Tom Kartanowicz joins us and shares his thoughts on CISO Reporting, Prioritization and the evolution of the CISO journey.
Altri episodi di "B2BiQ"
What does it take to run a successful AM business? In conversation with Brad Keselowski.
43:31In this episode, Marcus Seibold and Dr Mohsen Seifi interview Brad Keselowski, the founder of Keselowski Advanced Manufacturing. Brad discusses the pain threshold and the need for corporate cover fire in AM, especially when tackling friction points for buyers and programme managers. He explains the delicate balance needed to achieve specs for creating the most cost-effective parts and how to improve confidence with the digital workflow. Siemens Energy is the series sponsor.
What does it take to run a successful AM business? In conversation with Vishal Singh
40:24In this episode, sponsored by Siemens Energy, Marcus Seibold and Dr Mohsen Seifi interview Vishal Singh, Co-Founder and CTO at Link3D. He covers how to scale the AM business, minimise the risk of production and maximise output by applying learning from the software industry. These lessons give insight into the best economic, business, and cultural practices needed for success in the AM industry.
Non perdere nemmeno un episodio di “B2BiQ”. Iscriviti all'app gratuita GetPodcast.
What does it take to run a successful AM business? In conversation with Neil Mantle
38:37Success in Additive Manufacturing goes beyond technology. It encourages new ways to think about business governance. Sponsored by Siemens Energy, Marcus Seibold and Dr Mohsen Seifi invite experts to discuss the economics, operational constraints, and the role of culture in creating a successful AM business. Their first guest is Neil Mantle, Director of Manufacturing at Rolls-Royce, with whom we shall delve into the issues around AM with his banker concept and his views on how to build trust and confidence.
Jett Oristaglio, DataRobot
37:07Data Scientist Jett Oristaglio joins us to talk about Humble AI. Trusted AI and asks, What is everything you need to trust in AI for your life? He goes on to share that trust is not binary- it’s multi -dimensional - and so, there are a number of criteria that should be evaluated. Performance- or, does the model predict the problem being solving for well- otherwise known as accuracy. Operations- or, how reliable is the system that the model is deployed in. And Ethics- or, how well does the model align with the values of the organization. Of course, most talked about is accuracy in that the model has to be fast enough, has to be stable (have strength). Not surprisingly- all of these aspects, you want in a human decision maker.
Suresh Chowdary, Nokia
19:45During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and whaling. This layer defense mechanism moves away from a one-size-fits-all strategy, ensuring that everyone across the enterprise is well equipped to stay protected against threats. Three Cyber Security Defense Layers To Consider By baseline testing employees for their susceptibility to phishing, an enterprise gathers statistics and builds an actionable and measurable improvement plan. Even within this layer, different departments are responsible for different deliverables. That means that malware threats and other vulnerabilities will affect separate industries and divisions within that industry to varying degrees. By customizing phishing tests—much like bad actors do—a holistic and accurate pattern emerges. A second layer is to have targeted training sessions for employees so that they understand what is anticipated and expected from them, how to report phishing attempts properly, and how to make sure that they are not processing payments or sending these kinds of sensitive personal information on emails when they get these kinds of emails. A third approach is targets key executives. Suresh warns that this can get tricky. Leadership team members are often global, meaning they’re traveling frequently to meet customers and vendors or participate in seminars and conferences. They also have a multiset of technologies at their disposal. With all these touchpoints, it is difficult for a CSO or an information security organization to inform executives of the varying degrees and types of risks. In this case, Suresh suggests relying on proactive, reactive, and detective controls to safeguard them. Because awareness alone doesn’t cut it for these busy individuals, multifactor authentication mechanisms and email encryption are a must. For example, a two-factor mechanism for approving invoices through email mitigates risk considerably. Things To Consider When Developing A Cyber Security Plan Finance and HR employees are particularly vulnerable due to their payment processing duties. An email spoofing the head of finance or the CEO may expertly convince an employee to urgently transfer money at the click of a button. The possibility of getting that money back is nearly zero. Additionally, HR has a massive amount of sensitive data at their fingertips. Data is the new oil in the cyber crime industry. All it takes is one slip or a single lapse in judgment for a breach to expose personal data so sensitive—such as credit card and social security numbers—that it creates a lawsuit or enough bad press to devastate an organization. Examining the big picture and important factors of an organization helps build a plan that fits the company in terms of cost, risk profiles, and the size of the organization. Considerations may include: Cloud service encryption packages Appropriate number of training sessions per year Regulations and limitations of certain technologies across different geographies A security plan isn’t going to be the same across an organization. Still, there are certain baseline technologies that build the foundation of security—namely an antivirus solution and a personal firewall for every employee across the globe. While email encryption is a nice-to-have for all employees, it is a must-have for people who are prone to whaling attacks, including the C-suite and leadership team. Other departments to keep in mind for customized control mechanisms are finance, HR, legal procurement, and suppliers. It is important to have a combination of proactive and reactive controls when dealing with these hidden enemies. Advanced Persistent Threats The obvious goal to a phishing or whaling attempt is an immediate financial gain. However, an advanced persistent threat can do much more damage. In this scenario, a bad actor gains access to an organization’s network by confiscating credentials. Once inside, they can find and extract data while remaining undetected for long periods of time. Of course losing money hurts, but the loss of IP like propriety algorithms or software can be a nail in the coffin. The Business Case For Proactive Controls Suresh estimates that only about half of all organizations have a solid baseline of security, although that estimate goes up to about 80% for middle and large sized companies. Unfortunately, too many companies make significant investment into cyber security reactively. The ROI and business case for a primary, proactive cyber security strategy often isn’t obvious until it’s too late—that is, a breach has occurred. It is a CSO’s job, then, to build and communicate a strong business case around why a security technology investment is worth it. Also, while training is a worthy and necessary investment, humans are only human, and phishing and whaling attempts will sometimes work. That is why a CSO must argue for build-on reactive honeypot technologies. Honeypot is a security mechanism that deploys within a network and spots malicious traffic patterns in an out of the network. Honeypot can be set up to divert traffic to particular devices that slow the traffic down and even forensically investigate the source, destination, and the TCP or UDP port numbers. It identifies the types of files and time of the breach as well. Closing Thoughts Suresh closes with a reminder for CSOs: they are responsible for not only protecting and safeguarding critical information assets, but also to mitigate these kinds of threats that might be underpinning on certain specifics or functions. Beyond security talent, management and business skills are required.
Robert Welborn, GM
25:09Robert Welborn is the Director, Data & Data Science for General Motors. As he sees it, global corporate enterprise has- for the most part, seen data as a luxury, “we'll get to reporting when we get to reporting, we'll upsell, we'll monetize.” Not that monetizing is a bad thing, but Robert’s point is that we haven’t been using data as the ultimate element of decision-making. Sure- data-driven decision-making has occurred, but not to the extent of managing enterprise existence. The global pandemic had a particular effect on Robert’s company. For over 100 years General Motors manufactured motor vehicles. Then on April 8th, 2020- General Motors became a ventilator manufacturer. What used to be a fun data dance that Robert and his team would do privately suddenly became precision choreographed ballet of the highest order with every decision-maker involved. “What we had used as a luxury before suddenly was driving everything. We're having conversations with our suppliers, with the UAW and with the plants showing them through data what we're going to do next.” And the data told them just what to do. Robert and his team were seeing vehicle-level data as the pandemic burst across the globe and made it’s way to the East Coast of the United States. “The data is saying we can shut down. And the data that we're getting from the state of New York in specific is saying that we, if we were doing anything right now- we should be building ventilators. If there's anything that we would do, we should build insulators and we should build masks.”