In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.

Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.

A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.

Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.

Another significant point is Google’s innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.

Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.

Learn more about HITRUST: https://itspm.ag/hitrusi2it

Note: This story contains promotional content. Learn more.

Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]

On LinkedIn | https://www.linkedin.com/in/monicashokrai/

Resources

Simplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

In this Brand Story episode, Marco Ciappelli and Sean Martin sit down with Danny Jenkins, CEO and co-founder of ThreatLocker, to uncover the fascinating journey and innovative approach of ThreatLocker in the cybersecurity realm. The episode sheds light on the company’s mission, the challenges it faces, and the transformative solutions it offers.

Danny Jenkins recounts the origin story of ThreatLocker, beginning with his early career in IT and his fortuitous stumble into cybersecurity. He explains how witnessing firsthand the devastating impact of ransomware led to the inception of ThreatLocker. His experience with ethical hacking and ransomware recovery highlighted a critical need for more effective IT security solutions, enabling Jenkins to spearhead the development of ThreatLocker with a central philosophy: deny by default.

ThreatLocker’s primary goal is to help organizations implement a zero trust framework by making it as simple and automated as possible. Jenkins emphasizes that effective security requires blocking untrusted software and limiting what trusted software can do. He articulates the importance of learning the intricacies of each environment ThreatLocker protects, from small businesses to massive enterprises like JetBlue. By examining each endpoint and understanding the specific software and dependencies, ThreatLocker ensures that systems remain secure without disrupting daily operations.

One of the key aspects discussed is ThreatLocker’s unique human element combined with technological innovation. Jenkins introduces the concept of their 'cyber hero' team, dedicated to providing 24/7 support. This team is crucial, especially when onboarding new clients or assisting those already affected by ransomware. This commitment to customer service underscores ThreatLocker’s philosophy of not only providing top-tier solutions but ensuring they are successfully implemented and maintained.

Jenkins also touches upon the broader industry challenges, specifically the common pitfalls enterprises fall into by relying on endpoint detection and response (EDR) systems alone. He argues that such systems are often reactive, addressing symptoms rather than root causes. ThreatLocker’s approach, focusing on proactive prevention and least privilege access, aims to mitigate vulnerabilities before they can be exploited.

Finally, Jenkins discusses the future vision for ThreatLocker, highlighting continued growth and innovation. The company’s commitment to maintaining high support levels while expanding its product offerings ensures it remains at the forefront of cybersecurity solutions. Events like Zero Trust World serve as educational opportunities for clients to deepen their understanding and enhance their security postures.

Overall, this episode provides an in-depth look at ThreatLocker’s strategic approach to cybersecurity, emphasizing the importance of proactive prevention, customer service, and continuous improvement.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Danny Jenkins, CEO of ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/

Resources

Zero Trust World Conference: https://itspm.ag/threat5mu1

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Black Hat, the cybersecurity industry’s most established and in-depth security event series, today announced the release of its content lineup for Black Hat Europe 2024. The live, in-person event will take place at the ExCeL London from December 9 to December 12, and feature 41 Briefings hand selected by the Black Hat Europe Review Board, four days of Trainings, 25 Sponsored Sessions, and 64 in-person tool demos and three labs at Black Hat Arsenal.

Briefings highlights include:

● SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications

● SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon

● WorstFit: Unveiling Hidden Transformers in Windows ANSI!

Trainings highlights include:

● Assessing and Exploiting Control Systems and IIoT [4105]

● Fundamentals of Cyber Investigations and Human Intelligence [2111]

● Attacking DevOps Pipelines [2108]

● Offensive Mobile Reversing and Exploitation [4108]

● Advanced Cloud Incident Response in Azure and Microsoft 365 [2103]

Black Hat Arsenal at Black Hat Europe 2024 tool demo highlights include:

● Campus as a Living Lab: An Open-World Hacking Environment

● Pandora: Exploit Password Management Software To Obtain Credential From Memory

● Morion - A Tool for Experimenting with Symbolic Execution on Real-World Binaries

For registration and additional information on Black Hat Europe 2024, please visit www.blackhat.com/eu-24

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.blackhat.com/html/press/2024-11-06.html

Catch all of our On Location Stories: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto.

Show highlights for 2024 included:

● Keynotes: This year’s event featured two Keynote presentations. The opening Keynote was presented by Leigh Honeywell, founder and CEO of Tall Poppy, and the second Keynote was presented by Omkhar Arasaratnam, Distinguished Engineer for Security at LinkedIn.

● Business Hall: This year’s Business Hall showcased the latest products and technologies from more than 140 of the industry’s leading cybersecurity solution providers. The Business Hall also featured areas for attendee, vendor, and community engagement through Exhibitor Booths, Arsenal, Sponsored Sessions, Bricks & Picks, and the Community Lounge.

● Summits: On Tuesday, October 22, the event featured a full day of Summit content, including the ninth annual SecTor Executive Summit, the inaugural The AI Summit at SecTor, and the ninth annual Cloud Security Summit at SecTor.

● Scholarships: As a way to introduce the next generation of security professionals to the SecTor community, SecTor awarded a total of 37 complimentary SecTor 2024 Briefings passes. Black Hat holds its own annual Student and Veteran Scholarship programs, and partners with a variety of associations on additional scholarship opportunities.

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.businesswire.com/news/home/20241030638106/en/SecTor-2024-Announces-Record-Breaking-Attendance-Following-Successful-Close-of-Toronto-Event

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Host | Matthew S Williams

On ITSPmagazine 👉 https://itspmagazine.com/itspmagazine-podcast-radio-hosts/matthew-s-williams

______________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

______________________

Episode Notes

The American and Soviet space programs began amid Cold War tensions, where the goal was to "get there first" and demonstrate who had technological supremacy. These efforts began with the launch of artificial satellites, followed quickly by sending crewed spacecraft to orbit. All in preparation for eventual missions to the Moon!

______________________

Resources

What Was the Space Race? - National Air and Space Museum: https://airandspace.si.edu/stories/editorial/what-was-space-race

______________________

For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast