Welcome to Future of Data Security, the podcast where industry leaders come together to share their insights, lessons, and strategies on the forefront of data s...
EP 10 — Idaho National Lab's Robert Roser on Securing America's Nuclear Research Infrastructure
Drawing on his unique background in high-energy physics experimentation, Robert Roser, CISO & Director of Cyber Security at Idaho National Laboratory, offers valuable insights into the parallels between managing complex scientific detectors and securing critical national research infrastructure. He explores the evolving landscape of scientific computing security, from the open science environment of Fermilab to the classified research world of nuclear energy.
Rob's practical experience implementing zero-trust architecture, managing international collaborations, and navigating federal compliance requirements provides a comprehensive view of modern cybersecurity challenges in sensitive research environments. His candid discussion of AI's impact on both security threats and solutions, particularly in the context of high-performance computing and shadow AI risks, also offers valuable perspective on the future of data protection in scientific research.
Topics discussed:
The transition from particle physics to cybersecurity leadership, highlighting transferable skills in managing complex systems and critical operations.
The evolution of scientific computing security from open science environments to classified research protection at national laboratories.
Implementation of zero-trust architecture for managing diverse international collaborations while protecting sensitive nuclear research data.
The challenges of securing high-performance computing infrastructure while maintaining accessibility for legitimate research needs.
Balancing federal compliance requirements with risk-based security approaches in government-funded research environments.
The impact of AI on both security threats and defensive capabilities, including advanced phishing and automated security operations.
Management of shadow AI risks and unauthorized cloud service usage in sensitive research environments.
Future trends in data protection and infrastructure security, focusing on automation and advanced threat detection.
Strategies for securing remote access while supporting global scientific collaboration and research initiatives.
Career advice for aspiring cybersecurity professionals, emphasizing the importance of diverse experiences and continuous learning.
--------
19:32
EP 9 — County of Santa Clara's Chris Pahl on Building Trust in Public Sector Privacy
Drawing from his diverse background in both private and public sectors, Chris Pahl, CPO of the County Executive Office of the County of Santa Clara, tells Jean how organizations can transform privacy from a compliance burden into a strategic asset on this episode of The Future of Data Security Show.
Chris’s "U R IT" framework emphasizes the crucial role of employees in data protection, and his practical approach to managing AI risks and surveillance technologies offers a blueprint for modern privacy leadership. He demonstrates how to build privacy programs from the ground up, foster cross-departmental collaboration, and navigate the evolving landscape of data governance in an AI-driven world, all while maintaining a human-centric approach that puts trust and transparency first.
Topics discussed:
Building trust in public sector privacy while balancing transparency with data protection requirements
Transforming privacy from a cost center into a strategic partner that enhances organizational mission
Managing the emerging risks of generative AI while enabling innovation and efficiency for employees
Implementing effective employee surveillance through transparency and clear communication
Evolution of the Chief Privacy Officer role toward holistic data governance and technical expertise
Strategies for measuring privacy program success through integration and cultural adoption
Importance of proactive relationship building and avoiding the "department of no" mentality
Developing privacy programs incrementally while building cross-functional partnerships
--------
25:43
EP 8 — Marsh McLennan’s Orrie Dinstein on Navigating Global Data Privacy Challenges
In this episode of The Future of Data Security Show, Jean speaks with Orrie Dinstein, Global Chief Privacy Officer at Marsh McLennan. Orrie shares his extensive experience in data privacy, highlighting the shift from compliance-focused programs to a more integrated approach that encompasses information governance.
Orrie also sheds light on the misconception of data ownership among executives, the complexities of navigating global privacy laws, and the critical need for collaboration between privacy and security teams. He also offers his strategies for how organizations can effectively manage data protection while fostering innovation.
Topics discussed:
The shift in data privacy from a compliance-focused approach to a more integrated information governance strategy that encompasses various data types and uses.
The misconception among executives that they own the data, when in reality, they are custodians responsible for managing it ethically and legally.
Navigating diverse global privacy laws, which often have different definitions and requirements, making compliance a challenging endeavor for organizations.
The importance of understanding high-level principles of data protection rather than getting lost in the specific legal nuances of various jurisdictions.
The critical need for collaboration between Chief Privacy Officers and Chief Information Security Officers to effectively manage data risks and security measures.
The role of privacy by design in ensuring compliance while allowing organizations to innovate and leverage data effectively for business growth.
The challenges posed by artificial intelligence and data minimization principles, which can conflict with the need for larger datasets to improve AI models.
The evolving responsibilities of privacy professionals, who must now focus on data governance and monetization in addition to traditional privacy concerns.
Fostering a culture of transparency and awareness within organizations to encourage reporting of data breaches and privacy concerns.
The necessity of continuous dialogue between privacy and technology teams to bridge communication gaps and enhance understanding of each other's objectives and challenges.
--------
27:04
EP 7 — Lumen Technologies’ Hugo Teufel on the Role of Employee Training in Data Privacy
In this episode of The Future of Data Security Show, Jean speaks with Hugo Teufel, VP; Deputy General Counsel for Cyber, Privacy, Records; & Chief Privacy Officer at Lumen Technologies. Hugo shares his expertise on the evolving landscape of data privacy and security, such as the significant impact of AI on data security, emphasizing the need for organizations to understand various AI use cases and implement robust governance frameworks.
Hugo also highlights the importance of employee training in mitigating risks, noting that human error remains a critical vulnerability. Additionally, he explores the complexities of navigating global data privacy regulations and the necessity of aligning privacy strategies with organizational risk appetites. Tune in for valuable insights!
Topics discussed:
The evolution of data privacy and security in the context of an increasingly digital and interconnected global marketplace.
The significance of understanding AI use cases within organizations to effectively manage data security risks and compliance.
The role of employee training in preventing data breaches and enhancing overall cybersecurity awareness among staff members.
The challenges of navigating international data privacy regulations and the importance of a principles-based framework for compliance.
The impact of cultural differences on data privacy perceptions and practices across various regions and jurisdictions.
The necessity of aligning privacy strategies with the risk appetite of leadership to maintain credibility and effectiveness.
The importance of incorporating privacy by design in product development to address privacy implications early in the process.
The potential risks associated with shadow AI and the need for organizations to maintain visibility over AI usage.
The implications of the NIST AI Risk Management Framework for organizations looking to adopt AI technologies responsibly.
The future of data security in an AI-driven era and the ongoing challenges posed by cybercriminals and threat actors.
--------
21:02
EP 6 — Trusteva’s Sylvia Klasovec Kingsmill on Embracing Privacy by Design in the Digital Age
In this episode of The Future of Data Security Show, Jean speaks with Sylvia Klasovec Kingsmill, Senior Fellow, Future of Privacy Forum and Founder of Trusteva. They explore the critical distinctions between data privacy and data security, emphasizing their complementary roles in protecting individual rights and safeguarding data.
Sylvia also addresses the complexities AI introduces to privacy regulations, particularly around consent and data scraping. Additionally, she highlights the importance of adopting a "privacy by design" philosophy, urging organizations to proactively integrate privacy measures into their systems.
Topics discussed:
The distinction between data privacy and data security, highlighting how they are complementary yet fundamentally different disciplines in protecting individual rights and data integrity.
The importance of consent in data privacy, particularly in the context of AI and machine learning, and the challenges posed by data scraping practices.
The evolving regulatory landscape for data privacy, including the complexities faced by organizations trying to comply with various laws across different jurisdictions.
The role of privacy by design as a proactive approach to integrating privacy measures into systems and processes from the outset.
The significance of a risk-based approach to compliance, allowing organizations to prioritize their privacy efforts based on the most significant risks.
The need for harmonization among global privacy regulations, especially as organizations expand their operations across different jurisdictions with varying laws.
The impact of AI on traditional privacy principles, and the necessity for regulators to adopt flexible interpretations to support innovation while ensuring compliance.
The importance of multidisciplinary collaboration among privacy professionals, cybersecurity experts, and legal teams to effectively address complex data challenges.
The growing demand for privacy-enhancing technologies and how organizations can leverage them to ensure ethical and responsible data use.
The future of data privacy as a dynamic field, emphasizing the need for professionals to continuously upskill and adapt to emerging technologies and regulations.
Welcome to Future of Data Security, the podcast where industry leaders come together to share their insights, lessons, and strategies on the forefront of data security. Each episode features in-depth interviews with top CISOs and security experts who discuss real-world solutions, innovations, and the latest technologies that are shaping the future of cybersecurity across various industries. Join us to gain actionable advice and stay ahead in the ever-evolving world of data security.
México