Andrew Rose (UK)

Oh, absolutely. It's a very British thing. It's like a skill. Yeah. We can write emails like you wouldn't believe. You'll just get to the end of it and go, was that nice or was that really mean? I can't tell. I don't know what they were trying to say. Yeah.

Oh, absolutely. It's a very British thing. It's like a skill. Yeah. We can write emails like you wouldn't believe. You'll just get to the end of it and go, was that nice or was that really mean? I can't tell. I don't know what they were trying to say. Yeah.

way beyond that. You take it to a whole new artistry level. It's incredible.

way beyond that. You take it to a whole new artistry level. It's incredible.

Okay, so I'm currently the chief security officer at SoSafe, which is a German company which is involved in human risk management. So we talk about changing the behavior and the culture in an organization to really sort of minimize the human attack surface. But I've actually been

Okay, so I'm currently the chief security officer at SoSafe, which is a German company which is involved in human risk management. So we talk about changing the behavior and the culture in an organization to really sort of minimize the human attack surface. But I've actually been

employed in many organizations before this so i was the cso of two very large global law firms i was the cso of uk air traffic control cso of mastercard in the uk and also was a forester analyst for about five years in the middle uh quite a quite an extensive experience of security in large enterprises and critical national infrastructure which is what sort of brought me to this topic that we're going to talk about today really because i think this this topic area is very underserved and under talked about which is great that we're talking about it today

employed in many organizations before this so i was the cso of two very large global law firms i was the cso of uk air traffic control cso of mastercard in the uk and also was a forester analyst for about five years in the middle uh quite a quite an extensive experience of security in large enterprises and critical national infrastructure which is what sort of brought me to this topic that we're going to talk about today really because i think this this topic area is very underserved and under talked about which is great that we're talking about it today

Gosh, there's so many. There's so many lessons. That's the problem. When you look at the control stack that a CISO would look at for an enterprise, there's generally about 130 controls. And however you break it down, it turns out to be about 130 controls, whether it's ISO 27,000 standard or the NIST standards. So there's always a lot to think about.

Gosh, there's so many. There's so many lessons. That's the problem. When you look at the control stack that a CISO would look at for an enterprise, there's generally about 130 controls. And however you break it down, it turns out to be about 130 controls, whether it's ISO 27,000 standard or the NIST standards. So there's always a lot to think about.

But I think, oh gosh, there's lots of aspects to think about. One is the evolution that I think we've seen in the industry moving from IT security, where you're just protecting the box to stop malware getting on it, to information security about, okay, now we've got to protect the value of our information. and the integrity of our information.

But I think, oh gosh, there's lots of aspects to think about. One is the evolution that I think we've seen in the industry moving from IT security, where you're just protecting the box to stop malware getting on it, to information security about, okay, now we've got to protect the value of our information. and the integrity of our information.

Then moving on to cybersecurity, where it's actually, okay, well, this is going to affect our service and our service is going to be down. So we were built to deliver our value proposition. Where organizations are moving now is into cyber resilience, where actually if they have a cyber breach, it doesn't disrupt what they do.

Then moving on to cybersecurity, where it's actually, okay, well, this is going to affect our service and our service is going to be down. So we were built to deliver our value proposition. Where organizations are moving now is into cyber resilience, where actually if they have a cyber breach, it doesn't disrupt what they do.

And there's certain aspects, there's a chicken sort of growing company that I've been working with as well a little while ago. And they were talking very much about how the need for resilience is paramount to them. They need to keep their systems running. They need to keep the whole process running through. Otherwise, things get pretty horrible.

And there's certain aspects, there's a chicken sort of growing company that I've been working with as well a little while ago. And they were talking very much about how the need for resilience is paramount to them. They need to keep their systems running. They need to keep the whole process running through. Otherwise, things get pretty horrible.

You can't back chickens up and keep them in the same pen longer than they need to be. So I think certainly focusing on that resilience journey, which many big enterprises are going through too, is a real big focus that agri-food should think about. And I think the post-child for doing this incorrectly is the colonial pipeline system. American guys will all know about that one.

You can't back chickens up and keep them in the same pen longer than they need to be. So I think certainly focusing on that resilience journey, which many big enterprises are going through too, is a real big focus that agri-food should think about. And I think the post-child for doing this incorrectly is the colonial pipeline system. American guys will all know about that one.

But they had their billing system get some ransomware on it. And because the billing system was infected, they shut down their operational capability. And that's entirely the wrong thing to have to do. So I think in agri-foods, the people there need to realize that the service needs to continue.

But they had their billing system get some ransomware on it. And because the billing system was infected, they shut down their operational capability. And that's entirely the wrong thing to have to do. So I think in agri-foods, the people there need to realize that the service needs to continue.