#245 Cybersecurity: A Closer Look at Industry Shortcomings, Risk Mitigation, and Strategies for the Future With Richard Hollis

Our conversation with Risk Crew's seasoned cybersecurity expert, Richard Hollis, is likely to challenge everything you thought you knew about the industry. For over three decades, Richard has been at the forefront of cybersecurity, and today he's sharing his perspective on the industry's shortcomings, the efficacy of products and vendors, and the startling loss of 16 billion personal records over the past seven years. Richard's insights are a wakeup call for an industry-wide shift in approach towards cybersecurity. Richard pulls no punches as he highlights the pitfalls of security products that merely treat symptoms rather than addressing root causes. He emphasizes the need for due diligence in verifying a vendor's security credentials before implementing their products. Our discussion illuminates the often glossed-over importance of user training and risk mitigation in cybersecurity. There's a deep dive into the disproportionate budget allocations in the industry, which often undermine the critical role of people and processes. Finally, we tackle the topic of risk assessments - a crucial but frequently overlooked aspect of cybersecurity. Richard talks about the alarming lack of qualified professionals in the field, attributing it to inadequate investment in people skills over the years. We end on a contemplative note, discussing the complex landscape of cybersecurity threats, the need for offensive security strategies, and the role of AI and machine learning technologies. It's a conversation that brings to light the necessity of staying a step ahead of the threats for effective cybersecurity. Be sure to tune in for a conversation that will redefine your perspective on cybersecurity. More about Richard: Richard Hollis is the CEO for Risk Crew a London-based cyber security & testing consulting firm specialising in providing cyber risk management and security testing services. He possesses over 30 years of “hands on” skills and experience in designing, implementing, managing, testing, and auditing enterprise level information security programs. Richard is a celebrated public speaker and seasoned information security awareness trainer. Richard has presented to hundreds of audiences across the world on a wide variety of information risk management topics and techniques. As a recognised industry authority, he has published numerous articles and white papers and appeared on national and international broadcast news shows as well as being cited in a wide range of press including the BBC, MSNBC, Radio 4 and the Financial Times, Time magazine and various others. He is also a regular contributor to industry publications such as Wired, SC, InfoSec and Security Penetration Testing magazines. Richard brings a fresh, simple and product agnistic perspective on cyber security and the current threat landscape. https://www.riskcrew.com