June 9, 2021

Solving The Global Cyber Problem w/ Ian Thorton-Trump

by Cyber Ranch

Listen Now

test
00:00:00

Show Notes

With us today is Ian Thornton-Trump, Chief Information Security Officer at Cyjax and an ITIL-certified IT professional with 25 years of experience in IT security and information technology. Ian shares his background which started back in the Canadian military. During those times, "IT" was called "automated data processing", and it is quite clear how far this has advanced. He joined the Royal Canadian Mounted Police and spent a year working on criminal intelligence. Soon after he became a consultant and made his way to the UK in 2015. Oftentimes organizations have not planned or prepared for risk, and that includes cyber. In that sense, cyber can be compared to the environmental landscapes and infrastructure, which Ian finds eerily similar. A lot of problems created in cyber mimic a lot of the environment problems we face in today’s world. One example is the recent failure of the Texas power grid during a very harsh winter. Investment in cybersecurity is critical. Allan feels there are a lot of environmental laws, but there are also already some pretty strict cyber laws as well. However, they seem more aimed at the anonymous or extrajurisdictional perpetrators and end up useless when their anonymity is involved. And some cyber laws seem to punish the victim as well - after suffering ransomware you are now penalized for not being prepared for it in the first place? How can we get laws in place that are helping the situation and not blaming the victim? Ian suggest that positive incentives are the answer. If we can just get companies to do a bare minimum cyber hygiene, by incentivizing them through tax breaks, Ian thinks we could move the ball up more forward, without making it too onerous, to meet some sort of regulatory standard. How do we possibly extend our stretch? Because at the end of the day, the root cause is the “bad guys”, so how do we get to them? America is already doing a lot, but other countries need to put their money where their mouth is. Ian and Allan discuss President Biden's Executive Order on Cybersecurity. This can enforce behavior in the government, but only suggest behavior in the private sector. To sum up, we're nowhere, and we need to get somewhere because what we've done, at the federal and state level in the United States, is taken a lot of dollars, put them in parking lots, and set fire to them. And then after we finished that exercise, we asked for more dollars. We have to change the entire system from the ground up. And we have to incentivize cyber security. Key Takeaways 1:10 How Ian got into Cyber 2:21 Ian’s day job 4:18 Issues with infrastructure and environment 7:38 Meaningful laws 12:47 Getting to the bad guys 16:35 Catching “Fred Smith” or someone like him 17:43 Rewards 21:17 Preparedness and helplessness 23:43 Einstein program 26:24 What keeps Ian going Links: Learn more about Ian Thorton-Trump on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius
Read more

Recent Episodes

February 1, 2023
by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

January 25, 2023
by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...

January 18, 2023
by Cyber Ranch

This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc.  Another one of Allan's illustrious guests with 25 years in cyber.  (https://www.linkedin.com/in/schawacker/).  The topic started as all that th...

January 11, 2023
by Cyber Ranch

This episode is jam-packed with wisdom that is delivered at a rapid pace.  Some folks will find themselves rewinding and taking notes.  Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to ta...

January 4, 2023
by Cyber Ranch

To celebrate the 100th episode, Allan decided to let the audience participate in the show.  21 people called in and answered a wide variety of questions about cybersecurity.  It is a fantastic show and it is very fun to hear all the different perspec...

December 14, 2022
by Cyber Ranch

This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'?  Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventu...

December 7, 2022
by Cyber Ranch

In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk toleranc...

November 30, 2022
by Cyber Ranch

Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incr...

November 16, 2022
by Cyber Ranch

Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture.  Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-c...

November 9, 2022
by Cyber Ranch

This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes: ...