1
00:00:05,920 --> 00:00:09,440
Speaker 1: Welcome to the Fear and Greed Business Interview. I'm Adam Lang.

2
00:00:09,480 --> 00:00:12,920
Speaker 1: In this increasingly digital world, the exact nature of the

3
00:00:12,960 --> 00:00:17,239
Speaker 1: cyber risk facing businesses is changing almost every day. The

4
00:00:17,320 --> 00:00:20,400
Speaker 1: constant emergence of new threats puts a lot of pressure

5
00:00:20,440 --> 00:00:23,520
Speaker 1: on businesses not just to respond, but to communicate the

6
00:00:23,600 --> 00:00:26,560
Speaker 1: nature of the threat to stakeholders within a company. But

7
00:00:26,640 --> 00:00:28,760
Speaker 1: they have to communicate it in a way that shows

8
00:00:28,800 --> 00:00:32,760
Speaker 1: the operational and financial risk and secures the buy in

9
00:00:32,840 --> 00:00:36,400
Speaker 1: of boards, executives and their teams. And that is critical

10
00:00:36,680 --> 00:00:39,720
Speaker 1: and that's where my guest today comes in. Sam Salahi

11
00:00:39,920 --> 00:00:42,520
Speaker 1: is the managing director of Australian New Zealand at quallis

12
00:00:42,760 --> 00:00:46,559
Speaker 1: a supporter of this podcast. That's Qua l ys Qualis.

13
00:00:46,840 --> 00:00:49,000
Speaker 1: He joins me in the studio. Sam, Welcome to Fear

14
00:00:49,040 --> 00:00:49,400
Speaker 1: and Greed.

15
00:00:49,520 --> 00:00:50,640
Speaker 2: Thanks for having me Adam.

16
00:00:50,960 --> 00:00:53,640
Speaker 1: Sam. We were just talking before and you have great

17
00:00:53,800 --> 00:00:57,960
Speaker 1: field experience in the cybersecurity industry. Moore's law describes the

18
00:00:58,000 --> 00:01:01,080
Speaker 1: trend in the semiconductor industry where the number of transistors

19
00:01:01,120 --> 00:01:04,400
Speaker 1: in a microchip roughly doubles every two years, and that

20
00:01:04,440 --> 00:01:08,080
Speaker 1: means that the processing of computers should also roughly double.

21
00:01:08,120 --> 00:01:11,280
Speaker 1: In the same timeframe, give us a snapshot of the

22
00:01:11,280 --> 00:01:15,759
Speaker 1: current cyber risk environment. The phrase attack surface is being

23
00:01:15,840 --> 00:01:20,199
Speaker 1: used pretty broadly these days. Do you think that is increasing?

24
00:01:20,840 --> 00:01:23,679
Speaker 2: I think that let's look at a tax surface in

25
00:01:23,720 --> 00:01:26,520
Speaker 2: a different way. What I see in the market is

26
00:01:26,640 --> 00:01:29,000
Speaker 2: a lot of different vendors talk about a tack surface

27
00:01:29,080 --> 00:01:32,280
Speaker 2: is increasing, which is correct. You know, there is a

28
00:01:32,280 --> 00:01:35,960
Speaker 2: lot of companies that they're doing digital transformation, so they

29
00:01:36,040 --> 00:01:38,720
Speaker 2: move stuff in the cloud, which opens up a different

30
00:01:38,720 --> 00:01:41,520
Speaker 2: attack surface. But I'd like to use the word risk

31
00:01:41,640 --> 00:01:45,080
Speaker 2: surface because imagine that in the room we are standing now,

32
00:01:45,200 --> 00:01:48,040
Speaker 2: and I've got an open window, right, that is definitely

33
00:01:48,080 --> 00:01:50,560
Speaker 2: an attack surface for someone to come in. Sure, but

34
00:01:50,680 --> 00:01:53,600
Speaker 2: what if there's nothing here for them to steal? Right,

35
00:01:53,640 --> 00:01:55,760
Speaker 2: there is no risk? So I think I like to

36
00:01:55,840 --> 00:01:58,920
Speaker 2: use the word risk surface rather than a tax surface.

37
00:01:58,920 --> 00:02:01,240
Speaker 2: And that's definitely all right.

38
00:02:01,680 --> 00:02:05,240
Speaker 1: Let's stick with that risk surface. What are the biggest

39
00:02:05,320 --> 00:02:08,600
Speaker 1: threats Australian businesses are facing? Now? What's that risk surface

40
00:02:08,639 --> 00:02:09,080
Speaker 1: looking like?

41
00:02:09,560 --> 00:02:12,600
Speaker 2: I think there are like, in my view, four top

42
00:02:13,080 --> 00:02:16,320
Speaker 2: risk that we are facing in Australia. It is the

43
00:02:16,480 --> 00:02:20,120
Speaker 2: number one is the ransomware attacks that I see. It

44
00:02:20,160 --> 00:02:24,400
Speaker 2: is still happening and unfortunately they are increasing. Definitely, I

45
00:02:24,560 --> 00:02:27,880
Speaker 2: do see a lot of business email compromises happening. You know,

46
00:02:28,000 --> 00:02:31,079
Speaker 2: email is still the number one attack vector that people

47
00:02:31,120 --> 00:02:34,600
Speaker 2: can get in. Supply chain attacks are the other one

48
00:02:34,639 --> 00:02:38,880
Speaker 2: that the bad actors look at, finding a low hanging

49
00:02:38,919 --> 00:02:41,560
Speaker 2: fruit in one of your suppliers, you know, something that

50
00:02:41,600 --> 00:02:45,040
Speaker 2: they can get in and then escalate their privileges to

51
00:02:45,040 --> 00:02:49,680
Speaker 2: get access to your company. And also stated sponsorship attacks

52
00:02:49,840 --> 00:02:54,119
Speaker 2: when other countries have interest in taking out information.

53
00:02:54,600 --> 00:02:58,680
Speaker 1: Right, So those four risks are pertinent and great themes.

54
00:02:58,919 --> 00:03:01,720
Speaker 1: Why is it still so dificult for businesses to translate

55
00:03:02,120 --> 00:03:05,440
Speaker 1: cyber risk into something that the c suite can act on?

56
00:03:05,480 --> 00:03:08,240
Speaker 1: Because of all those risks that you hear, Now to

57
00:03:08,400 --> 00:03:10,480
Speaker 1: what do I do, whether I'm in a board position,

58
00:03:10,560 --> 00:03:13,520
Speaker 1: a c suite executive, or just a team member position,

59
00:03:14,320 --> 00:03:17,320
Speaker 1: what do I do and to keep involved with these

60
00:03:17,760 --> 00:03:20,239
Speaker 1: I guess risk protections against that evolving threat.

61
00:03:20,720 --> 00:03:23,440
Speaker 2: I think one of the fundamental issues in my view

62
00:03:23,720 --> 00:03:27,160
Speaker 2: is we're not talking the same language. So I ask

63
00:03:27,240 --> 00:03:29,360
Speaker 2: you a question, how many love languages do you have?

64
00:03:31,639 --> 00:03:34,920
Speaker 1: Love languages? My wife would accuse me of having very few,

65
00:03:34,920 --> 00:03:36,200
Speaker 1: but I reckon four or five?

66
00:03:36,480 --> 00:03:40,240
Speaker 2: Five, But there's only one language for risk and that's money.

67
00:03:40,720 --> 00:03:41,000
Speaker 1: Right.

68
00:03:41,160 --> 00:03:44,280
Speaker 2: The issue we're facing is we're struggling to do a

69
00:03:44,400 --> 00:03:47,960
Speaker 2: risk quantification in our business. So a lot of my peers,

70
00:03:48,000 --> 00:03:50,520
Speaker 2: a lot of people in the cybersecurity they just treat

71
00:03:50,560 --> 00:03:55,000
Speaker 2: cybersecurity as a technical issue. Cybersecurity, in my view, is

72
00:03:55,040 --> 00:04:00,480
Speaker 2: a risk mitigation function in your business, risk management, and

73
00:04:00,880 --> 00:04:04,400
Speaker 2: that the focus should be having everyone together to speak

74
00:04:04,440 --> 00:04:07,040
Speaker 2: the same language. And that's the language of risk, which

75
00:04:07,080 --> 00:04:07,520
Speaker 2: is money.

76
00:04:07,720 --> 00:04:11,200
Speaker 1: Okay, good one. Money is the one. So what are

77
00:04:11,240 --> 00:04:14,760
Speaker 1: the consequences when cyber risks are framed only in those

78
00:04:14,800 --> 00:04:18,400
Speaker 1: technical terms without linking them to an operational or a

79
00:04:18,440 --> 00:04:20,800
Speaker 1: financial impact. What do you see companies doing well and

80
00:04:20,880 --> 00:04:21,960
Speaker 1: not well in that regard?

81
00:04:22,560 --> 00:04:25,360
Speaker 2: In my view, it's actually a little bit broader than that.

82
00:04:25,400 --> 00:04:28,960
Speaker 2: I think you need to connect them with business contexts. Again,

83
00:04:29,000 --> 00:04:32,440
Speaker 2: when I look at it, when you're looking at your

84
00:04:32,480 --> 00:04:35,640
Speaker 2: business and there's cyber threats everywhere, right, So we talk

85
00:04:35,680 --> 00:04:39,360
Speaker 2: about risk surface is evolving. What we need to do

86
00:04:39,480 --> 00:04:42,640
Speaker 2: is we need to tie them back into the business context.

87
00:04:43,040 --> 00:04:46,280
Speaker 2: So if at exposure you have in one of your

88
00:04:46,279 --> 00:04:50,160
Speaker 2: business unit, which is a testing center, is very different

89
00:04:50,200 --> 00:04:54,240
Speaker 2: from that exposure. If that particular business units is generating

90
00:04:54,279 --> 00:04:57,279
Speaker 2: ten billion dollars for your business, so it's important and

91
00:04:57,480 --> 00:05:00,320
Speaker 2: everyone is talking about the same language, and also we

92
00:05:00,360 --> 00:05:03,800
Speaker 2: are having that business context in the back of our mind.

93
00:05:03,960 --> 00:05:06,360
Speaker 2: Otherwise what's going to happen is you're spending a lot

94
00:05:06,360 --> 00:05:10,280
Speaker 2: of money building dashboards and dashboards on top of each

95
00:05:10,320 --> 00:05:13,520
Speaker 2: other and have your top ten tools with top ten issues,

96
00:05:13,560 --> 00:05:17,640
Speaker 2: but you're not actually solving the problem for your business

97
00:05:18,040 --> 00:05:22,000
Speaker 2: because all the focus is on the technology, not the

98
00:05:22,080 --> 00:05:23,640
Speaker 2: connection with the business.

99
00:05:23,920 --> 00:05:29,280
Speaker 1: So on that theme, and despite the growing cyber threat landscape,

100
00:05:29,920 --> 00:05:33,719
Speaker 1: cybersecurity can still be siloed. What do you think is

101
00:05:33,760 --> 00:05:36,720
Speaker 1: getting in the way? What are the obstacles for having

102
00:05:36,720 --> 00:05:39,200
Speaker 1: it fully embedded by every part of the business from

103
00:05:39,200 --> 00:05:42,400
Speaker 1: the business strategy through to every role in the business.

104
00:05:42,640 --> 00:05:44,000
Speaker 1: Language is part that you mentioned?

105
00:05:44,000 --> 00:05:47,599
Speaker 2: What else I think we have to break this silus? Definitely.

106
00:05:47,640 --> 00:05:52,200
Speaker 2: Cybersecurity is something that people in the security space pay

107
00:05:52,240 --> 00:05:55,240
Speaker 2: a lot of attention to, but the collaboration with it

108
00:05:55,880 --> 00:05:58,679
Speaker 2: because I'll give you an example. One of the main

109
00:05:58,920 --> 00:06:01,279
Speaker 2: products that we take to market when it comes to

110
00:06:01,360 --> 00:06:04,680
Speaker 2: call is our oneaty management program. Right, so we help

111
00:06:04,720 --> 00:06:08,400
Speaker 2: our customers with visibility, but no one gets points for

112
00:06:08,920 --> 00:06:12,800
Speaker 2: the visibility you get point when you do remediation right. So,

113
00:06:13,200 --> 00:06:16,840
Speaker 2: and that remediation often comes from the IT team, and

114
00:06:17,080 --> 00:06:22,040
Speaker 2: that breakage which is currently between IT and security is

115
00:06:22,080 --> 00:06:24,279
Speaker 2: not helping the business because at the end of the day,

116
00:06:24,320 --> 00:06:26,760
Speaker 2: I can tell you that you've got ten open windows

117
00:06:26,760 --> 00:06:30,120
Speaker 2: in your house. If you don't close them, they will

118
00:06:30,160 --> 00:06:33,640
Speaker 2: get in eventually. So we need to have IT and

119
00:06:33,680 --> 00:06:38,239
Speaker 2: security collaborating to make sure that we are fixing the issue.

120
00:06:38,279 --> 00:06:41,000
Speaker 2: We are not just bringing visibility to our exec.

121
00:06:41,520 --> 00:06:44,039
Speaker 1: So in terms of those execs, we sometimes hear of

122
00:06:44,120 --> 00:06:47,400
Speaker 1: chief information security officers. There's other roles, I'm sure and

123
00:06:47,440 --> 00:06:51,080
Speaker 1: other descriptors. How are you seeing them change the way

124
00:06:51,120 --> 00:06:53,719
Speaker 1: that they talk in businesses to get the buy in

125
00:06:53,880 --> 00:06:55,280
Speaker 1: for these threat mitigants.

126
00:06:55,480 --> 00:06:58,440
Speaker 2: So when I talk to my CAESAR community, the chief

127
00:06:58,440 --> 00:07:02,000
Speaker 2: information security officers that I do deal with them on

128
00:07:02,040 --> 00:07:05,960
Speaker 2: a daily basis, the number one challenges are still getting budget.

129
00:07:06,320 --> 00:07:11,360
Speaker 2: They're struggling to convince the exec boards to give them budget.

130
00:07:11,720 --> 00:07:14,400
Speaker 2: And I think the reason for that is we're not

131
00:07:14,680 --> 00:07:17,760
Speaker 2: showing them the risk quantification in the way we have

132
00:07:17,880 --> 00:07:20,520
Speaker 2: to show them. So you typically go and say, hey,

133
00:07:20,560 --> 00:07:22,680
Speaker 2: I want to buy this amazing tool that is going

134
00:07:22,760 --> 00:07:26,280
Speaker 2: to do these five functions for us, which is not

135
00:07:26,360 --> 00:07:29,080
Speaker 2: talking about the business language, right, So you're talking about

136
00:07:29,480 --> 00:07:33,560
Speaker 2: technical stuff with non technical people. And the question you're

137
00:07:33,600 --> 00:07:36,680
Speaker 2: often going to receive from your CFO or your board

138
00:07:36,880 --> 00:07:39,400
Speaker 2: is okay, so you're going to spend a million dollar

139
00:07:39,880 --> 00:07:43,120
Speaker 2: buying this tool. Are we going to be five time faster,

140
00:07:43,640 --> 00:07:47,320
Speaker 2: safer or two times safer? So to answer that question,

141
00:07:47,400 --> 00:07:50,120
Speaker 2: that's where you need to bring everyone on a journey.

142
00:07:50,280 --> 00:07:53,720
Speaker 2: Like my recombination is, you need to start with what

143
00:07:53,800 --> 00:07:57,040
Speaker 2: we call it value at risk. What does your business

144
00:07:57,200 --> 00:08:02,000
Speaker 2: stand to lose if that particular machine is interrupted? And

145
00:08:02,080 --> 00:08:04,640
Speaker 2: in order to answer that question, you need your CFO,

146
00:08:04,800 --> 00:08:07,440
Speaker 2: you need your board of directors, you need your CEO

147
00:08:08,080 --> 00:08:11,680
Speaker 2: to come together. It's not a security decision. They need

148
00:08:11,720 --> 00:08:15,640
Speaker 2: to tell me what are the building blocks for my business? Okay,

149
00:08:15,800 --> 00:08:18,920
Speaker 2: we have this business unit with a revenue of five billion,

150
00:08:19,240 --> 00:08:21,600
Speaker 2: or we have this other business unit with a revenue

151
00:08:21,640 --> 00:08:25,880
Speaker 2: of two million. Understand the assets within those businesses so

152
00:08:25,960 --> 00:08:29,240
Speaker 2: when something happens, we know what impact it has on

153
00:08:29,280 --> 00:08:33,880
Speaker 2: our business. Rather than just looking at the technicality around

154
00:08:33,920 --> 00:08:37,439
Speaker 2: a bridge, what is it being impacted? Has also an

155
00:08:37,520 --> 00:08:40,760
Speaker 2: impact on the way you manage those incidents.

156
00:08:40,360 --> 00:08:43,160
Speaker 1: That value at risk. I really like that. Stay with me, Sam,

157
00:08:43,240 --> 00:08:52,199
Speaker 1: We'll be back in a minute. My guest this morning

158
00:08:52,240 --> 00:08:55,959
Speaker 1: is Sam Salahi from Qualis. Sam, we started to talk

159
00:08:56,120 --> 00:08:59,040
Speaker 1: before the break a bit about the value at risk.

160
00:09:00,040 --> 00:09:04,240
Speaker 1: Are you seeing that chief information security officer and risk roles?

161
00:09:04,559 --> 00:09:08,200
Speaker 1: Are they evolving into more of a business strategy sort

162
00:09:08,280 --> 00:09:10,000
Speaker 1: of role than.

163
00:09:09,960 --> 00:09:12,280
Speaker 2: Just risk one hundred percent? And I think that's the

164
00:09:12,320 --> 00:09:16,199
Speaker 2: way to go. Security has to be blended with business

165
00:09:16,360 --> 00:09:20,280
Speaker 2: and a chief information security officer role, in my view,

166
00:09:20,320 --> 00:09:24,240
Speaker 2: should be that breach between the technical risk and the

167
00:09:24,240 --> 00:09:28,360
Speaker 2: business risk and help the business to understand what are

168
00:09:28,360 --> 00:09:31,600
Speaker 2: we going to lose if that particular machine or server

169
00:09:31,880 --> 00:09:35,120
Speaker 2: or device is down. What is the impact on my

170
00:09:35,240 --> 00:09:38,640
Speaker 2: business financially because at the end of the day, the

171
00:09:38,720 --> 00:09:42,320
Speaker 2: risk management function is to reduce the financial impact on

172
00:09:42,360 --> 00:09:45,200
Speaker 2: your business as long as we don't bring them together.

173
00:09:45,679 --> 00:09:49,000
Speaker 2: Remember we talk about the risk language, which is funny.

174
00:09:49,280 --> 00:09:52,520
Speaker 2: So we've got to quantify this and show them that

175
00:09:53,160 --> 00:09:55,440
Speaker 2: if you don't take these actions, if you don't do

176
00:09:55,720 --> 00:09:59,400
Speaker 2: these five things, there is a likelihood of us losing

177
00:09:59,440 --> 00:10:02,480
Speaker 2: two million per day. Can I have two hundred thousand

178
00:10:02,559 --> 00:10:06,160
Speaker 2: dollars to reduce and mitigate this risk, and maybe another

179
00:10:06,200 --> 00:10:09,280
Speaker 2: fifty thousand dollars to buy cyber insurance to cover the

180
00:10:09,320 --> 00:10:10,440
Speaker 2: rest sam.

181
00:10:10,480 --> 00:10:13,839
Speaker 1: I've been involved in situations where literally everyone's computer shut

182
00:10:13,880 --> 00:10:17,079
Speaker 1: down and it's a shock when it happens, and recovering

183
00:10:17,080 --> 00:10:20,920
Speaker 1: from those situations. It's hard to know how valuable that

184
00:10:21,160 --> 00:10:23,840
Speaker 1: is until you're actually protected from it, and you know

185
00:10:24,200 --> 00:10:27,360
Speaker 1: without going through it. Are you seeing these instances still

186
00:10:27,400 --> 00:10:31,199
Speaker 1: happening where people just suffer from not protecting themselves adequately

187
00:10:31,679 --> 00:10:32,320
Speaker 1: hundred percent?

188
00:10:33,000 --> 00:10:35,600
Speaker 2: And on the other side, I see that there's more

189
00:10:35,640 --> 00:10:38,440
Speaker 2: and more board of directors and sea levers that they're

190
00:10:38,440 --> 00:10:42,800
Speaker 2: getting involved in what we call it cyber risk simulation exercises.

191
00:10:42,880 --> 00:10:47,480
Speaker 2: You know, you do incident response mock like get someone

192
00:10:47,520 --> 00:10:50,760
Speaker 2: into come and help you, pretend that you're bridged. How

193
00:10:50,760 --> 00:10:53,520
Speaker 2: do you respond? Because what I see in the market

194
00:10:53,600 --> 00:10:55,839
Speaker 2: is a lot of the companies I deal with they

195
00:10:55,880 --> 00:10:59,360
Speaker 2: also have an incident response plan for those really rare

196
00:10:59,440 --> 00:11:02,720
Speaker 2: scenarios that you're hit by ransomware or you losse access

197
00:11:02,720 --> 00:11:06,160
Speaker 2: to everything you have. But because you're not practicing that

198
00:11:06,880 --> 00:11:09,160
Speaker 2: on a daily basis or a weekly basis and a

199
00:11:09,160 --> 00:11:12,240
Speaker 2: monthly basis, when it happens. It takes time for you

200
00:11:12,320 --> 00:11:15,439
Speaker 2: to go back and realize that these are the steps

201
00:11:15,520 --> 00:11:18,200
Speaker 2: we need to take to bring our systems back.

202
00:11:18,920 --> 00:11:22,199
Speaker 1: I can imagine that scenario testing is very powerful putting

203
00:11:22,200 --> 00:11:25,840
Speaker 1: teams under pressure to get prepared. So apart from that,

204
00:11:25,920 --> 00:11:30,160
Speaker 1: how are you seeing Australian companies become more proactive towards

205
00:11:30,200 --> 00:11:34,319
Speaker 1: cyber risk management? Are people still being too reactive or

206
00:11:34,360 --> 00:11:36,520
Speaker 1: are you seeing some companies really take the lead on

207
00:11:36,520 --> 00:11:37,400
Speaker 1: that front.

208
00:11:37,600 --> 00:11:40,439
Speaker 2: I think a couple of big bridges and bridges we

209
00:11:40,559 --> 00:11:45,800
Speaker 2: had in the past, like instred percent really helped to

210
00:11:45,800 --> 00:11:49,360
Speaker 2: bring cybersecurity front of mind for a lot of sea levels.

211
00:11:49,640 --> 00:11:49,800
Speaker 1: Right.

212
00:11:49,840 --> 00:11:54,040
Speaker 2: That really helps for people to start thinking proactively. I'm

213
00:11:54,040 --> 00:11:56,960
Speaker 2: sure you head a lot about the concept of a SOCK,

214
00:11:57,080 --> 00:12:02,000
Speaker 2: which is a security operation center. Is an after a

215
00:12:02,040 --> 00:12:07,160
Speaker 2: breach type investigation people process and technology that you can

216
00:12:07,200 --> 00:12:09,439
Speaker 2: go and find an Italy in a hairstack.

217
00:12:09,600 --> 00:12:09,800
Speaker 1: Right.

218
00:12:10,280 --> 00:12:12,800
Speaker 2: What we're suggesting and what I'm seeing the market is

219
00:12:12,840 --> 00:12:16,160
Speaker 2: people are going down a path of being more proactive

220
00:12:16,280 --> 00:12:21,720
Speaker 2: by deploying operationalized platforms like a rock or a risk

221
00:12:21,800 --> 00:12:22,600
Speaker 2: operation center.

222
00:12:22,760 --> 00:12:26,840
Speaker 1: Okay, let's talk about blind spots. What are you seeing

223
00:12:26,880 --> 00:12:29,679
Speaker 1: as the most common blind spots in industry at the moment.

224
00:12:29,480 --> 00:12:33,480
Speaker 2: SAM, mis configuration. Okay, I think that's the number one

225
00:12:33,520 --> 00:12:38,199
Speaker 2: blind spot we have in cybersecurity, whether it's done by

226
00:12:38,320 --> 00:12:43,520
Speaker 2: mistake or someone maliciously done something. Misconfiguration is by far

227
00:12:43,720 --> 00:12:46,280
Speaker 2: something that it's blind spoted this industry.

228
00:12:46,640 --> 00:12:50,400
Speaker 1: Misconfiguration. Okay, I'm learning a lot here. What does good

229
00:12:50,760 --> 00:12:54,280
Speaker 1: cyber governance look like to use, SAM, from a boardroom

230
00:12:54,320 --> 00:12:56,680
Speaker 1: perspective or from the outside looking in at a company,

231
00:12:57,120 --> 00:13:00,400
Speaker 1: when you see these things, these criteria a good set up,

232
00:13:00,600 --> 00:13:01,800
Speaker 1: what does that look like to you?

233
00:13:02,280 --> 00:13:05,079
Speaker 2: In my view, if you have got a proper dynamic

234
00:13:05,400 --> 00:13:08,760
Speaker 2: risk management platform, not only just for your cybersecurity, for

235
00:13:08,960 --> 00:13:12,000
Speaker 2: your entire it, that would be really helpful. So a

236
00:13:12,040 --> 00:13:15,200
Speaker 2: lot of the companies that I'm talking to these days,

237
00:13:15,200 --> 00:13:18,640
Speaker 2: they're very receptive to the concept of having a risk

238
00:13:18,720 --> 00:13:22,679
Speaker 2: management framework to help them first of a while, identify

239
00:13:22,760 --> 00:13:25,559
Speaker 2: all their risk and have a remediation plan and then

240
00:13:25,920 --> 00:13:29,520
Speaker 2: report that backop to the C levels for their visibility

241
00:13:29,520 --> 00:13:30,560
Speaker 2: and support as well.

242
00:13:30,720 --> 00:13:33,400
Speaker 1: Sam, that's been really informative. Thank you very much for

243
00:13:33,440 --> 00:13:34,400
Speaker 1: talking to Fear and Greed.

244
00:13:34,559 --> 00:13:35,280
Speaker 2: Thanks for your time.

245
00:13:35,920 --> 00:13:39,600
Speaker 1: That was Sam Salahi, Managing director, Australian New Zealand at Qualis.

246
00:13:39,600 --> 00:13:43,800
Speaker 1: That's Qua l Ys, a supporter of this podcast. This

247
00:13:43,960 --> 00:13:46,520
Speaker 1: is the Fear and Greed Business Interview. Remember this is

248
00:13:46,600 --> 00:13:49,960
Speaker 1: general information only and you should seek professional advice before

249
00:13:49,960 --> 00:13:53,280
Speaker 1: making investment decisions. Join us every morning for the full

250
00:13:53,320 --> 00:13:56,480
Speaker 1: Fear and Greed episode. Business news you can use. I'm

251
00:13:56,520 --> 00:14:02,120
Speaker 1: Adam land. Enjoy your day,