Careers Information Security Podcast

Mark Bernard is the Security & Privacy Officer at Credit Union Central of British Columbia. In this podcast he talks about risk management and ISO 27001 Certification Mark Bernard has extensive experience in the IT security industry, both in the US and Canada. He is currently the Security and Privacy Officer for the Credit Union Central of B.C., and is leading the credit union to become the first financial institution to achieve ISO 27001 certification. Mark has a reputation for improving organizational security without increasing costs or adding layers of controls. During this podcast Mark discusses: -- How to manage a risk management program in a way that does not increase costs but adds to your organization's security -- What ISO 27001 certification entails and the benefits to your bank or credit union -- Why ISO 270001 certification can actually save you money -- The essential business skills that allow a security manager to excel

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on:Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be required for everyone; why rewarding good behavior is a must; what other training financial institutions should focus on - AML, GLBA, and privacy issues; why more training on social engineering is vital. Bardin discusses the challenge of training your employees, and getting them to put the training into their everyday work, and how to get them to take it seriously; he'll also describe why senior level support is needed in security awareness training, and what it takes to make security a core value in an institution.

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be required for everyone; why rewarding good behavior is a must; what other training financial institutions should focus on - AML, GLBA, and privacy issues; why more training on social engineering is vital. Bardin discusses the challenge of training your employees, and getting them to put the training into their everyday work, and how to get them to take it seriously; he'll also describe why senior level support is needed in security awareness training, and what it takes to make security a core value in an institution.

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be required for everyone; why rewarding good behavior is a must; what other training financial institutions should focus on - AML, GLBA, and privacy issues; why more training on social engineering is vital. Bardin discusses the challenge of training your employees, and getting them to put the training into their everyday work, and how to get them to take it seriously; he'll also describe why senior level support is needed in security awareness training, and what it takes to make security a core value in an institution.

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification and currently serves as CEO of the SANS Institute. Listen as Northcutt describes the state of information security training today, and why colleges and universities still need to bring more technical focus to their information security curriculum, why there is still a real need for more technically-trained information security professionals to fight the influx of malware and Eastern European, Russian and Brazilian hackers who are coming to invade your institution. He explains the need for more technically-trained professionals versus "policy" professionals; and where he sees the industry growth heading, finally he gives some words of advice to those starting out in information security.

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification and currently serves as CEO of the SANS Institute. Listen as Northcutt describes the state of information security training today, and why colleges and universities still need to bring more technical focus to their information security curriculum, why there is still a real need for more technically-trained information security professionals to fight the influx of malware and Eastern European, Russian and Brazilian hackers who are coming to invade your institution. He explains the need for more technically-trained professionals versus "policy" professionals; and where he sees the industry growth heading, finally he gives some words of advice to those starting out in information security.