The Security Collective Podcast

Today we are recapping some of the great episodes from season 11 'In Case You Missed' them! We have put together a snippet of the best parts from each guest for you, and if you like what you hear, click below to listen to the full episode, or head to wherever you enjoy our podcast, and check out the full back catalogue. Links: Marc Bown Stephen Kennedy Craig Ford Naveen Chilamkurti Paul McCarty Yvette Lejins Jamie Newman Paul Wenham Samm MacLeod For the full episode, transcript please visit our website

It's our last episode for the season, and we are joined by a very good friend of Claire's and of the podcast, Samm MacLeod. Samm and Claire discuss what's been happening since we caught up with her 12 months ago in season eight, when Samm generously shared her CISO journey through burnout and recent sabbatical. She's now back CISO-ing, and this time they covered digital transformations and security transformations. Samm MacLeod is an experienced Information Security Executive with experience across multiple industry verticals including tech, financial services, and critical infrastructure. Having led several cybersecurity transformation programs, Samm helps organisations imbed effective security practices through cyber security strategy, security operating models, and risk management frameworks.  Samm's experience with boards, audit & risk committees, and executives allows her to bring a unique set of experiences and perspective to the management of technology and cyber risk and the delivery of security best practice. She is currently an appointed Netskope Security Board Advisor and has previously held non-executive positions on a critical infrastructure board (AEMO Cybersecurity Board), securitisation & financial services board (MEPM) and Information Security education and research board  (Deakin Executive Board). Based on the Bellarine Peninsula, Samm is an industry speaker and writer, and an advocate for diversity in cyber. Links: Samm LinkedIn For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Jamie Newman has a refreshing take on security and joins Claire as they chat about understanding the security posture in diverse organisations, they discuss about third party contracts, how much money you should be spending on compliance and what meaningful metrics might look like. Jamie is an experienced IT Leader with more than 20 years experience in applications and infrastructure transformation in varying national and regional roles. His career started in HR, but then quickly moved into a technology path in the late 90's and has worked predominantly in Manufacturing, Retail and B2B environments, working in Singapore, Japan and the Middle East. Jamie moved into senior management in 2008, and has been in C level roles for the last 10 years. Links: Jamie LinkedIn Jamie Twitter Episode 68 For the full episode transcript please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul Wenham joined Claire to talk about the what, how, and why he started Assurance Lab. They also cover the value of auditing, how compliance can be the foundation stone for startups and his new book, which he is making open source for others to contribute to; and talked about the fact that Assurance Lab is a B Corp, and why that is so important to Paul and his team. Paul has worked in cybersecurity audits and compliance for over 11 years. His past roles have spanned professional services at PwC, leading the cybersecurity and compliance program for a global software company Qstream, and governance over third-party cyber standards at Westpac and Mercer. Paul founded Assurance Lab in 2018, a Regtech software and audit services firm now working with over 150 cloud software companies across 12 countries. AssuranceLab supports their security and compliance programs to meet global standards (SOC 1, SOC 2, ISO 27001, HIPAA, Consumer Data Right, CSA STAR, GDPR, CCPA, and ESG reporting). Assurance Lab has a broad network of partners in the cybersecurity industry, leveraging the natural synergies of AssuranceLab's independence as an audit firm. Links: Website Assurance Lab LinkedinPaul LinkedIn Episode 102. Cyber in Local Government with Paul Barrett For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul McCarty is a DevSecOps evangelist, and his recent chat with Claire was so great, we had to split it into 2 parts. In part 2 they discuss minimum viable security product, the Software Bill Of Materials (SBOMs) and making governance material consumable for senior audiences, no matter how unsexy policies might be. Paul is the founder of SecureStack, the world's first DevSecOps Maturity Platform. Paul has been helping organisations build more secure applications for almost 30 years. He's worked for large organisations like NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, but he's also worked with several startups going back to the mid nineties. Paul is a frequent contributor to open source and Linux projects and is a co-organiser of several community group meetups here in Australia. Links: Website LinkedIn Twitter GitHub For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul McCarty is a DevSecOps evangelist, and his recent chat with Claire was so great, we had to split it into 2-parts. In part 1 they talk about his DevSecOps Playbook, the challenges of security and engineering teams working together harmoniously, and how to apply the Essential 8 to the software development lifecycle. You can hear Claire really enjoyed chatting to Paul about some of the more technical aspects of security and hearing his views on application security best practice. Paul is the founder of SecureStack, the world's first DevSecOps Maturity Platform. Paul has been helping organisations build more secure applications for almost 30 years. He's worked for large organisations like NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, but he's also worked with several startups going back to the mid nineties. Paul is a frequent contributor to open source and Linux projects and is a co-organiser of several community group meetups here in Australia. Links: Website LinkedIn Twitter GitHub For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Yvette Lejins as they discuss what people centric security means to her, what boards need from their CISO communications and the very real risk of insider threat. Claire was also curious to ask a bit about Yvette's transition from CISO at Jetstar in house to being residency CISO for a security vendor. Yvette joined Proofpoint from Qantas Airline Group in 2021, where she was the CISO for the Jetstar Group of Airline companies (Jetstar Aus/NZ, Jetstar Asia, Jetstar Japan and Jetstar Vietnam). Prior to Qantas she was the CISO at Australia's largest freight and logistic company Asciano, as well as having built up the security function at Atlassian before they went to IPO. She is a Fellow of the Australian Information Security Association. In her role as Resident CISO, APJ, Yvette focusses on driving Proofpoint's people-centric security vision, strategy, and initiatives amongst its customer base. Her hands on experience, knowledge, and perspective in managing risk and improving cyber security posture across complex enterprises is extensive. She provides trusted cyber advice and insight advisory services for Proofpoint customers. Links: Yvette LinkedIn For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by La Trobe scholar Naveen Chilamkurti as they cover some of the amazing work La Trobe is doing to welcome people into the cyber industry through great micro credentialing programmes. They discuss what micro credentials are, the value of this way of study, and how employers are valuing University qualifications such as micro credentials. He also shared what academia are currently working on, including crypto and 6G. Naveen is currently the Associate Dean (International Partnerships), SCEMS Professor and Head of the Cybersecurity discipline, previously the Director of International Programs since 2017. He serves as the Technical Editor of the highly ranked IEEE Wireless Communications Magazine and IEEE Transactions on Vehicular Technology. Naveen has published more than 330 journal and conference papers, including IEEE and ACM Transactions and is active in editing and authoring 9 books with Elsevier, Springer, IGI-Global and NOVA publishers. Naveen has successfully attracted 20 research grants since 2000 to support PhD Scholarships, fellowships, and travel grants for research collaboration and in 2012 and 2018, he was awarded a research fellowship to work with IIT Kanpur and IIT Hyderabad. Links: Website For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

We welcome back author Craig Ford as he and Claire dive a little deeper into his latest book 'Foresight' which has been nominated for an Aurelis Award in the young reader category. There is cybercrime, romance, spies and hacking and a few matrix references in there for the fans. Aside from the book, Craig and Claire discuss the ongoing challenges of the cyber skill shortage and the state of cyber in Australia over the past 12 months. Craig is the CTO for Baidam Solutions where he leads the technical services division of the organisation. Craig is also the Queensland Chair for the Australian Information Security Association (AISA). He is an experienced cybersecurity professional with various qualifications including two master's degrees and a history in both pen-testing and security engineering. Craig is a published author with the books "A Hacker, I Am" and "A Hacker, I Am – Vol 2" in his first cyber awareness series and "Foresight" a new cyberpunk/hacker fantasy series published in June 2022. He is a freelance cybersecurity journalist who is best known for his work on CSO Australia (IDG Communications) in which he contributed almost 100 cybersecurity articles between 2018-2020. He is now a regular columnist with the Women in Security Magazine as well as a freelance contributor for Careers with STEM, Top Cyber News, Cyber Today and Cyber Australia Magazines. Links: Episode 67 -Getting the Basics Right with Craig Ford Website LinkedIn Facebook Twitter For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Stephen Kennedy as they cover the balance of engineers between security and functionality. They talk about secure coding expectations, and also the role compliance plays in software development. Stephen shares his experience moving from being an engineer into C-level leadership and the security lens of which he then had to look through. Stephen's background is as a software engineer, but he's since transitioned into CTO and a CIO roles. He's worked across Australia, New Zealand, and the United Kingdom for organisations ranging from start-ups to large scale enterprises. His most recent role has involved increased security scrutiny in working with large multi-billion-dollar partners (e.g. shipping lines) with compliance mandates, and as such he's had to evolve his career to take on more of a security, privacy, and compliance focus. Links: Stephen LinkedIn Stephen Twitter The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. For the full episode transcript, please visit our website.

The first episode for this season we welcome Marc Bown the CISO and Enterprise Technology lead at Immutable, a web3 gaming scale up.  Claire and Marc discuss the culture versus tech debate, exactly what web3 gaming is, and Marc shared his thoughts on what we as a security industry are still trying to get right.  Prior to Immutable, Marc helped found the security teams at Sportsbet, Fitbit and Afterpay. Passionate about building empowered, high-performing teams, he believes that good security is as much about culture as it is technology. Links: Marc LinkedIn The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. For the full episode transcript please visit our website.

Listen as Claire provides a quick overview of what to expect this upcoming season on The Security Collective podcast - kicking off next Thursday 27 October. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. You can read the full transcript on our website

We've taken some clips of wisdom from five of our guests this season and brought them together in a neat package for you. This season in partnership with LastPass, we focused heavily on third party risk and supply chain security. For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.  

Following the success of our recent webinar, Claire is again joined by Alla Valente, this time they discuss the role of procurement, talk about supply chain risk as an enterprise wide risk and discuss who might own this risk. They covered how businesses are struggling to give third parties limited access to data and systems, and the flow on effects of managing the right level of access to get the job done. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation's brand. Links: Alla LinkedIn For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Paul Barrett as they talk about cyber culture in local government, how the governance model for cyber is changing for the better, and Paul shares why he sees audits as a gift. It is great hearing Paul's view on cyber and getting a glimpse into being a CIO and local government. Paul Barrett is an experienced an IT professional with nearly 15 years industry experience and 7 years local Government experience. His technical background is in network and security with a transition into people leadership, governance and information management over the last 6 years. Paul has a passion for implementing tangible change within organisations and place business process improvement at the core of technology solutions, and enjoys building high performing teams, hiring character ahead of technical ability. Links: Paul LinkedIn For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Grant Chisnall a crisis trainer, advisor and podcaster, who has a passion for leadership communication and decision making. In this episode they covered a lot of ground including the escalation from incident response to crisis management, and talk about business collaboration before an incident, and how to plan for resilience while mopping up a cyber incident. Grant has supported some of the world's leading organisations through crisis events ranging from cyber attacks to coronavirus; activism to air crashes; and from Natural disasters to workplace fatalities. His podcast 'Crisis Talks' tells the extraordinary stories of people who have led through crises and their stories of leadership and resilience in the face of adversity. Grant's aim is to help leaders prepare for the worst-case scenarios and respond proactively and with confidence to any incidents that threaten their people, operations or reputation. Links: Grant LinkedIn Left of Boom website For full episode transcript please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

To celebrate the 100th episode and recently hitting 30,000 downloads, Claire wanted to honour some of the guests that have given their time and thought leadership so generously. So here's a little trip down memory lane, which we hope that you enjoy. For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

In part 2 of Claire's webinar with Alla Valente and Vijay Krishnan they cover software supply chain, how to navigate fourth party risk and talked about offshore supply chain risks such as privacy and data sovereignty, as well as some great audience questions. they cover software supply chain, how to navigate fourth party risk and talked about offshore supply chain risks such as privacy and data sovereignty. They also covered some great audience questions. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation's brand. Vijay Krishnan is the CISO at UniSuper leading Security Operations, Security Governance, Risk & Compliance, Security Strategy, Architecture & Design, Identity & Access Management, and Enterprise Observability.  In his role, he leads a multi-year security program to reduce UniSuper security risk thus protecting UniSuper members.  Vijay has extensive experience in negotiating clear and concise security and technology outcomes in regulatory, policy and outsourcing agreements delivering value creation opportunities.  He has large, diverse national and international experience with extensive executive and Board level exposure. Links: Alla LinkedIn Vijay LinkedIn Episode #48 The value of great boss with Vijay Krishnan+ Questions for Alla's upcoming recording with Claire For the full episode transcript, please visit our website The Security Collective podcast is brought to you in partnership with LastPass, the leading password manager.

Earlier this week Claire hosted a live webinar with Alla Valente and Vijay Krishnan as they shared their insights on supply chain security versus third party risk. In part 1 Vijay covers APRA's CPS234 and the need for effective security controls, not just compliant ones. We also cover the role of legal and procurement in the third party assurance process. There's a tonne of great insights to be gleaned from both Alla and Vijay in this ever present risk. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation's brand. Vijay Krishnan is the CISO at UniSuper leading Security Operations, Security Governance, Risk & Compliance, Security Strategy, Architecture & Design, Identity & Access Management, and Enterprise Observability.  In his role, he leads a multi-year security program to reduce UniSuper security risk thus protecting UniSuper members.  Vijay has extensive experience in negotiating clear and concise security and technology outcomes in regulatory, policy and outsourcing agreements delivering value creation opportunities.  He has large, diverse national and international experience with extensive executive and Board level exposure. Links: Alla LinkedIn Vijay LinkedIn Episode #48 The value of great boss with Vijay Krishnan Questions for Alla's upcoming recording with Claire For the full episode transcript, please visit our website The Security Collective podcast is brought to you in partnership with LastPass, the leading password manager.

Join us Tuesday 19 July 2022 at 10:30am (AEST) as we are going live for The Security Collective podcast in partnership with LastPass. We've invited Vijay Krishnan from UniSuper and Alla Valente from Forrester to join Claire in a conversation about supply chain security. You can learn more on our website  Register for the event here

Claire chats with former Toyota Australia CIO Ellis Brover, as he shares his thoughts on incident response through the lens of the CIO. They discuss how security maturity can dictate reporting lines, how organisations should seek to test the reality of systems being shut down because of an incident, and really how moral support goes a long way during a cyber incident. Ellis Brover is a recognised IT leader with a track record over three decades of building and leading world-class IT organisations, driving transformational change, and delivering tangible business value. His experience spans a range of roles and industries, across a range of organisational scales from startups to multi-nationals. Most recently Ellis was CIO of Toyota Australia, where he led a transformation of the IT function from an internally-focussed service provider to a strategic enabler, driver of innovation, and role model for outstanding customer service. Ellis grew and led a team of 300+ that delivered an industry-leading digital business capability as well as a rapid transformation in cyber security maturity, whilst dramatically improving efficiency and contributing to business growth. Ellis is now pursuing advisory and consulting opportunities, aiming to add value to the business success of organisations and the development of their people through his extensive experience. Links: Ellis LinkedIn For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire chats with Jeremy Herbert, the CIO of Premier Technology Solutions. They covered how small businesses were affected during COVID, and what organisations of all sizes need to consider when it comes to the partners they need to manage cyber risk. On the podcast, we don't often cover cyber risk for organisations as small as maybe just a handful of people, so it was so great to change things up a bit and hear about the challenges that Jeremy and the Premier team are managing for smaller business. Jeremy Herbert is the CIO of Premier Technology Solutions with a unique approach to technology. As a CIO of a Technology Managed Service Provider, he is not only focused on the strategic business direction for Premier but also focused on the strategic direction for the clients that Premier support. Links: Premier Website Premier - free cyber check Premier Talk Premier LinkedIn For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

We are back with our 10th season of the podcast, and to kick it off Claire is joined by Susie Jones from Cynch Security. Susie and Claire discuss supply chain risk, small business cyber fitness and the recent changes to security legislation. Susie also shared her thoughts on the role of government in securing all businesses. Susie Jones is an experienced leader and risk manager who spent years specialising in the people and process elements of general and cyber risk management, and is passionate about bringing big solutions to the small business market. Before co-founding Cynch in 2018, Susie's previous roles included Head of Cyber Security Business Services at Australia Post. Links: Susie LinkedIn Cynch Security website Cynch Twitter Cynch LinkedIn For the full episode transcript, please see our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

We are thrilled to be bringing you Season 10 of The Security Collective podcast, with the first episode out this Thursday 23 June.  Take a listen for a preview of what is to come this season. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

This season on The Security Collective podcast we have invited guests to speak specifically about how we can change the behaviours of our staff when it comes to their cybersecurity habits and actions. This is a mashup episode where Claire wanted to cover some really important points that some of the guests made, and encourage you to go back and listen to the full episodes if you find these nuggets of gold to be incredibly interesting, and you want to hear what else these guests had to say. Quick link to guest episode: Christie Wilson Susan McLean Erica Hardinge Amy Ertan Olivia Grandjean-Thompsen For this full episode transcript, please visit our website

Closing out the theme of this season Claire is joined by Chris McNaughton and they discuss how data protection and security awareness are linked, the challenges of insider threat, and how leaders across your business can promote more secure behaviours. Chris is a Director of SECMON1. Chris' career commenced in law enforcement, where he was a recognised expert in digital forensics and management of electronic evidence. Moving into the corporate world in 2007, Chris accepted a global role with General Electric (GE) Capital where he was responsible for electronic discovery, digital forensics and investigations. In his position at GE, Chris implemented and managed a number of e-discovery platforms for GE Capital as well as reviewing and improving the Corporate e-discovery platform. In his current role Chris provides advisory services to Government and corporate clients in the cyber security areas of Insider Risk, Data Analytics, Digital Forensics and Workplace Investigations. Chris LinkedIn For full episode transcript, please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

Claire is joined by Ian Yip, Founder and CEO of Avertro, the cyber-why company. They discuss cyber culture at the board level and talk about the impact of security leadership on the culture within cyber teams. Ian talks about the value of using the business's language in your cybersecurity discussions at the board level, and about bringing meaningful information to directors and doing so proactively. They also discuss that you have to rock the boat sometimes to make real change and the burnout that can come from this. Avertro is a venture-backed cybersecurity software company based out of Sydney, Australia. Ian has two decades of cybersecurity experience in a variety of leadership, advisory, strategy, sales, marketing, product management and technical roles across Asia Pacific and Europe in some of the world's leading companies including McAfee, Ernst & Young, and IBM. Links: Ian LinkedIn Ian Twitter Avertro Website Avertro Twitter For the full episode transcript please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

Olivia Grandjean-Thomsen is passionate about designing and implementing internal and external communication and stakeholder engagement strategies for the private, public and not-for-profit sectors. Olivia joins Claire and shares what good long-term communications planning can look like, how to measure cybersecurity communications programmes, and they talk about some of the grand scale comms activities Olivia has led. Olivia currently works as the Head of Communication, Media, Events and Brand at Stone & Chalk Group, which includes AustCyber – an Industry Growth Centre aimed at driving innovation, productivity and competitiveness in the cyber security sector by focusing on areas of competitive strength and strategic priority. Previously, she was the Strategy Lead and Head of Content at My Health Record – a high profile digital transformation project at the Australian Digital Health Agency. She has worked as a Senior Communications Strategist at contentgroup, and for Global Access Partners – a public policy think-tank that initiates strategic discussions on pressing social, economic and structural issues to increase stakeholder participation in the development of government policy. Links: Olivia LinkedIn Olivia Twitter For the full episode transcript, please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

Claire talks with Kate Monckton, a Partner in Cyber Risk at Deloitte, about the difference between cyber and privacy, and why we should never apologise for cyber or privacy being boring. Kate joined Deloitte in February 2022 as a Partner in Cyber Risk. Prior to this she spent over ten years as part of the Security Senior Leadership team at nbn. Before joining nbn, Kate held security roles at Symantec and Microsoft both in Australia and the UK. In December 2021 she was named 'Australia's Most Outstanding Woman in IT Security' at the Australian Women in Security Awards. Kate was a member of the Board of the International Association of Privacy Professionals ANZ for five years, including two as the President. She is also a co-founder of the Security Influence and Trust (SIT) Group. Links: Kate LinkedIn IDCARE website For the full episode transcript, please visit our website. This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

In Claire's chat with Cyber Security Fellow Amy Ertan, whose research focus is on the security implications of emerging technologies as well as themes relating to the human aspects of cybersecurity, they talk about her recent findings post COVID lockdowns. Amy shares the impact of COVID on security behaviours and her research into how psychological safety, company loyalty and culture all play a part. They talk about whether phishing exercises work, and who Amy believes is doing security influence well. Amy's commitment to cyber through her studies and what she gives back to the industry is commendable. Amy Ertan is a Cybersecurity Fellow at the Harvard Kennedy School's Belfer Center for Science and International Affairs, an Information Security Doctoral Candidate at Royal Holloway, University of London, and a Visiting Researcher at the NATO Cooperative Cyber Defence Centre of Excellence. Her research interests focus on the security implications of emerging technologies as well as themes relating to the human aspects of cybersecurity. Amy has published UK government-affiliated reports on organisational cybersecurity behaviours, engaging C-suite colleagues with cyber risk management themes, and on the impact of pandemic-driven remote working in organisations. She holds CISSP and CREST Threat Intelligence qualifications and has previously worked in roles in areas including cyber intelligence, strategy and policy research, cyber wargame design and execution, and security risk management. Links: Amy LinkedIn Amy Twitter Amy website For the full episode transcript - please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

It is always a pleasure to speak to passionate cybersecurity leaders and Erica Hardinge from ANZ is no exception. Erica and Claire talked in this episode about SIT and the work they do to bring the security awareness industry together on a regular basis. They discussed the magnitude of her role to influence the behaviours of tens of thousands of staff, and covered the pain points for security professionals when it comes to trying to get their message heard. Erica is responsible for developing the global strategy for engaging and empowering secure behaviour change across customers and 40,000+ employees over ANZ's 30+ geographies. Erica feels strongly about the role of sharing and learning across industry to improve the security awareness and enablement function. As such, is excited to have co-founded and grown the Security Influence and Trust group for Awareness professionals in the Australasia region. The group was recognised with the Australian Information Security Association "Educator of the year" award in 2017. Erica completed her MBA qualification at Melbourne Business School in 2008 following the earlier completion of a Bachelor in Arts and Science at Melbourne University, with a focus on Behavioural Sciences, including Criminology, contributing to her passion to help staff become cyber safe. Links: Erica LinkedIn SIT website For the full episode transcript, please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

This is the episode to share with your colleagues, friends and family as Claire talks to Susan McLean, Australia's leading expert in the area of cyber safety. Susan was a member of Victoria Police for 27 years and the first Victoria Police officer appointed to a position involving cybersafety and young people where she established and managed the Victoria Police Cybersafety Project. She has completed advanced training in the US and has qualifications also from the US and UK. Susan has also been awarded The National Medal, the Victoria Police Service Medal - 2nd Clasp, and the National Police Medal. Susan presents to over 250,000 students each year as well as tens of thousands of parents and educators both within Australia and Internationally and is the most highly qualified of all Office of the eSafety Commissioner, Trusted Education Providers. Susan is a published author with her book 'Sexts Texts and Selfies' acknowledged as the definitive guide to online safety. She collaborates with a variety of international bodies and is a member of The National Centre Against Bullying (NCAB). Susan has developed comprehensive Policy for a range of organisations and also authored resources for the Victorian Education Department.  Links: Cyber Safety Solutions Susan Twitter Susan LinkedIn The Cyber Cop For the full episode transcript, please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

Claire talks with Christie Wilson, the Cyber Resilience Manager at UniSuper, where she helps employees understand cyber security threats and how to take the right steps to protect themselves. They cover how hard it is to measure cyber behaviour change through metrics and also the lessons Christie has learned in nurturing security champions at UniSuper. Christie also shares her use of nudge tactics and how consistency is so vital in behaviour change. Christie brings a business lens to technical challenges by giving employees simple, easy to understand advice on cyber safety for work and home, as well as up-to date information on the latest cyber security threats and how to respond. Christie is a senior IT leader with over 25 years' experience in both the vendor and corporate IT roles. Before moving into cyber security four years ago, Christie's IT career spanned roles in sales, service delivery and management, vendor governance and management, and IT governance risk & compliance. Christie has a BA in English Literature and Sociology, and a Graduate Diploma in Social Science, from the University of Tasmania. Links: Christie LinkedIn For the full episode transcript, please visit our website This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity.

In part 2 of Claire's chat Lloyd Evans from LastPass, they talk about the hybrid work setting, communicating the cyber messages to the board, share questions from the audience, and Claire asks the age-old question, are password managers secure? Lloyd Evans leads LastPass business across JAPAC (inc India). When he's not training for his next ultra-marathon, Lloyd and the global LastPass teams are helping companies address the human habits and behaviours of password risks to help reduce the leading cause of data breaches globally - compromised credentials.  A Cyber Security, cloud and technology industry veteran, Lloyd has previously held senior management roles with SolarWinds, Commonwealth Bank Australia, St. George Bank and Macquarie Bank. This season we have partnered with Lastpass -the leading password manager – and we are discussing behaviour and influence when it comes to cybersecurity. Links: Lloyd LinkedIn Lastpass website For full episode transcript, please visit our website

Opening this season is part 1 of the webinar recording Claire co-hosted with Lloyd Evans from LastPass as they discuss human behaviours and the impact of culture and values on cybersecurity. Lloyd Evans leads LastPass business across JAPAC (inc India). When he's not training for his next ultra-marathon, Lloyd and the global LastPass teams are helping companies address the human habits and behaviours of password risks to help reduce the leading cause of data breaches globally - compromised credentials.  A Cyber Security, cloud and technology industry veteran, Lloyd has previously held senior management roles with SolarWinds, Commonwealth Bank Australia, St. George Bank and Macquarie Bank. This season we have partnered with Lastpass - the leading password manager - and we are discussing behaviour and influence when it comes to cybersecurity. Links: Lloyd LinkedIn Lastpass website For the full episode transcript please visit our website

Season 9 is nearly here and we have partnered with LastPass, the leading password manager to bring you this season. Listen as Claire shares what to expect from the upcoming season. For full transcript, please visit our website

In part 2 of Claire's chat with Samm they discuss her sabbatical, starting a new business, and the operating model changes she has seen since returning to the security industry. Samm is responsible for driving The Security Collective's Interim CISO and Virtual CISO business. She also supports our clients with cyber security strategy, security operating models, and advice on security risk management, with a focus across multiple industry verticals including financial services and critical infrastructure. Samm's experience with boards, audit & risk committees, and executives allows her to bring a unique set of experiences and perspective to the management of technology and cyber risk and the delivery of security best practice.  Links: Samm LinkedIn For the full episode transcript, please visit our website

To conclude our season of returning guests, Claire is joined by our very own partner, Samm MacLeod, for a two part podcast. In part 1 they discuss Samm's career break, what she has noticed since returning to the cyber industry, the SOCI Act and reporting to the board. Samm is responsible for driving The Security Collective's Interim CISO and Virtual CISO business. She also supports our clients with cyber security strategy, security operating models, and advice on security risk management, with a focus across multiple industry verticals including financial services and critical infrastructure. Samm's experience with boards, audit & risk committees, and executives allows her to bring a unique set of experiences and perspective to the management of technology and cyber risk and the delivery of security best practice.  Links: Samm LinkedIn For the full episode transcript, please visit our website

We welcome Brendan back to share what has changed since we last spoke. We discuss his new role as CISO for Cube Networks; outsourcing and cyber risk management; and the 3 key things he has seen change in cyber in the last six months. Brendan Smith had a vocational interest in security, across various internet technologies and cryptographic systems, prior to commencing his security career, and maintains his technical interest to this day. He has built high performing teams through authentic leadership, and continues to mentor and coach new entrants into the field. As the CISO for Cube Networks, he brings his experience from major enterprise to a new audience, enabling them to mature their security governance and defences in the face of increasing threats. Links: Brendan LinkedIn Cube Networks website Cube Networks LinkedIn For full episode transcript, please visit our website

Michelle Price is the CEO of AustCyber, the Australian Cyber Security Growth Network Ltd, part of the Australian Government's Industry Growth Centres Initiative. She joins the podcast again to discuss reducing organisational risk, ransomware, cyber as critical infrastructure, and 'purple teaming'. Michelle has an extensive career and held several Government roles, including the first Senior Adviser for Cyber Security at the National Security College, various strategy and risk management roles including at the Department of the Prime Minister and Cabinet (PM&C), and roles in law enforcement and health portfolios. She has also worked in risk management and strategy in Australia's food industry and also in the advertising industry. Michelle is passionate about Australia's cyber security sector enabling all Australian organisations to grow and take advantage of the cyber world. She is also a strong advocate for increasing diversity in the cyber security workforce and inspiring people with the possibilities of cyber innovation. Links: Michelle LinkedIn AustCyber website AuCYBERSCAPE website For the full episode transcript, please visit our website

It has been several years since Dan Maslin last joined Claire on the podcast.  Dan shares what has changed since their last chat, they discuss cybersecurity awareness, the benefits of a deputy security leader, and the Security of Critical Infrastructure Bill. Dan Maslin is the CISO for Monash University, the largest university in Australia.  In addition to 20+ years enterprise IT experience, Dan is committed to playing an active role in the cyber security community, participating as a volunteer Executive Advisory Board member with AISA, Executive Advisory Board Member for Cyber with Deakin University and is an Industry Advisor with CyRise.  Dan is a Fellow of the Australian Information Security Association (FAISA), a Graduate of the Australian Institute of Company Directors (GAICD) and holds the CISSP, CISM & CRISC security certifications. Links: Dan LinkedIn Episode 14: From Security Architecture to Senior Leadership with Dan Maslin For the full episode transcript, please visit our website

After the success of Nick's first episode, we welcome him back to discuss what has changed since we spoke a few years ago. We chat about the cyber job market, how things have changed through COVID, how 'good cybersecurity is boring', shadow IT, and Nick's thoughts on the future of cybersecurity. Nick Ellsmore has started, built, merged, acquired and sold multiple cyber-security businesses. Now Global Head of Strategy, Consulting & Professional Services at Trustwave following the sale of Hivint to Trustwave in 2018, Nick previously founded SIFT (acquired Safecoms, merged with Stratsec), sold to BAE Systems in 2010. The inaugural "AISA Information Security Professional of the Year" in 2012 and a past Australian APEC TEL delegate, Nick is an advisor to Universities and fast growing cyber startups including Bugcrowd, is a published author on the topic of cyber security and a keynote speaker on various things cyber and startups. Links: Nick LinkedIn Episode 12: The Cybersecurity 'Roles' Crisis with Nick Ellsmore For the full episode transcript, please see our website

A multi-episode guest on the podcast, we welcome back Anna to discuss how boards have adjusted during COVID - from governing cyber risk; technology and audit risk committees; to encouraging resilience and collaboration. Anna also shares what work looks like since leaving her corporate career. Anna is a Director of The Secure Board, a Non-Executive Director and senior executive across the financial services, management consulting, telecommunications and technology industries. With three decades experience in leading customer, business and digital change, she is a sought after advisor to Boards, Chief Executives and IT leaders on digital transformation, data, cyber, leadership and culture. Links: Anna LinkedIn Episode #21. Anna Leibel, CIO, UniSuper Episode #38. Lessons Learned with Anna Leibel Episode #60 The Secure Board with Anna Leibel and Claire Pales - hosted by Paul Rehder For full episode transcript, please see our website

When Laura Staples was last on the podcast she shared that Laminex were undertaking the biggest work from home experiment ever.  Laura joins us again to share how things have played out over the last 18 months. Laura is the Head of People & Performance at Laminex Australia and has spent the last 15 years pushing the boundaries in organisations with an eye on the future, seeking out the best experiences to fuel her knowledge and passion for the future of work. Laura is passionate about untangling complexity - be it people, processes or systems - and uncovering the hidden opportunities to transform ways of working. Naturally curious and at times outspoken, Laura is known for her creative leadership and ability to design innovative and commercially viable solutions which surprise and delight. For the full episode transcript, please visit our website Links: Laura LinkedIn Laminex website Ep 44. The biggest work from home experiment we have ever done with Laura Staples

One of our original podcast guests, Craig Searle, returns to discuss how cyber has changed in the few years since we spoke - from navigating the pandemic; awareness of supply chain security issues; to achieving diversity in the workplace. Craig Searle is the co-founder of Australian cybersecurity consultancy, Hivint, and the security collaboration platform, Security Colony – both of which were acquired by Trustwave, an Optus company, in December 2018. Craig has over 12 years of experience in the security industry, working in the finance, government, telecommunications and infrastructure sectors. He has been directly responsible for the delivery of a number of strategically-critical security programs for a range of clients, including a $10m PCI DSS compliance program for one of Australia's leading health insurers, achieving compliance on-time and on budget. Links: Craig LinkedIn Craig Twitter Episode #3 Security Sourcing: Cracking the Code with Craig Searle For the full episode transcript, please visit our website

After joining the podcast as a guest in Episode 64 'The 14 day Security Challenge - Paul De Arajo is back as we continue our chat about the role of marketing and communications in cybersecurity risk management. Paul joined NBN during COVID-19 in 2020 delivering security influence programs to protect NBN's people and assets from personnel, physical and cyber security threats. Prior to NBN, Paul served in local and international Corporate and Government roles in the IT industry for over 30 years with experience in sales, marcomms, corporate social responsibility, compliance, and cyber safety/security roles. For over 19 years, Paul carved his career with Microsoft Australia and abroad. Paul's passion for keeping citizens safe in the digital world began as a founding member of the ThinkUKnow online safety and security program. In 2017, Paul joined the eSafety Commissioner in marketing and stakeholder capacity driving awareness of the office and its services to citizens and delivering the annual Safer Internet Day campaign. Links: Paul LinkedIn Episode #64 - The 14 Day Security Challenge with Paul De Arajo For the full episode transcript, please visit our website

Today is R U OK? day and it seems fitting we revisit my previous episode with Graeme Cowan. Last year, I was fortunate to meet with Graeme Cowan and ask him about his story, ask him about R U OK? day, and talk to him about some resilience activities that cybersecurity leaders can do, given the burnout that can occur in our industry. As a mental health and resilience author and speaker, and Board Director of R U OK?, Graeme spends his professional life helping people understand just that. Graeme uses his first-hand experience after coming through an experience of extreme burn out to help others appreciate and understand the importance of looking out for themselves, as well as looking out for the people around them. My goal for my discussion with Graeme was to give you the knowledge to build safe, resilient, and healthy security teams and leaders, but this episode goes so much further than that. It is PACKED full of information, resources and simple, actionable ideas that you can use today immediately to check in not only with your team, but also with yourself. Links: Graeme's Website LinkedIn Twitter Back From The Brink R U OK? TED Talk on the Harvard Study of Adult Development Self-Care Snapshot Checklist Project Aristotle results Debunking Maslow's Hierarchy of Needs Peter Gollwitzer Full episode transcript on our website

Vaughan Shanks is a Co-Founder and the CEO of Cydarm Technologies, since the company was founded in 2017. Prior to Cydarm, Vaughan worked as a software engineer in a range of Federal Government positions, working with organisations in Defence, intelligence, and law enforcement, in both a Public Service and private sector capacity, in Australia and the USA.  Vaughan shares his story, we talk security operating models, and the learnings from y2k that can be applied to the cyber challenges we face today. Links: Vaughan LinkedIn Cydarm LinkedIn Cydarm website Cydarm Twitter For the full episode transcript, please visit our website

Jacinta Whelan is an author, thought leader and popular speaker on the concept of Interim Executives, Portfolio Careers and future ways of working. A partner with Watermark Executive Search leading the Melbourne office, she has over 25 years' experience starting and leading Interim businesses in Hong Kong, New York and Australia. Jacinta advises corporates and governments on the Executive Interim marketplace. She is regularly asked to speak to Boards and business leaders looking to stay abreast of the way organisations are engaging executive talent. Jacinta shares her story, the framework of her book, and the interim executive role in cyber security. Link: Jacinta LinkedIn Jacinta's book For the full episode transcript, please visit our website

Aaron Bailey is one of Australia's leading Cyber Security experts and is the driving force behind The Missing Link's Security team. Aaron is the Chief Information Security Officer at The Missing Link, and kick started their Cyber Security business. Today Aaron and his team has become the trusted advisor to some of Australia's largest companies and government departments helping them to develop innovative and robust solutions to solve their security needs. Aaron shares how The Missing Link is growing locally and globally, and why he is so passionate and proud of the business. Links: Aaron LinkedIn The Missing Link For the full episode transcript, please visit our website