In this episode, David is joined by Stephen Fridakis, Deputy Chief Information Security Officer, Verily, an Alphabet Company focused on delivering precision health. As a deputy CISO, Stephen concentrates on governance, risk, and compliance.
Topics discussed:
- Stephen became a CISO in 2006. He describes how he has seen this role evolve from being focused on technology to being risk-centric.
- Stephen highlights some misalignments between what security operations aim to do and a company's business strategy.
- Accurately assessing an organization's asset inventory can be a challenge. Stephen discusses some difficulties associated with assessing risk without an accurate IT inventory.
- David and Stephen explore why equating compliance and security is often a mistake businesses make.
- Stephen explains his views on cyber risk management and how to measure a risk management program's effectiveness.
- Zero Trust is a popular security model. Stephen explains what that means to him and how he implements it.
Listeners can keep up with Stephen Fridakis on LinkedIn:
https://www.linkedin.com/in/stephen-fridakis-96184b/