S34 Ep2: Christopher Sestito - Stay Ahead or Fall Behind: The AI Challenge for Modern Businesses

In today's episode, Steve speaks with Christopher Sestito (also known as Tito), chairman of the board, CEO, and co-founder of HiddenLayer, a cybersecurity startup dedicated to preventing adversarial machine learning attacks. Tito shares his perspective on where the business world is currently when it comes to AI and cybersecurity. He also gives his thoughts on the state of AI regulation and what business leaders should do to protect their organizations in the age of AI.  Key Takeaways: AI is changing the cybersecurity game Tech regulation is becoming more fragmented  Securing AI is really no different from securing other parts of the business Tune in to hear more about: Why Christopher Sestito started HiddenLayer (1:28) Why AI will play an increasingly important role in organizational cyber defense (5:47)  What business leaders should think about as they approach cyber in the age of AI (20:18) Standout Quotes: “I think the challenge at the AI level is how fast we've moved. There's been so many advancements that if you don't have a dedicated organization looking at this, it's really just moving too quickly to ultimately have things at a sort of hardening level at the model layer itself.” - Christopher Sestito “I think I'm a bit of a realist when it comes to artificial intelligence coming in. I think we are viewing a very fundamental shift in ultimately what's gonna affect workforces and skill sets required. I think that if I was entering the workforce right now, I'd be focusing heavily on the effects of artificial intelligence, how I can leverage artificial intelligence.” - Christopher Sestito “Every organization really needs to pay attention to their agentic strategy right now. I think if you're engaged with other enterprise organizations, as all are, everyone's building agents right now, and those agents have a lot of autonomy in order to be able to conduct transactions, in order to be able to deal with data, to be able to interact, organization or organization. And I think every CISO is gonna need to be able to really articulate what they want to be allowed here and not because we're removing humans in the loop with these agents, we're allowing them to have quite a bit of agency in order to conduct these transactions at an incredible rate.” - Christopher Sestito Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve talks about ISF's flagship foresight report "Threat Horizon 2027: Grasping for Control." In a world defined by disruption and acceleration, this report offers not just a forecast of cyber threats, but a blueprint for resilience, and Steve walks listeners through the key themes. Key Takeaways: 1 Flexibility will be key in an increasingly volatile world. 2 Cyber must be considered in every aspect of an organization’s operations. 3 Control is possible, even if it sometimes doesn’t feel like it. Tune in to hear more about: 1 Why identity is becoming more and more important for businesses (2:24) 2 How senior leaders can prepare for the future (17:06) 3 Why control is still possible (21:42) Standout Quotes: 1 “Identity is really the cornerstone of everything that we do in the digital world, and it's fast becoming one of the most critical areas for business leaders to understand and take seriously.” - Steve Durbin 2 “Leaders need to understand the economic impact of cyber risk. What are the potential costs of disruption? How would a breach affect reputation, revenue, operations? It's the reputational bit, for instance, in my case, that worries me the most. And once you start thinking in those terms. You can make many more business-aligned, informed decisions about what you are going to do because you stop looking at the cost of doing something and instead you flip it and look at the implications and associated costs of not doing it.” - Steve Durbin 3 “I think that business leaders as a group, tend to be pretty resilient individuals. I've worked a lot with entrepreneurs, and they are probably some of the most resilient that I've ever come across because they have to be. And one of the things that they always believe in, I've found, is that irrespective of what's going on around you, control is still possible. But in order to have that level of control, it takes foresight, it takes focus, and I think above all it takes flexibility and, I would say, courage.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with Tavia about how AI and other emerging technology are reshaping society, and how we as humans should react to it.  Key Takeaways: AI and other emerging tech can help society, but guardrails are needed.  The world is becoming more fragmented when it comes to how it views AI and tech.  With AI and new technology, we have to be increasingly cautious in our interactions in cyberspace.  Tune in to hear more about: Why it’s unlikely there will be international rules around AI (4:32) How technology is changing how we interact – and what that means (7:12) What people 50 years from now might say about how we’re currently handling emerging tech (22:28) Standout Quotes: “We need to be putting in place guardrails, particularly when it comes to AI, around how it's going to be used, because we are playing with a technology, the power of which we don't fully understand yet.” - Steve Durbin “I think it is about how we get the balance right. I think that it isn't about shutting down some of the technological advances that we're seeing, it is about just being a little bit more realistic about their fallibility and trying to get equilibrium back between people and tools.” - Steve Durbin “I suspect that what they will do is take a look back and go, why on earth did they do that? Why on earth didn't somebody see that there was a better way? Because that's with the benefit of hindsight, isn't it? And we've got 20-20 vision when it comes to hindsight. And so I think that we are in the here and now and we need to find a way of muddling through. And I think that everybody has a responsibility to do that.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this bonus episode, Steve speaks with Dr. Ellie Pavlick, a professor of computer science at Brown University. Dr. Pavlick’s research focuses on computational models of semantics and pragmatics which emulate human inferences in artificial intelligence. Steve and Ellie discuss generative AI, developing a pipeline of talent to work with it, and perspectives on its developing uses for organisations. Related Resources from ISF: ISF Podcast: The AI-Quantum Revolution: Today, tomorrow and the future ISF Podcast: Steve Durbin & Nicholas Witchell - The Case for Social Responsibility in AI ISF Podcast: Boosting Business Success: Unleashing the potential of human and AI collaboration Navigating Boardroom Concerns: Top 9 Cybersecurity Risks and Challenges Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter

Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia’s movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today’s Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

An interview with Steve Durbin, Chief Executive, ISF,  hosted by CEO and Founder of The Drop In CEO Podcast, Deborah A. Coviello. Originally published by The Drop in CEO Podcast.  In this episode, Steve shares his unique journey from literature to cybersecurity, emphasising the importance of curiosity, learning, and fresh perspectives in leadership. The discussion delves into the evolving landscape of cybersecurity, the necessity for business leaders to adopt a resilient and informed approach to technology and risk management, and the value of continuous education and networking. Steve offers practical advice for business leaders on safeguarding against cyber threats and highlights the dynamic interplay between technology, business strategy, and security. Episode Highlights: 01:57 Steve's Journey: From Literature to Cybersecurity 05:12 The Importance of Reading and Continuous Learning 08:02 Transitioning Careers: Embracing Technology 16:58 Information Security Forum: Mission and Impact 29:12 Practical Advice for Leaders on Cybersecurity   Discover more about the Information Security Forum (ISF), and tune in to our engaging podcasts.

Today, Steve sits down with supply chain expert Neil Coole, who currently serves as Enterprise Partnership Director at BSI. He emphasizes the need to know your organization’s supply chain story in order to stay secure and protect your brand. He and Steve talk about how regulation can go beyond a checklist and add value for companies. Key Takeaways:  1 The covid-19 pandemic and recent conflicts have highlighted the vulnerability of today’s supply chains.  2 Standards exist as frameworks to help companies live up to responsibilities set upon them by law or consumers.  3 A harmonized assessment framework can help industries secure their supply chains and save organizations time and money. Tune in to hear more about:  1 How standards are created and what their purpose is (8:57)  2 Protecting critical infrastructure in the US (14:09)  3 The Supplier Compliance Audit Network, a community of US-based retailers and brand owners who’s created a harmonized assessment framework for its industry (23:23) Standout Quotes:  1 “The expectation now is on more trust, transparency and also traceability, especially things like tech-enabled traceability. What kind of tech-enabled traceability solutions is that client using to determine where the goods are coming from? What route are they taking? Who's opening up the cargo containers and possibly adulterating goods, stealing in transit, all those other things – that's a real concern today for these organizations who are moving hundreds of thousands of freight containers on an annual basis. It's a real risk that they have to live with. The solutions are there. It's just helping those organizations understand the role that standards, shall we say – a standard is a best-practice framework – can play in helping to reduce, or, in some cases, even mitigate some of those risks.” - Neil Coole  2 “There's opportunities for improvement everywhere, but from a maturity standpoint, we do view parts of the critical infrastructure sectors like energy and finance to be on the more mature end. And then there's a few in the middle that are learning some important lessons. And then there's those who are actively being targeted we read about all the time. They are the ones that I feel would benefit more from some of the guidance and support and information that's available for them to be less of an attractive target.” Neil Coole  3 “So, if you're a single supplier working for the top 10 biggest brands, the top 10 are sending out some form of assessment of you. You're getting that 300-page assessment document, not just from one supplier, you're getting it from all the suppliers. But if those suppliers become part of the same community and they agree to accept a single assessment outcome, no matter who has instigated it, everyone benefits. The supplier benefits – minimizes their disruption, they get to work with more brands in an open and trusted environment – and it just saves that complete disruption and unnecessary costs of delivering an assessment by multiple brands.” - Neil Coole Mentioned in this episode:  • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with Kailyn Johnson, cyber intelligence and geopolitical risk lead at UK consulting firm Sibylline. Kailyn and Steve discuss the current threat landscape, focusing on areas where cyber and geopolitics overlap, and she offers some practical advice on how to contextualize security for your organization’s C-suite. Key Takeaways: 1 The dark web is becoming more democratized, opening up the door for low-skilled threat actors to cause harm. 2 Open and frequent communication between security teams and other branches of the organization, in particular those in charge of the budget, is crucial for cyber resilience operations to receive sufficient support. 3 Staying up to date on patching, knowing your supply chains, and understanding how threats to critical infrastructure can affect you, will be key for organizations in 2025. Tune in to hear more about: 1 How the dark web is becoming more democratized, and what means for businesses 2 Why showing the worth of the cyber team is tricky but critical for long-term success 3 What organizations can do better in 2025 Standout Quotes:  1 “So we're seeing just ransomware continuing to be a consistent risk to business operations, financial risk, reputational risk, security risks, operational risks. But alongside that, we're also then seeing the influx of a lot more low-skilled threat actors having now the capabilities to conduct sophisticated operations with the democratization of the dark web.” - Kailyn Johnson  2 “Showing off the value that these teams have to the people with budget, sometimes might help unlock a bit of that budget. If you're seeing the benefit of those teams, you're more likely to give them the budget that they might need for it, and whether that's internally or sometimes externally, if you've produced really good work, or if you've created all these detections that have helped improve the network security for your organization, how could we maybe publish that, whether it's internally to the stakeholders, or if it's for everyone, so people are seeing, actually, they're doing a really good job.” - Kailyn Johnson  3 “But sometimes you're so focused on the impact of the regulations that you sometimes then forget, actually the processes that we're doing are working. Then should we just maybe let things play out and see how they're going? I think there's always a bit of a worry of, are we always in compliance? And it's good that we have that worry, but it's also sometimes the case of, just keep doing what you're doing, and you've got your compliance teams to tell you when you're not.” - Kailyn Johnson Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Dr. Kate Darling, Research Scientist at the MIT Media Lab and Research Lead at the Boston Dynamics AI Institute. Kate has spent years studying human-robot interaction, and she speaks with Steve about the fascinating impact such interactions can have on us as people, and what that means for businesses trying to incorporate robots and AI into their customer experience. Key Takeaways: 1. It is natural for humans to project human behavior onto non-humans. 2. Using robots to help humans do their work better is smarter than replacing them.  3. More technical expertise is needed for policymaking to keep pace with new technologies.  Tune in to hear more about: 1. Why humans form emotional connections with robots 2. How a grocery store robot is scaring customers 3. Pitfalls of commercializing robotics Standout Quotes: 1. “That's part of the reason that we do this, that we create these strong emotional connections, even with non-living things like robots, is because we have this drive, and especially in these emotionally difficult situations, it may even be something that helps people survive. So I don't think it's as black and white as just: we need to prevent this anymore, but it is something that we need to be extremely aware of and acknowledge that it's happening, so that we can address it appropriately where possible.” - Dr. Kate Darling 2. “So I think it's important that we're making the right choices. It's not that technology determines what happens. It really is us as a society choosing to set the right incentives for companies and invest in the right kinds of technology. And I do think that there's much more promise in that path, the path of trying to partner with these technologies and what we're trying to achieve, rather than trying to replace people or recreate something we already have.” - Dr. Kate Darling 3. “We've used most animals like tools and products, and some of them have been our companions, and my prediction for the future is that we're going to do the exact same thing with robots and AI, that most of them will be tools and products and some of them will be companions.” - Dr. Kate Darling Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve speaks with best-selling author and hypnotist Paul McKenna about something that affects all of us — stress at work. Paul talks about the impact stress can have on workers and gives practical tips to care for yourself and the employees you lead, even in the fast-paced, “always-on” security industry. Key Takeaways: 1 It’s important to be mindful of signs of stress before it gets to burnout. 2 Mindfulness, hypnosis, and other types of self-care can significantly reduce stress. 3 For long-term success, employers should look to balance output and productivity with their employees’ mental and physical well-being. Tune in to hear more about: 1 Why we’re more stressed than ever (1:10) 2 How to identify signs that may lead to burnout (3:26) 3 How companies and leaders can support their employees well-being (12:32) Standout Quotes: 1 “It's right now a massive issue, anxiety, stress, fear, worry, because if you think about it, you turn on the TV, or you open a newspaper, you're under attack. It's the war, it's the virus, it's the economy, it's something or other. And so understandably, post the pandemic, we were out of the biological pandemic, but we're sort of in a psychological pandemic.” - Paul McKenna 2 “ Now the thing is, addiction is about changing your state of mind and body, so drinking, drug taking, gambling, sex, shopping, television and food, particularly sugar food, are the world's drugs of choice. And everybody in the world at some point feels too much stress. They feel overwhelmed, and so they resort to something to change how they feel, some of the things I just mentioned. And in a sense, some people, they form an addiction to their work because they can, you know, forget about everything else that's going on in their life. They might not have to think about their relationship or, you know, some other stress, from their family or something. So they immerse themselves in work.” - Paul McKenna 3 “Years ago, when I started corporate training, one of my colleagues, I asked him, ‘Why is it corporations pay so much money to have their staff trained?’ He said, ‘Well, I can show you,’ because look, they see that ‘days sick' goes down, the productivity goes up. So basically, by staying in the zone of balance – you've got enough output getting things done, versus balance, which is recovery time, in my mind. You get that mix right, then you're going to be more productive in the end.” - Paul McKenna  Mentioned in this episode: • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter 
From the Information Security Forum, the leading authority on cyber, information security, and risk management.