcasts
Or
Share Cyber Risks Unmasked: Reporting the Threats #DTF016
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Risks Unmasked: Reporting the Threats #DTF016
Join hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday!
0:00:00 - Intro: Special guest Dina Mathers
0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches
0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates
0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling
0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms
0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI
0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable
0:28:40 - Real-world angles: Procurement pushback, business use cases
0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks
0:40:00 - Basics failures: Weak creds, poor segmentation, no logging
0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships
0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams
0:58:25 - Tease: Non-human identities (NHI) as future ep topic
1:00:01 - Fern's thought: Security leaders as elite salespeople
1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells
1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold
1:06:15 - Outro
Articles:
https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06b
https://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/
"Periodic Table" :
https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/
Linkedin:
Dina Mathers: https://www.linkedin.com/in/dinamathers/
Damian: https://www.linkedin.com/in/damianchung/
Troy: https://www.linkedin.com/in/kosovotroy/
Fern: https://www.linkedin.com/in/fernrojasaz/
Business Inquiries: dtf at cyberpodcast dot net
View all episodes
By Cyber PodcastJoin hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday!
0:00:00 - Intro: Special guest Dina Mathers
0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches
0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates
0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling
0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms
0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI
0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable
0:28:40 - Real-world angles: Procurement pushback, business use cases
0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks
0:40:00 - Basics failures: Weak creds, poor segmentation, no logging
0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships
0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams
0:58:25 - Tease: Non-human identities (NHI) as future ep topic
1:00:01 - Fern's thought: Security leaders as elite salespeople
1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells
1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold
1:06:15 - Outro
Articles:
https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06b
https://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/
"Periodic Table" :
https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/
Linkedin:
Dina Mathers: https://www.linkedin.com/in/dinamathers/
Damian: https://www.linkedin.com/in/damianchung/
Troy: https://www.linkedin.com/in/kosovotroy/
Fern: https://www.linkedin.com/in/fernrojasaz/
Business Inquiries: dtf at cyberpodcast dot net