CISO Stephen Fridakis Talks About Governance, Risk, and Compliance

In this episode, David is joined by Stephen Fridakis, Deputy Chief Information Security Officer, Verily, an Alphabet Company focused on delivering precision health. As a deputy CISO, Stephen concentrates on governance, risk, and compliance. Topics discussed: Stephen became a CISO in 2006. He describes how he has seen this role evolve from being focused on technology to being risk-centric.  Stephen highlights some misalignments between what security operations aim to do and a company's business strategy. Accurately assessing an organization's asset inventory can be a challenge. Stephen discusses some difficulties associated with assessing risk without an accurate IT inventory. David and Stephen explore why equating compliance and security is often a mistake businesses make.  Stephen explains his views on cyber risk management and how to measure a risk management program's effectiveness. Zero Trust is a popular security model. Stephen explains what that means to him and how he implements it.  Listeners can keep up with Stephen Fridakis on LinkedIn: https://www.linkedin.com/in/stephen-fridakis-96184b/