Join Gartner experts Chris Mixter and Richard Addiscott in this episode of CISO Edge to debunk the myths around why employees behave nonsecurely, why most tactics and executive communications around employee behavior don’t work, and to explore ways to rapidly increase the value delivered by your secure behavior and culture program (SBCP).

• What if I told you that “lack of cyberawareness” isn’t the reason people behave nonsecurely? (03:50)
• Where do your employee-related security incidents come from? (09:56)
• How can we move from compliance-centric to behavior-centric cybersecurity? (13:48)
• Help executives understand what is a defensible level of performance around human risk exposure. (26:15)

Richard Addiscott is a Vice President Analyst in Gartner's global security and risk management practice, helping CISOs and senior cybersecurity executives deliver highly effective information security programs and build high performing cybersecurity teams. With more than 20 years of experience in industry, Richard has held enterprise information security and IT leadership, information security consulting and advisory, IT governance, and business development roles across the public, private, and not-for-profit sectors.

Join Gartner experts Chris Mixter and Peter Firstbrook as they debunk the myths about vendor consolidation and provide CISOs with practical guidance on navigating this sea change in how cybersecurity technology is sold and operated.

• Does vendor consolidation contravene defense in depth? (05:34)
• Take a data-centric perspective to evaluate consolidation opportunities. (12:09)
• Questions for CISOs ask cybersecurity technology vendors about their pivot to platform-centric architectures. (21:29)
• Questions for CISOs to ask themselves about their cybersecurity talent in the platform era. (27:29)
  
  

Gartner Distinguished VP Analyst Peter Firstbrook utilizes his 25+ years of experience as an industry analyst to help clients improve their security posture to defend and respond to malicious attacks. Peter is responsible for endpoint protection platform (EPP), endpoint detection, and remediation (EDR), extended detection and response (XDR) markets, as well as topics such as security vendor consolidation, workspace security and generative AI security.

Join Gartner experts Chris Mixter and Will Candrick on this episode of the CISO Edge Podcast to learn how to implement a capability that many cybersecurity organizations see as beyond their program’s abilities or too risky to attempt: cyber deterrence.

• Why now is the time to explore cyber deterrence. (2:41)
• Where deterrence fits into your cybersecurity program. (12:15)
• Bad actors are rational and you can use that against them (16:39)
• Introducing the Gartner PARC Framework for prioritizing deterrence tactics. (20:39)
• How deterrence contributes to cybersecurity team engagement. (28:25)

This podcast explores research found in

CISO Edge: Use Cyber Deterrence to Stop Attacks Before They Start

Will Candrick is a Senior Director Analyst within Gartner’s risk and security management group. Will brings extensive experience researching cybersecurity management challenges, and regularly advises CISOs and their teams on maturing security and risk practices. In particular, Will focuses on cybersecurity strategic planning, incident response, awareness, metrics, board reporting and policies. Before Gartner, Will held research roles at CEB researching management best practices for CISOs and their teams. Will has a bachelor’s degree in economics with a concentration in political economy from Carleton College.

This episode explores:

• How, despite geopolitical instability, CSCOs can meet growing performance expectations by increasing their supply chain’s flexibility in key areas. (1:20)
• Definitions and applications of terminology associated with this process, such as “trust boundaries” and “supply chain elasticity.” (5:10)
• Concerns of increased complexity associated with supply chain elasticity. (8:30)
• Methods to assess geopolitical risks’ potential impacts on a supply chain. (13:18)
• Recommendations for CSCOs seeking to increase their supply chain’s elasticity. (16:35)

In this episode of the Supply Chain Podcast, host Lindsay Azim and guest Pierfrancesco (Pier) Manenti, research vice president for the Gartner supply chain strategy team, discuss findings from Supply Chain Executive Report: Empowering Growth Through Geopolitically Elastic Supply Chains.

As countries cloister their markets in response to various geopolitical tensions, accessing a global marketplace is becoming harder for CSCOs. Lindsay and Pier explore how “supply chain elasticity,” a concept explored in the Executive Report, can help CSCOs alleviate these market access issues while driving growth. The discussion includes key definitions and actions, success stories from organizations already applying these principles and recommendations for CSCOs to improve elasticity within their own supply chains.

Pierfrancesco (Pier) Manenti is research vice president for the Gartner supply chain strategy team. Pier provides insights and advisory support to chief supply chain officers (CSCOs) and heads of strategy of global manufacturing and retail corporations, especially with regards to future trends and key challenges affecting end-to-end supply chain strategy. He focuses on strategic transformation, digitalization, agility and design for profitability.

Join Gartner experts Chris Mixter and Jeremy D’Hoinne on this episode of the CISO Edge Podcast for a conversation on the steps that CISOs must take to fulfill their multiprongmandate: defending the enterprise from AI-fueled attacks, and enabling business and cybersecurity functional use of generative AI (GenAI) — all without losing focus on their other mission-critical priorities.

This episode explores:

• Is generative AI simply a version of a movie CISOs have seen before? (02:32)
• What are the most promising use cases for generative AI within cybersecurity? (6:48)
• How do we avoid inflated expectations around secure development in the GenAI era? (12:29)
• What are the key skills and cybersecurity culture we need to make the most of GenAI? (17:25)

As a Gartner research VP for security operations and infrastructure protection, Jeremy D'Hoinne assists chief information security officers and their teams to develop strategies to protect against advanced threats. Jeremy’s research includes exposure management and how to run a continuous threat exposure management (CTEM) program; it also covers related technologies, such as cybersecurity validation technologies,including breach and attack simulation (BAS). He also studies the intersection of artificial intelligence and cybersecurity with a focus on the disruptions caused by large language models and generative AI.

Join Gartner experts Eric Grenier and Chris Mixter on this episode of CISO Edge for a conversation on the steps that CISOs must take to close the gap between prioritizing employee productivity and cybersecurity in end-user device management.

Eric Grenier is a Director Analyst with Gartner, focusing on endpoint security including endpoint protection (EPP) and endpoint detection and response (EDR). Eric’s research and advisory supports clients implementing EPP and EDR tooling, securing endpoints and using tools like unified endpoint management (UEM) and strategies such as bring your own device (BYOD) and bring your own PC (BYOPC) that allows users to remain productive from wherever they work and be secure. In addition to his work at Gartner, he is also a professor at Central Connecticut State University.

Join Gartner experts Chris Mixter and Bart Willemsen for a conversation on the steps that CISOs must take to evolve their role in privacy from merely supporting compliance to improving cyber risk management.

This episode of CISO Edge Podcast explores the role that privacy can play in accelerating cybersecurity’s priorities:

• The five questions smart CISOs ask to focus their privacy efforts. (4:30)
• How to counteract “data hoarding” with a tool already at cybersecurity’s disposal. (8:30)
• This month’s obligatory GenAI-focused conversation. (12:10)
• How CISOs can use privacy legislation to their advantage. (17:10)
• Where to use privacy-enhancing technology to enhance cybersecurity. (25:20)

Bart Willemsen is a Gartner VP Analyst with focus on privacy and related challenges in an international context, as well as on ethics, digital society, and the intersection of these disciplines with modern technology including AI. He has a broad, in-depth history of experience, and was among the earlier Fellows of Information Privacy (FIP), and has held accreditations like CIPP/E, CIPM, CISA, CISM, bringing proven and multidisciplinary best practices to our worldwide clients. Before Gartner, Bart held various roles as (chief) privacy and security officer where he implemented, audited and oversaw privacy and security and compliance program strategies for holding companies and their subsidiaries.

The U.S. Securities and Exchange Commission’s (SEC’s) new cybersecurity disclosure rules standardized the timing and location of reporting material cybersecurity incidents, and disclosing risk, governance and strategy processes. In this episode of the CISO Edge Podcast, Gartner experts Chris Mixter, Alissa Lugo and Lisa Neubauer have an in-depth discussion on how general counsel and chief information security officers can team up to accelerate compliance with these high profile new expectations.

Guest Speaker: Lisa Neubauer

Lisa Neubauer is a Senior Director Analyst with Gartner, advising chief information security officers, chief information officers, security leaders and non-IT executives on maturing their security and risk management programs and practices. In particular, Lisa focuses on executive/board reporting, strategy, metrics, governance, policy and security organizational structure.

Guest Speaker: Alissa Lugo

Alissa Lugo is a Senior Director Analyst with Gartner, providing C-suite, boards, and general counsel advice relating to corporate governance challenges facing their companies. Alissa assists clients on a wide range of corporate governance issues, including emerging corporate governance trends, board and management matters, director lifecycle events, corporate secretarial duties, developing and improving ESG programs, and assessing and improving corporate governance practices and board processes.