In this eye-opening episode of SecureTalk, host Justin Beals welcomes Bryant Tow, Chief Security Officer at LeapFrog Services, to discuss why technology alone can't solve cybersecurity challenges. Bryant reveals how the "Ring of Security" concept shows that up to half of your attack surface lies outside of technology—in governance, policies, people, and processes. The conversation explores real-world examples like the Change Healthcare breach, why security frameworks often fall short, and how building a culture of security requires connecting protection of company assets to personal security concerns.
Key Topics
- The Change Healthcare breach: How a single oversight led to a $2.9 billion loss despite substantial technology investments
- Why frameworks like CIS are great starting points but insufficient on their own
- How the "Ring of Security" approach addresses the complete attack surface
- Building a security culture that resonates with employees on a personal level
- Why a business impact analysis is critical but often missing from frameworks
- The importance of understanding your data before implementing AI solutions
Notable Quotes
"When you do the root cause analysis on headline breaches, nearly all of them started somewhere outside the technology." - Bryant Tow
"Even if you do your technology perfectly, you're leaving half of your attack surface open." - Bryant Tow
"Strategy drives governance. Governance drives operation." - Bryant Tow
About the Guest
Bryant Tow serves as Chief Security Officer at LeapFrog Services, where he assists clients with comprehensive security programs including strategy, governance, and operations. Previously, he owned Cyber Risk Solutions and served on the Department of Homeland Security Sector Coordinating Council. His "Ring of Security" concept emphasizes that cybersecurity is an organizational problem that uses technology as just one tool in the solution.
Resources Mentioned
- The "Ring of Security" concept
- CIS Framework limitations
- Business Impact Analysis
- AI Readiness Assessment
- Department of Homeland Security Sector Coordinating Council
SecureTalk is hosted by Justin Beals, focusing on cybersecurity strategy, governance, and best practices for organizations of all sizes.
What is Secure Talk Podcast?
Secure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance.
Host Justin Beals interviews leading privacy, security and technology executives to discuss best practices related to IT security, data protection and compliance. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics. He is the creator of the patented Training, Tracking & Placement System and the author of “Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets,” published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College.