In this episode, Malcolm Harkins speaks with Eric McNulty.  Eric is co-author of the book, You’re It: Crisis, Change, and How to Lead When it Matters Most  and author of Three Critical Shifts in Thinking for the Evolving Leader  and Your Critical First 10 Days as a Leader .  Eric has written more than 200 bylined articles on leadership, decision-making, and negotiation in top journals.  He holds an appointment as associate director of the National Preparedness Leadership Initiative (NPLI), a joint program of the Harvard T.H. Chan School of Public Health and Harvard’s Kennedy School of Government . Eric teaches in numerous executive education and graduate level courses at Harvard as well as at M.I.T and the University of California, San Diego. In 2018, he was named a Trust Across America Top Thought Leader in Trust.Malcolm and Eric discuss crisis management and leadership based on a wide range of issues that Eric has been involved with over the years from Hurricane Sandy, the Deep Water Horizon oil spill, and even the Boston Bombing.  Eric shares pragmatic tips and perspectives that will help us all do a better job at leading - sense making, meaning making, and creating islands of certainty amid the chaos.  Guest: Eric McNulty  (2) Eric McNulty | LinkedInHost: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Norm Fjeldheim, former CIO for Qualcomm and more recently he was the CIO for Illumina.   Malcolm & Norm talk about a wide range of items including recalling their first time meeting on an advisory board back years ago.  We discuss what it was like working for market competitors (Intel and Qualcomm) and how we worked together on cyber security - sharing information to help protect each other as well as help protect other organizations.  Information sharing in the cyber security space has improved a lot over the years but still poses challenges for some who are constrained by either their own worry about sharing information or  other organizational restrictions.  We both believe our organizations were better off by taking the risk to partner together on cyber security.  We discuss how Norm approached information security as a CIO and how the CISO was integral to the organizations he has led.  We talk about accountability and the lack of it at times including in many well publicized breaches such as SolarWinds, Sony, and Equifax,  We discuss that in some cases there is clear negligence on the part of the CIO, CISO, or other exec's in an organization.    We discuss our perspectives on public policy items including the need for some sort of cyber security integrity regulation that instills more direct accountability on public companies.  We explore how sometimes the compliance and audit perspectives on risk don't always align well to a rationale perspective on risk.  Norm shares his perspective on needing a constant culture of change to re-evaluate your security technology - upgrading and moving to new tech routinely to stay on top of risk issues.  Guest: Norm Fjeldheim Norm Fjeldheim | LinkedIn Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/All content © 2021 Security Speaks.

In this episode, Malcolm Harkins speaks with Rick Payne , an Info Sec engineer with RMS.  Rick has spent the past 15 or so years 15 years learning and doing.  Starting as an intern to a DevOps technician, to  Security Analyst, to  Architect, to CSO, and is now a  cloud focused Staff Information Security Engineer.   His foundation is standards-based and rooted in DevOps automation and Systems Security Engineering (SSE).   Giving back and improving the community is a passion for Rick.  Rick shares his perspective on DevSecOps and we discuss the friction that gets in the way at times of really aligning security in to the development and operational efforts in an operation.  Rick shares his perspective on SMB as well and the incremental security approaches taken by many vs. the transformational things that we need to be doing.   Rick shares from his experiences a wide variety of lessons learned and the approach he is taking to lead transformational change to improve security.  Guest:  Rick Payne (1) Rick Payne CISSP, RHCE | LinkedIn Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

in this episode, Malcolm Harkins speaks with Kelley Misata  the founder of Sightline Security.   The Cybersecurity company for Non-Profits.     Here about Kelley's journey from being  a business executive till one day when she was cyber stalked and became cyber aware as well as an advocate for change.  Learn how she pursued her PhD in Computer Science at Purdue and was mentored by Spaf,  one of the legends in our field.  "Get the PhD first then go save then world" said Spaf during her dissertation prep.   Kelley is one of the most passionate and dedicated people I have ever met in cyber security.  Hear how she has gained personal strength through the struggle and why non-profit cyber security is so important not only to her but why it should be important to all of us.  Guest:  Kelley Misata  Kelley Misata, Ph.D. | LinkedInHost: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Keyaan Williams from Class LLC.      Keyaan discusses his reflections back on 2020 as well as more broadly what he sees as the missing component - people.  We discuss burnout and how that discussion came up in a series of roundtables that were conducted in 2020 with over 100 executives discussing corporate extinction events.  Those issues/events that could cause your organization to go out of business.  We also touch on Solarwinds and hear from Keyaan that many CISOs don't have a level of true visibility to critical business systems and business processes.  And how many of us lack a fully documented enterprise IT architecture.  So we have a level of event driven awareness and a highly reactive approach to asset management.  So has the CIO failed to do their role to manage IT across the organization ? Keyaan shares his perspective to this question.    He also shares who was his childhood hero and why.  Guest:  Keyaan Williams  Keyaan Williams | LinkedInHost: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Dan Blum,  Managing Partner at Security Architects Partners.      Dan discusses how he got his start in economics and then found his way into the technology space.  In this podcast Dan talks about his recently published book Rational Cybersecurity for Business and how he sought to figure out how you do 5% of the work right and get 95% of the benefit (or more practically the 80/20 rule).  In the quest to answer that question, Dan determined that there are  6 rational priorities that if done correctly will lead to a more effective/efficient security approach in addition to achieving better business alignment.   We touch on the economics of the industry as well as the recent Solarwinds event that has rattled a large portion organizations across the country and share perspectives on the implications this has and could have for organizations.    Guest:  Dan Blum https://www.linkedin.com/in/dan-blum-author-architect/Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Ron Ross,  a fellow with the National Institute of  Standards and Technology  (NIST).      In this podcast you will hear from a real hero in our struggle to make improvements in not only cyber security but in privacy.  Ron has had decades of dedication in public service to our Nation, always striving to do something bigger than has been done before.  In this podcast we discuss what  inspired Ron as a kid when Kennedy was President and how that still drives his focus today at NIST.  We discuss how complexity is overwhelming many and the double complexity problem (complexity of IT systems coupled with the security complexity we have created).   We discuss the above the water line and below the water line issues.  We discuss the consequences of cyber/physical systems and the extended enterprise as well as the need for damage limiting architecture concepts for true cyber resiliency that Ron will be focused on in 2021 and beyond.  Guest:  Ron Ross https://www.linkedin.com/in/ronrossecure/Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Diana Kelley,  co-founder of SecurityCurve.    Diana is well known in the industry and has done it all.  She has been a practitioner, a consultant, a researcher, an analyst, and she has been on the security vendor side of things.  She is also an author.  Practical Cybersecurity Architecture is her newest book published in November 2020 with her co-author Ed Moyle.  In this podcast we discuss how Diana got her first exposure to technology back when she was a young girl and her father was at MIT Lincoln Labs and how that instilled a sense of curiosity in her that still drives the purpose and passion she demonstrates today.  In this podcast you will hear about her story and the common thread of "why".   We discuss the 360 degree view she has had over the years and share perspectives on the industry, the vendors, ethics, and diversity in security.  We discussed what she has liked most and least about the industry including the reason she co-authored her newly released book.  We look ahead with some predictions for 2021 including covid 19 implications for the future of IT and Security.Guest:  Diana Kelley  Diana Kelley | LinkedInHost: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Frank Grimmelmann,  CEO  of  the Arizona Cyber Threat Alliance (ACTRA).     Malcolm and Frank explore the history of ACTRA and discuss a wide range of items related to public / private partnership and how that has changed over the years.  It's not enough to just share information you have to be able to operationalize it and execute against it.   Hear what Frank has to say on his years of being at the nexus of cyber intelligence for the state of Arizona and his participation as the co-chair of the Arizona Cyber team.  Frank and Malcolm talk about the need to get rid of the silos between various organizations while protecting proprietary items.  We discuss the work Frank and his team has done on Cyber Ranges and the apprenticeship program they have established  providing real world skill development and the virtual cross org SOC that members can join.  And hear what Frank has to say on "what old is new again" and how an increase in defense in depth can actually grow the attack surface.  Throughout the discussion one thing is clear - community, trust, and culture are at the heart of making cyber public / private partnership work effectively.  Guest:  Frank Grimmelmann https://www.actraaz.org/actra/leadershipHost: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Ira Winkler.  Ira is well known in the security industry.  He is President of Secure Mentem.  He is an advisory to many organizations including Cymatic.  He is also an author of several books including Spies Among Us and soon to be released on December 3rd his newest book YOU CAN STOP STUPID.   Malcolm and Ira discuss key themes in the book.   One item in particular is critical for everyone to realize - we should stop blaming the user like the security industry has done for decades.  The problem is not necessarily the user but the environment around the people and how that functions to control or not control appropriately for risks.   Users are a part of the system and our control design and architecture needs to account for that including the potential for what Ira calls user initiated loss.  Malcolm and Ira also explore the concept of BOOM and being Left of BOOM in cyber security.  Guest:  Ira Winkler https://www.linkedin.com/in/irawinkler/Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with George Finney.  George is truly a renaissance man.  He is the CISO at SMU, he is a professor, author, lawyer, artist, and all around great guy.  Malcolm and George have a wide ranging discussion that covers the challenges of being a CISO in higher education and how that in many ways is more challenging and chaotic that running security at a multinational corporation.  They also discuss George's new book Well Aware that gets released Oct 20th.  In the book and in this discussion George and Malcolm talk about changing behaviors using lessons learned from psychology, neuroscience, history, and economics. They discuss the 9 habits covered in the book and the binding ingredient that brings them all together - Community.  George even discusses Helen Keller and lessons we can all learn from her with regard to security.  Guest:  George Finney https://www.linkedin.com/in/georgefinney/Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/

In this episode, Malcolm Harkins speaks with Scott Scheferman, Principal Cyber Strategist at Eclypsium.  HEADLINE NEWS have read recently " Legality of security research to be decided by the Supreme Court" , "Hackers acting in good faith gain protections in homeland security orders", "Iowa paid a security firm to break into courthouse then arrested the employee when they succeeded".  Malcolm and Scott explore these headlines and the dilemmas they create.  The discussion centers around where's the line of what is appropriate.   Malcolm & Scott share their perspectives from the decades they have both been in the industry with some examples from their respective roles at various organizations.  While there is no simple answer to this debate on when someone crosses the line from doing good to breaking the law, it is clear any stifling of efforts to search for and appropriately report vulnerabilities will make us all less secure.  Guest:  Scott Scheferman https://www.linkedin.com/in/scottscheferman/Host: Malcolm Harkins https://www.linkedin.com/in/malcolmharkins/