Joe: Hey Kevin – let’s kick off today with a little bit about you and your background with cybersecurity starting with your work at the Department of Defense and moving to consulting and teaching both at Boston College and MIT. Let’s start there.
- You run a pretty cool conference called the Boston Conference on Cyber Security. You had FBI Director, James Comey speak at BCCS in 2017 for this one-day event. Tell the audience a little bit more about the Boston Conference on Cyber Security (emerging technologies, company concerns, etc.).
- There’s a research report out there called, “Remote Work And COVID-19 Cybersecurity Impact” and it revealed that organizations are struggling to mitigate the risks of increased COVID-19-related attacks, with 58% of security issues revolving around remote workers.
- If you’re a CISO, CIO, or Director of Cybersecurity or Director of Devops how are you positioning your company today against these threats?
- A big part of cybersecurity isn’t actually technical – per se – it’s about training and teaching everyone in the organization on how to be proactive with what they click on. Security is a critical component because if there’s a breach, ransomware attack, or worse it will shut down the company’s revenue systems for days.
- What advice would you give on teaching and training organizations to be proactive with security?
- If you’re starting out and want to lay the foundation for organizationwide cybersecurity culture – what advice would you give for building that new culture?
- Talk about cybersecurity risk metrics. What are some risk metrics you’re looking for?
- The security landscape is under heavy disruption, and constantly adapting to a changing landscape. What’s cybersecurity and innovation look like in 2020 and beyond?
Answer the CIO
- What is his perspective on how to best discuss Cybersecurity with board level executives? Is there an equivalent ROI calculation that is appropriate or a model that helps that balance investment $ with risk mitigation?
- Is the trend gap between company security programs and cyber criminals getting bigger, staying the same or shrinking? How does he track that? Is the answer significantly different by industry and size?
- If you could focus on just 2 security initiatives right now, what would they be and why?