re:invent security

Kay Behnke (Genmab): “Lessons from building three global security teams”

Thu, 30 Oct 2025 05:00:00 GMT

In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with Kay Behnke, CISO at Genmab. Kay has built security organizations in three very different global companies: NXP, FrieslandCampina, and Genmab. Spanning tech, food, and life sciences. Drawing from more than 20 years of experience, he reflects on how building a security team has evolved over time and what’s stayed the same.

Together, they unpack what it really takes to design security functions that scale, how to balance culture and compliance across geographies, and the hard lessons learned from doing it three times.

Whether you’re starting your first security organization or rethinking a mature one, this candid conversation offers timeless insights into the craft of building teams that endure and adapt. Tune in and ask yourself: What will you do differently tomorrow?

Chapters:

00:00 - 00:47 - Intro snippets

00:48 - 02:59 – Introduction of the episode and Kay

03:00 - 07:38 – How has Kay seen the reinvention of security during two decades?

07:39 - 11:27 – What was it like building a security organization two decades ago?

11:28 - 14:37 – What is the difference in building security organizations in three different industries?

14:38 - 17:48 – What is one thing you would recommend doing when changing industries?

17:49 - 21:15 – How did company culture Kay’s security approach?

21:16 - 24:43 – Is local presence needed for execution on the security program?

24:44 - 30:22 – What is the first role or capability you would start with?

30:23 - 33:58 — A security leader should listen to the needs of others

33:59 - 37:53 – How did the way boards act in the last 20 years?

37:54 - 41:08 – You need to understand the business and its processes.

41:09 - 46:03 – Key takeaways Irfaan and Jeroen

46:04 - 47:03 - Outro

Resources & Mentions:

CISO Mind Map - https://rafeeqrehman.com/wp-

content/uploads/2025/03/CISO_MindMap_2025.pdf

Daniel Pink 'Drive' - Dan Pink is one of my favorite authors who pushes you to look into the mirror;

this is a book that you wanted to read at the begin of your career

Peter Hinssen 'The Uncertainty Principle' - another favorite author of me; there are several

keynotes on YouTube (he probably holds the world record in slides per minute) and well known by

"The New Normal" this book is about the future and how we can and need to deal with uncertainty

and disruption

Daniel Kahneman 'Thinking Fast and Slow' - for everyone who is building a security awareness

campaign a MUST read

Andrej Karpathy 'Deep Dive into LLMs like ChatGPT' - if you have time then you should watch this

video since it provides you surprising insights about how LLM models work

Graham Cluley 'Smashing Security' - finally s.th. about information securty; the weekly podcast for

the lunch walk with your dog

Connect with Kay: https://www.linkedin.com/in/kbehnke/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Patric Versteeg (Heerema): Lead From Within — Personal Leadership for CISOs, Teams & Boards

Thu, 25 Sep 2025 04:00:00 GMT

In this episode of re-invent security, we sit down with Patric Versteeg, European CISO of the Year 2024, to unpack the “inner game” of cybersecurity leadership. Patric argues that real change isn’t about putting on a new mask—it’s about returning to your core values and installing “compensating controls” for your own behaviors under stress. From building mixed, high-trust teams to shaping board-level narratives that actually land, he shares pragmatic tools you can use tomorrow.

You’ll hear how Patric:

- Builds resilient teams using a diverse mix of working styles (not clones), clear outcomes over micromanagement, and a “beekeeper” approach that lets experts do their best work.

- Protects team energy by addressing brilliant-but-low-trust outliers—even when they’re top individual performers.

- Wins the boardroom without needing a board seat, by fitting the message to culture: financial exposure, reputational stakes, or license-to-operate.

- Quantifies risk simply (people × internal hourly rate × downtime days) to make funding decisions straightforward.

- Manages himself in a crisis, using quick breathing resets when meditation isn’t practical, and embracing mentors/coaches for sustained growth.

- Frames board reporting around three questions: Are we compliant? Are we at risk? Did we have any material breaches?—and shows risk trends visually over time.

Chapters:

00:00 - 02:55 Introduction

02:56 - 05:34 The "Inner Game" of Leadership

05:35 - 13:32 The Definition of Personal Leadership in Cyber Security

13:33 -15:54 Building the Right Team: Diversity is Key

15:55 - 19:05 Leadership Style: Trust and Result-Oriented

19:06 - 25:54 The "Beekeeper" Philosophy and Hiring Smarter People

25:55 - 26:56 Definition of a "High-Performance Team"

26:57 - 31:16 Boardroom Communication: From Fear-Mongering to Business Risk

31:17 - 39:51 What the Board Truly Wants to Know (3 Core Questions)

39:52 - 41:10 Cybersecurity as a Feeling: The Human Connection

41:11 - 46:20 Advice for Aspiring CISOs & Leadership Development

46:21 - 52:01 Wrap-up

Resources & Mentions:

Book: True North — Bill George https://billgeorge.org/book/true-north/

Book: Surrounded by Idiots — Thomas Erikson (red/yellow/blue/green styles)

Metaphor/Book (Dutch): De Bijherder (The Beekeeper)

Community: NextGen CISO Network (mentoring/coaching): https://nextgenciso.nl/Home/

Inspiration: Man in the Mirror — Michael Jackson (self-reflection theme)

Thinkers: Simon Sinek; Brené Brown (trust, courage, vulnerability)

Practice: Visual risk-trend infographics for board updates (quarterly)

Connect with Patric: https://www.linkedin.com/in/pjmversteeg/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Laurens Jagt (CSD) & Medea de Jong (Sonepar): “Build cyber security teams that actually thrive”

Thu, 31 Jul 2025 04:00:00 GMT

In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with two cybersecurity leaders tackling the talent gap from opposite directions. Laurens Jagt, founder of Cyber Security District, is building one of Europe’s most vibrant security communities—mentoring and guiding professionals at every stage of their career. Medea de Jong, Global CISO at Sonepar, brings the inside view of what it takes to lead, grow, and keep effective security teams in highly regulated industries.

Together, they explore what’s broken in how we hire, why job descriptions miss the mark, how to spot hidden talent, and what it really takes to build security teams that stick. Whether you’re building your first team or reshaping a mature one, this candid conversation is packed with insights you can act on tomorrow.

Tune in and ask yourself: What will you do differently tomorrow?

Chapters:

00:00 - 03:33 - Introduction

03:33 - 07:09 - How do Medea and Laurens see reinventing the field?

07:10 - 08:22 - Are soft skills more important then certificates?

08:23 - 10:07 - What is more difficult: finding or retaining talent?

10:08 - 19:01 - What is the new generation looking for?

19:02 - 24:46 - Should we take more risk on new or transitioning talent?

24:45 - 31:04 - What is going wrong with our job descriptions?

31:05 - 34:49 - Should development be driven by the organization or the professional?

34:50 - 43:19 - Talking to the board on team development

43:20 - 45:21 - What’s one example of a development program that works?

45:22 - 47:52 - Are we looking for talent in the right places?

47:53 - 51:14 - What makes a transition into the cyber security field work?

51:15 - 53:56 - Building a brand new security team

53:57 - 58:09 - Key take aways Irfaan and Jeroen

58:10- 59:45 - Outro

Resources:

1. TierPoint – Building Your Cybersecurity Team (2025)

Link: https://www.tierpoint.com/blog/cybersecurity-team

A practical guide for building an effective cybersecurity team, covering roles, strategies, and policy foundations. Ideal for modern organizations aiming to be scalable and agile.

2. TechTarget – Maximize Business Impact with the Right Security Team

Link: https://www.techtarget.com/searchsecurity/tip/How-to-build-a-cybersecurity-team-to-maximize-business-impact

This article explores how the right team structure directly influences risk reduction, operational efficiency, and talent retention. Especially relevant for security leaders and HR decision-makers.

3. Airiam – 14 Strategies for Building Cyber-Resilient Teams

Link: https://airiam.com/blog/building-cyber-resilient-teams

A clear and actionable blog post offering 14 strategies to enhance team culture, training, and awareness within cybersecurity teams. Useful for leaders looking to strengthen team dynamics.

4. ISACA - State of Cybersecurity 2024 report

Link: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

Connect with Media: https://www.linkedin.com/in/medea-de-jong-aa1b771/

Connect with Laurens: https://www.linkedin.com/in/laurensjagt/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Arnaud Wiehe (FedEx) & Tiago Teles (ABN Amro): “The Next-Gen CISO Must Stay Curious, or Fall Behind”

Thu, 26 Jun 2025 04:00:00 GMT

In this episode of re:invent security, we sit down with Arnaud Wiehe (Managing Director of Information Security at FedEx) and Tiago Teles (Head of Advanced Analytics & AI at ABN AMRO), co-authors of Emerging Tech, Emerging Threats, to explore what it truly means to lead in cybersecurity amid accelerating innovation.

From the explosive rise of GenAI and deepfakes to third-party risk at scale and secure-by-design realities—this conversation unpacks the practical and philosophical shifts modern CISOs must embrace. Arnaud and Tiago reflect on the evolving role of the security leader: no longer the “department of no,” but a proactive enabler of innovation.

We cover the threats shaping today’s landscape, including AI-generated phishing, insider risks, and automation-driven attacks—and how data quality, awareness, and defense-in-depth are now non-negotiable. Equally, we explore how security professionals must stay ahead not by fearing technology, but by experimenting with it—even when it might not succeed.

Whether you're a seasoned security executive or an aspiring leader, this is a must-listen conversation about redefining relevance, staying ahead of risk, and embracing the future before it embraces you. Tune in and ask yourself: how are you staying curious?

Chapters:

00:00 – 04:11 - Intro, Meet the Guests & Why This Topic Matters

04:12 – 08:39 - Writing the Book: Reinvention, Mindset, and Co-Authoring

08:40 – 15:04 - The Speed of Innovation: Why CISOs Must Stay Ahead of Tech

15:05 – 22:04 - From “Department of No” to Tech Enabler

22:03 – 28:04 - AI, Data & Security: Practical Use Cases that Work Today

28:05 – 33:52 - The Curious CISO: A New Model for Leadership

33:53 – 44:32 - Security by Design: The Real-World Playbook

44:33 – 53:43 - The Threats Are Here: Deepfakes, AI-Phishing & What's Next

53:44 – 58:32 - Final Takeaways & Challenge to Security Leaders

Resources:

* The Future Is Faster Than You Think: How Converging Technologies Are Disrupting Business, Industries, and Our Lives by Peter H. Diamandis, Steven Kotler, et al.

Connect with Arnaud: https://www.linkedin.com/in/arnaudwiehe/

Connect with Tiago: https://www.linkedin.com/in/tiagoteles/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Petra Oldengarm (CVN): “Digital Sovereignty Starts With Smart Dependence, Not Full Independence”

Wed, 28 May 2025 04:00:00 GMT

In this episode of re:invent security, we sit down with Petra Oldengarm, Director of Cyberveilig Nederland (CVN), to explore the real meaning of digital sovereignty—and why it’s more than just a political slogan. Petra takes us deep into the practical challenges and strategic decisions that come with reducing digital dependencies. From procurement strategies and fallback systems to encryption standards and talent development, this conversation unpacks what sovereignty can look like—without chasing unrealistic dreams of full independence. We also tackle the CISO’s role in influencing vendor choices, the myth of total control, and how European regulation (like NIS2) might help—but won’t solve everything. Whether you're in the public sector, critical infrastructure, or private enterprise, this episode is a must-listen for security leaders trying to navigate geopolitical complexity without losing sight of operational

Chapters:

00:00 - 1:44 - Teasers

1:45 - 4:44 - Introduction of the episode and Petra Oldengarm

04:45 - 08:03 - Reinventing security with private public collaboration (project Melissa)

08:04 - 09:43 - What are the biggest challenges that security leaders have regarding Digital

Sovereignty?

09:44 - 10:43 - Outsourcing is a strategic choice increasing dependencies

10:44 - 12:40- How can security leaders influence outsourcing decisions?

12:41 - 15:01 - Diversifying the vendor landscape is nog a security problem but a board problem

15:02 - 18:40 - Waiting for a European solution is not a strategy

18:41 - 21:15 - European legislation to improve digital autonomy

21:16 - 25:50 - European alternatives requires a broad long term governmental strategy

25:51 - 27:30 - Strategies to increase your sovereignty today

27:31 - 31:50 - Decreased risk is your Return on Investment

31:51 - 36:57 - What is the role of the government and the European Union to make sure leaders

diversify?

36:58 - 38:00 - You need to shift business continuity to the left

38:01 - 42:36 - Encryption is part of the solution

40:52 - 45:51 - What legislation is in the pipeline? (Omwille van de lengte mag deze er uit)

42:37 - 46:20 - Addressing the talent gap is a make or break for digital sovereignty?

46:21 - 49:40 - Petra’s advice: where do leaders start?

49:41 - 55:20 - Wrapping Up + Key take aways

Resources & Mentions:

Position Paper Cyberveilig Nederland on Digital Sovereignty: https://cyberveilignederland.nl/upload/userfiles/images/news/Position%20paper%20CVNL%20t_b_v_%20rondetafelgesprek%20Digitale%20soevereiniteit%20bij%20de%20Rijksoverheid%20d_d_%2013%20februari%202025%20(1).pdf

Article in the FD about dependencies in our digital autonomy: https://fd.nl/tech-en-innovatie/1549612/datacenters-worden-steeds-groter-maar-de-financiering-groeit-niet-mee

Connect with Petra: https://www.linkedin.com/in/petraoldengarm/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Sri Manda (Peloton): From Gatekeeper to Innovator: How CISOs Can Harness Startup Power

Thu, 24 Apr 2025 04:00:00 GMT

In this episode of Reinvent Security, we dive into the world of cybersecurity innovation with Sri Manda, the Chief Security and Trust Officer at Peloton. Sri brings a unique perspective—he’s not only a seasoned security leader in e-commerce, content creation, and IoT manufacturing, but also an active advisor to cybersecurity startups, venture capital, and private equity.

In our conversation, Sri shares why modern CISOs must wear multiple hats: part technologist, part risk manager, part business strategist, and part mentor. He details how he distinguishes genuine innovation from marketing hype, how to set up effective proof-of- concept criteria to evaluate emerging solutions, and why he believes in building “incubation labs” inside the enterprise.

Key highlights include:

 From Reactive to Proactive: Sri’s personal stories on why cybersecurity must move beyond mere compliance toward enabling secure, fast-paced innovation.

 Startup-Enterprise Partnership: Criteria and red flags for CISOs looking to leverage new market entrants, plus how entrepreneurs can refine their pitch.

 Reinventing the CISO Role: The shift from gatekeeper to strategic leader—communicating in business terms, fostering a culture of collaboration, and building resilience.

 Future-Facing Tech: How AI, automation, and next-gen computing are shaping tomorrow’s security tools, and what Peloton is doing to stay ahead.

If you’re ready to explore the cutting edge of cybersecurity—balancing bold new ideas with enterprise-grade governance—this episode is for you. Sri’s real-world experiences, from forging deeper connections with startups to bridging business objectives and risk management, offer a blueprint for CISOs everywhere.

Chapters:

Resources & Mentions:

 Peloton’s multifaceted business model: Content, IoT, e-commerce, and apps.

 The value of an MBA for cybersecurity leaders: bridging financials and technology.

 Incubation labs: a practical approach to vet, test, and adopt innovative solutions.

 Book Recommendation: Having Effective Conversations (for tough stakeholder

discussions).

Connect with Sri: https://www.linkedin.com/in/srimanda/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Esther Schagen-van Luit (Microsoft): "Security leadership requires courage and curiosity"

Thu, 27 Mar 2025 05:00:00 GMT

Join hosts Jeroen Prinse and Irfaan Santoe in this episode of re:invent security as they sit down with Esther Schagen-van Luit to explore what it truly means to be a Strategic CISO in today’s security landscape.

Esther is a well-known cybersecurity leader and advocate for Diversity, Equity, and Inclusion. With years of experience advising and working alongside CISOs across various sectors, she brings a sharp, candid perspective on the disconnect between tactical security operations and the strategic needs of modern organizations.

In this episode, Esther unpacks:

• The common traps that keep CISOs stuck in operational mode

• What separates a strategic CISO from the rest—mindset, skillset, and influence

• How organizational readiness (or lack thereof) impacts a CISO’s ability to lead at the strategic level

• Why aligning security with digital transformation is non-negotiable

• And how DEI plays a real role in shaping stronger, smarter security leadership

Esther doesn’t just talk about the role of the CISO—she challenges the assumptions around it. She shares what it takes to grow into strategic leadership, even in environments that aren’t quite ready for it, and why security professionals must be ready to challenge how value is measured and communicated.

Known for her clear thinking and no-nonsense delivery, Esther reminds us that strategy isn’t about sitting at the executive table—it’s about speaking the language of the business and helping shape its future.

Whether you’re a current CISO, an aspiring one, or someone who works closely with security leadership, this episode offers a grounded, honest look at the evolution of the role—and how to push it forward.

Chapters:

00:00 - 04:09 - Introduction of the episode and Esther Schagen van Luit

4:10 - 07:32 Reinventing security and being a driving force for good.

07:33 - 9:32 What are the key differences between an operational, tactical and strategical CISO?

09:33 - 12:15 What are operational and tactical CISO's lacking?

12:16 - 14:20 Strategic security visions requires curiosity

14:21 - 15:56 What is holding organizations back to embrace a strategical CISO?

15:57 - 19:33 - What are the most important skills to become a strategical security leader?

19:34 - 22:07 Example of a security leader who was successfull in aligning business objectives and security strategy

22:08 - 25:00 Don't sell winter coats in the summer

25:01 - 26:42 The difference between regulated and unregulated organizations

26:43 - 33:21 What are the tell tale signs that an organizations is not ready for a strategical CISO?

33:22 - 42:00 What are some practical/high impact steps to create high performing security teams?

42:01 - 43:00 What is the one piece of advise you would like to give security leaders?

43:01 - 46:28 What resources does Esther recommend to level up strategic thinking?

46:29 - 52:21 Key take aways Irfaan and Jeroen

Resources:

Connect with Esther: https://www.linkedin.com/in/estherschagenvanluit/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Carlo Alexander Schreurs (FrieslandCampina): "As a CISO, how do you lead in a Human-Centered way?"

Thu, 27 Feb 2025 05:00:00 GMT

In this episode, we talk with Carlo Alexander Schreurs, CISO of FrieslandCampina, about his journey of reinvention after surgery and his transition into a transformational CISO role. He advocates for moving from rigid "zero trust" to a more flexible "adaptive trust" model, better suited to digital transformation. Carlo emphasizes cultural shifts in cybersecurity, highlighting storytelling, collaboration, and psychological safety to build trust and resilience. He also stresses integrating cybersecurity with business goals, going beyond compliance to drive innovation. The episode wraps up with practical advice for CISOs on staying agile in a fast-changing landscape.

Chapters:

00:00 - 03:14 Introduction of the episode

03:15 - 06:26 Carlo reinventing himself

06:27 - 09:36 Reimagining Traditional Security

09:37 - 14:16 The Drama Triangle vs. The Winner's Triangle

14:16 - 17:41 From Zero Trust to Digital/Adaptive Trust

17:42 - 23:00 The Role of Trust and Loyalty

23:01 - 26:15 The CISO as Storyteller

26:16 - 32:55 Shifting from Risk Avoidance to Value Creation

32:56 - 43:45 Human Factors and Behavioral Insights

43:46 - 45:44 Reframing Cyber Security

45:45 - 55:34 Compliance Theater

55: 35 - 58:03 Practical Steps for Agile and Adaptable Programs

58:04 - 1:02:56 Key takeaways Jeroen & Irfaan

Resources

Drama triangle to winner triangle:

article 1: Life threw a curveball at me - on human-centric transformations

article 2: Beating the drama in Cybersecurity and Technology teams: uncovering hidden dynamics that drain energy and prohibit growth

article 3: Beating the drama in cybersecurity and IT: How to shift from drama triangle to TED and build a thriving team

article 4: Cybersecurity Transformation: The Power of Human-Centered Leadership

Storytelling: The Hidden Skill Every CISO or CIO Needs, But Few Use (On storytelling)

Other source: The Cyber Samurai—Forging a Black Belt in the Digital Dojo

Connect with Carlo: https://www.linkedin.com/in/schreursc/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Dimitri van Zantvliet (NS): “Securing Dutch Railways Amid Geopolitical Turmoil”

Thu, 30 Jan 2025 07:13:12 GMT

Join hosts Jeroen Prinse and Irfaan Santoe in this episode of Reinvent Security as they sit down with Dimitri van Zantvliet as they talk about the challenges of securing critical infrastructure and OT at the Dutch Railways. Especially in time of geopolitical turmoil and hybrid warfare.

Dimitri van Zantvliet is an accomplished leader in information security currently serving as the CISO of Dutch Railways (Nederlandse Spoorwegen). Dimitri is at the forefront of protecting one of the Netherlands’ most vital transportation networks against an ever-evolving landscape of cyber threats.

His leadership has been instrumental in addressing the unique challenges of securing critical infrastructure in an era marked by hybrid warfare and complex geopolitical dynamics. Known for his bold and innovative perspectives, Dimitri emphasizes in this podcast that the “C” in CISO stands for Change—highlighting the role of security leaders as agents of transformation within organizations. He has also spoken about the disruptive potential of artificial intelligence, warning that AI is a “Weapon of Mass Disruption”.

Dimitri’s expertise extends beyond technology into organizational culture, promoting resilience, adaptability, and collaboration as key components of effective cybersecurity. He is a sought-after speaker and thought leader, sharing insights on topics such as hybrid warfare, OT security, and the future of cybersecurity leadership. Under his guidance, Dutch Railways is not only defending its operations from cyber threats but also setting an example for how critical infrastructure operators can adapt and thrive in a rapidly changing world.

Chapters:

00:00 - 08:13 Introduction of the episode and Dimitri van Zantvliet

08:14 - 17:05 The Dutch Railways, their Information Security team and team diversity

17:06 - 21:29 The unique challenges of securing OT and critical infrastructure

21:30 - 26:44 How does the threat landscape differ when securing critical infrastructure?

26:45 - 29:59 Threat actors, influence of geopolitics and hybrid (digital) warfare

30:00 - 34:10 Regulation on the security of critical infrastructure

34:11 - 38:54 What can the IT security professionals learn from the OT security professionals?

38:55 - 42:21 Supply chain security, procurement and information security

42:22 - 45:29 What is the most exciting part of the "AI revolution"?

45:30 - 50:11 Early adoption, curiosity, business enablement and innovation as security leaders

50:12 - 55:39 The development of CISO Community Nederland

55:40 - 1:01:09 The evolution of security leadership roles

1:01:10 - 1:02:16 Wrapping Up

1:02:17 - 1:06:55 Key takeaways Jeroen & Irfaan

Resources

Werken bij de NS (https://www.werkenbijns.nl/vacatures)

Black-out (https://npo.nl/start/serie/black-out_1/seizoen-1/blackout)

CISO Community Nederland (https://www.cisocommunity.nl/)

Connect with Dimitri: https://www.linkedin.com/in/vanzantvliet/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Dr. Nikki Robinson (IBM) on Effective Vulnerability Management: Beyond Tools, Towards People

Thu, 28 Nov 2024 05:00:28 GMT

In this episode of Reinvent Security, we dive deep into the world of vulnerability management with Dr. Nikki Robinson, a distinguished cybersecurity expert, author, and educator. With years of experience in IT operations and cybersecurity, Dr. Robinson brings a unique perspective to managing vulnerabilities in today’s ever-evolving threat landscape. During the episode, Dr. Robinson shares her journey from IT operations to earning a doctorate in cybersecurity, highlighting the pivotal moments that shaped her approach to vulnerability management. She emphasizes the importance of looking beyond patching to address the broader aspects of risk reduction, including human factors, automation, and AI. Whether you are a seasoned cybersecurity professional or someone looking to strengthen your organization’s approach to vulnerabilities, this episode is packed with actionable insights and strategies. As a bonus, Dr. Robinson shares her thoughts on the differences between vulnerability management practices in the U.S. and Europe, and how global frameworks like NIST are fostering consistency across borders.

Chapters:

0:00 Introduction

4:31 Nikki’s Journey in Cybersecurity

7:57 Defining Vulnerability Management

10:35 Key takeaways from her book on Effective Vulnerability Management

22:00 First Steps to Mature Vulnerability Management

29:10 Prioritizing Vulnerabilities Beyond CVSS Scores

32:30 Automation in Vulnerability Management

39:15 Governance and Vulnerability Management

44:20 Key Takeaways

Resources:

Dr. Nikki Robinson’s books: Effective Vulnerability Management and Mind the Tech Gap

Security Fatigue: https://www.researchgate.net/publication/361595380_Stress_Burnout_and_Security_Fatigue_in_Cybersecurity_A_Human_Factors_Problem

Human Factors Security Engineering: https://www.tandfonline.com/doi/full/10.1080/07366981.2023.2211429

Human Factors in Cybersecurity: https://dl.acm.org/doi/abs/10.1145/3537674.3555782

Vulnerability Chaining Blog parts 1 and 2: https://blog.stackaware.com/p/vulnerability-chaining-part-1-a-logical

Connect with Nikki: https://www.linkedin.com/in/dr-nikki-robinson/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Bibi van den Berg (LEI): “Why traditional risk management falls short in cyber security"

Thu, 31 Oct 2024 04:00:07 GMT

Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they sit down with Prof. Dr. Bibi van den Berg, a renowned expert in cybersecurity governance. Bibi shares her unique perspective on the limitations of traditional risk management approaches in the rapidly evolving cyber landscape. She introduces the concept of value-driven decision-making, emphasizing the need to align security practices with organizational values, not just numbers. Discover how human behavior, technology, and regulations intertwine in cybersecurity, why data limitations pose significant challenges, and how organizations can rethink their approach to managing cyber risk. Whether you’re a seasoned security professional or new to the field, this episode offers fresh insights and practical advice to help you navigate the complexities of today’s cybersecurity challenges.

Chapters:

00:00 - 03:04 Introduction of the episode and Prof.dr. Bibi van den Berg

03:44 - 06:03 How is Bibi contributing to reinventing security?

06:04 - 08:05 Safety Science vs. Cyber Risk Management

08:06 - 09:47 What inspired Bib to focus on Value Driven Decision Making?

09:48 - 21:19 What would be the main limitations of traditional risk management?

21:20 - 25:47 How does value driven decision making for risk differ?

25:48 - 28:52 Asset prioritization and value driven decision making

28:53 - 32:42 The challenge with board and the need to quantify

32:43 - 43:32 How can organizations define their core values?

43:33 - 48:49 Common challenges for organizations in transition to a more value based decision making approach

48:50 - 55:04 Key takeaways Jeroen & Irfaan

Connect with Bibi: https://www.linkedin.com/in/bibivandenberg/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Sander Zwiebel (NN Group) on DORA: "The Final Countdown"

Thu, 26 Sep 2024 03:00:41 GMT

Join hosts Jeroen Prinse and Irfaan Santoe as they dive in the world of DORA, together with Sander Zwiebel (NN). During this episode we discuss what DORA is, why it came to existence, the scope of DORA and challenges and solutions directions for getting DORA implemented. It is the FINAL COUNT DOWN because organizations in scope for DORA have to comply by January 2025.

Chapters:

0:00 Introduction to DORA

01:02 Introduction of the episode and Sander Zwiebel

09:01 Introduction of DORA

13:06 DORA's Impact on Security

17:39 DORA's Impact on Financial Industry and Third-Party Management

28:59 Implementation Challenges Ahead

35:55 Tips for Successful DORA Implementation

40:55 Future of Regulatory Landscape

45:47 Closing Thoughts on Compliance and Security

52:50 Conclusion and Next Steps

Resources:

DORA formal law Digital Operational Resilience Act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554&qid=1727030708806

DORA regulatory technical standards or RTS: https://www.eiopa.europa.eu/publications/second-batch-policy-products-under-dora_en

DORA Questions and answers, joinedly done by the ESA’s (Eiopa, EBA, ESMA): https://www.eiopa.europa.eu/about/governance-structure/joint-committee/joint-qas_en

ESA link to a dry run exercise on the information register, in order to learn as supervisor and supervisee how the information register is going to work on both sides: https://www.eiopa.europa.eu/esas-publish-templates-and-tools-voluntary-dry-run-exercise-support-dora-implementation-2024-05-30_en

Dutch National Bank (DNB) link to DORA: https://www.google.com/url?q=https://www.dnb.nl/en/sector-information/open-book-supervision/laws-and-eu-regulations/dora/&source=gmail&ust=1727370130061000&usg=AOvVaw3GieR7OhPwfIElBvDRye_m

Connect with Sander: linkedin.com/in/sander-zwiebel-241a16

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

Steve Hollands (BQCM): "The future of security is quantum-proof: Start preparing today!"

Thu, 29 Aug 2024 03:00:22 GMT

Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they welcome quantum computing and security expert Steve Hollands, Chair of the Board at Blackhills Quantum Computing. Steve dives deep into the fascinating and complex world of quantum computing, discussing its far-reaching implications for the future of cybersecurity. From the looming threat of quantum computers breaking traditional encryption to the opportunities quantum key distribution offers, this episode covers the cutting-edge advancements that could revolutionize security as we know it. Discover how AI and quantum computing could drastically shorten the timeline for encryption vulnerabilities, why businesses need to start preparing today, and the importance of crypto agility in a post-quantum world. Whether you're an IT professional, a cybersecurity enthusiast, or just curious about the future of technology, this episode delivers expert insights and actionable advice to help you stay ahead of the curve in the quantum era.

Chapters:

00:00 Welcome to the podcast

00:35 Introduction of the episode and Steve Hollands

02:53 How is Steve contributing to Quantum proof security?

04:49 How does quantum computing differ from traditional silicon based computing?

08:53 How does quantum computing impact the field of information security?

12:16 What is the timeframe of quantum computing threats and opportunities?

15:26 What is quantum safe cryptography and what are researchers doing?

16:37 Crypto agility is a key security principle in any security strategy

18:27 Are actors using quantum capabilities everybody's problem?

20:54 How a Quantum Readiness Framework can help organizations towards a post quantum security strategy?

24:06 What steps should organizations be taking now to prepare for the future impact of quantum computing on their security infrastructure?

29:46 How to create a Quantum Secure Defense in Depth Strategy?

34:57 What other steps should organizations take to prepare for the future impact of quantum computing on their security infrastructure?

36:24 What are the regulatory and ethical considerations that come with the rise of quantum computing in information security?

37:09 Resources for your journey into quantum and security

38:26 Which board member is driving the change towards a post quantum organization?

41:38 Can we make quantum secure cryptography a service for the organization?

44:03 Wrap Up

Resources:

Forbes: https://www.forbes.com/sites/adrianbridgwater/2018/01/03/neuromorphic-computing-will-build-human-like-machine-brains/

Nature: https://www.nature.com/articles/s41928-021-00646-1

McKinsey, timeline for Q-Day: https://www.linkedin.com/posts/activity-7229084010952478720-9nku

Blackhills new website: https://www.blackhillsquantum.com

Hosted on Acast. See acast.com/privacy for more information.

Ashish Rajan (Kaizenteq): "Data Sovereignty Will Define the Future of Cloud Security and Compliance"

Thu, 25 Jul 2024 03:00:04 GMT

Join hosts Jeroen Prinse and Irfaan Santoe in this enlightening episode of Reinvent Security as they sit down with cloud security expert Ashish Rajan, founder of Kaizenteq and host of the Cloud Security Podcast. With 250+ cloud security podcasts to his name Ashish shares invaluable insights into the evolving landscape of cloud security, discussing key challenges, best practices, and future trends. Discover the importance of identity and access management, strategies to prevent misconfigurations, and how to balance data sovereignty with cloud service capabilities. Learn why incident response in the cloud needs more focus and how to strategically select the right tools for your cloud security needs. Whether you're a seasoned professional or new to cloud security, this episode offers actionable advice and deep expertise to help you navigate the complexities of securing your cloud environments.

Chapters:

0:35 introduction

4:11 How is Ashish contributing to Cloud Security and AI?

08:30 Primary Cloud Security Challenge

13:22 Cloud Security Best Practices

23:10 The latest exciting trends in Cloud Security

29:18 How is data sovereignty impacting Cloud Security strategies?

34:30 Emerging threats and opportunities

37:20 Top 3 things to focus on starting tomorrow

40:11 Resources for your Cloud Security journey

44:05 Wrap up

Resources:

- Cloud Security Podcast - www.cloudsecuritypodcast.tv

- Cloud Security Bootcamp - www.cloudsecuritybootcamp.com

- Cloud Security Newsletter - www.cloudsecuritynewsletter.com

Hosted on Acast. See acast.com/privacy for more information.

Paul Watts (ISF): “Here is what it takes to be a NextGen CISO!”

Thu, 27 Jun 2024 10:08:20 GMT

This episode of re:invent security shares what it takes to be the next generation (NextGen) CISO. Our guest Paul Watts, a multiple times CISOs at companies like Kantar, Domino’s Pizza UK & Ireland, Network Rail, clarifies what it takes to be the NextGen CISO. Key questions discussed are: “What are the expectations from Business/IT leaders hiring these NextGen CISOs?”, “What transformation should CISOs explicitly consider staying relevant as CISO?”, “What is most important AND challenging for the NextGen CISOs to fulfill these expectations and how can they go about it?”. Dive into the conversation with Paul, someone that has been there, done that, now sharing this!

Resources:

Paper 1 - Unlocking the business value of security - Leadership Insights: Unlocking the business value of security - Information Security Forum

Paper 2 - Exploring the role of the BISO - Leadership Insights: Exploring the role of the Business Information Security Officer (BISO) - Information Security Forum

Paper 3 - Looking to the future - is yet to be published publicly (link will be added later).

Paper 4 - Modelling the security leader - to be published to ISF Members on July 1st. Synopsis ...

The definition of a security leader continues to suffer from ambiguity, with misaligned expectations between business and incumbent a principal cause of stress and – somewhat inevitably – short tenures and disappointment for both employee and employer. We describe how the role could be better modelled, qualifying its fundamental criteria and providing some guidance on what qualities to look for, and what to not over-rely upon.

Paper 5 - Nominet CISO Stress Report: businesses get £23k ($30k) ‘free’ CISO time while impact of stress on mental health doubles in 2020 - Nominet

Other interview with Paul: The New Security Leader: Less Techie, More Business Savvy (inforisktoday.com)

Hosted on Acast. See acast.com/privacy for more information.

Toon Segers (Roseman Labs): "Multi-Party Computation for Secure, Private Data Collaboration"

Thu, 30 May 2024 03:00:08 GMT

Join hosts Jeroen Prinse and Irfaan Santoe as they dive into the world of multi-party computation with expert Toon Segers. In this episode, they explore how multi-party computation keeps data secure when collaborating, sharing and analyzing the data with partners, without exposing sensitive information. Toon Segers, co-founder of Roseman Labs and PhD candidate in mathematics and cryptography, explains the revolutionary changes this technology brings to data security and privacy of individuals, offering a promising solution to prevent data breaches and maintain confidentiality and privacy. Discover the future of data security and privacy and learn how multi-party computation is re:inventing the landscape of information security.

Resources

Multi Party Computation Wikipedia page: https://en.wikipedia.org/wiki/Secure_multi-party_computation

MPyC framework from TU Eindhoven: https://github.com/lschoe/mpyc

The Whitehouse on advancing Privacy-Enhancing Technologies: https://www.whitehouse.gov/ostp/news-updates/2022/06/28/advancing-a-vision-for-privacy-enhancing-technologies/

Roseman Labs website: https://rosemanlabs.com/en/

Collaborative Computing Slack community : https://collabcomputing.slack.com/

A correction: at 31:55 Toon states that the large Intel server has 192 CPUs, which should instead be 192 cores.

Hosted on Acast. See acast.com/privacy for more information.

Sunette Runhaar (Uber): "Why managing Insider Threat is so challenging, and how to start"

Thu, 25 Apr 2024 03:00:23 GMT

Insider Threat deals with the fact that every employee in the organization is a potential threat. How does one identify the actual threats and how to act and respond to them? What are the good practices to scale mitigation of the Insider Threat? What are the differences in Insider Threat Programs across different regions like the US and EU? All these questions are addressed by Sunette Runhaar from Uber.

Resources:

'Never split the difference: Negotiating as if your life depended on it' - Chriss Voss and Tahl Raz. This is essential reading to help manage tricky stakeholder relationships, but really helps understand the mindset of what motivates people in daily life.
'The Culture Map: Breaking the Through the Invisible Boundaries of Global Business' - Erin Meyer. Great reading to understand how different business cultures affect perceptions in the workplace and interpersonal relationships.

Hosted on Acast. See acast.com/privacy for more information.

Rob van der Veer: "Treat Artificial Intelligence as Software Initiatives"

Thu, 28 Mar 2024 04:30:28 GMT

What is the relationship between AI and Security? Learn from world industry expert Rob van der Veer what to consider when securing AI. This episode goes into detail about the security risks of developing AI and sheds light on how to start tomorrow with securing AI. We also discuss the upward risk of AI, what benefits will AI have and is having on doing security better!

Resources:

Hosted on Acast. See acast.com/privacy for more information.

Welcome to re:invent security

Wed, 27 Mar 2024 14:48:47 GMT

Welcome to re:invent security, the podcast where we look at ways to reinvent information security together with industry leaders.

Hosted on Acast. See acast.com/privacy for more information.