Podcast ISACA

Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment. Firms are being out-innovated and entire industries are being disrupted in a matter of mon…

In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat …

For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of ri…

If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISAC…

In this episode, executive principal at Risk Masters International’s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations’ public images with host Safia Kazi.…

SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data. However,…

A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of p…

We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact. In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson…

A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors. For more information, go to https://isaca.org/digital-trustBởi ISACA Podcast

ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare. For more information check out www.isaca.org/heightened-threatsBởi ISACA Podcast

Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organizatio…

Compliance with the world’s ever-increasing list of privacy laws can be a tricky undertaking for any organization, but by taking a few simple steps, you can begin to mature your privacy program from a series of check-box exercises into an intelligent compliance program that can help organizations to build consumer trust and protect brand reputation…

Career coach Caitlin McGaw will share her top tips for young professionals and career changes on how to launch a successful career in IT audit--from acing your first interview and landing your first job to career resources to help your career continue to grow and thrive. To learn more, check out www.caitlinmcgaw.com…

Learn more at isaca.org/digital-trustBởi ISACA Podcast

Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure …

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others? To understand and answer th…

On National IT Professionals Day, ISACA's Kevin Keh explains how IT professionals can advance digital trust in their organizations and in their industries. Learn more at isaca.org/digital-trustBởi ISACA Podcast

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cy…

Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization. Stay tuned until the close to hear Guy’s advice on using metaphors when communicating technical co…

ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies crea…

The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos. This article discusses how SOX measures up 20 years after the law was enacted. To…

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-…

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions. ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out th…

The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack …

In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data. Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: th…

As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit. Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective a…

In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report. As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat …

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions s…

It is all about the system's downtime. In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the I…

We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe. Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more pr…

Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government, and socio-economically disadvantaged communities with his…

Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout. There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting wo…

In this ISACA podcast episode, IT Risk Director and Senior Vice President Mike Powers and IT Segment Risk Manager Julie Ebersbach discuss using the qualitative risk assessment as part of an organization's enterprise risk framework, focusing on using data to inform subjective judgments. The value and accuracy of a qualitative risk assessment, based …

In today’s dynamic world of distributed computing and cloud-scale systems, traditional security data platforms and tools such as SIEM typically fall short of actually delivering the intelligence needed to better adapt to the rapidly changing threat landscape. This is primarily due to a lack of core data lifecycle management, analytics, and integrat…

There is no denying the passion that ecfirst's CEO, Ali Pabrai has for cybersecurity. In this ISACA Podcast, Ali tells ISACA's Hollee Mangrum-Willis that after all his years in the industry, he is still more excited than a two-year-old at the entrance to Disneyland. Listen in as Ali discusses his origin story as a first-generation American working …

Cybersecurity incidents like ransomware can potentially bring operations to a standstill. Recent regulatory changes by the FTC and proposed changes by the SEC show that both agencies are drafting cybersecurity rules similar to ERM concepts. This would include board oversight of cybersecurity and the responsibility of senior management to implement …

University of Florida's Ivy Munoko is passionate about AI and has plenty to share regarding implementation and usage, but ISACA's Collin Beder asks, "is it ethical"? Ivy breaks down the ethical considerations for AI and the four types of intelligence (Mechanical, Analytical, Intuitive, Empathetic), and she shares her take on why she thinks AI won't…

What’s The Risk LLC’s Cindy Baxter sits down with ISACA’s Robin Lyons to discuss auditing culture, which can be one of the most interesting areas to audit. We all have things we want out of our work environment like remote work, flexible hours or as Cindy comments: “I’d love to take my dog to work with me!”, but she and Robin question what is reall…

This episode of the ISACA Podcast is all about incident reporting. Lesotho Postbank's Relebohile Kobeli talks to ISACA's Collin Beder about mitigating risk, minimizing losses from events, and good communication. As Relebohile says: "as we carry out our daily tasks at work, we should always be proactive... and recognize abnormal behavior". Tune in n…

Netflix's Lisa Young started as a bank teller that learned tech by fixing and servicing ATMs, which transitioned to her joining the network ops field and leading her to "help organizations understand what could keep them from meeting their strategy, objectives or mission". After rough telecom layoffs, she re-educated herself with ISACA certificatio…

Some industry watchers estimate that by 2025 the collective data of humanity will reach 175 Zettabytes. ISACA's Jon Brandt invites Dr. Chase Cunningham (aka Dr. Zero Trust) to discuss how to defend the ever-growing amount data, problem-solving for business units and compliance. Chase also questions the idea of “never compromise” and “perfect defens…

Parte I: https://isacapodcast.podbean.com/e/foco-de-la-industria-arnulfo-espinosa-dominguez/ El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido dura…

Many organizations prioritize goals such as gains and profits, which often require rich data sets, but fail to consider the eventual impact of their data handling methodologies on foundational social justice issues. ISACA's Collin Beder talks to Josh Scarpino about his recently released article Evaluating Ethical Challenges in AI and ML. Josh discu…

Parte II: https://isacapodcast.podbean.com/e/foco-de-la-industria-arnulfo-espinosa-dominguez-parte-ii/ El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha apre…

The stakes are too high for organizations not to comply with data privacy regulations,” Bassel Kablawi states in his article, "Why (and How to) Dispose of Digital Data." As the Information Security and Data Privacy Consultant for System Solutions, Bassel Kablawi has the knowledge and experience to determine that the value of data disposal can help …

Link to Part I: https://isacapodcast.podbean.com/e/industry-spotlight-johann-dettweiler-part-1/ In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should foc…

Link to Part II: https://isacapodcast.podbean.com/e/industry-spotlight-johann-dettweiler-part-ii/ In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should f…

Cloud is ubiquitous now. From small enterprises to large companies, all are moving a part of their technology operations to cloud. Initial reluctance is now nowhere to be seen. There is more confidence among the user for the use of cloud technology. Join ISACA’s Jeff Champion as he talks with Risk and Control Specialist, Upesh Parekh about cloud de…

Link to Part I: https://www.podbean.com/media/share/pb-agrfe-12a9555 Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industr…

Link to Part II: https://www.podbean.com/media/share/pb-ma96i-12af3bf Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Indust…