92 | Interview With Tom Kemp, Silicon Valley Privacy Advocate and Author of Containing Big Tech

This episode of the ADCG Privacy and Cybersecurity Podcast features Ken Westin, Field CISO for Panther Labs. Ken has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. We discuss how the lack of good application and data inventories impact incident response. When data is spread across data centers, clouds, and SaaS providers, it becomes difficult to track and trace an incident and understand its impact, but it becomes especially hard if the data involves confidential or proprietary business data that is not tracked by privacy officers or if it includes sensitive data that may involve regulators. The recent MOVEit breach, which involved software used to transfer sensitive data between servers, systems, and applications, provided rich lessons in the need for data asset inventories and SIEMs that can correlate data across providers and platforms.

30 Elo 202329min

This episode features Scott Giordano, former vice president and general counsel for Spirion who has more than 25 years of legal, technology, and risk management expertise and was one of the first attorneys to jump into artificial intelligence. We will discuss the implications of AI for privacy and information security, current US state laws, the EU AI Act, and what companies can do to prepare for “AI everywhere.” Scott also discusses the recent “Career Essentials in Generative AI” course he took, which is offered by Microsoft and LinkedIn.

16 Elo 202329min

In this episode, Jody Westby interviews Gerry Stegmaier, a partner in ReedSmith’s Tech & Data Group. Gerry focuses on digital issues, corporate governance, incident response, privacy, and cybersecurity matters, plus other areas. We discuss the new SEC Cybersecurity Risk Management Rule for public companies, how it differs from the proposed rule, key requirements and compliance deadlines, and the practical impact on cyber incident disclosures, identifying and disclosing material cyber risks, and how boards and C-suites will approach cyber governance.

7 Elo 202344min

This week’s podcast episode features Steve Britt, Counsel at Parker Poe and privacy expert to discuss the five state privacy laws that went into effect in 2023 and the TEN that have been enacted in 2023, how they vary, what they have in common, and this new “trend” to protect consumer health data (not HIPAA data). Steve also discusses the new requirement for Data Protection Assessments, expanded protections for children’s data, and regulatory risk factors and triggers. He ends with key takeaways and has provided a slide deck for listeners to download and follow along as they listen to the podcast (see adcg.org/podcast for supplemental materials on this episode).

1 Elo 202344min

This episode features Peter Halprin, a partner in the New York City office of Pasich LLP in New York, representing commercial policyholders in complex insurance coverage matters, including cyber. We discuss the price increases in coverage and the scrutiny given claims under property and casualty, cyber, and corporate general liability policies, the risks in the application process, new technology risks associated with biometrics and AI, cyberwar exclusions, and possible changes to policy language to help manage claim risks to carriers.

24 Heinä 202337min

This podcast episode features Mark Rasch, a renowned privacy and cybersecurity attorney, to discuss the SEC’s investigation into the SolarWinds incident and the “Wells notices” it sent to the company’s CISO and CFO. The Wells notices indicate the SEC is conducting a civil investigation of those individuals and they may be facing enforcement actions. The news sent tremors through the CISO community and brought back thoughts of Joe Sullivan’s criminal prosecution — and conviction — for the way he handled a breach while CISO at Uber. The SEC’s action is civil, but it targets certain individuals. We discuss what this means for CISOs, what they can do to protect themselves, and generally how the implementation of cyber governance programs can help protect CISOs by making cyber risk management a responsibility of all officers and directors.

18 Heinä 202332min

This week our guest is Sam DeNormandie, Senior Account Director with Silver Sky Security, a Managed Detection and Response (MDR) firm primarily servicing the small and mid-sized business (SMB) market. Sam is a seasoned cybersecurity expert with experience at Cylance, Blackberry, and Cyvatar and understands the security needs of the small to mid-sized business. This episode discusses the challenges faced by SMBs, in part due to the difficulty they have in hiring the people they need and managing the vulnerabilities they face. The MDR industry is growing at CAGR 18.1% and is expected to be $22B by 2030. What does that growth mean for MSSPs? Join us for this episode and learn how companies are struggling to keep pace with the threat environment and how MDRs are filling a void.

10 Touko 202331min