Show notes
“We now have an enormous challenge with the number of people who are connecting to systems, the number of people who are connecting to each other, and the number of systems that are connecting to each other and every single one of those endpoints requires some form of identity—otherwise you don't know who you're talking to or what you're talking to.”

In this episode, host Stephen Boughton chats with Ciaran Foley about the importance of automation, not being a lone ranger, and the role security platforms play in consolidating tooling.

Topics covered

• The importance of simplification, collaboration, automation
• The role security platforms play in consolidating tooling
• The challenge of increased connectivity
• The concept of security as a never-ending process
• The challenge of regulation and compliance

Guest bio
Ciaran Foley is a technologist, futurist, senior start-up executive, board director, CxO and serial entrepreneur with a track record of innovation, leadership, and start-up experience across multiple business and technology domains.

Guest links
LinkedIn: https://www.linkedin.com/in/ciaran/
Twitter: https://twitter.com/ciaranfoley

Follow Along

Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social: Facebook, Twitter,  LinkedIn

Full transcript here.

Shownotes

“You would be surprised at how few organizations— just for something that simple—have not done multi-factor on cloud-based email. It is mind-boggling to me because to me it’s an easy-button thing with low impact.”

In this episode, host Ian L. Paterson chats with Larry Whiteside Jr. about the importance of visibility for both employers and job seekers, weighing skills vs certs, and how automation will affect the cybersecurity hiring market. They also discuss the importance of innovation,  thinking outside the box, the important role of data steward, and tackling the easy-button issues.

Topics covered

• The importance of two-way visibility between employers and job seekers.
• Building a good team: balancing skills, certs, and a thirst for knowledge.
• The impact of automation on the job market and skills shortage.
• The role of being a steward of data.
• The importance of tackling the low-hanging security fruit. 

Guest Bio

Larry is a seasoned cybersecurity executive and champion of diversity. He is a regular speaker and influencer in the fields of cybersecurity and risk management. He has over 20 years experience in building and running cybersecurity programs in multiple industries to include DoD, the federal government, financial services, healthcare, and critical infrastructure. Larry is also the co-founder and vice president of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a not-for-profit that is attempting to increase the number of minority and female cybersecurity professionals through many different avenues to include scholarship, internship, and training opportunities.

Guest Links

Linkedin: https://ca.linkedin.com/in/
Twitter: https://twitter.com/LarryWhiteside

Follow Along

Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social: Facebook, Twitter,  LinkedIn

Full transcript here.

Show notes
“The problem is all of the 'digital dust' that I've left behind—there is enough for the crooks to cobble together enough information to be able to breach me somewhere else where I do care. And so that's the thing we need to fix.”

In this episode, host Ian L. Paterson chats with Andre Boysen, chief identity officer at SecureKey, about how good digital identity makes CISOs lives easier, the concept of user self-interest, and how identity and access is actually a business problem.

Topics covered

• The user complexity problem leading to latent risk
• Balancing the reduction in the attack surface and improvement of customer experience
• The inside-out to outside-in shift with internal workforce authentication
• The different approaches required to manage employee and customer credentials
• How most individual solutions aren’t strong enough alone to protect users
• How identity access is actually a business problem

Guest Bio
Andre Boysen serves as SecureKey’s digital identity evangelist and Chief Identity Officer. Andre has 20 plus years of experience in tech, and has been recognized as a global leader in digital identity by One World Identity and Innovate Identity. He also services on boards for both DIACC and the Kantara initiative.

Guest Links
Linkedin: https://ca.linkedin.com/in/aboysen
Twitter: https://twitter.com/idgorilla

Follow Along
Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social: Facebook, Twitter,  LinkedIn

Full transcript:
Click here for full transcript.

“It's important to look at context and risk when you're deciding what kind of authentication or how strongly a person, or device, or organization needs to be identified.”

In this episode host Ian L. Paterson chats with Joni Brennan about the field of identity management, the importance of context and risk, and the blending of context between personal and professional and what that means for identity.

Topics covered

• The human impact of identity management. 
• Classification, access, and trustworthiness of data in the public sector, enterprise, and consumer space.
• Standards roles in interoperability—plug and play solutions. 
• Looking at challenges and opportunities holistically—being flexible, willing to experiment with new technologies, yet being pragmatic in terms of decision making, and where to invest.
•  Importance of context and risk when it comes to authenticating people or devices.
• Focusing on the integrity of data, who has access to the data, and for which purpose. 
• The importance of data strategy and classifying kinds of data and understanding which kinds of data need to be verified for which kinds of transactions

Guest Bio
Joni has 15 years of hands-on experience in Identity Access Management innovations and industry standards development. Joni helps the DIACC to fulfill its vision of organizing Canadian market forces to unlock digital identity and authentication economic opportunities for all Canadians. She has participated in international organizational committees and has testified regarding trusted Identity and Access Management systems for the US Office of the National Coordinator for Health Information Technology Security and Privacy.

Guest Links
https://ca.linkedin.com/in/jonibrennan

Plurilock Links
Follow Along: Newsletter | Facebook | Twitter | LinkedIn
Read Along: Click here for full transcript.

“I have certainly seen impacts to organizations where there has been poor or no identity management in place and what some of those outcomes are.”

In this episode, host Ian L. Paterson chats with Iain Paterson about how identity is at the heart of many breaches, the challenges of implementing current identity management approaches, the dangers of third-party risk, and the importance of understanding the business you’re in.

Topics covered

• Iain's cybersecurity career path from integrations, to financial services,
  and healthcare to consulting
• How identity is at the heart of many breaches
• How many identity management approaches can be challenging to implement

Plus the importance of

• Creating a culture that attracts talent and "upskilling" the best and brightest
• Evaluating your entire footprint, legacy applications, and possible vulnerabilities
• Understanding policy, business operations, and the markets your business is operating in

Guest Bio

Iain is a highly skilled information security leader and practitioner with more than 15 years of experience in enterprise-wide information technology. Iain holds an MBA with a focus in Leadership and Innovation, and has industry CISSP, CISM and SABSA certifications. A seasoned security practitioner, he brings the true chief information security officer (CISO) perspective to every client and engagement.

Guest Links

LinkedIn: https://ca.linkedin.com/in/iainpaterson

Plurilock Links

Follow Along: Newsletter | Facebook | Twitter | LinkedIn
Read Along: Click here for full transcript.

“I would give Lunch & Learns on the things that I felt were the biggest problem. And that helped me meet a lot of developers and find lots of allies within the software development teams and identify potential champions.”

In this episode host Ian L. Paterson chats with Tanya Janca about the importance of privacy and transparency, creating equality and diversity in the workplace, and how to create and keep security talent.

Topics covered

• Importance of privacy in a world of data aggregation and cutting edge technologies. 
• Automation and not reinventing the wheel. 
• Importance of risk-based authentication approach and having multiple layers of security.
• Finding the perfect balance between security and usability for your business.
• Empowering those with an interest in security via security champions programs. Engage employees and find allies.
• The importance of fostering a good security culture and utilizing co-op programs. 
• Employees are your biggest advertisers—checking with employees from different backgrounds and see how you’re doing.
• Tanya’s learning platform SheHacksPurprle which offers application security, DevSecOPs, Cloud Security Training both in-person and online.

Guest Bio

Tanya Janca is the founder of the learning platform SheHacksPurple. She’s an application security consultant who leads the Victoria Women in Security (WoSec) Chapter and the Open Web Applications Security Project (OWASP) Chapter. She’s had previous roles at Microsoft and the Canadian Government.

Guest Links

Twitter: https://twitter.com/shehackspurple
Website: https://www.shehackspurple.dev/
Youtube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ
Medium: https://medium.com/@shehackspurple

Plurilock Links

Follow Along: Newsletter | Facebook | Twitter | LinkedIn
Read Along: Click here for full transcript.

“Now you have to look at fourth-party risk. So, are they doing the same due diligence on their third parties that I'm doing on them? Because this is almost like a never-ending chain where everyone's relying on somebody else. And if there's one weak link in the chain that can have cascading effects all the way up to my organization.” 

In this episode, host Ian L. Paterson chats with Josh Stabiner about third-party risk, the importance of mentorship, understanding the business, and sticking to a framework.

Topics covered

• The shifting of the cybersecurity discipline from
  technology-focused to business-focused 
• Understanding process flow and the business mission to
  create a tailored and informed plan
• Importance of third-party and fourth-party risk management
• Learning to find ways to enable business needs while mitigating risks
• Picking a framework to identify security gaps
• The importance of mentorship and team diversity

Guest Bio

Josh Stabiner is Chief Information Security Officer at General Atlantic and leads the firm's cybersecurity efforts as a part of its information technology team. Before joining General Atlantic in 2018 Josh was managing director and CISO at Pine River Capital management.

Prior to that, Josh spent 10 years at Ernst & Young where he led cyber-threat management advisory services for financial services clients, focusing on threat intelligence, vulnerability identification and mediation, security monitoring, analytics incident response, and security engineering.

Transcript and Accessibility

Full text transcript is available on the Plurilock blog.

Follow Along

Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social Facebook | Twitter | LinkedIn

“Because if you don't know where and what your data is, it doesn't matter what controls you have in place. They're not going to stop that data from being accessed or moved around by the wrong people.”

In this episode, host Ian L. Paterson chats with Ajay Sood about the move away from the “secure enclave” and the authentication challenges of data being everywhere.

Topics covered

• Importance of context with identity and data access
• The move from a technological to anthropological conversation
• Unique challenges of managing security for a mid-sized institution
• Being a custodian of data: the importance of visibility and understanding
  what data you have.
• Usability and not making security an obstruction
• How malware and security isn’t just an IT problem anymore.
• The emergence of the V-CISO role

Guest Bio

With over 20 years of real-life, in-the-trenches business experience in the IT security space, Ajay is a seasoned veteran when it comes to introducing disruptive security brands to the Canadian market. He currently serves as RVP of Armis and was previously the Vice-President and General Manager for Symantec Canada. He is on a mission to evangelize the importance of entities staying ahead of the curve when it comes to architecting and operating their cybersecurity defenses. Ajay is also chair of CLX forum as well as editor of the Canadian Cybersecurity 2018 Anthology.  

Links
CLX Forum: https://www.clxforum.org/
Twitter: https://twitter.com/akssecure
LinkedIn: https://www.linkedin.com/in/akssecure

Transcript and Accessibility

Full-text transcript is available on the Plurilock blog.

Follow Along

Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social: Facebook | Twitter | LinkedIn

“Digital identity has become extremely unverifiable. One of the great needs in the cyber world is to begin to anchor identity back to human characteristics when possible.”

In our first episode, host Ian L. Paterson chats with Ed Hammersla about how computing automation and the internet have changed identity.

Topics covered

• Business resiliency from cyberattack
• Automation and the internet have changed both security and identity
• Scalability as it relates to administration
• Vulnerability of legacy security infrastructure and tooling
• Regulation and possible downsides
• Convenience and security trade-off
• Importance of anchoring identity to human characteristics
• Behavioral biometrics to support identity

Guest Biography

Ed Hammersla was most recently President of Forcepoint Federal and Chief Strategy Officer at Forcepoint for Raytheon, a joint venture, focused on marketing cybersecurity products to both government and commercial organizations. Ed also played a leading role in the development of the trusted version of the Linux operating system, now known as Red Hat Enterprise Linux. 

He began his career at IBM and held leadership positions with Sterling Software, Informix Federal NEC and Trusted Computer Solutions, and has also worked in a number of venture capital communities as CEO of multiple startups and served as an investor and advisor to other companies.

Transcript and Accessibility

Full text transcript is available on the Plurilock blog.

Follow Along

Newsletter: https://www.plurilock.com/newsletter-signup/
Plurilock Social: Facebook | Twitter | Linkedin