The Core Podcast

Exposing Insider Threats: Expert Secrets from Cyber Risk Expert


Listen Later

Summary


Join Kelly as she sits down for an illuminating conversation with none other than James Moncrieff, the Global Cyber Risk Lead at GFK, who shares his journey from being a police officer to transitioning into the information security field. The two discuss James' childhood dream of becoming a firefighter and how he accidentally ended up in the police force. James also highlights his challenges in entering the cybersecurity industry and the importance of persistence and self-belief.


In this conversation, James discusses the importance of understanding the risk of shadow IT and the need to shift from a culture of exception to accountability in cybersecurity. He highlights the complexity of insider threats and the different types of insiders that businesses must be aware of. James also stresses the limitations of security controls and the importance of preventing small attacks from escalating. He explains the role of human intelligence in cybersecurity and the process of sanitising intelligence for protection.


Finally, we explore the importance of creating a culture of trust and protection and the opportunities available in cybersecurity.


Chapters


00:00 The Journey from Law Enforcement to Cybersecurity

16:36 The Power of Persistence and Self-Belief in Career Transition

27:07 Stepping Outside Your Lane: Understanding Security Principles

33:55 The Strategic Role of GRC in Cybersecurity

34:25 The Foundation of InfoSec: GRC Work and Risk Management

36:21 Navigating Insider Threats and Human Intelligence in Cybersecurity

01:04:09 Embracing Diversity and Unique Backgrounds in InfoSec


Takeaways


  • Transitioning from law enforcement to information security can be challenging, requiring persistence and self-belief.
  • Diversity in problem-solving and different perspectives can lead to innovative solutions in the cybersecurity field.
  • Understanding security principles and stepping outside one's lane can enhance the effectiveness of security professionals.
  • The role of GRC (Governance, Risk, and Compliance) in cybersecurity goes beyond checklists and policies, requiring a broader understanding and strategic approach. GRC work is the foundation of InfoSec, encompassing risk management, governance, policies, and coordination of security development.
  • Understanding the impact of systemic issues on the business is crucial for effective risk management and security posture.
  • Insider threats are complex and can range from accidental to malicious, requiring a nuanced approach to detection and prevention.
  • Human intelligence plays a vital role in cybersecurity, and a process to protect and utilize intelligence from individuals on the ground is needed.
  • Diversity in InfoSec is essential, and individuals with unique backgrounds and skills bring valuable perspectives and problem-solving abilities to the industry.


Keywords


  • cybersecurity, career transition, police officer, persistence, self-belief, diversity, problem-solving, security principles, GRC, challenges, GRC work, risk management, governance, policies, vulnerability management, security development, SOC, insider threats, human intelligence, cybersecurity, diversity, unique backgrounds, InfoSec

 

 

Hosted on Acast. See acast.com/privacy for more information.

...more
View all episodesView all episodes
Download on the App Store

The Core PodcastBy Core To Cloud