ISF Podcast

Today’s episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who for nearly a decade has worked to ensure fewer men suffer and die from prostate cancer. Steve and Oliver talk about how prostate cancer screening works and the importance of catching it early. The two also talk about the partnership and how it will help PCR’s efforts across the UK. Key Takeaways: Early detection saves lives. If you find prostate cancer before it has reached stage 3, the survival rate is 100%. A cancer battle will affect people around you, but they will also be the people whom you can draw strength and support from.  Access to cancer screening varies between regions and demographics.  Tune in to hear more about: What PSA is and how testing for prostate cancer is done (5:28) The new partnership between ISF and PCR (18:58) How AI and new technologies can help in cancer detection (22:34) Standout Quotes: “I think us men are not always the best at going and looking after ourselves and we often need to be nagged to go out and do something. But if you've got prostate cancer, it's gonna get you one way or another, and it'll gradually grow inside of you. And it's far better getting it early and having a relatively simple procedure, which you can now be in and out of hospital in a single day rather than late-stage prostate cancer, which will have very different consequences.” - Oliver Kemp  “I think one of the great things about this partnership is first of all, we're aiming at people who often don't get tested. And there are lots of PSA tests happening across this country, but they're often focused on regional areas. So southeast of England, London has lots of testing. It has lots of the best hospitals in the world, whereas other parts of the country don't have access to that.” - Oliver Kemp  “And for people in cybersecurity, it's about being as proactive about your own health as you are about protecting your organization. So it isn't about waiting for symptoms. I didn't have any. Look at PSA tests. We've said on this show it's a very low cost. And the people that I've come across who've certainly taken that step, and sadly there are more of us than people might think, all tell me the same thing. And as for partners, families, friends that are listening, don't underestimate the power of your encouragement just being there. That's really important. You don't have to do anything big. It's just a quiet conversation that could genuinely help.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with Martina Navratilova. Martina is one of the most accomplished tennis players of all time, holding the record for most open era titles and Wimbledon wins. Since retiring from tennis, Martina has been a vocal advocate for gay rights and cancer awareness. In her conversation with Steve, she talks about the importance of screening and early detection, and why self-awareness and kindness to yourself are essential when you’re going through something difficult. The two also discuss adapting to change, how to read your opponents and why rehearsing matters – both on the tennis court and in the world of cyber. Martina also gives the audience a piece of advice on staying resilient in the face of uncertainty, from the perspective of a champion.Key Takeaways: If something doesn’t feel right in your body, get tested. And even if you’re feeling fine, do that annual physical.  There is no substitute for practice when it comes to crisis preparedness. Breaches will happen, it’s about how you respond – with clarity and honesty – that matters. Tune in to hear more about: Some news from Steve (1:33) Building the right team (10:18) Recovering after a breach (13:24) Standout Quotes: “We tend to overreact and overcorrect. Less is more in just about everything in life. Less is more. You can always add to it. But if you go too far, you've gone too far.” - Martina Navratilova “At the end of the day, if you are the big boss, you are making the decisions, you have to trust your gut. So you take all the information in, but you have to say, ‘Okay, what really feels right with my knowledge, with my intelligence, with my history, what is the best way forward?’” - Martina Navratilova “No system is bulletproof no matter what. You may hit the best serve ever, but that person guessed and they get it back. It's how you bounce back from that. But nothing is bulletproof. You just need to figure out where was the breach, how can we fix it and avoid doing it again?” - Martina Navratilova Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this week’s episode, Steve sits down with conductor, pianist, comedian, and broadcaster Rainer Hersch. Rainer leans on his orchestra experience to explain how leaders outside the concert hall can build deep trust and strike a balance between discipline and adaptability in a rapidly changing world. He also reveals his secret leadership weapon: humor. Key Takeaways: Conducting an orchestra has many parallels to leading a business. Not every team member must know the entire business, but the leaders do.  Good conducting—and by extension, good leadership—is a back-and-forth effort between leaders and those being led. Tune in to hear more about: How conductors make different parts of the orchestra function in harmony (1:53) Flexibility in an orchestra and in business (6:59) How Hersch uses humor in his work as a conductor (14:54) Standout Quotes: “These analogies are very similar to how any large organization works. The only person actually who's got the kind of blueprint for the product that the orchestra is presenting to its customers, that is the orchestra score, is the conductor. Everybody else has just got their individual parts of the project. So coming together in that way musically, well, requires listening, it requires following in certain occasions, leading in others.” - Rainer Hersch “The conductor is the person who's given that one job of examining this plain piece of writing and going, okay, this is what is intended, this is the emotion that is intended. And in order to bring that emotion out, we need to do this in a certain way, and inspiring and motivating everybody else to participate in that irrespective of how they would personally go about it.” - Rainer Hersch “There are mistakes that happen in a performance, and I'm not going to stop every single mistake and go, ‘Duh-uh, bar 24 flutes.’ No. There are some things that happen, I know they will be fixed by the individual players. In a rehearsal, something happens, they miss the queue. I'll say, that'll be all right in the performance, won't it? Yes, it will. They've seen that I've seen it, and that's enough for them.” - Rainer Hersch Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Dr. Helena Boschi, globally acclaimed psychologist, to talk about the best security system of all: the human brain. The two discuss how stress impacts performance in high stakes environments like cybersecurity, why trust and psychological safety matter more than ever, and what leaders can do to help their team stay calm, focused, and creative even when the pressure is on. Finally, Dr. Boschi also explains what neuroscience reveals about how we can train our brains to become more cyber resilient. Key Takeaways: Leaders must be aware of the early warning signs of too much stress – memory loss, absentmindedness, sudden outbursts, etc.  Leaders must strike a balance between quick results and allow teams to think about problems in new ways, even if it takes a little longer. The brain is not great at adapting to big changes, so introduce new things in chunks to make the transition easier.  Tune in to hear more about: How the brain can help us become better leaders (11:26) Digital fatigue (19:56) How leaders help teams embrace change (25:50) Standout Quotes: “If you can see that if people start behaving in a much more emotional way than normal or they're struggling to make decisions or they're a bit absent-minded, time for leaders to say, let's just take a pause and let's think about what's going on. By the time these warning signs are spilled over into physical and behavioral ones, it's normally then almost too late.” - Dr. Helena Boschi “In a world with endless distraction, we have got information coming at us from all directions, and we simply don't have the brain power to deal with it all. So the brain selects what it wants to focus on based on what's important to that person. So what's important for me may not be important for you. We have to select, the brain has to actively select – this is called selective attention. Selective attention also makes us blind to the things we are choosing not to focus on. And you might pick up something that I am blind to. So your selective attention might help me see what I can't see. So it's really important to surround yourself with people who disagree with you, who see the world differently, because their blindness will be different to our blindness.” -  Dr. Helena Boschi “Human beings are quite fallible and they're quite flawed because we have a brain that is not optimized for making the best decisions. It's optimized for making the best decisions for me, but often not for the collective. And when it comes to information security, again, it's not really optimized. If the brain is tired or hungry, it won't make great decisions. So I think coming back to basics for the brain is really important. Keeping the brain in its most healthy state is probably the best thing that cybersecurity professionals can do, and that means keeping the body very active.”  - Dr. Helena Boschi Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Jaya Baloo, COO at Aisle. One of the world’s leading experts on quantum technology and cybersecurity, Jaya shares what the future of quantum computing looks like and what businesses can do to prepare for a quantum-prevalent world. She also offers her view of how cyber and quantum technology will co-evolve in the next 10 to 20 years. Key Takeaways: You should have started preparing for quantum yesterday. Cybersecurity stands out among areas of quantum as a space where quantum may first be used by governments to attack adversaries. More diversity is needed in quantum development.  Tune in to hear more about: How to begin your journey to quantum-ready today (8:17) How diversity can shape responsible development of quantum (13:48) Jaya Baloo’s view on quantum in 10-20 years (15:58) Standout Quotes: “ Cybersecurity is something really special here because unfortunately we do not have only from quantum, the same ability to protect as we have to attack. And I worry that the first application of these technologies beyond the sensors, the first real application from governments will be that offensive use to attack our current cryptographic stack.” - Jaya Baloo “I think in general, especially now with the whole onslaught against everything DEI, I actually think it's such a shame to waste time on excluding anyone from anything. We really need the best skillset we can possibly get. And what you see is that, especially in areas like quantum, there's not enough diversity.” - Jaya Baloo “So what I really think that we need to think about is how do we democratize, as much as possible, access to our defense against a potential quantum threat, and how do we democratize the availability of quantum computing in order to benefit all of humanity?” - Jaya Baloo Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. In this conversation, Steve recaps 2025 in cyber and shares what he sees as the biggest risks heading into 2026. The two also discuss resilience and compliance, as well as the growing importance of togetherness among businesses…Key Takeaways: Companies would be wise to conduct frequent cyber audits.  Supply-chain disruptions can have long-lasting, reputational effects.  How we protect the integrity of our data is at the core of cybersecurity.  Tune in to hear more about: The relationship between government business in cyber (12:56) How boards should plan for a cyber attack (15:40) Collaborating within and across industries (22:24) Standout Quotes: “I've said many times that good compliance doesn't equal good security, but good security does equal, nine times out of 10, very good compliance. So where do we go with all of that? I do think that we're probably getting to a point, sadly, where we need to be viewing some of the security processes that we need to undergo in the same way as we consider financial audits.” - Steve Durbin “I think that the day is gone when you can rely on your defenses. So boards have to be planning for the day when the defenses fail. When an attack really starts to make an impact on your business. The starting point is to figure out how long you can be without your systems. It may sound like a strange thing to say, but that's the important starting point for me.” - Steve Durbin “Security is not, in my opinion anyway, a competitive advantage. And because it's not a competitive advantage, there shouldn't be this massive barrier to sharing some of the ideas, some of the attacks that are out there for the good of the industry.” - Steve Durbin  Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: Governments must work with the private sector to achieve a cyber-secure environment. Boards are increasingly aware of cyber risks, but more work is needed.  Global trust is dissipating. Tune in to hear more about: The changing landscape of critical national infrastructure (5:46) Security vs. privacy in the UK (9:27) An ongoing, structural geopolitical shift (15:18)  Standout Quotes: “We need to make sure that we are thinking right across government when we are thinking about the approach to critical national infrastructure and how we can make it most safe for our users and for our populations.” - Sir Jeremy Fleming “I still encounter plenty who haven't done one for 18 months, who haven't updated to the latest threat environment, who haven't thought about geopolitics coming into play. Haven't checked that they've still contracted with a company who's gonna help them wind back in the event that they are breached. Hasn't thought seriously about whether it's gonna pay a ransom. The implications of paying a ransom.” - Sir Jeremy Fleming “The first thing is that what we're seeing now around changes in geopolitics is definitely a structural change. It's not a cyclical change. So the post 1948 Bretton Woods approach to the global order, with a whole load of United Nations agencies, World Health Organization, World Trade Organization, our approach to international aid, World Bank, these are all institutions that have changed fundamentally and won't change back.” - Sir Jeremy Fleming Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: The most underappreciated leadership skill is listening. Compliance must never be an afterthought or just a check-box exercise.  Anybody has the potential to become an insider threat. Tune in to hear more about: The fraud triangle (4:10) How cybersecurity leaders can build a culture that discourages insider risk (7:12) Striking a balance between trust and control (15:12) Standout Quotes: “But you don't get people to speak up by telling them to speak up. You actually have to, if you're gonna tell them to do that, you have to listen up. So I always encourage leadership to work on their listening skills.” - Tom Hardin “If you have a rule that a few people break, you have a people problem. If you have a rule that a lot of people are breaking, you have a rule problem.” - Tom Hardin “You could be one decision away. Never feel like it couldn't be you. Just have a healthy paranoia when you're in situations and not to feel like that could never be me crossing a line, because that's when we're most susceptible to that.” - Tom Hardin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, we bring you the second half of Emerging Threats 2026, the first episode of which we aired last year. In the previous episode, Steve outlined the threats and challenges that enterprises and business leaders will face in 2026 and beyond. Today, he answers questions from the audience. We’ll get into artificial intelligence, supply chain and geopolitical challenges, corporate governance, risk and resilience, and more.Key Takeaways: Cyber resilience today is about data, data, and data.  Enterprises must help their suppliers to meet adequate security standards.  AI will be a big challenge for the board in 2026. Tune in to hear more about: Managing supply-chain risk (5:07) How leaders can deal with risks outside of their control (12:16) An evolving cyber threat landscape (15:37) Standout Quotes: “Assuming you've got your policies and your processes in place, I would suggest you have an AI committee that actually approves or otherwise the way in which these tools are then implemented across the business. Why have a committee? Because that way you can pull in representatives from different parts. You can have security, you can have IT, you can have legal and people from the mainline businesses. Everybody makes a decision based on very well-defined criteria, no comeback on any individual, and either it's approved or it isn't.” - Steve Durbin “How do you avoid getting caught out? For me that's not what's happening. If you happen to be on a list. If you happen to be an organization that has something that is exceptionally interesting or useful, then somebody will want that information. Somebody will want that data. What you have to do is make yourself look pretty unattractive. So it is about all of the tedious things that we don't like. It's about patching, it's about making sure that you're making it difficult for people to access your systems. It means that your monitoring is top of its game.” - Steve Durbin “What measures can we put in place to ensure our suppliers and third party partners meet our security standards? Good question that I think that requires a lot more communication. It is about being really clear as to what it is you're expecting from a security standard perspective. It's about not just setting the bar, it's about helping people to achieve what it is you're expecting them to do. And the really important piece that I would emphasize there is tell them the why. Why do you have to do it? Why is it important? This isn't about people doing tick boxes. It is about people understanding why it's important and how they can help to maintain integrity and security across the whole supply chain.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

The ISF Podcast celebrates 10 years this year. Over the decade that we’ve been in your ears every week, Steve has interviewed a lot of fascinating people: visionary business leaders, neuroscientists and physicists, world leaders, and formerly notorious cyber criminals, just to name a few. We have touched on topics like AI, the human mind, cyber resilience, leadership, and the future of technology and society. So, to kick off 2026, we wanted to give you a look back, highlighting the very best of this first decade of the ISF Podcast. And don’t worry – we’ll link all the episodes in the show notes. Check out our favorite episodes from the last 10 years: Mo Gawdat - Rethinking the Paradigm of Artificial and Human Intelligence Brian Cox — Intellectual Honesty & Learning to be a Leader Hannah Fry - What Data Can & Can’t Tell Us About Ourselves Peter Hinssen - The Never Normal Inside the Mind of Today's Cybercriminals (Brett Johnson, Part 1) Steve Wozniak In Conversation with Steve Durbin Captain Tammie Jo Shults - Habits, Hope and Heroes in a Time of Crisis Sadie Creese — Minimising Your Attack Surface Sir Bob Geldof — Challenging Orthodox Thinking Bonus Episode: Reggie Butler — Bringing Your Home to Work Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.