Episode #69 Global Cyber Communities with Shamane Tan
Shamane Tan is known for her passion in developing strategies with the C-Suite and Executives so that business growth is achieved within the cyber risk industry. Shamane is Privasec's Chief Growth Officer and one of the most established women in the fields of technology and cybersecurity. Recognised by IFSEC as their global top 20 influencers, was also recently listed in the 40 under 40 Most Influential Asian-Australians and attained the Highly Commended award by the Australian Women in Security Network as the One to Watch. Shamane is also the Founder of Cyber Risk Meetup, an international community and platform for cyber risk executives to exchange learnings, and the author of ‘Cyber Risk Leaders’.
Shamane uses her network to bring cyber communities together, and with COVID forcing more people to work online and different hours from home, it has allowed a more global reach. We discuss this, the Cyber Risk Meetup and her book.
Links:
Transcript
CP: Hello and welcome to The Security Collective podcast. I'm your host Claire Pales and today's guest is Shamane Tan. Shamane is known for her passion in developing strategies with the C-suite and Executives so that business growth is achieved within the cyber risk industry. Shamane is Privasec's Chief Growth Officer and is one of the most established women in the field of technology and cyber. She has been recognised by the IFSEC as their global top 20 influences is the author of the 'Cyber Risk Leaders' book and was also listed in the 40 under 40 most influential Asian Australians and attained the highly commended award by the Australian Women In Security network as one to watch. Shamane is also the founder of the Cyber Risk Meet Up an international community and platform for cyber risk executives to exchange learnings. Shamane, I'm so excited to have you as my guest today.
ST: Thanks, Claire, really excited to be here, so thanks for having me.
CP: So we heard in your bio, that you are a Chief Growth Officer, what is it like to play this role as a Chief Growth Officer in the cybersecurity industry?
ST: So as the Chief Growth Officer at Privasec I lead the security outreach strategy and spearhead industry awareness initiatives. While I also help the CISOs breach business gaps, my role is really to help all CISO leaders execute their strategy with our team of GRC and ethical hackers at Privasec. So it's quite a fascinating role, because I have, you know, the privilege of seeing like the bird's eye view of the industry landscape, and cross sector challenges, you know, what works, what doesn't work. And this makes the role incredibly meaningful in being able to advocate, raise awareness and foster collaboration within the ecosystem more effectively.
CP: And so how does the work that you're doing with organisations help them mature their cybersecurity posture?
ST: Yes, good question. So the benefit of my role at Privasec is that, you know, I have a whole army behind me. So it's not just the work of an individual, but a work of a whole team that contributes in maturing an overall organisation's security maturity. And there are many aspects of how we can help. So for instance, like strategy, or with resources, you know, virtual security officers provide immediate reach of gaps of resources and helps with any transitions happening within the company. Also, with like the experience of experts that we provide in conducting risk assessments, you know, bringing the company through the security certifications, and our ethical hackers whose job is to essentially break into things, so that, you know, they can review their techniques, and then companies can learn from it to become stronger. And lastly, we all know about the importance of the human element, right? So people can be our strongest first line of defence. So I see my role, really, in contributing in raising awareness within a community and changing culture and mindsets.
CP: And when you're not in your day job, you do so much for the cybersecurity industry, and you do meetups, you've written a book, you've got CISO groups, I'm interested to know what drives you to take time out of your, I guess, your personal life really, to make our industry more cohesive?
ST: First of all, cyber security is a real issue, right? So it doesn't just affect corporates, but individuals and families. So there's so much risk these days, even in just giving access and allowing our children to connect to the internet. And this introduced like a whole new virtual world where even laws and regulations are still blurred across physical borders. So historically, a number of communities have, you know, had the mindset like virtual crime is out of sight, so it's out of mind. And as we seen in the storm of COVID, you know, has revealed so much real world impact, you know, with vaccine information, manipulation, and things like that. So cybercrime really is a $6 trillion industry. And it's going to only go bigger in 2025. You know, I've seen research saying that it's projected to $10.5 trillion. So, yeah, I'm really passionate about what I do, because I feel like I want to bring all of that together and really help to raise awareness within the community. So even in the Meetup, you know, in one of my recent shows, I had Doug Witschi who heads up the cybercrime threat response team at Interpol. And just hearing about the crimes he's seeing across the 194 member countries really put things into perspective. You know, we see global problems start to emerge with like water, food, you know, vaccines and people are turning to alternative methods to survive. So now we are seeing cybercrime turning into a paid for service activity. It's terrible, seeing how people suffering are being economised. And I think to really fight crime in such a global scale, countries need to partner with other countries and it's more than just partnering with law enforcement, but we need to form close alliance within like the banks, cybersecurity firms, supply chains, transport, you know, oil, and many more. And essentially, I believe that collaboration is really key and just helping the community connect the dots and connect with one another is what drives me...so long answer to your question!
CP: It's made me think of a question I actually spoke to another podcast guest about in my recording earlier today, and, and we were talking through the human impact of cybercrime, and of ransomware and incidents, and you've touched on it just there where you've said that you've sort of talked about the other side of it, where people are turning to cybercrime because it is a lucrative industry. And we were talking on another episode about the impact of cyber crime, or incidents I suppose, on the pipeline in America and how people couldn't buy fuel, and the Meatpacking where 1000s of casual workers had no work to do because the factory was shut down. And even with Channel Nine, and the newspapers not being able to print, that's sort of the community impact. But I really like the kind of lens you've put across it around people turning to cybercrime, where, as a, I guess, an income stream?
ST: Yeah, that's, that's definitely set progression on the way. But yes, I agree with you, Claire. This is something that we are seeing a lot more these days. And I think as an industry we need to adapt in terms of even our mindsets, even our perspective of how we can be combating this together as a community.
CP: And in terms of the cyber risk Meetup, what are you working on at the moment for that particular community?
ST: So yes, a lot has been happening. We obviously had to shift and adapt the way we are doing things and bringing it back from a physical meet-up and gathering, to the online platform. But I'm looking over the next few months to bring our YouTube sessions now back to the physical meetups again, and I have been actually looking at organising get-togethers and networking opportunities for the community, you know, but we'll see how it goes. Because, yeah, this time last year that, you know, a lot of things happened compelled us to go online. But we did see a lot of great fruits, because we were able to bring community together across like six cities in one sitting. And we had, you know, even direct airtime with special guests from the US, which allowed more transfer of knowledge and experience across countries, not just industries.
CP: I guess the benefit of the pandemic has been that you can interact with people even though time zones still play a role. You can interact with people, like minded professionals, experts in, in cyber and in other verticals much easier than before because you don't have to fly them to the destination. You know, everybody just kind of gets on board. And have you found that it's made it a richer experience for the people who are part of the meetup?
ST: Yes, definitely. Because, like the feedback that we've gotten from the community is really encouraging. They love being able to tap into the knowledge of experts from other countries, because there are different cultural aspects to consider as well. And it's quite enriching to see how you know, the different leaders have been doing it in their space and learning from their approaches, and learning from your success and failures as well.
CP: And I also wanted to ask you about your book and this season on the podcast, we've got a few authors in the cybersecurity industry. And I'm interested to know how your book came about and what were you hoping people would learn from it? What was sort of the central question or central theme that you're trying to communicate?
ST: I started out actually connecting with individuals, a little by little, step by step, and helping to introduce and plug-in people with the community. So when I founded the cyber risk meetup back in 2017, I wanted to use the platform to give a spotlight to unsung heroes, or experts that didn't have a platform for their voice. Over the years, I had the privilege of having more than like 1000 coffees with different executives from different industries, including the former CISO former President Obama, the world's very first CISO. I think he took up the CISO role in New York for Citibank, then in the City Court in 1995. You know, spoke to counterterrorism head, FBI actually had a session with the NASA CISO actually, who is in a very different world of cyber risk. So I really wanted to capture all of his insights and share that with the industry. And that led to me writing my book, the first book on cyber risk leaders. Which is about providing global C-suite insights, leadership and influence in the cyber age. The book alone had more than 70 CSX across industries and countries from the US, UK, Australia, Israel, Singapore, and many, many more.
CP: And so they gave their time to be interviewed, so that, I guess you could gather their stories and their insights on what they were experiencing. And it's a great opportunity for others to read the book and reflect on how they could implement some of those learnings themselves.
ST: Yes, definitely.
CP: And I'm always interested, as an author myself, I'm always interested to know, what did you learn through the process of becoming an author? And particularly an author of a cybersecurity book?
ST: Yes, by the way, I'm I say, Claire, very impressed and inspired by your own journey. And, yeah, you know, like, when you talk about us, authors, what do we learn? I mean, there's so much right, we learn a lot. And I don't know how to put that into a simple way. But what I can say is that I'm very humbled by the people that I've met. And more and more impressed by the different leaders that we have in our industry, because I see them all doing their own bit in fighting and, you know, fighting to keep their companies and employees safe. And also, I'm very inspired by those who have gone before us who have been very generous in mentoring. I mean, Claire, you're one example because I remember giving you a call once, you know, when I was so new in my journey, as well in terms of writing, and you were giving me some great tips and how to go about it. And I thought that was very generous of you to share your knowledge freely and your experience. So definitely, this is a good time to give thanks to you. And a shout out to you as well. And, yeah, I mean, I'm a product of people who have been generous in mentoring and giving back to the next generation, people who have backed me up saw my passion and potential years ago, and they've given me so much of their time to share their wisdom. So I'll leave this takeaway for your listeners, there's a huge amount of value in surrounding yourself with people who are different to you. Diversity breeds innovation, and growth, and helps you as an individual and a business to level up together. So in this time, you know, where we face rapidly evolving landscapes, in order to be sharp, we have to be flexible and be disruptive in our thinking, you know, be creative, be disruptive in our leadership, and in building your company culture.
CP: I think I think it's a great message, because given the way of the world at the moment, there's no way we could have discovered or predicted that we were going to be in this position. And as we record this Sydneysiders in Australia are about to go back into lockdown. And it's so unpredictable. And as you say, we just have to be, we have to have diversity of thought. But we also have to be innovative in how we're going to secure organisations, but also individuals as the world continues to change. It's scary and exciting all at the same time as people who work in the industry.
ST: Yeah, totally agree with you. So yeah, interesting times that we are living in. But I think we are all doing really well staying together supporting each other and just encouraging each other as well. I think having empathy is so important in times like this.
CP: Absolutely. Thanks so much Shamane. It's brilliant to have you on the podcast, it's good to catch up with you again. We will put all the details in the show notes of the cyber risk Meetup, your book, how people can find you and and from everybody in our industry thank you so much for all the hard work that you put in to making us more cohesive and a more collaborative industry.
ST: Thank you so much, Claire, and I'll say the same back to you. So thank you very much for having me.