Public-Private Partnership: How to Punish Bad Actors, Not Organizations

The New CISO - A podcast by Steve Moore - Thursdays

Categories:

In this episode of The New CISO, host Steve is joined by guest Ron Banks, CISO at Toyota Financial Services.In part one of his two-part interview, Ron shares how he transitioned from a fighter pilot to a cybersecurity leader. He also digs into what is required for a joint government, private industry, cyber offensive response. Listen to the episode to learn more about Ron’s years as a combat veteran, how the government can improve security strategies, and the necessity of political will.Listen to Steve and Ron discuss the importance of public-private partnerships and the challenges of posing consequences on adversaries:Meet Ron (1:35)Steve introduces guest Ron Banks, a CISO, author, veteran, and academic. Ron details his duties as a fighter pilot and how he transitioned to education and then cyber security.What He Misses Most (5:17)Ron shares that what he misses most about his fighter pilot days is the rush from flying. However, he found the transition into cyber security simple because he gets to evaluate offensive and defensive security strategies reminiscent of his time serving.Possible Friction (8:10)Steve presses Ron on whether there is friction between cyber teams, their capabilities, and the grounds they are trying to defend on the private side.Ron explains that the virtual defense of the United States contains over 200 government organizations, each controlling a different lane. The cyber camp mainly covers the DOD, which comes with problems. On the Private Side (12:07)When discussing the lack of consequences for bad actors, Ron shares the great strides the FBI has made to improve their relationships with law enforcement in other countries. Despite these efforts, the behavior of cyber criminals has not changed enough, demonstrating that there is more our government can do.Things to Work On (17:54)Ron shares some advice for new security leaders working within the government. He suggests focusing on public/private partnerships because sharing information is critical.How Breach’s Occur (21:54)Ron discusses his tips for dealing with a breach and why they occur. There is a strategy where they can impose consequences on cyber criminals, which his team has accomplished by focusing on counter-terrorism.Ultimately, no more money needs to be invested, the relationships are built, and the technology is there, but there has to be the political will to defeat threat actors effectively.Advice to Lobby (29:01)Steve presses Ron on what it would take to lobby the government and get the necessary resources. Since the capability is there, Ron reaffirms that change is in the president’s control.Links:Linkedin