In this insightful episode, join Chirag as he sits down with Jeff Whitton, a seasoned Board Director and Government Councillor to discuss the pivotal role of cyber security leadership at the highest level. This is one of a kind inside view into working of the Boardroom. Jeff shares his leadership philosophy, grounded in leading by example, surrounding himself with experts, and balancing strategic vision with technical know-how. He recounts his journey through the evolving layers of the OSI model and how his early industry exposure enabled him to master the nuances of cybersecurity. Their conversation delves into the increased regulatory expectations and the growing involvement of board members in managing cyber security. Jeff and Chirag highlight the crucial shift in board responsibilities, emphasising how effective communication between CISOs and board members can shape strategic risk management decisions. They explore practical frameworks for managing cyber security risks, building resilience, and implementing compliance-focused governance. Jeff provides expert advice on how CISOs can become influential leaders, clarifying their evolving roles and responsibilities, and advocating for a direct reporting line to the CEO. He underscores the importance of clear distinctions between business and technical roles, as well as maintaining a security team's independence within the technical landscape. Tune in to gain valuable insights into elevating cyber security from a board-level perspective, and learning how CISOs can speak the language of leadership while navigating the intricate world of cyber security regulation and governance. About Jeff Whitton: Jeff Whitton is an accomplished and highly respected leader with a diverse background in telecommunications, digital technology, cyber security, and information intelligence. With over 40 years of experience in his profession, Jeff has established himself as a subject matter expert across these disciplines. One notable aspect of Jeff's leadership is his commitment to diversity and inclusivity. He is an active advocate for better outcomes for all Australians, including First Nations peoples.

He holds several leadership roles and board positions, including Australian Country President of the Economic Council of India, Ambassador for NSW Cyber Security Hub, Orange City Councillor, Independent Chair of the Board of OCTEC Limited, Founding Independent Board Director of Marathon Health, Founding Board Director of Yirigaa, Advisor to the Board of Western Sydney University, and Advisor to the Board of Critical Infrastructure - Information Sharing and Analysis Centre, Australia. Jeff's extensive experience and expertise in the field have made him a sought-after advisor, consultant, speaker, and leader not only in Australia but also in Asia. In addition to his leadership roles, Jeff also shares his knowledge and expertise through teaching and mentoring at several higher educational institutions, including the University of Technology Sydney and Macquarie University. About Chirag: Chirag Joshi is the Founder and CISO of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. He is a multi-award winning cyber executive and is featured in prestigious CSO30 list of top cyber executives in the region. Chirag has experience leading cyber programs in multiple countries across various industries. He has experience in both IT and OT environments and leading cyber security through mergers and acquisitions. He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world. LinkedIn: https://www.linkedin.com/in/chiragdjoshi/

People are not products. Meaningful careers are so much more than job titles. In this compelling episode, Chirag is joined by Ricki Burke - top-tier recruiter in the cyber security industry to shed light on several key areas.

Demystifying the Cyber Security Recruitment process: - Unravel the complexities of the cyber security recruitment process.

- Highlight the importance of aligning expectations between organisations and candidates for optimal role fit.

- Strategies for mid-level professionals to take on a more senior role.

- Becoming a first time CISO.

The Role of Power Skills:

- Explore the critical importance of communication, problem-solving, and emotional intelligence in cyber security.

- Discuss the balance between technical expertise and soft skills, offering strategies for professionals to develop and showcase these abilities.

Building an Authentic Personal Brand:

- Examine the significance of personal branding for cyber security professionals and teams.

- Offer insights into creating a personal brand that truly reflects individual values and expertise.

This episode is an invaluable resource for anyone involved or interested in the cyber security sector, offering practical advice and insights on recruitment, skill development, career advancement, and personal branding. Tune in to gain a wealth of knowledge that will empower you in your cyber security journey.

About Ricki: Ricki is the Founder of CyberSec People, community-driven cybersecurity recruitment. His role is to bring people together where he proudly matches talented cybersecurity professionals with organisations that align with their personal goals and motivations. Ricki is an active member in the infosec community and is passionate about fostering growth and diversity within the cybersecurity field. He has been involved in running career villages, presenting, and volunteering at: AusCERT AISA CyberCon BSides Canberra BSides Las Vegas BSides Melbourne BSides Perth BugCrowd LevelUp CHCon ComfyCon Cyber Security Aisa AWSN events Aside from conferences, he co-organises SecTalks Gold Coast and host the podcast, Hacking into Security. Ricki's LinkedIn: https://www.linkedin.com/in/cybersecricki/ About Chirag: Chirag Joshi is the Founder and CISO of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. He is a multi-award winning cyber executive and is featured in prestigious CSO30 list of top cyber executives in the region. Chirag has experience leading cyber programs in multiple countries across various industries. He has experience in both IT and OT environments and leading cyber security through mergers and acquisitions. Chirag is respected as a thought leader in cyber security with keynotes and presentations across the world. He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world. Chirag's LinkedIn: https://www.linkedin.com/in/chiragdjoshi/ Links to Chirag's books: https://7rulescyber.au/books

How do we evolve cyber risk programs as true business enablers.

What do good Risk Appetite Statements look like.

How do we prepare for multiple regulations - CPS 234, CPS 230, etc.

What about cyber risk quantification and threat intelligence. Cyber Security is fundamentally a risk management exercise. This is reflected in all major guidance and best practices related to cyber security. It also features as a prominent rule in Chirag Joshi's best-selling book - 7 Rules to Become Exceptional at Cyber Security.

To discuss this vital topic, Chirag is joined by a highly experienced cyber and IT risk leader - Toks Ojo. In this energetic, free-flowing and highly engaging discussion, Toks and Chirag share practical, actionable takeaways. Toks shares several powerful real-life stories that will resonate with the audience.

The discussion covers:

- The role of cyber risk management in informing a cyber resilient posture.

- Cyber risk journey, frameworks and program at Mine Super.

- Practical steps to make cyber risk management a true enabler.

- Cyber risk quantification and importance of threat intelligence.

- Moving beyond traditional metrics to more accurately predict potential impacts on business operations and financial health.

- Improving supply chain cyber risk management.- Recommendations to pragmatically address compliance with several key regulations such as APRA CPS 234 and CPS 230.

About Toks:

Toks Ojo is the Executive Manager, IT Risk at Mine Super. He has extensive experience in audit, risk and cyber security in multiple countries.

Tok's LinkedIn Profile: https://www.linkedin.com/in/toks-ojo-b8b51031/

About Chirag:

Chirag is the Founder and CISO of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. He is a multi-award winning cyber leader and is featured in prestigious CSO30 list of top cyber executives in the region.

Chirag has experience leading cyber programs in multiple countries across various industries. Chirag is respected as a thought leader in cyber security with keynotes and presentations across the world. He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world.

https://www.linkedin.com/in/chiragdjoshi/

How do we keep our families safe online? How do we make our awareness efforts more effective to influence secure behaviours in the age of AI? How can we apply psychology principles for effective cyber security postures? What are practical considerations for SMEs in these areas?

To discuss these important issues, Chirag is joined by noted Singapore-based Academic and Entrepreneur, Dr. Anuradha Rao.

The conversation encompasses the following areas:

Prioritising Cyber Security for Future Generations: Stress the urgent need for educating young people on online safety to protect them from the increasing threats of cyberbullying and fraud. The Essence of Critical Thinking : Underscore the critical importance of questioning the credibility of online information and its repercussions, highlighting the necessity of personal awareness and critical thinking in today’s digital world. Addressing Scams in the Age of AI: Spotlight the escalating challenge of scams associated with emerging technologies like AI, emphasising the imperative for organisations to bolster their cyber awareness and training programs. Integrating Human Skills into Cybersecurity: Bring to light the unexpected yet vital role of soft skills, such as empathy and storytelling, in enhancing effective digital communication and bolstering online security measures. Innovating Cybersecurity Training: Advocate for a transformation in cybersecurity training within organizations by making it more engaging and relevant, using gamification and role-specific scenarios for better learning outcomes. Fostering a Culture of Cybersecurity Awareness: Highlight the need for developing a holistic cybersecurity culture in organisations that effectively integrates both technical know-how and social understanding. Investing in Awareness as a Security Strategy: Make a compelling case for the essential role of training and awareness in cybersecurity, pointing out its significance even for businesses with constrained budgets. About Anu: Anu is a Singapore-based cybersecurity and cyber-safety awareness entrepreneur and lecturer, passionate about helping individuals, families and organisations stay safer, healthier and happier online. Through consulting, workshops, education and communication services, she raises awareness about how how to identify and manage cyber-threats to mental, financial, and physical safety and wellbeing. Her work also highlights the cost to companies and the cybersecurity implications - financial, legal, and reputational - of ignoring the human (aka "soft") aspects of cyber in business operations. Additionally, she provides career development training focusing on communications and other 'soft' skills that are increasingly important for workplace success. She has a PhD in Communications and New Media from the National University of Singapore (NUS), and an MA in Political Science from Jawaharlal Nehru University (JNU), India. She is currently Associate Faculty at the Singapore University of Social Sciences (SUSS), where she teaches and undertakes research supervision on cybercrime, and cybersecurity and digital transformation.

https://cybercognizanz.com http://linkedin.com/in/anuradha-rao-phd contact@cybercognizanz.com About Chirag: Chirag is the Founder and CISO of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. He is a multi-award winning cyber leader and is featured in prestigious CSO30 list of top cyber executives in the region. Chirag has experience leading cyber programs in multiple countries across various industries.

He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world. https://www.linkedin.com/in/chiragdjoshi/

As we enter 2024, Chirag is joined by a brilliant lawyer Georgia Marwick to tackle some of the more pressing issues surrounding cyber security and privacy such as rise of class action lawsuits, application of legal privilege protection, regulatory action against organisations, Australian Privacy Landscape and elements of building defensible cyber security and privacy programs.

The discussion covers:

Growth of Class Action Regimes in Australia: Exploring the increase in class action lawsuits in Australia, particularly in the financial services sector following the 2018 Royal Commission. This includes the profitability and benefits of these actions and the challenges in establishing a cause of action due to privacy laws.

Impact of Class Action Lawsuits on Cyber Risk Management: Discussing how class action lawsuits related to cybersecurity breaches could influence risk management strategies in Australia. This includes the process, duration of class actions, and their potential to provide insights for improving cyber risk management.

Legal Professional Privilege and Cybersecurity: Analyzing the role of legal professional privilege in cybersecurity, including how it applies to specific cases like Optus. The discussion highlights the criteria for claiming privilege and the implications for cybersecurity incident response.

Privacy Landscape and Challenges for SMEs: Addressing the evolving privacy landscape in Australia and its impact on small and medium enterprises (SMEs). The conversation covers potential regulatory changes, increased fines, and the necessity for financial and educational support for SMEs in complying with these changes.

Cyber Security Balance: People, Process, Technology: Emphasizing the importance of balancing people, process, and technology in cybersecurity. The discussion includes the need for a comprehensive approach to protect valuable assets and the significance of creating a strong cybersecurity culture within organisations.

About Georgia: Georgia Marwick is an experienced Australian Lawyer currently working as a Data Privacy Lead for CSO Group. https://www.linkedin.com/in/georgia-marwick-06392b116/

About Chirag:

Chirag is the Founder and CISO of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. He is a multi-award winning cyber leader and is featured in prestigious CSO30 list of top cyber executives in the region. Chirag has experience leading cyber programs in multiple countries across various industries.

Chirag is respected as a thought leader in cyber security with keynotes and presentations across the world. He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world.

https://www.linkedin.com/in/chiragdjoshi/

In this insightful episode, Chirag is joined by David Fairman to tackle the critical aspects of Australia's ambitious 2030 Cybersecurity Strategy. The discussion is not just an overview but a bold analysis, addressing criticisms and exploring the strategy's multifaceted implications. Chirag and David not only dissect the strategy’s ambitious goals but also offer pragmatic insights into its implementation, challenges, and broader impact on society and businesses. For anyone keen on understanding the intricate balance between cybersecurity ambition and practical implementation, this episode is a compelling watch.

Key Discussion Areas:

- Australia's 2030 Cyber Security Vision and its Realism

- Challenges in Implementing the National Cybersecurity Strategy

- Balancing Cybersecurity Regulations for Diverse Business Sizes

- The Role of Data Governance and value of Data Classification Model

- Importance of Smart Devices and IoT Cyber Security

- Focus on Threat Intelligence and Offensive Cyber Security capabilities - Future Directions and Implications of AI Regulations

- The Importance of Public-Private Partnerships

- Funding and Support for SMBs within the Cybersecurity Strategy

- Debunking myths and understanding the utility of Digital ID Program

- Ransom Payments and Mandatory no-fault Cyber Incident Reporting

Link to Australian Cyber Security Strategy: https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy

About David:

David Fairman is an experienced CIO/CSO/CISO, strategic advisor and investor. David has extensive experience in the global financial services sector. David is currently the APAC CIO & CSO for Netskope helping customers manage their digital and cyber risk programs in addition to working across industry with the aim of making the digital economy a safer place to do business. Furthermore, David is a Partner and CISO-in- residence at SixThirty Ventures, driving innovation and helping build great technology companies. Previously, David was the Chief Security Officer (CSO) at NAB owning all aspects of Physical Security, Fraud, Investigations and Cyber Security. Prior to NAB, he was the Group Chief Information Security Officer (CISO) for the Royal Bank of Canada. David has been a senior leader at JP Morgan Chase & Co and the Royal Bank of Scotland (RBS) having held several regional CISO and Global Head roles.David was raised and educated in Australia where he received his Bachelor of Information Technology in Software Engineering and Computer Science. He holds a Masters of Business Administration and a Masters of Project Management. David began his career in Information Security while serving in the Royal Australian Air Force’s Electronic Warfare and Communications group, where he gained valuable experience in the technology, policy and process aspects of security and risk management. Subsequently, David worked in a variety of roles in technology and cyber, including in the utilities sector.David holds a number of positions on boards of directors and was a founding member of the Security Advisor Alliance and the Canadian Cyber Threat Exchange. During his tenure at NAB, David was the Chair for the Board of Directors for the Australian Financial Crimes Exchange and spear headed the formation of a taskforce involving the big 4 banks, AFP, ASD and ACSC to detect and disrupt cyber-crime impacting Australia. David also advises a number of VC funds and Cyber Security companies.David was recognised in the Top 50 Australian Professionals, as profiled by the Top 100 Magazine. David has also been named as one of the Top 10 CISOs to know, and is recognised as a thought leader in the cyber security industry as profiled by K-Logix.David co-authored “Cyber Risk” (2016) and co-edited “Fintech: Growth and Deregulation” (2018) published by Risk Books and was the Technical Editor for “Zero Trust Journey Across The Digital Estate” (2022) published CRC Press.

In this episode focused on Cyber Security for Small and Medium Businesses (SMBs) and Not For Profits (NFPs), Chirag is joined by Brett Randall - a longtime technology leader in these areas. In this wide ranging discussion, several practical strategies and actionable takeaways are shared in following areas:

- Importance of cyber security for SMBs and NFPs - Influencing senior executives and stakeholders to bolster cyber posture of these organisations - Strategies to pragmatically bolster security profile in a smart, cost effective manner - Effectively evaluating and monitoring services provided by Managed IT providers - Leveraging Artificial Intelligence effectively and securely - Role of Security Culture and informed risk decisions for cyber resilience Resources: Practical Cyber Security Advice for Small and Medium Businesses by 7 Rules Cyber: https://www.linkedin.com/pulse/cyber-security-advice-small-medium-businesses-7-rules-cyber-ydfyf Chirag's most recent Best-Selling Book "7 Rules to Become Exceptional at Cyber Security" Link: https://www.amazon.com.au/dp/0648662381 About Brett: With over 20 years' experience in technology management, Brett specialises in identifying needs and helping organisations drive success whilst mitigating risk. He is adept in the areas of solution design and delivery, architecture, infrastructure, cybersecurity, change management, software development and emerging tech. Brett holds a Master of Business in IT Management and a Bachelor of Psychological Science. He is passionate about learning, training, and the active employment of critical thinking throughout all areas of technology and business. Brett's philosophy centres around the alignment of technology and governance with top-down business objectives. An organisation can only be successful when its people, technology and processes are aligned with strategy. Thus, his focus is on ensuring that every aspect of technology both serves, and delivers value to, the organisations that he partners with. About Chirag: Chirag’s ambitious goal is simple—to enable human progress through trust in technology. To accomplish this, he wants to help build a world where there is trust in digital systems, protection against cyber threats, and a safe environment online for communication, commerce, and engagement. He is the Founder and Chief Executive of 7 Rules Cyber - a cyber security company focused on enabling businesses to be secure in a cost-effective and efficient manner. Chirag is respected as a thought leader in cyber security with keynotes and presentations across the world. He is the author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and "7 Rules to Become Exceptional at Cyber Security" which have been purchased in multiple countries across the world. His podcast features insights from distinguished professionals in a wide range of disciplines, including media, entrepreneurship, executive leadership, and futurology. During the course of his career spanning multiple sectors and countries, he has built, implemented, and successfully managed cyber security, risk management, compliance, and awareness programs. Chirag has held executive and senior leadership positions in large, complex organisations and excels at the art of translating business and technical speak in a manner that optimises value. Chirag has led teams, managed multi-million-dollar budget and transformation programs. He has a strong record in both IT and OT environments, and leading cyber security through de-mergers and divestments. Chirag has experience of being a Director for a NFP Board and member of advisory Boards. He has extensive experience with a wide range of standards, frameworks, and regulations, including NIST CSF, APRA CPS 234, AESCSF, PCI DSS, Health Insurance Portability and Accountability Act (HIPAA) and ISO 27001/2.

In this special edition, Chirag is joined again by Global CISO Michael Oberlaender to discuss a potentially watershed event in cyber security - the US SEC action against SolarWinds and its Chief Information Security Officer (CISO). The charges include fraud and internal control failures. Complaint alleges software company misled investors about its cybersecurity practices and known risks. In this discussion filled with practical analysis and insights, Chirag and Michael discuss: - Implications of the SEC Ruling on the global CISO Community. Will it have a chilling effect or is it a step in the right direction. - Evolution of CISO role, potential liabilities and where the real accountability lies in organisations. - Cyber Security in Corporate Governance and Executive Responsibilities - Elements of defensible cyber security programs accounting for materiality.

- Increasing Regulatory Expectation and Scrutiny for Cyber Security Practices especially in Australia and US.

- Role of Cyber Security Culture including Incident Readiness.

- Need for Action to Protect Critical Infrastructure. Resources: SEC Charges Press Release: https://www.sec.gov/news/press-release/2023-227

Chirag and Michael's prior discussion: https://youtu.be/F3ljNTgg9fY?si=AnVWBlr-Lzwwrsv9

Chirag's most recent Best-Selling Book: 7 Rules to Become Exceptional at Cyber Security

Link: https://www.amazon.com.au/dp/0648662381 About Michael: Michael's books offer a lot of insights for current and aspiring security leaders. Global CISO Strategy Tactics and Leadership: https://www.amazon.com/dp/B0851LZKF2CISO

and

Now What: How to Successfully build Security by Design: https://www.amazon.com/SO-Successfully-Build-Security-Design/dp/1480237418 Michael Oberlaender is a global industry leader, dynamic, focused, multilingual, Senior Technology and Security & Privacy Executive with successful track record in developing and leading corporate technology and information security programs for global organizations. Board Member, Advisory Board Member, governance and audit committee, committed change agent, transformation agent, translator between business and technology & security, cross-functional strategic and tactical approach ensuring enterprise security initiatives. 25+ years full time global security leadership in eight different CSO/CISO roles (career CSO). Highly accomplished problem-solver, polished communicator exhibiting highest ethical standards, professionalism and attention to strategic vision and tactical detail. Published multiple books, journal articles author, public conference speaker, panel moderator, visionary thought leader, strong execution.