On this episode, David Beardshaw, CISO of 3VRM, joins Yonatan Lipschitz. They discuss the importance of third-party risk management (TPRM) and its role in securing organizations. They explore the definition of TPRM and the risks associated with third-party relationships. They also discuss the challenges of questionnaire-based assessments and the need for more modern approaches to TPRM. The conversation highlights the value of monitoring organizations' cyber health and the importance of incident response in TPRM. They emphasize the need for collaboration and breaking down silos within organizations to effectively manage third-party risks.

Host Yonatan Lipschitz is joined in this conversation by Carlo Schreurs, Global CISO at FrieslandCampina. Carlo shares his journey from aeronautical engineering to becoming the CISO of Friesland Campina. He discusses the shift from IT to OT security, the importance of a transformational mindset in cybersecurity leadership, and the challenges of standardizing and centralizing security policies in a large organization. Carlo emphasizes the need for buy-in, relationship-building, and risk management in cybersecurity. The conversation covers the integration of OT in the cybersecurity approach, the importance of addressing human factors in cybersecurity, and the significance of communication and transparency during incidents. It also emphasizes the need for tailored training and awareness programs for different organizational roles.

Takeaways

• Carlo's journey from aeronautical engineering to CISO highlights the diverse paths that can lead to a cybersecurity leadership role.
• The importance of a transformational mindset in cybersecurity leadership is emphasized, focusing on business enablement and buy-in from executive management.
• The challenges of standardizing and centralizing security policies in a large organization, particularly in the context of IT and OT convergence, are discussed.
• The need for relationship-building, risk management, and a unified policy framework is highlighted as essential for effective cybersecurity leadership. Integration of OT in cybersecurity is crucial for addressing incidents effectively.
• Addressing human factors in cybersecurity is essential to reduce the risk of human error.
• Communication and transparency during incidents are key to managing and resolving crises effectively.
• Tailored training and awareness programs for different organizational roles are necessary for a comprehensive cybersecurity approach.

Connect with Yonatan and Carlo on LinkedIn. 

In this episode of the Resilience Podcast, Javier Garcia-Quintela, the CISO of Spanish energy giant, Repsol, discusses his personal journey into cybersecurity and the importance of building relationships and collaboration within the industry. He also addresses the energy sector's challenges, including the lack of cybersecurity skills and the growing number of threats. Additionally, he talks about the impact of regulations on cybersecurity and the role of AI in the energy sector.

Takeaways

• Building relationships and collaboration are key in cybersecurity, both within the organization and with external stakeholders.
• The energy sector faces challenges such as the lack of cybersecurity skills and the growing number of threats, including those targeting operational technology (OT) environments.
• Regulations, such as NIST, SEC, and NERC, are increasing the responsibility and accountability of cybersecurity incidents at the board level.
• AI has the potential to play a significant role in optimizing operations, making better decisions, and improving personal productivity in the energy sector.
• The Purdue model for OT environments, which emphasizes segmentation and isolation, is facing challenges with the increasing need for connectivity and efficiency.
• Misconfigurations and human errors can create vulnerabilities in both IT and OT networks, allowing threat actors to exploit them.

Yonatan is joined by Joe Hubback, Managing Director of Istari (EMEA).