Almanac 2023. Top Cyber News MAGAZINE. Published in January 2024

G
MAGAZINE
TOP CYBER NEWS
ALMANAC 2023
Troels OERTING

Happy
New Year
2024!
2
Top Cyber News MAGAZINE - Almanac 2023 - Founders’ Special Edition - All Rights Reserved

Year 2023 was a breakthrough moment for
Top Cyber News MAGAZINE as a project. In
a format of an almanac, we though to take
you to a journey back to soon leap into the
bright and inspiring stories and innovative
publications in year 2024.
Fore
Word
Integrating Excellence With The Future!
Top Cyber News MAGAZINE
3

Troels Oerting, Chairman Of The Board at BullWall. Denmark
Qvo Vadis (Cyber) Security?
First, my recommendation is to avoid hype and
fearmongering. Humanity will survive the
Internet and we should not use or promote ‘fear’
as a driver for sale of security solutions. We
should instead instigate, defend and promote
‘hope’ of a safer Internet and digital future and
lead the way forward with an optimistic
approach.
Secondly no such thing as ‘absolute security’
exists. Not in the physical World nor in the
Digital. Security needs to be driven by proper
risk assessment knowing that no one ‘silver
bullet’ does the trick and security can be broken
from multiple angels and from inside or outside
of the network. So, we must be realistic in our
security level and adapt to the level that secure
what’s important without limiting i.e., privacy or
data protection. More security often means less
privacy and usability and the balance needs to
be right and decided after a risk assessment.
The entry into 2024 marks 44 years anniversary
of me starting into Law Enforcement, Security
and Cybersecurity.
A lot has happened during these many years and
the development in speed and complexity
increased.
On the other side I have also noted that the
World is still standing and despite loads of
crises, challenges and uncertainty we tend to
overcome the majority of problems and move
on.
Looking back the many years, knowing that my
generation of security experts will be replaced
by new enthusiastic ones I find the time
appropriate to share some of my learnings and
insight with the coming generations of security
experts.
“We, in security,
should not promote fear,
but protect hope.”
~ Troels Oerting
4

by Troels Oerting
>>
And then you should train and exercise this plan
and adjust it according to reality. Do a tabletop
exercise and test if the plan works and take all
relevant into consideration. And rule number one
– make notes of what you do during an attack.
From the first to the last second. We forget and
you need to be able to remember if insurance or
regulators ask. Shortly, if you fail to plan, you
plan to fail.
Finally. Make security attractive. For the
company and the staff. Too many CISO’s are
under too much pressure. Cybersecurity is not
the enemy of innovation, marketing or usability.
It should be an asset instead. High information
security is a positive sales argument and the
tone from the top should be that security is
important for companies holding private and
sensitive information.
Despite war in Europe, inflation, increasing
prices and interest rates, deadlock in the US
House, covid increase in China, geopolitical
tension and other global challenges we will –
together – improve cyber security and share
more insight faster. I am confident of this.
“Happy New Year and I wish you all in
security a great 2024 and thank each and
every one of you for your service.”
Thirdly the overall security goal should be
resilience. I define resilience in this way: Cyber
resilience refers to an organization's ability to
prepare for, absorb, respond/adapt to and
recover from an adverse situation while
continuing to function as intended. A strong
cyber resilience framework should be adaptable
and account for unknown variables, like new
types of attacks. By focusing on resilience, the
organization is forced to promote a more holistic
and inclusive security strategy involving staff,
training, HR, legal, communications and other
functions important for securing that the
organization quickly recovers from a cyber
incident and gracefully continue with the main
business. If somebody from the outside, ask a
member of an organization leadership or Board
‘who is responsible for cybersecurity in this
organization’ and the answer is: ‘the CISO’ – they
have got it wrong. The right answer obviously is:
‘we are all responsible for cyber security’.
Fourth advice is to prepare. We will all get
hacked at some point. We need to plan for how
we will operate during such an incident. Who is
in the crises management team? Do we have
playbooks on all types of incidents? Do these
playbooks outline a communications strategy, a
press strategy, a legal strategy (is it legal to pay
ransom?) etc. All organizations, regardless of
size, need to develop a security strategy and
discuss and decide what to do when you get
compromised.
Troels Ørting Jørgensen, Chairman at Bullwall, Expert Member at INTERPOL
Mr. Ørting is a globally recognized Cyber Security Expert. He has been working in
cybersecurity ‘first line’ for over 4 decades. Throughout career, Mr. Ørting has been working
with governments and corporations to advise on how they react to the increasing
international cyber threats, and worked closely with law enforcement, intelligence services
and cyber security businesses.
Formerly, with the Danish National Police, first as Director, Head of the Serious Organised
Crime Agency and then as Director of Operations, Danish Security Intelligence Service;
Deputy Head, ICT Department and Deputy Head, OC Department, Europol, EU’s Police
Agency; Head of European Cybercrime Centre and Head of Europol Counter Terrorist and
Financial Intelligence Centre. 2015-18, Group Chief Information Security Officer (CISO),
Barclays. Chaired the EU Financial Cybercrime Coalition, of which most banks are partners,
and has very strong experience in cyber security. Since 2018, Head of the Centre for
Cybersecurity, World Economic Forum. Chairman of the Board of World Economic Forum
Centre for Cybersecurity (C4C).
5

The Strategic Leaders’
On
Emerging
Trends
Perspectives
6
And
Innovations

7

“One of the main cyber-risks is to think
they don’t exist. The other is to try to
treat all potential risks.”
“It takes 20 years to build a
reputation and a few minutes of
cyber-incident to ruin it.”
“If you think you know-it-all about
cybersecurity, this discipline was
probably ill-explained to you.”
“Even the bravest cyber defense will
experience defeat when weaknesses
are neglected.”
“Education has always been a profit-
enabler for individuals and the
corporation. Cybersecurity education
is a part of the digital equation.”
“The five most efficient cyber
defenders are: Anticipation,
Education, Detection, Reaction and
Resilience.
“IoT without security = Internet of
Threats.”
“Threat is a mirror of security gaps.
Cyber-threat is mainly a reflection of
our weaknesses.”
“Technology trust is a good thing, but
control is a better one.”
“Digital freedom stops where that of
users begins... Nowadays, digital
evolution must no longer be offered
to a customer in trade-off between
privacy and security.”
“Privacy is not for sale, it's a valuable
asset to protect.”
Do remember: "Cybersecurity is much
more than a matter of IT.”
Renown quotes by Stéphane Nappo
>>
8

Everything is a risk, nothing is a risk…
the dose makes the risk
A risk generally results from an unwanted
outcome or negative consequence. When it
comes to cybersecurity, a risk typically relates
to the potential for a cyber attack or data breach
to occur, which could result in financial loss,
reputational damage, or other negative impacts.
Since zero-risk does not exist, and all actions
and decisions can lead to negative
consequences, it is possible to state that
“everything is a risk”.
However, since risk sensitivity and appetite can
vary from one organization to another, and risk
levels can greatly vary depending on the
specific situation, context, or duration, it's
possible to state that 'the dose makes the risk.'
This means that the likelihood and potential
impact of an unwanted outcome are closely
related to the level of exposure, vulnerability,
and the target's tolerance for that risk.
A higher level of exposure, vulnerability, or
business intolerance to a risk will generally
result in a higher likelihood and more significant
impact of an unwanted outcome on the
resilience capacity.
“The evident non-tech basics are
fundamental, and quite often overlooked…”
Seeking for simplicity
Cybersecurity complexity is skyrocketing, led by
new business models, new technologies, and
the ever-evolving threat landscape. Literally
overwhelming the current cybersecurity model
at the very moment we need it, this trend has
four main drivers: constant technological
change, regulatory strengthening, operational
transformation, and sophistication in cyber
threats.
In this context, simplifying cybersecurity is a
necessity to help organizations to better protect
sensitive information, manage their digital
ecosystem, comply with regulations, and reduce
evolution costs. It can also make it easier for
employees and contractors to apply security
practices. However, rethinking cybersecurity
requires a cultural and strategic comprehensive
approach that goes far beyond the sole IT
dimension. To succeed, we have to accept that
the solution does not lie in more technology, but
in cybersecurity philosophy re-engineering.
To secure or not to secure…
That is the response, not the question!
Cybersecurity is, first and foremost, a response,
both proactive and reactive, to the constantly
evolving digital threats and the need for
resilience. It typically involves the protection of
digital systems, data, and users from
unauthorized access, disclosure, use,
modification, disruption, or destruction.
To secure or not to secure is a decision that
must be driven by business stakes, the
situation, and the potential consequences of
doing nothing. It's typically essential to secure
aspects critical to operations, regulation,
reputation, etc. However, in some cases, when
the cost or effort of securing outweighs the
potential benefits, the decision not to secure
and to adapt the business ambition may be
appropriate.
to keep pace with threats and digital evolution
by Stéphane Nappo, France
9

>>
Cybersecurity must be considered a
business value, rather than a balance due
Nowadays, cybersecurity must be considered by
businesses as a value, rather than a fate or
solely as a cost center. Whether it comes for IT,
OT, IoT, or online services, cybersecurity can
enhance organization’s reputation and customer
trust, which can be beneficial for business
growth, company valuation, and long-term
success. It is not only a way to protect from
negative events, but also to enhance overall
performance and reputation.
Conversely, as a result of cyber attacks level
and impact severity, to simply wait and see, or
reacting to incidents after they happen, is for
long no longer a profitable approach.
Overall, the situation today highlights the
importance of organizations to promptly adopt a
comprehensive cybersecurity approach, which
may be positively driven by business ambition,
risk management, and relevant cybersecurity
measures related systems, processes, and
users.
Cybersecurity is much more than a
matter of IT…
It encompasses a wide range of topics,
including technology, processes, regulations,
geopolitics, and human behavior. Effective
cybersecurity requires a holistic approach that
takes into account the various factors that
contribute to an organization's overall security
posture, including its interactions with its
business strategy, and its ecosystem.
Cybersecurity is, therefore, truly a
matter of resilience.
The risk management is the process of
identifying, assessing, and prioritizing the
risks to an organization or individual and then
taking steps to mitigate or accept those risks.
The goal of risk management is to find a
balance between the cost, the effort of
mitigating a risk and the potential negative
impact of the risk if it were to occur. In the
pursuit of effectively identifying, protecting,
detecting, responding to, and recovering from
a cyber attack, the decision to secure should
be based on a balance of risk, business
ambitions, and costs.
One of the main cyber risks is to think
they don’t exist. The other is to try to
treat all potential risks…
Picking battles based on emergencies,
demands, or audits can be risky. It may lead to
hasty or ill-informed decisions and result in
resources being directed away from important
or long-term issues. It is important to consider
the potential risk-driven consequences and
prioritize accordingly.
“Fix the basics, protect what matters
most to your business, and be prepared
to respond effectively to relevant threats.
Consider not only data but also the
integrity of business services, user
awareness, customer experience,
compliance, and reputation.”
by Stéphane Nappo
10

Meet us at
11
Only Those
Who Will Risk Going
Too Far Can Possibly
Find Out How Far
One Can Go
~ T. S. Eliot

Stéphane NAPPO, France
Vice President, Cybersecurity Director & Global Chief Information Security Officer at Groupe SEB
– a global market leader in the small household equipment sector, including prestigious brands:
Krups, Rowenta, Tefal, Supor, WMF, Emsa, Calor, Moulinex… and is present in 150 countries.
Stéphane Nappo is an internationally recognized cybersecurity leader and a senior-level
cybersecurity executive with over twenty-five years of experience in international finance,
banking, digital services, and industry.
Formerly: Global Chief Information Security Officer at Société Générale International Banking
and Financial Services (responsible for cybersecurity of 40 major banks in 67 countries); Group
Information Security Officer at OVHCloud, the European leader in cloud computing, with a
presence in 138 countries; Head of Cybersecurity Consulting department for Banking and
Finance at VINCI, a world leader in concessions, energy, and construction, with
operations in 120 countries. Throughout his career, Stéphane has taught,
trained, and worked with hundreds of talented cybersecurity
professionals.
Named Global CISO of the Year,
and awarded the European
Excellence Trophy in Digital
Security in 2018, Stéphane Nappo
was chosen as the Global Security
Executive Influencer by the
prestigious IFSEC Global and ranked
as one of the Top Five Influential
French IT & Cybersecurity expert
by FORBES for the Year 2021.
Actively supporting diversity and
Women in Cyber, Mr. Nappo was
named Ally of the Year 2021 by the
United Cybersecurity Alliance USA.
Passionate for innovation and
business’ digital protection, his
leadership skills have been
recognized throughout the world.
His articles and renowned quotes
are being cited in numerous books
by leading experts and publishers.
12

Cybersecurity is the most immediate, financially material
sustainability and ESG risk that organizations face today.
It has been weaponized by nation states, and it has
become an invisible high-stakes battlefield. Covert
operations can be carried out without the risk of physical
retaliation, making cyber attacks an attractive option for
countries to use as a means of projecting power and
influence. In addition, cybercrime has become a highly
profitable and growing component of GDP for some
nation states, while the chances of hackers being caught
are extremely low. According to the World Economic
Forum 2020 Global Risk, only .05% of crimes are
detected and prosecuted. In addition, the reporting of
cybercrimes remains low, making it hard to assess how
big cyber risk has become across every aspect of the
connected world we live in today.
As a human-created risk, it seems logical that cyber risk
should also be a manageable risk compared to natural
disasters, and yet the entrepreneurial nature of
motivated hackers requires a more pro-active approach
to protect connected organizations. The internet
connectivity, data and distributed systems that power
enterprises have become an integral part of modern
society. Distributed work forces utilizing a variety of
personal devices across corporate networks, make
managing corporate networks even more challenging
than ever.
Regulators across the globe are enforcing the reporting
of cybercrimes and breaches by passing new laws that
impose financial fines to encourage timely disclosures
and active defense and management of corporate
networks. The United States Cybersecurity and
Infrastructure Security Agency (CISA) has issued
guidance, while many states have passed local laws
requiring organizations to report cyber incidents. The
European Union General Data Protection Regulation
(GDPR) introduced a groundbreaking directive, and the
financial impact of the fines alone could implode a
company. These fines present a sustainability risk that
could bankrupt companies that provide critical services
to society.
“What greater sustainability risk than cybersecurity
risk does an organization face today?”
Cybersecurity is Critical for Sustainability
Cristina Dolan, Global Head of Alliances, NetWitness
Sustainability and ESG have become popular topics for
investors, and yet most investors lack the visibility or
understanding of cyber risk. Regulatory requirements for
public companies are increasing. Corporate directors are
now expected to understand cyber risks in the context of
corporate sustainability. The disclosure of management
practices, controls, audits, and policies will be required
in financial reports and regulatory filings.
“Will 2023 be the year where cybersecurity risk is
finally viewed by investors, executives and leaders
and the most immediate and financially material risk
that organizations face today?”
Cristina Dolan, Global Head of Alliances,
NetWitness and co-author of Transparency in ESG and
the Circular Economy: Capturing Opportunities
Through Data
13

14

Season’s Greetings from Capitol Technology University! As we plan for the holidays ahead, we reflect
on progress over the past year. Capitol Tech has been busy expanding programs for cyber
professionals. And we have exciting plans for professional development webinars and activities for the
new year.
As a leader in STEM education since 1927, Capitol Technology University continues to develop cutting-
edge degree programs. Located just outside of Washington D.C. and accredited by the Commission on
Higher Education of the Middle States Association of Colleges and Schools. We were recently ranked
the top 10 Best Master's Online Programs by Master's Programs Guide, with programs such as
Cybersecurity, Cyberpsychology, Cyber Analytics, Aviation Cyber, Critical Infrastructure and more .
Capitol Tech offers online doctoral programs to meet the needs of busy cyber professionals. The
growing need to more advanced and specialized research is reflected in the program options- Cyber
Leadership, Cyberpsychology, Cybersecurity, Financial Cybersecurity, Healthcare Cybersecurity, Human
Factors, Offensive Cyber Engineering and more.
In our ongoing commitment to provide education, information and support for the cyber professional
fields, we offer monthly webinars on important topics in the industry. Join us for our Cap Tech Talks or
visit our page to view a previous session. Some of our recent presentations include- “Practical
Understanding of the OSINT Practices and Tools” and “Infrastructure: Critical Challenges and
Differences between the Private and Public Sectors.”
We are happy to announce our new Center for Women in Cyber. Capitol Tech’s Center for Women in
Cyber (CWC) is focused on empowering women of all ages to pursue careers in cyber. This Center
seeks to address the growing need for women professionals and leaders in cyber-related fields. The
CWC provides the resources, direction, and positive support needed for success in achieving
professional and educational goals through presentations, hands-on activities, partnerships, and
mentoring. The CWC is passionate in its quest to develop the next generation of diverse cyber leaders.
The CWC is led by Dr. Diane M. Janosek, Executive Director. Dr. Diane M. Janosek is an international
award-winning, well-known cybersecurity leader and author. She is dedicated to giving back to the
community and increasing diversity in the cybersecurity, national security and technology domains.
Having both her law degree (J.D.) and Ph.D. (from Capitol Technology University in Cybersecurity
Leadership), she focuses on the intersection of law and policy with technology.
Wishing You A Happy And Healthy Holiday Season And An Exciting New Year!
15

16

“We walk together,
we move together,
we think together,
we resolve together,
and
together we take
this country forward”
~ Narendra Modi
“At TAC Security, we are so proud to be a
part of Hon'ble Prime Minister Narendra
Modi Ji's Digital India Vision by Securing UPI
Applications”. ~ Trishneet Arora
17

Believe In Your Dreams!
18

Diplomacy is the art and
science. The field of diplomacy
is Trishneet Arora’s passion.
19

Open
Your
Heart! 20

Trishneet Arora, India
Trishneet Arora is the Founder and CEO of TAC Security, a San Francisco-
based Cybersecurity and Risk & Vulnerability Management Company.
The young tech wizard is exceptionally passionate about securing cyberspace and
started his entrepreneurial journey in 2013 at 19. From there, under his leadership,
TAC Security has been securing the world’s top brands and Governments while
disrupting cybers space.
2023 Global Cybersecurity 40 Under 40 by Top Cyber News MAGAZINE, Trishneet
Arora made it to the Top 200 “Leaders of Tomorrow” by St. Gallen Symposium for
the second time in 2022, the first time being in 2018. In 2021, he was listed in
Fortune India’s 40 Under 40 list for the second time, being the youngest on it both
times. He is an also a two-time list maker (2020 & 2021) for the “The Top 100 Great
People Managers List” by Great Managers Institute in association with Forbes.
Trishneet Arora was awarded “Entrepreneur of the Year” 2020 by the Entrepreneur
Magazine in the Security Services Category. In the past, he was listed in the 50 Most
Influential Young Indians by GQ Magazine 2017. Trishneet is also part of
Entrepreneur Magazine’s 35 under 35 & Forbes 30 Under 30 Asia 2018 List.
In 2017, Javier Gonzales, Mayor of the City of
Santa Fe, New Mexico, proclaimed 25th
August as the “Trishneet Arora Day”.
Trishneet is responsible for setting the
overall direction and product strategy for the
company and under his leadership TAC
Security has expanded business globally and
its product ESOF Vulnerability Management
Solution has been securing the world's top
brands, Fortune 500 Companies includes US
Govt. It has more than 150 clients in 15 countries,
includes US, Canada, UK, Europe and India.
Diplomacy is the art and science. The field of
diplomacy is Trishneet Arora’s passion.
21

Diversity means different things to different people. As somebody of a minority background, I've always
focused on diversity as I have seen firsthand, the results of biases within organisations, workplaces etc. My focus on
diversity is to address all forms of “isms”. However, my recent focus has been on increasing the diversity within my
team by focusing on increasing gender and cultural diversity.
I often get asked “why do I focus on diversity”? The answer to this is twofold. Firstly, I'm a father or a daughter and a
husband. Naturally, I want to ensure that I treat all females that I've come across equally and in a respectful manner
while giving them every opportunity possible. Secondly, my experience dictates that the more diverse a team, the
greater the access to new ideas, diverse ideas and methodologies. As a result, I firmly believe that a diverse team is
a stronger team. This is what I've always strived to build within any organisation that I've worked in.
The next question that I often get asked is “how do you actually achieve a diverse workforce”? Again, the answer is
quite simple. You simply have to try! I work within cybersecurity. Even now there is a lack of females within the
industry. The natural tendency is to hire the first few applicants that apply for an open position. However, I have
made sure that I resist this temptation. Ensuring a diverse workforce means that you actually have to wait and
balance the team to achieve the right outcomes. Yes, it has taken me longer to fill roles because of my desire to
achieve diversity. However, it hasn't stopped me and I've been able to achieve a diverse team. At the moment, my
team is 50/50 gender balanced. Further, I have people from six different nations and backgrounds represented
within my team. As a result, my team is one of the most diverse in my organisation and I have the advantage of
having access to multiple ideas from multiple backgrounds to solve my client’s complex cybersecurity issues.
t does take effort to maintain diversity. However, the results are fulfilling and positive. All you
have to do is try.
Ashwin Pal, Sydney, Australia
Let's talk diversity
Ashwin Pal, Partner - Cyber Security and
Privacy Services at RSM Australia.
With 25 years under his belt, Ashwin is an experienced
and qualified CISO and business leader who is currently
a Cyber Security Partner at RSM. Ashwin has been
named as 2021 Global Top 100 Leaders in Information
Security by the Corinium Group. His role encompasses
leading a cyber security practice aimed at assisting
clients to identify cyber exposure and risk, develop
effective risk management strategies, implement the
necessary measures to safeguard operations, and act
decisively to counteract and recover from potential
cyber-attacks.
The key aspects of the role involve strategic planning
and leadership, growing and maintaining client
relationships, leading service delivery and engagements,
developing team and organisational capability and
representing the firm in industry and public settings.
22

Light The Way!
by Alexandra Mercz, Singapore
For The Next Generation Of Cybersecurity Professionals
Founder of the (ISC)2 SG Mentorship
Programme, Mentor, Chapter Ambassador
and former Committee Member, (ISC)²
Singapore Chapter, Alexandra Mercz is an
avid public speaker, renowned wide-
reaching influencer and role model. In her
career, Alexandra developed a strong
track record in the global financial
industry and held multiple senior
positions at COO and CISO offices.
Precious stones go through tremendous pressure and heat
in order to transform into polished gems. Young
cybersecurity talents go through the same self-cultivation
process to discover their unique potential, which is not
without its hardships. In this refinement process,
challenges generate resilience and develop inner fortitude
in order to fulfil their purpose to make the world a better
and safer place.
Being at the forefront of the cybersecurity industry comes
with the natural responsibility to mentor and advance
young talents, who will then become the leaders of
tomorrow. In this sense, all experienced cybersecurity
professionals are mentors, either through a defined and
dedicated program, or by everyday interactions. Mentoring
is the work of building bridges for the mentee, “human
bridges” when it comes to connecting with people and
“knowledge bridges” to connect the dots and help the
mentee realize their potential. A good cybersecurity mentor
wears many hats. A role model who sets an example for
the breadth and depth of achievements the mentee can
consider pursuing; a trail-blazer who supports growth and
innovation; a trusted guide and ally who serves as a source
of knowledge and offers encouragement. A good mentor
acts as a lighthouse that provides direction and shines
light on possible pathways for the mentee.
When paving the way for the next generation, we must be
considerate to the different needs of the multitude of
diversity. This sensitivity provides a great ground for
targeted support, taking into account one’s values, gender,
cultural, physical and neurodiversity. It is a scientifically
proven fact that diversity results in enhanced decision
making, increased innovation and better business growth.
With such a wide range of benefits, it is not a question
anymore for businesses to create and maintain a diverse
workforce, not only in junior levels but also in senior and
board director roles.
Yet the cybersecurity industry still struggles finding the
right balance and providing opportunities for a diverse
workforce, including enhancing women representation in all
levels of roles. Senior cybersecurity leadership needs to be
the driving force to change this situation and to provide the
development venues for the next cybersecurity generation.
23

“The task is ... not so much to see what no
one has yet seen; but to think what nobody
has yet thought, about that which everybody
sees.”
- Erwin Schrodinger
24

25

For many of us who have worked in Information Assurance and
Cybersecurity for decades know the impacts firsthand on your
health, your family, and your outlook on whether or not we are
making a dent on the cyber defense front.
Cyber mentorships and internships are the key to building the next
generation of cyber soldiers who will take on the charge and lead
dynamic teams in emerging technology to new heights with hands
on experience. Cross-training and building cross functional teams
within the IT and Cyber spaces also offers affordable in-house
training opportunities with existing talent looking to broaden their
skills. More and more organizations are embracing these programs
as a recruiting method for hard to full entry level cyber positions
which are critical to our talent eco-system.
The next generation of cyber soldiers have extensive suites of tools
at their disposal, access to vendor and professional resources and
the opportunity to be mentored and guided by the brightest minds
in the cyber industry through mentorship and internship programs.
To gain the upper hand with cyber-attacks it’s imperative we as
a community take the time to grow the talent we need within
our ranks and shape the skills needed to succeed.
Angelique “Q” Napoleon is a Cybersecurity
Subject Matter Expert who has worked in the
Defense industry and supported commercial
clientele for 26 years. She is responsible for
Cyber activities and served successfully in C-
Suite positions. She developed highly
specialized cyber capabilities, frameworks and
services from PENTEST, System Security
Engineering and Cyber Threat Intelligence
products to commercial and defense clients.
She has established the Price Forensics Lab for
IntellecTechs and handled the Digital Forensics
and Incident Response activities including
formalized reporting to Government & Federal
Law Enforcement organizations.
The Cybersecurity field is demanding, and it
requires personal investment in growing
technical skills and staying up to date on
emerging technologies, researching
vulnerabilities and methods exploited by cyber
attackers and continuing education through
advance degrees and certifications. Make no
mistake the long hours and the barrage of
cyber-attacks take their toll on our cyber
defenders at all levels with many exiting the
field after a few short years in the trenches due
to burnout or health issues. Senior members
are exiting the field in large numbers for lower
stress positions or complete career changes,
and many are embracing retirement.
Cybersecurity is one of the few fields where
it’s not unusual to see older and highly
experienced talent continuing to serve in
consultant or senior advisor roles to
organizations and boards, their breadth of
knowledge is a factor in organizational
success.
Angelique “Q” Napoleon, Washington DC
Mentoring the Next Generation of Cyber Warriors
26

Cybercrime is a significant business risk, and
every industry is under relentless attack from
cybercriminal gangs and nation state cyber
armies. All Boards are concerned about
potential cyberattacks, and CISOs work hard to
provide adequate technology solutions and
cyber risk oversight. Yet all are struggling to
build cyber secure organizations.
So why is effective cyber security so difficult?
There are two fundamental issues that
undermine an effective cyber security
posture.
The first is the belief that cyber security is
mainly a technology issue. Cyber security is a
business issue. A large majority of successful
cyber breaches involve human error, and weak
business processes are easily exploitable by
cyber criminals. Effective cyber security is a
combination of aware and well-trained
employees, effective end-to-end work
processes, up to date technology applications
and strong leadership.
The second issue that weakens cyber security
is that most companies operate in functional
silos, focusing their resources on functional
business objectives, not overall enterprise
goals. Few business leaders understand their
function's contribution to Cyber Resilience and
rely on technology and the cyber team for
protection.
Christiane Wuillamie OBE, London, UK
One of the reasons cyber criminals are so successful is that they go
after the weakest links, which are often people and processes.
Taking an Enterprise View of Systemic Risk
Instead of viewing cybersecurity, data privacy, insider threats and
digital technology as individual risks to be managed by separate
functions, we need to understand that these are all interconnected
components of enterprise systemic risk. A breakdown in any one
area impacts the entire organisation’s ability to perform, customer
trust and ultimately market value. Building a strong cyber security
culture requires every function to work together, and for the Board
to take an enterprise view of cyber security and systemic risk. The
Board must demand oversight in all three areas - people,
processes. and technology.
“The Board can improve Enterprise Systemic Risk by
creating a committee focused on Cyber and Technology
with experienced directors who can also be advisors to
internal CISO/CIO and act as an effective link to the Board
for effective oversight. New regulations are coming to
mandate Cyber and Technology expertise on Boards.”
Christiane Wuillamie OBE has done every
job in technology from coding, to being CIO in
Financial Services. She built and
operationalised high-performance cultures in
every role. Christiane leverages people,
processes and technology to solve business
challenges. She is currently the CEO of PYXIS
Culture Technologies, focusing on using
analytics and ecosystem models to provide
Boards with an enterprise view of cyber risk and
systemic risk.
Why Is Effective Cyber Security So Difficult?
27

I feel that the time has come for energetic and enthusiastic legal
experts who can provide real and easy to implement solutions that
would enable companies to avoid and correctly deal with crises and
manage the process of compliance with the mandatory regulation in
the simplest and easiest way possible.
Among the most important goals for every CEO and business
owner are customers' satisfaction, the ability to conduct profitable
business and quick disaster recovery when a cyber crisis happens.
Thank to activities of experts like me, both SMBs and large
organizations may reduce the attack surface in their organization
and avoid cyber-related crises. Therefore, compliance with privacy
regulations is a must, not just from the legal aspect but also
strategically for managing a business in today’s world.
Adv. Mariana Dan holds a Bachelor of Laws
(LL.B.) and an M.B.A., and provides CISO and
DPO as a service for organizations. In addition,
she is a member of the Israeli Chamber of
Information Technology and graduate of dozens
of training courses on information security,
privacy protection, and cyber security.
Since cyber security risks became the new
"daily concern" for most organizations in Israel
and worldwide, I started researching the secrets
of helping organizations how to conduct better
secured information security and business
continuity in their organizations. The law firm I
established, may efficiently assist SMBs and
large organizations through their efforts to
reduce their exposure to information and
industrial security breaches, prevent potential
lawsuits and fines imposed by the regulatory
authorities, while giving them maximum
confidence to conduct their business operation.
In today’s era there is no lack of knowledge;
however, there is a lack of accessible,
simplified, and clear information to the public
that is unfamiliar with information security.
Today’s average CEOs are concerned with the
company’s business and are unfamiliar with the
concepts of the world of information security
and privacy. Therefore, as legal cyber security
professional I do my best to make the critical
information accessible to my clients, in plain
and simple language, and support their
success.
I'm a strong believer, that an adapted solution is
needed for each company and business owner
to conduct his activity with 100% focus on their
customers’ needs and achieving customer
satisfaction. Therefore, my practice as a lawyer
is solely focusing on ways to assure cyber
security and privacy protection for my clients
and also their customers.
Adv. Mariana Dan, Ashkelon, Israel
Every Organization Needs a Legal "Iron Dome"
28

"We make a living by what we get, but we make
a life by what we give." ~ Winston Churchill
As human beings, we have an innate need to
contribute and provide for those around us, so I feel
that within the current landscape and the talent
gap within the cybersecurity market, we need to
help others transition by sharing our knowledge,
experience, and advice to enable them to succeed,
It is our duty as professionals to do so. I remember
when I first tried to pivot into Cybersecurity from
another technical field and how male-dominated that
industry seemed, that did not make me feel
welcome, there were few role models for me. I had
promised myself that I would be the senior I wished
I had met when I was a junior asking for guidance.
Many people are selfish with their time and effort,
so they should be; they too are building their
careers; I get it; we are busy people, but sometimes
that 15 minutes of your time and answering a few
basic questions could be life-changing to
someone, it could be the perspective they needed
to enable them to achieve their goals. We should
care for and protect our community by actively
helping others; one day, we might be working with
that person we helped; how would you like them
to remember you? What kind of impact do you
want to have?
When you start giving back, you inspire others around
you and begin to make an impact. Even if you don't
have a big following or influence, you can still give as
much effect as they do.
When others see you leading by example, they
want to do the same; become the example they
want to follow.
This phenomenon is called "The Ripple Effect"
when you change ten people's life, they could go
on to change another ten, and your actions single
handled positively impact a hundred people.
"The Ripple Effect"
Giving Back to The Community
You are helping others, mentally and spiritually, and
you are helping yourself similarly. You gain a unique
sense of purpose by serving those around you, one
which often manifests in other areas of your life.
No matter how sad or challenging your life is,
someone else might be going through much worse. A
famous quote which has become a daily mantra for me
is, “Always be nice because you don’t know
what the other person is going through”. A
little support could make a big difference and motivate
someone to reach for greatness, and you allowed that
to happen through kindness.
Collaboration is also a great way to build your
network, allowing you to meet many new people.
Additionally, it will help you better understand the
circumstances of other community members. It will
also give you a broad, open-minded perspective of the
different walks of life around you, which will help you
be an effective and empathetic professional. Finally,
dedicating time to helping others will teach
patience, kindness, and resilience, but also
improve your communication abilities and gift you
with many other experiences that will help you
navigate your future.
Giving back creates gratitude, encourages a culture of
sharing, and stimulates your growth. By immersing
yourself in a community and surrounding with like-
minded people dedicated to bettering the world, you’ll
reach a sense of fulfilment in your life.
And it’s fulfilment, not money, and we ultimately
strive for it during our professional development. It
builds a collaborative environment, and that is what
we want to achieve, as the power is in togetherness
and working together on a common goal.
When experiencing hard times, you want to feel you
are not alone and that the community has your back.
People want to work in an industry that makes
them feel welcomed and valued.
Call for Action by
Dorota Kozlowska, Warsaw, Poland
29

by Dorota Kozlowska
I give back because of my life journey, and the things I have discovered by trial and error could help others and
show them that they can, motivate them. I care about where I came from and tried my hardest to do the right thing
and give back when I knew I should. It’s an essential thing to me. I also strive to stay humble and a good person -
no matter what. Entering a new industry is challenging and stressful as it is, so make it a little bit easier for someone
else. Also, I have received a lot of support from seniors, and I am grateful. This is my way of saying thank you. Let’s
create a supportive and welcoming community for juniors entering the field.
Do not sit on the side-lines, but walk out of the shadows and start sharing your truth with the community.
I promise you won’t regret it. Please pay it forward.
“I am a true Wonder Woman. I have finally made my dream of becoming a Penetration Tester
come true. I am a Winner. What have I won? My own life.” ~ Dorota Kozlowska
>>
Dorota Kozlowska - Skilled Penetration Tester, One-
Woman-Army, doer, and a self-starter with a growth
mindset - often takes initiative on things and leads the
rest of the group. Previously experienced in QA, Test
Automation and Project Management with personal
passion for CTFs, and Red Teaming and degrees in:
Economics, Management and Marketing, and
Computer science. Dorota has made a few career
switches from being a local government official into
QA, Test Engineering, and Security Analyst to
Penetration Testing - her dream job. She is
continuously building her knowledge base and
displays lots of grit, adaptability, fast learning
capabilities, and personal strength. She seems to be
unstoppable.
30

Cyber Leaders - Call for Action by Praveen Singh, India
We, Cyber leaders, should use our knowledge, skills
and expertise to help underprivileged youth develop
their resilience to be motivated to learn cybersecurity
over time, through various initiatives such as support,
training or awareness programmes, and national
policy improvements.
To sum-up, it would be great initiative if cybersecurity
leaders reach out to their local underprivilege
community to engage them on career option available in
cybersecurity domain and give them pointers how to
build career path in cybersecurity for themselves. All we
need as cybersecurity leaders is spirit of giving back to
society, a sense of altruism by sparing our time,
expertise and focusing on uplifting underprivilege youth
so that they will be able to thrive in life.
At the age of 18, when I was in college, realized that there were a few underprivileged children who were deprived of
access to quality education. With India taking a giant leap in education initiatives, I and a few of my classmates came
together to address this issue by volunteering ourselves and spending some quality time teaching these children.
Then, I realised that volunteering for a good cause can provide a healthy boost to our self-confidence, self-esteem,
and life satisfaction. I truly felt that the role as a volunteer to help someone can also give you a sense of pride and
identity while benefiting the underprivilege youth. In this digital era with “growing demand for cybersecurity
professionals”, what I believe is that Cybersecurity education can be a powerful tool which empowers communities to
turn around their lives. But unfortunately, underprivileged youth do not have the resources to acquire quality
education. Therefore we, the cybersecurity leaders, should come together to educate these underprivileged children
and shape their future in our spare time.
When we start, we could face practical difficulties like we cannot give enough time but when it comes to
volunteering, it is not all about time. Even the most minor acts of volunteering matter a lot. This Initiative -
volunteering for Cybersecurity education for Underprivileged Youth, cannot be done by yourself alone. You being
just one person cannot be in multiple places at once. The best path is to encourage others to be community-minded,
attend meet-ups, speak, write, and innovate. I would request all cybersecurity leaders to contribute some of their
time towards “Volunteering for Cybersecurity education for Underprivilege youth”, Trust me, We can change life
of millions…!!!
Co-Founder & Chief Information Security Advisor
at CyberPWN Technologies Pvt Ltd, young and
talented Cybersecurity Influencer and Blogger,
Praveen Singh is internationally known for his
passion for Technology, Cybersecurity Research
and Cybersecurity Community Building worldwide.
Educating Underprivileged Youth on Cybersecurity
31

32

Fore
Word
Who said that we are defined by the choices we make? Is it not true? As we begin to plan for the
March 2023 Top Cyber News MAGAZINE edition, we have spent months discussing how the
notion of success is dependent on countless factors, such as different cultures, nations,
languages, and strategies. However, the only common factor of success that we
have found, and all agreed on, is...
A couple that shared a passion for keeping people safe online continued to grow since the time
they met each other. Their love for each other fuelled their passion for their work, and they quickly
became known as a power couple in the cybersecurity industry but they never forgot the love that
brought them together and the passion for protecting others that fuelled their work. They
remained humble and always worked together, knowing that their love for each other and their
shared mission were the keys to their success. But their success didn't come without challenges.
They faced many obstacles along the way, including fierce competition and the constant evolution
of technology. However, their love for each other and their shared mission to protect others kept
them going. Their love not only brought them happiness but also helped them make the world a
safer place. Their story is a reminder that love can be a powerful force that can drive us to achieve
great things, even in the field of cybersecurity.
Pablo Picasso
The Lovers, 1923
33

Gurleen Barara possesses an extensive teaching portfolio spanning over 25 years, coupled
with her IT proficiency. Her pedagogical competence comprises of inspiring, motivating, and
directing students while maintaining high levels of interest and achievement.
As a qualified mentor, she has the flexibility to customize her instructional techniques to
cater to the distinct needs and proficiencies of each learner. Gurleen is a proponent of
avant-garde, activity-based teaching methodologies that encompass the comprehensive
development of students. Her exceptional ability to simplify convoluted concepts has earned
her recognition and praise for her acumen in facilitating understanding for students from
heterogeneous backgrounds.
Gurleen Barara, India
34

Chief Cyber Officer, Vara Technology, Col. Inderjeet Singh has more than 30 years of
experience in a variety of areas related to cyber security, such as cyberwarfare,
cyberleadership, and swaying government policy in numerous organisations. He is also
developing various cutting-edge Blockchain and NFT solutions. Col. Singh has advised
organisations to use digital transformation technologies that will move the corporation
forward and help in formulating and putting into practise strategic cybersecurity solutions
using his extensive experience and in-depth expertise in cyber security.
He has spoken at TEDx events twice. In both Darknet forensics and Crypto forensics, he is a
subject matter specialist. Inderjeet has been actively working on web 3.0, blockchain, and
metaverse cyber security. He has been recognised as one of the 50 Most Influential Indian
Thought Leaders in Blockchain for the year 2022. Col. Inderjeet Singh also highlights the
importance of "Cyber Citizenship" among the public and Cybersecurity community.
Col (Dr.) Inderjeet Singh, India
35

36

CISOs
The Chief Information Security Officer, or
CISO, is fast-becoming one of the more
difficult C-Suite positions to fill.
The CISO role has been plagued with turnover,
the average tenure lasting anywhere from 18 to
26 months. This doesn’t come as a surprise as
the CISO is inundated with an array of challenges
that include a nonstop barrage of diverse cyber
threats seeking to exploit the enterprise he
watches over, internal competition to secure
budgetary resources to aid in his defense efforts,
lack of authority to instil necessary change, and
convincing the larger C-Suite as to why certain
security measures are needed regardless of their
cost. Indeed, in many ways, the modern-day
CISO is the cybersecurity equivalent of Sisyphus
struggling to protect the network enterprise only
to see another incident set him back on
progress.
Therefore, it is unsurprising that CISOs
suffer from an incredible amount of stress
due to their critical role of minimizing their
organizations’ cyber risks.
Hiring talent, researching new industry updates
and trends, tracking security metrics, developing
policies and plans, and managing information
systems are overwhelming responsibilities that
can take its toll. A 2020 CISO study found that
88% of those surveyed were tremendously
stressed, a minor decrease from the 91%
reporting that same affliction in 2019.
Most of these individuals believed that they and
their teams were expected to work longer hours
than any other department in their respective
organizations. Findings revealed that the
consequences of working considerable amounts
of overtime, poor work-life balances, and 24x7
security concerns contributed significantly to
their poor physical, mental, and emotional well-
being.
Due to their multifaceted security
responsibilities, there is a tendency for CISOs
to try to do everything at once, as the dynamic
cyber threat landscape brings change at a
pace faster than most organizations can
address.
These unique set of challenges makes the CISO
role part security expert, part security
prognosticator requiring the individual to find
balance in managing today’s risks with an eye
toward the future. With these seemingly
contradictory goals in mind, strategic thinking
may be the best asset for CISOs in today’s
environment, as it is essential for planning,
resourcing, and creating new ideas that spurn
new opportunities.
However, in order to accomplish these goals, the
CISO must work with the budgetary, personnel,
and material resources at hand to build the
organization’s cyber resilience. This is where
strategic thinking becomes paramount because it
helps the CISO implement security operations
with a “doing more with less” philosophy many
organizations must adopt.
By embracing strategic thinking, CISOs will
lay the cornerstone of their organization’s
cybersecurity posture through preparation.
This is essential in helping the CISO
organize and prioritize the myriad of security
needs that must be addressed.
Whether it’s the threat landscape or changes
within the organizations, the CISO’s greatest
strength is the ability to anticipate and adapt to
evolving conditions.
This requires knowledge and understanding
of existing and emerging threats, as well as
the direction the organization is going.
CISOs want to have advanced warning to be
proactive and not be caught reacting to
situations.
by Emilio Iasiello
37

by Emilio IASIELLO
Strategic thinking will empower the CISO to interpret challenges in ways that provide insightful
solutions to them.
Being able to interpret challenges, creative thinkers will search out multiple and where possible unique
data sources to digest and synthesize, and better inform their decision-making calculus. Finding
unorthodox but tenable solutions are the result of an inquisitive but open mind and a willingness to
learn. All of these feed into a comprehensive strategic thinking process.
By implementing strategic thinking, the CISO is better able to align these solutions with the
challenges in his or her portfolio. Having solutions that do not fit into the organization’s needs when
the organization needs them is poor preparation. Solutions must align to not only the problems but also
the prioritized requirements. This is why CISOs must be in constant communication with the rest of the
C-Suite, ensuring that the work is in concert with other stakeholders and consistent with the vision held
by the other chief executives. Getting buy-in and making sure initiatives are in line with the C-Suite will
help garner budgetary and professional support, and by extension, commitment from the top brass.
The effective CISO will balance strategy with execution and ensure that any initiatives
coincide with other projects that may overlap or at least intersect with them.
Because the bottom line is that CISOs must marry what the organization needs with what a CISO can
give. This demonstrates leadership, responsiveness to key needs, and the ability to deliver, all hallmarks
of a successful plan for a focused and resilient cybersecurity program. Quick wins pave the road for
larger gains, and while not everything goes to plan, having a pre-planned roadmap will help CISOs
navigate unexpected obstacles, and recalibrate without suffering substantial setbacks.
Emilio IASIELLO, the USA
20+ years’ experience as a strategic
cyber intelligence analyst,
supporting US government civilian
and several military intelligence
organizations, as well as the private
sector.
He has delivered cyber threat
presentations to domestic and
international audiences and has
published extensively in such peer-
reviewed journals as Parameters,
Journal of Strategic Security, the
Georgetown Journal of International
Affairs, and the Cyber Defense
Review, among others. All
comments and opinions expressed
are solely his own.
CISOs Need Strategic Thinking to Be Effective
38

Gary R. Hayslip, the USA
With over 20 years of IT, cybersecurity and risk management experience, Gary Hayslip has established a
reputation as a highly skilled communicator, author, and keynote speaker. Currently, as Global Chief
Information Security Officer, he advises Softbank Investment Advisers (SBIA) – The Vision Fund,
executive leadership on protecting critical information resources and overseeing enterprise cybersecurity
strategy. As the senior security executive for SBIA, Hayslip’s mission includes creating partnerships and a
“risk aware” culture that places a high value on securing critical information entrusted to SBIA.
Hayslip as a proven cybersecurity professional recently co-authored the CISO Desk Reference Guide
series: A Practical Guide for CISOs – Volumes 1 & 2, Executive Primer – The Executives Guide to Security
Programs, Develop Your Own Cybersecurity Career Path, and The Essential Guide to Cybersecurity for
SMBs. His previous executive roles include multiple CISO, CIO, Deputy Director of IT, and Chief Privacy
Officer roles for the US Navy (active duty), the US Navy (Federal Government employee), the City of San
Diego, California, and Webroot Software.
Hayslip currently holds several professional certifications including CISSP
, CISA, and CRISC, and has a
Bachelor of Science in Information Systems Management from University of Maryland & Master’s in
Business Administration from San Diego State University.
39

by Gary R. HAYSLIP
Storytelling
A CISOs’ Formula for Success
Today’s CISO is caught in a landslide of change as businesses undergo extreme transformation.
Their role requires evangelizing the strategy of their security programs, their program’s
management of systemic risk, and finally, its perceived value to company employees and
leadership stakeholders. To be effective in this challenging process, I find an excellent tool to use
is storytelling. This skill allows CISOs to express ideas and bring the audiences on a journey to
experience their point of view. In storytelling, I use a formula to describe current business
problems and the value added when these issues are addressed. I view the core components of
my storytelling formula as:
Context + Value = Informed Decision Making
Context: Provide insight to help the audience see the CISO’s point of view. An example, the
company should be ISO 27001 certified. In describing the need for this initiative, the CISO may
relate how, as parents, we pick a doctor for our children based on certifications, education, and
experience we feel demonstrates competence. This process also emulates how customers review
companies and their certifications, like ISO 27001, to demonstrate they meet industry best
practices for cyber resiliency and risk management. Helping the audience see the security need
through a personal lens builds a bridge between the CISO and the audience.
Value: After the audience has gained an understanding of the requested initiative, it’s time to answer
the question, "What's in it for me?" It is in this part of storytelling that the organization’s current state
is described, and the CISO outlines the resources required, possible impacts on operations, and,
finally, end results that provide value to the company.
Informed decision-making: This is the outcome of a good story. The CISO, peers, and executive
leadership make decisions using not only numbers and statistics but also a contextual understanding
of the importance the initiatives provide to the business.
The use of engaging stories to drive action and possibly shape the culture of an organization are key
reasons why I believe communication skills need to be continually developed and used by security
executives. These skills give the CISO the chance to step out from behind the wall of their security
program and be visible, to be seen as human and someone to trust. Through this trust, the CISO can
mature the security program and meet their company’s needs.
40

41

by Michel CAZENAVE
Are We Appropriately Skilled
To Be Top Class CISOs?
Cybersecurity strategy begins with the CISO
While systems become more complex, hybrid,
interconnected, nowadays CTI information shows
that “cyberattacks have shifted from disrupting to
75% attempts to take control of target” (source
Cyber Intelligence x sectorsAlliance) and get a
remote access, encrypt and/or steal data, setting
backdoors and spying activity associated with
criminal revenues either directly claimed from
victims or by selling knowledge, data,
vulnerabilities and tools on the dark web.
This evolution should lead every CISO, with the
unconditional support of their company boards of
directors who are perfectly aware of the risk even
if they still wish to understand how to help, to
rush a 360° hardening and best practices review
of their processes, assets and systems in order
to become a too costly target to pawn,
compromise or ransom, associated to an overall
preparation of their incident response plans,
proactive training and monitoring strategy to be
able to react appropriately in case of incident.
“The increasing sophistication of cyber
criminals coupled with
the rapid shift to digital technologies has
emphasized cybersecurity’s importance.
Those factors will have a
knock-on effect on CISO role and impact as
well as the C-level view and understanding
on cybersecurity”
While C-level consider now cyber security as a
strategic priority, the CISO needs to evolve
leadership to match this new interest within an
organization. It means to switch and ascend to a
C-level forward thinking attitude to lead and orient
strategy, investment and projects with a clear,
didactic prioritized and argumentative discourse
on business challenges and threats and potential
impacts.
While this internal shift is important, CISO can
also focus on creating or joining external circles
of trust to collaborate with peers. It creates value
by breaking CISO isolation, leveraging knowledge
and threat awareness and sharing or
benchmarking information, advices, tools,
methodologies and procedures in similar context.
It is already a trend with ISACs or similar
organizations (and even used by cybercriminals).
Collaboration is probably the next additional
must-have to leverage CISO's existing weapons
and means.
All other aspects of cybersecurity strategy shall
focus on helping IT to deliver business aligned,
secured, and resilient services which is quite
business as usual for a CISO and combine well
known recipes (understand the business, hire
experts, use best practices, deploy security tools,
use external cybersecurity services and
consulting, be certified, analyse risks, define
controls, patch, audit… to definitely become a too
hard target to hit.
Are we appropriately skilled
to be top class CISOs?
“What the ancients called a clever fighter is
one who not only wins but excels in winning
with ease.” ~ The art of war by Zun Tsu
The cyber threat is no longer an illusion nor
discussed as a hypothesis but as a certainty.
The disaster is imposed on us every day, with
shocking publications: "data breach", "spear
phishing", "ransomware" and soothing crisis
declarations: "we are in control of the
situation and are investigating", "we have
called in the best experts", "the impact
measurement shows that the sinews of the
company's war are not affected", "no data has
been affected".
42

by Michel CAZENAVE
>>
The CISO is, within his or her company or
organization, THE point of reference for
cybersecurity. Charged with defining the right
strategies, implementing the right tactics and
directing operations to protect the company or
entity from cyber threats, the CISO has an
enormous responsibility that is extremely difficult
to assume in order to effectively defend a
perimeter that is by definition porous, shifting and
variable in geometry.
Most employ several means to achieve this:
recruiting experts (difficult), implementing best
practices (demanding), deploying cybersecurity
tools (expensive), setting up an SOC or CERT
(complex), using service providers or consultants
(helpful), obtaining certifications (not sufficient),
networking with peers (useful) and share
information, successes and failures with trust
circles (ISACs).
None of these are bad and a CISO who succeeds
in getting his entity to run plans that includes a
complete and consistent set of these means is
probably a fair good CISO.
I might require to be a good performer in many
domains including technical, organizational,
logistical and administrative. We all have studied,
been trained in those domains. If it is not the
case, this might be an improvement point for all
of us and a starting point for people that wish to
become CISO.
The funny is how do one define this "complete
and consistent set"?
Successful CISOs adopt whole or part of
following or similar steps:
▪ understand how they are a target, what is the
threat and how it could turn bad for their
company
▪ align cybersecurity strategy first with non-IT
priorities (business, compliance, legal, risk...)
and then with IT priorities
▪ take business users behaviors into account to
adapt the plans to business activities and think
the best possible cybersecurity user
experience
▪ build a clear problem-solving road map based
on people, organization and technic providing
supporting argumentation about rationale,
expectations, value creation and return
▪ sell the plan to entity management and
stakeholders, including IT, legal, risk
management and finance
▪ run the plan and celebrate each progress or
achievement to build collective cyberdefense
spirit, including entity management and staff
▪ make the board aware and train the entity
management first, in order they lead all others
in the right direction
You find this simple? It is not! Once you achieve
with a great satisfaction the first four items and
turn on to the last three of them, problems begin,
and it is probably time to understand why.
CISO actions and cybersecurity do have an
important impact on the organization and thus,
the last domain, which is probably the most
important and has nothing at all to do with all that
cybersecurity stuff, is how you interact with
stakeholders, shareholders, management,
experts, staff, providers and suppliers to
discuss, convince, coordinate, require, allow,
deny (yes, it is possible to say no!) manage and
transform.
If nobody told you so before or if you did not
know. I have to tell you that people relationship
is THE main part of the CISO life. If you don’t
interact correctly, you will miss your goals, stay
painful for each step to achieve your plans and
remain a fair good CISO. Let us all move to
become highly skilled CISO, grow as top-class
ones, gain efficiency in the journey to success
and train our human relationships.
43

CISO and CSO for PwC France, Monaco & Maghreb, President at CIX-A / Cyber Intelligence X sectors Alliance,
Michel Cazenave, is passionate about cybersecurity. Pragmatic and exploring new avenues, Michel leads his
teams to protect people, property and business in line with PwC's goal: building trust in society and solving
important problems. He has been involved for over 25 years in cyber security, security and crisis management in
demanding and complex environments such as the Ministry of the Armed Forces and the Ministry of Foreign and
European Affairs.
He represented France at the Council of the European Union in the CCIS preparatory body from 2008 to 2017 and
has been laureate of 01 Business & Technologies 2012 CISO Special Jury Prize in 2012. Member of CESIN
(www.cesin.fr) since its creation, he is also since December 2019, engaged as President of the CIX-A / Cyber
Intelligence X sectors Alliance (www.cix-a.net), ISAC which aims to organize the sharing & the operational, tactical
and strategic collaboration between CISOs & their teams to improve the cybersecurity ecosystem and help
members and their supply chain to defend themselves collectively.
Michel CAZENAVE, France
44

45

Let’s Change
Together!
The World
46

A cyber security professional with experience working in ethical hacking, incident response, security
consulting, Craig Ford has two master's level qualifications from Charles Sturt University with a Master of
Management (Digital Forensics/Information Technology) and a Master of Information Systems Security.
He is proudly employed as the Chief Technology Officer (CTO) for Baidam Solutions.
A published author with five books - 'A Hacker I Am' and 'A Hacker I Am Vol 2' in his cyber security series
and 'Foresight', a Hacker/Cyberpunk novel series that includes Foresight and Shadow books. Vulcan (book
3) is scheduled for release in November 2023. He is also the co-author of The Shadow World, a cyber
security awareness book for primary school children.
A freelance cyber security journalist, Craig happily contributes to Top Cyber News MAGAZINE. He has a
regular column for the “Women in Security” magazine; writes for Cyber Today, Cyber Australia and
Careers with STEM magazines. The AISA (Australian Information Security Association) cybersecurity
professional of the year 2020, Craig was a member of the AISA Queensland executive team from 2020
until he was appointed a member of the National Board of Directors in January 2023.
Craig Ford, Australia
47

48

Space Diplomacy Of The Future
49

by Dr. Bianca Lins, LL.M.
Finally, the growing role of private sector players
in space activities is another factor that will
shape the future of space diplomacy.
Private companies are developing new
technologies and capabilities that are
revolutionizing space exploration. However, they
also have their own interests and agendas that
may not always align with those of
governments. Space diplomacy will need to find
a way to engage with these companies and
ensure that their activities are in line with
international norms and standards.
Space Diplomacy Challenges
In the future, space diplomacy will face two
major challenges. The first challenge is finding
harmony between the varying interests and
goals of different space-faring nations. With the
increasing commercialization of space, the
emergence of new space powers, and the
growing role of private sector players, there are
likely to be more competing interests and goals
in the future. Space diplomacy will need to find
a way to bring these different par-ties together
and create a common vision for the future of
space exploration.
The second challenge is dealing with new
security risks in space, particularly cyber risks.
Satellites have already become an integral,
albeit invisible, part of our communication
networks and systems that rely on precise
positioning and timing, such as GPS.
The increasing commercialization of space is
one such factor. With the commercialization of
space activities, the private sector is playing an
increasingly prominent role in space exploration.
Companies like SpaceX and OneWeb are leading
the way in developing innovative technologies
for space travel and tourism. As more private
players enter the space arena, space diplomacy
will have to adapt to new interests and goals
that may not always align with those of
governments.
Another major factor that will impact the future
of space diplomacy is the emergence of new
space powers, such as China and India. These
countries have made significant strides in space
technology and are developing their own space
programs. As these countries become more
involved in space activities, space diplomacy will
need to find a way to balance the interests of
established space powers and new entrants.
Space Diplomacy
Space diplomacy has become an essential element in international efforts to manage
outer space activities. It has proved to be a powerful tool for preventing conflicts and
promoting international harmony. With the rapidly shifting landscape of space activities,
space diplomacy is looking forward to an array of changes. Several major factors are
expected to have impact on the future of space diplomacy.
50

Lessons and experiences from each domain
should be shared, fostering an informed
exchange in the realm of cyber threat
management, which is increasingly intertwined
with terrestrial systems.
Global Cooperation
The key to tackling these obstacles lies in
global cooperation. Space diplomacy can be a
powerful tool for fostering collaboration
between space-faring nations and, in turn,
ensuring a safe and secure future for all space
activities. Governments and international
organizations will need to work together to
create a framework that promotes international
cooperation and ensures that the benefits of
space activities are shared by all.
In conclusion, space diplomacy is an essential
element in international efforts to manage outer
space activities. With the rapidly shifting
landscape of space activities, space diplomacy
is facing new challenges and opportunities. The
increasing commercialization of space, the
emergence of new space powers, and the
growing role of private sector players are all
factors that will shape the future of space
diplomacy. However, with global cooperation
and a shared vision for the future of space
exploration, space diplomacy can help ensure a
safe and secure future for all space activities.
In the future, seamless integration between
terrestrial and space systems will be achieved,
allowing consumer services to transition
effortlessly between ground-based and satellite-
based signals. This increasing interdependency
between satellites and terrestrial technologies
underscores the need to safeguard the
resilience of both.
The conflict in Ukraine has emphasized the
relevance of space systems during geopolitical
crises, and it is expected that new threat actors
will target critical services enabled by satellites.
To mitigate cyber vulnerabilities, governments,
along with stakeholders operating, using, and
benefiting from space-dependent technologies,
must identify and prioritize critical space-
enabled services for end-to-end cyber
resilience. Space diplomacy will need to find
new ways to ensure not only the safety but also
the (cyber)security of space activities. This will
require a coordinated effort from governments,
private companies, and international
organizations to develop new norms and
regulations that can mitigate these risks.
As satellite-based service infrastructures evolve
into comprehensive end-to-end systems,
multiple stakeholders become involved,
complicating the identification of responsibilities
and liabilities. Hardware manufacturers,
software developers, satellite manufacturers,
operators, and commercial users must
collaboratively address security and resilience
concerns. Additionally, regulatory frameworks
must adapt to the evolving technology
landscape, facilitating the development of
harmonized international standards to ensure
cyber resilience across all sectors.
To improve the cybersecurity of space-based
services relying on satellite networks, clear lines
of communication for information sharing
before, during, and after cyber incidents should
be established.
This collaborative approach requires cooperation
between governments, satellite manufacturers,
operators, software developers, and service
users.
by Dr. Bianca Lins, LL.M.
>>
51

Dr. Bianca Lins, LL.M. is a passionate Legal & Compliance Officer at the Liechtenstein Office for
Communications (OfCom), the regulatory authority for the sector of the electronic communication. She is
the focal and contact point for several Committees and Working Groups and responsible for the
implementation of legal requirements. As a drafter for national legal acts, she co-drafted the Liechtenstein
Space Law and the Liechtenstein Cybersecurity Act.
Before working for OfCom, she was a researcher at the University of Liechtenstein, focusing on
digitalization, notably Cybersecurity, and where still teaches Cybersecurity & Law. Her master’s thesis on
Robo Advice was awarded best paper and she completed her doctorate “summa cum laude”. Previously,
she graduated at the top of her class from the certificate course “Cybersecurity: Managing the risks in the
digital age” at Harvard. In her early career she worked in IT and financial markets.
52

Security is You
Risks and Opportunity with the use of OpenAI
by Sabika Ishaq, Luxembourg
There is an increasing focus on generative AI, such as ChatGPT, in
corporate organizations for enhancing customer service and
automating repetitive tasks. While AI can be a valuable tool,
employees must be aware of the risks and caveats associated with
using these tools, including privacy concerns and the possibility of
inaccurate or biased information.
Privacy
Conversations with ChatGPT are automatically stored, and OpenAI
may review this information. Therefore, the information
communicated to ChatGPT should not be considered confidential.
The only way to delete inputted data is to delete the account entirely
by contacting OpenAI.
Inaccurate/Biased Information
As with any AI system, the information produced by OpenAI can
potentially be inaccurate. AI models are trained on large amounts of
data, and the quality and accuracy of the data used to train the model
can affect its performance.
Additionally, AI models are not always perfect and can make errors,
particularly when they encounter data that is outside of their training
set. OpenAI acknowledges the possibility of errors and uncertainties
in their models, and they regularly test and refine their models to
improve their accuracy and reliability.
What does ChatGPT say?
When asked from ChatGPT whether organisations should use OpenAI
platforms, the answer was, “the decision to use OpenAI like ChatGPT
depends on various factors such as the nature of the organization, its
customer base, and the intended use of the technology. Before
opening such platforms, it is important for organizations to assess
their needs and determine whether the technology aligns with their
goals, budget, and customer service expectations.”
Business Opportunity
Although privacy risks and concerns are present, the business
opportunity presented by OpenAI platforms is higher. Therefore,
organizations should approach these tools with openness rather than
fear and work with them, whilst educating their employees and users.
53

Sabika Ishaq, Luxembourg
Chief Information Security Officer (CISO) at Grant Thornton Luxembourg
Sabika Ishaq serves as the Chief Information Security Officer (CISO) at Grant Thornton
Luxembourg. She has more than 15 years of experience in a number of different industries
including the United Nations.
As a security professional and enthusiast, Sabika has been involved in transformative
information security initiatives where she combined her strong business focus with deep
analytical background to bring constructive change. Sabika holds a Master’s degree in
Information Security and Management from The London School of Economics and Political
Science and is a part of notable Security platforms in Luxembourg.
She was elected as the President of WomenCyberForce (Luxembourg chapter of the
European Women4Cyber initiative) in 2023.
54

55

As Sunlight Is To The
Science Is For The
Eyes
Mind
56

How The Story of the
Future Unfolds…
Daniel, Xavier and Stéphane Nappo
wish to "dust off" - ‘la réflexion
cybernétique’ - reflection on
cybernetics by envisioning and
introducing the - “Systémique
Quantique” - Quantum Systemic(s).
Let no man imagine that he has no influence. Whoever
he may be, and wherever he may be placed, the man
who thinks becomes a light and a power. ~ Henry George
57

Published Author, Researcher, Scientist, Visionaire, Passionate Public Speaker, Mr. Daniel Nappo has
literary background since high school. He has completed a postgraduate degree in Physical Geography
and History.
In 1970-77, at the University of Aix-en-Provence, France, Mr. Nappo have been working for several
years in the Physics and Geomorphology Laboratory, directed by Professor Jean Pouquet - the "father"
of remote sensing (technologies for: Télédétection, InfraRed Thermography and Photogrammetry).
Mr. Nappo’s passion and degree in History turned his extensive research to books on historiography and
the literary biographies of well-known writers and philosophers, scientists from around the world.
Professor of History and Geography, and after - the Principal of a National School for vocational training,
Daniel Nappo’s professional career is a devotion to scientific exploration and studies that have spanned
more than three decades. A determined researcher, Mr. Nappo is pursuing analysis of systems. He has
dedicated over thirty years to the study of this subject.
Mr. Daniel Nappo, France
Published Author, Researcher, Scientist, Visionaire, Public Speaker
58

Lifelong Interest: Intellectual Growth a Lifelong Pursuit, Cybernetics, Information theory, Systemics,
Literature, History, Art, Nominalism, Phenomenology, Scientific approach, Cubic system, Dodecahedron,
Noosphere, Exotericism, Esotericism, East and West, Noetics... and the great authors who have dealt
with these subjects.
In alliance with his sons Xavier, & Stéphane Nappo global CISO, Daniel has been passionately
discussing how the systemic approach could be applied and implemented in the digital domain and
cybersecurity.
Convinced that such theories can advance scientific research, with real practical applications, Daniel
Nappo wishes to "dust off" - ‘la réflexion cybernétique’ - reflection on cybernetics by envisioning and
introducing the - “Systémique Quantique” - Quantum Systemic(s).
Such a field of investigation (study/analysis) opens new avenues of research full of hope for
comprehension and prospective concerning the complex phenomena, serial failures, often linked in a
relentless determinism.
This advancement in methodologies is absolutely indispensable, primarily in decision-making process;
when confronted with previously unknown complications; malicious cyber-attacks; errors of assessment;
misjudgements… Problems that are perceived as insurmountable.
Why such an approach to strategics risk management and risk control (preventive, detective or reactive)
might be a way to minimize every kind of risk that strikes and affects us daily?
Because to be able to make realistic predictions and action plans; we must first, leader-shift decision
makers from a status-quo or even deterring state of mind to a pro-active and inspiring decision-making
state of mind. And then dominate sometimes destructive effects of progress.
59

Kasia Hanson, the USA
Global Director, Physical and Cybersecurity Ecosystems @ Intel
Kasia Hanson, an award-winning security leader at Intel, leads
Global Security Ecosystem Development and Partnerships.
She leads the strategy and development of physical and cybersecurity ecosystem partnerships, go-to-
market, and sales acceleration strategies across Intel’s security portfolio (IoT/Edge, Endpoint, Zero
Trust, and Confidential Computing). Kasia is a passionate and dynamic security leader driving digital
transformation across IoT/Edge, AI, Physical and Cybersecurity, and Datacenter. She is well-versed in
security software and hardware solutions that drive business outcomes from data protection to
physical infrastructure. She thrives on developing long-term, trust-based industry relationships. Kasia
is the Past-Chair of the Security Industry Association Women in Security Forum, the 2022 SIA
Progress Award Recipient, a Women in Security Power 100 honoree, ISJ Top Security Influencer, a
Distinguished Fellow for the Innovation Institute for Fan Experience in Sports (IIFX) and was named
the #3 IFSEC Security Influencer in 2021.
60

Dr. Calvin Nobles, the USA
Department Chair and Associate Professor,
Information Technology and Management @ Illinois Tech College of Computing
Dr. Calvin Nobles is a native of Mount Vernon, Georgia, a globally recognized human factors engineering
and cybersecurity. He currently serves as Department Chair and Associate Professor for Information
Technology and Management at the Illinois Institute of Technology.
Dr. Nobles began his distinguished career in the U.S. Navy. He served as a senior advisor on signals
intelligence, cryptology, cybersecurity, and cyberspace operations on multiple military staffs and various
assignments. Additionally, he worked in national security supporting various military campaigns and
deployed on several occasions to support national and maritime operations throughout his military
career. Upon retiring from the U.S. Navy in 2017, he embarked on a corporate career in the financial
services industry as a cybersecurity and information security subject matter expert. Calvin continues to
advise senior executives on cybersecurity, risk management, and human factors engineering in
cybersecurity. Many recognize him as a thought leader for his expertise in human factors. Among his
multiple graduate degrees in STEM and business administration, including a Ph.D. in Human Factors
from Capitol Technology University...
61

Dr. Nisar Ahmad Zafar is a seasoned professional with over 20 years of experience in the ICT sector. He
is currently in a leadership role in Detasad as Senior Director & Vertical Head, specializing in business
management in diverse areas like GRC, connectivity, Cloud, Data centers, IoT, and smart infrastructure.
Dr. Zafar has also worked in various leadership positions for other notable companies such as LCC
(Tech Mahindra) and Talkpool.
Dr. Zafar holds a Ph.D. in Business Management from the Swiss School of Business Research, where
his research focused on leadership and strategic management. He has also earned multiple
certifications in Cybersecurity, PMI Portfolio, Project & Risk management, and Business continuity. In
addition to his professional achievements, Dr. Zafar is a prolific writer and has authored several research
papers and articles on technology and business.
Dr. Nisar Ahmad Zafar, Saudi Arabia
Sr. Director & Vertical Head (Telco & Giga Projects) @ DETASAD
62

by Dr. Vivian Lyon, Atlanta, United States
Qualified Women Can Bridge
the Cyber Workforce Gap
Cybersecurity needs a more diverse and
inclusive workforce with the necessary skills,
attributes, and knowledge to protect
sensitive information from rising cyber
threats.
As cyberattacks increase in scale and severity,
so does the global demand for cybersecurity
professionals – in all aspects of the field and
across all sectors. The cyber challenges go
beyond rising cyber threats because qualified
women who can bridge the gap are
underrepresented in the cybersecurity
workforce.
Attracting, recruiting, retaining, and
advancing diverse cybersecurity
professionals could help protect sensitive
and mission-critical systems by effectively
collaborating with diverse cyber talent.
Today's cybersecurity environment is more
volatile and dangerous than ever, with
sophisticated attackers targeting an ever-
expanding attack surface. The cybercriminals
and cyber-terrorists looking to cause harm and
damage to industries are diverse.
It is, therefore, critical to mitigating cyber
threats from a diverse point of view.
Cyber teams must be as diverse as
cybercriminals to protect sensitive systems
from rising cyber-attacks; otherwise,
organizations stand no chance. Cyber teams
must execute cybersecurity functions and
missions with a variation of thought, lenses,
approaches, and understanding to be
successful. Differences in perspectives and
thinking could lead to the innovation of new
vectors and new practices to solve problems.
Women possess unique and essential
character traits that enable them to succeed
in cybersecurity, for example, in governance,
risk, and compliance (GRC) roles. Giving
qualified women more cyber opportunities
and involving them more could help reduce
the shortage of cybersecurity talent through
the increase in ideas, creativity, and
introduction to various viewpoints and
solutions. The value created by including
qualified women in cyber warfare and risk
management might translate into more
secure and safer information systems.
Approaching issues through different lenses and
variations of thought might enhance the
efficiency and effectiveness of the cybersecurity
professionals who protect sensitive information
and those that benefit from the protection.
Increased productivity might indicate that
cybersecurity professionals and beneficiaries
accomplish their work tasks in less time,
decreasing the stress levels of both
cybersecurity professionals and owners of
sensitive information. Diminished work stress
levels might subsequently improve employee
morale and productivity.
Maintaining the status quo on diversity and
inclusion in the cyber workforce by not
bringing women on board might be detrimental
to the cybersecurity industry.
Thus, addressing the underrepresentation of
qualified women in cybersecurity teams
requires investing in training, mentoring,
advancement, sponsorship opportunities or
programs, and creating more equitable and
inclusive workplaces.
63

by Dr. Vivian Lyon
>>
Dr. Vivian Lyon is a highly experienced, knowledgeable, and passionate cybersecurity, technology, and
cloud leader with a proven track record of successful execution and management of high-performing
Software and Information Security teams and projects. Dr. Lyon possesses multiple degrees including
a Doctor of Information Technology (DIT) degree with a concentration in cybersecurity, an MBA, and
at least 50 relevant industry certifications. She gives back as a cybersecurity and computer science
professor and mentor. Dr. Lyon has authored several books including her latest book titled:
Cybersecurity Workforce Diversity: A Guide for Cyber Leaders. As a trusted advisor, she
contributes in the areas of cybersecurity, leadership, strategy, and IT/IS organizational risk
management.
Dr. Vivian Lyon’s book: Cybersecurity Workforce Diversity: A Guide for Cyber Leaders,
recommends strategies that cybersecurity leaders could use to attract, recruit, retain, and advance
diverse cybersecurity professionals drawing from evidence-based research and the findings of my
doctoral study in cybersecurity. The strategies highlighted in my book might contribute to social
change by helping to bridge the gap in the attraction, recruitment, retention, and advancement of
qualified female cybersecurity professionals. The book is available at Amazon. Visit Dr. Vivian Lyon’s
book Amazon Author Page to check out all her books, reviews, and biography.
64

65

“There is a growing recognition
that technical cyber security
measures do not exist in a
vacuum and need to operate in
harmony with people.”
~ The European Union Agency for Cybersecurity
(ENISA)
I strongly assert that Cybersecurity discipline must be
considered ‘one the greatest phenomena of human
civilisation’, along with Philosophy and Mathematics.
Ergonomic (or Human Factors) scientific discipline
could initiate the ‘entanglement’. ~ Ludmila Morozova-Buss
What say you!? Yes, YOU!
66

Human Factors For Life
“Human Factors is a term that could easily be misunderstood to refer to the
failures of people. This position, sometimes expressed in terms of ‘the
human factor’ or ‘caused by human factors’, is in opposition to human factors
science, which attempts to design systems that support human performance
and are resilient to unanticipated events.
“The Human Factors approach can also foster a culture of safety, promote a
learning environment, and encourage the development of a culture where
unintentional errors are reported without fear of retaliation and findings are
used to improve various system components to yield sustainable change.”
~ Dr. Alissa L Russ
The Five Human Factors method is about studying the physical, cognitive,
social, cultural and emotional factors that make up a complete customer
experience. The Five Human Factors support customer observations in the
field during the observation phase of an innovation project.
Unleash the Human Potential! Top Cyber News MAGAZINE
67

For over half a century we have been
focused on protecting data, networks and
systems - and it is not working.
The cyber threat landscape is increasing
exponentially, the risk of cyber-attacks has
never been higher, the incidence of
cybercrime is surging worldwide, and there is
growing recognition of the prevalence of
online harms. In fact, many countries
worldwide are working on tackling online
harms by means of the introduction of online
safety legislation.
This focus has resulted in the emergence of
an entirely new sector, the online safety
technology or 'Safety Tech' sector. Safety
Tech innovations have the capacity to protect
people from the corrosive effects of
misinformation, online harassment, targeted
attacks, cyber fraud, discrimination, and
extremism which increasingly threaten
democracy and civil society.
So what is the difference between
cybersecurity and cyber safety?
Its binary, cybersecurity primarily focuses on protecting data,
systems and networks; cyber safety or Safety Tech focuses on
protecting people - factoring the human into the cybersecurity
and cyber safety equation. The point is, your data is never going
to suffer from low self-esteem, and your data is never going to
feel the need for revenge. It is critical that data, information,
systems and networks are protected from cyber-attacks, and are
robust, resilient and secure. However, it is equally critical that the
people who operate and use these systems are psychologically
robust, resilient, safe and secure. Therefore, it is the combination
of cybersecurity and cyber safety that will deliver optimum
protection. “Importantly, when used in conjunction with
cybersecurity tools, Safety Tech can provide tech
solutions to tech facilitated problematic, harmful and
criminal behaviours online, and in doing so, facilitate the
creation of a safer and more secure cyberspace - and
that’s good news for humans.”
Dr. Prof. Mary Aiken is a Professor of
Cyberpsychology and Chair of the Department
of Cyberpsychology at Washington D.C.’s
premier STEM University, Capitol Technology
University. She is a Professor of Forensic
Cyberpsychology at the University of East
London. Prof. Aiken is a Member of the
INTERPOL Global Cybercrime Expert Group
and an Academic Advisor to Europol's
European Cyber Crime Centre (EC3). She is a
Fellow of The Royal Society of Medicine,
International Affiliate Member of the American
Psychological Association (APA), and Fellow of
the Society for Chartered IT Professionals.
Prof. Aiken is currently co-lead on one of the
largest European cybercrime research projects
to date, investigating human and technical
drivers of cybercrime.
by Dr. Prof. Mary Aiken, Dublin, London, Washington DC & the Cyberspace :)!
Factoring in the Human
68

Such an approach involves interacting with cybersecurity
practitioners and enquiring of them,
“What could we do to make your workday go better? How
could we go about enabling you to have more impact in your
role? What might we be able to do to take obstacles out of
your way?”
These are seemingly simple questions. However, rare are the
organizations where such questions get asked and where the
answers are genuinely acted upon. While many cybersecurity
professionals start out in their careers with a powerful desire to
serve and defend, the weight of organizational bureaucracy,
misaligned objectives, and executive disinterest can end up diluting
even the most robust resolve. Leaders who are authentically
seeking to enable their cybersecurity team to achieve a bigger
collective impact for the business and more individual
fulfilment should never underestimate the power of
consistently showing that they care about their people.
Anne Leslie is Cloud Risk and Controls Leader
Europe at IBM Cloud for Financial Services
where she focuses on supporting financial
institutions to securely accelerate their journey to
the cloud and transform their cybersecurity
operations to adapt to a hybrid multi-cloud
reality. An accomplished public speaker, Anne is
a passionate advocate for upskilling initiatives
related to cyber talent transformation and
applying human-centered approaches to some of
the most wicked problems facing cybersecurity
practitioners. Irish by nature and French by
design, Anne lives happily with her three children
in Paris, France which has been her home now
for over twenty years.
People Are The Crown Jewels
In the context of cybersecurity, people are
frequently referred to as an organization’s
biggest vulnerability. And while there is an
element of truth to that assertion, it is a framing
that negates the hugely positive impact that
harnessing human energy, engagement, and
commitment can have on an enterprise
cybersecurity program. The truth is that, with
the right enablement and environment,
people will naturally want to contribute
because as humans we are motivated by
being of service and united in something
that is bigger than ourselves.
Cybersecurity professionals are often
characterized by an innate drive to protect. To
many practitioners, information security is much
more than a job; it's a cause they want to
defend. The most progressive organizations are
exploring how to leverage human-centred
methods, such as design thinking, as a way of
identifying how to design security programs
that channel the best of what makes us human
and complement these capabilities with
processes and tooling that augments people’s
skills instead of hindering them.
by Anne Leslie, Paris, France
69

Increased dependency on technology, data,
and connectivity has created a larger attack
surface for hackers to exploit. Cyber security
risk is increasing with the rise in dependency
on intelligent networked devices which hold the
keys to our homes, finances, workplaces,
transportation, healthcare, and communications
with our most important relationships. It is no
surprise that humans represent the biggest
vulnerabilities simply because the complexity
increases the likelihood of human errors. Most
people lack basic cyber awareness, and even
trained professionals can make mistakes.
Therefore, cybersecurity represents the most
immediate financially material sustainability
and ESG risk organizations face today!
Regulators are finally acknowledging this
immense growing threat especially across
critical industries including finance, healthcare,
energy, and critical infrastructure.
The Securities and Exchange Commission in
the United States has issued guidance on
cybersecurity disclosure requirements and the
European Union was a trailblazer with the
General Data Protection Regulation which
includes provisions related to the protection
of personal data.
Cyber defense innovation, strategies and tools are constantly
evolving to outpace the changing tactics of hackers. The use of
machine learning and artificial intelligence to improve threat
detection and response times are popular approaches to outpace
the increasingly sophisticated attacks. Both sides are constantly
developing new techniques and strategies to gain an advantage
over one another.
While cybersecurity depends on sophisticated technology, people
represent the most important factor in cybersecurity defense, they
are not just the biggest threat vector. People develop the tools,
defense strategies, and they make up the community that shares
treat intelligence to improve the defense. Attracting talent to
cybersecurity careers and finding ways to encourage professionals
to increase their cyber security knowledge will be one of the best
defenses that organizations can invest in over the next decade.
People are not just the greatest weakness; they make up the best
defense strategy!
by Cristina Dolan, New York City, USA
Cybersecurity is really about the People!!!
Cristina Dolan is a Cyber Security Executive at
RSA Netwitness, Global Head of Alliances and
Head of Americas Channel. She is an award-
winning engineer, MIT Alumna, entrepreneur
and author that spent her entire career in a
variety of executive roles within the technology
industry. Recently Cristina co-authored a book,
“Transparency in ESG and the Circular
Economy” and WEF Article ‘Cybersecurity
should be treated as an ESG Issue’ .
70

My mother, an Algerian psychologist, the first in Africa and the Arab World to
specialize in cyberpsychology (1999), has taught me the importance of following my
heart in life, and as a result, I have developed a strong affinity for socializing with
others. In fact, after my mother, I am the most sociable person in my family. I find
joy in interacting with people and find satisfaction in helping others.
Last summer, my mother opened a swimming pool for children, and I eagerly
assisted her with the children, especially those who had a fear of swimming. I
helped them gain self-confidence and overcome their phobia of water by teaching
them to swim and not sink. Witnessing the children's newfound confidence and
happiness was an incredibly fulfilling experience for me. ~ Hadjer Soukayna Zahid Rahali
71

Dr. Djalila Rahali, Algeria
Dr. Djalila Rahali is an Algerian psychologist, the first in Africa and the Arab World to specialize
in cyberpsychology (1999). She is a researcher in “Human Factor in cybersecurity” after being
a profiler for 17 years in “Sonelgaz Company”. She is an active member of “Women in
Cybersecurity Middle East” and in “Cluster Digital Africa”. Ranked TOP 10 of personalities
developing ICT in her country, TOP 50 Woman in Cybersecurity in Africa and TOP 30 in the
Middle East (finalists award), she has been nominated among the 27 finalists in “Cybersecurity
Woman of the year 2022” Las Vegas-USA and has organized “She’s IN TECH Challenge” at the
occasion of the 8th of March, 2021. Founder and CEO of NafsiyaTECH and co-founder of the «
Cyberparental Guardians» group, she has been nominated as a Global Goodwill Ambassador
GGA -USA on 2017. She is a Keynote speaker and has been featured at the cover of “Focus On
Women Magazine” (USA-2019).
72

A New Era of Inclusion in Cybersecurity
As technology's relentless pace ushers in groundbreaking advancements, an
undeniable necessity arises, fostering an inclusive tech ecosystem. The focus on
diversity and inclusivity within this dynamic environment is more crucial than ever.
Audacious women are crafting a fresh narrative in the spheres of cybersecurity and quantum
technology. These pioneers are actively demonstrating that these sectors, traditionally dominated by
men, greatly benefit from the unique skills and perspectives women bring. In their roles as models
of inspiration, these women are championing change through resilience and expertise.
They are upending long-held stereotypes, illustrating that the tech industry is fertile terrain for
marginalized groups ripe with unexplored opportunities. Their influence goes beyond personal
achievements. They aren't just breaking barriers but actively building bridges,
fostering mentorship, sharing experiences, and creating an environment that
celebrates diversity and integrates inclusivity.
However, more than individual efforts are needed to effect systemic change. We need to nurture a
supportive ecosystem that advocates equal opportunities and aids the growth of diverse talents.
This requires a multifaceted approach, including integrating inclusivity in education,
offering scholarships to underprivileged tech enthusiasts, enabling mentorship
opportunities, and enforcing policies that endorse equal representation.
As we explore the intricacies of cybersecurity and edge towards a quantum revolution, it's crucial to
acknowledge and emulate these trailblazers. The future of technology should echo their
commitment to diversity and inclusivity. We bear this responsibility.
So, join us in molding a tech ecosystem where every voice is amplified, every unique
contribution is celebrated, and everyone is invited to participate in technological innovation!
Malak Trabelsi Loeb is a Dubai-
based visionary entrepreneur and
accomplished legal consultant.
With expertise in International
Business, Space, Tech, and
National Security law, she brings
17 years of international business
experience and 12 years of legal
expertise.
Mrs. Loeb is the Founder and
Managing Director of Vernewell
Management, a Space and Deep
Tech- Management and Innovation
Consultancies Firm; the CEO of
Trabelsi Loeb Legal
Consultancies; and the founder of
Vernewell Academy.
She is an international thought
leader and sought-after speaker.
She has delivered workshops and
lectures as a space SME for
prestigious organizations,
including the NATO SD - South
Hub/ NATO Joint Allied
Transformation command, Italy,
and the Royal Aeronautical Society
– UAE Branch.
Editorial
by
Malak
Trabelsi
Loeb
,
Dubai,
the
UAE
73

74

Tashya Denose is more than a senior cybersecurity professional; she is an enthusiast on a mission to
diversify the field. Her career journey began in the public sector, where she supported DoD networks at
the Pentagon, worked with the Secret Service, and engaged with the Intelligence community.
Transitioning to the private sector, she made significant contributions to renowned organizations like
Capital One, Google, and her current role at Meta.
Furthermore, Tashya hosts the podcast "Do We Belong Here," which illuminates the human side of
cybersecurity. As a board member of Black Girls In Cyber, her goal is to support the mission of providing
essential resources for black women to pivot into cyber and privacy. Through her tireless efforts, Tashya
strives to empower women and foster a sense of community within the industry.
75

76

How Guardians of the
Architects of
Digital Trust
in the
ever-evolving
Landscape of
Cybersecurity
Digital Realm
Safeguarding a
More Secure World
77

A true global citizen, Vincent Riou, the Managing Partner, General Manager, and CEO of InCyber Forum
North America & International, brings over 25 years of experience to his role. During his career, he spent
fifteen years dedicated to serving the nation, overseeing significant electronic warfare and military
intelligence initiatives within the French Ministry of Defense. His journey includes roles at DGA - Direction
Générale de l'Armement, Sopra Steria, CEIS, and his current position at Forward Global, known for its
expertise in navigating the complexities of the digital landscape with a global presence spanning Paris,
Washington, Brussels, London, and Montreal.
As the Founder and Managing Director of InCyber Forum North America, he has led its transformation
from FIC (Forum International de la Cybersécurité) into an influential entity, expanding from 40 sponsors
and 1500 attendees in 2013 to over 20,000 participants and 650+ sponsors today. Vincent's relentless
dedication shapes the future of cybersecurity and digital trust worldwide.
Vincent Riou, France
78

Straightforward Strategies to Elevate
the Ratio of Women in Cybersecurity
Creating a supportive and inclusive environment is
crucial for attracting and retaining women in
cybersecurity. Provide equal opportunities for career
advancement, mentorship programs, and networking
opportunities tailored for women. In meetings, women can
be less likely to speak up. Support, encourage, and
empower the women in your teams to speak up, ensure
they know they are valued.
Fostering diversity and empowering women in
cybersecurity not only ensures a more equitable
society but is crucial for enhancing our
cybersecurity defences and resilience.
Women make up roughly 50% of the global population,
40% of the global workforce, and 25% of the global
cybersecurity workforce.
Cyber threats come in various forms, so getting our
workforce dynamics right is crucial to ensuring we
are prepared for the evolving cyber threat
landscape. There are various attraction and retention
strategies, each with its purpose and fit for different global
regions. Without overcomplicating it, here are just a few
straightforward strategies easily applied globally.
When writing job advertisements, emphasize your
company’s culture and how you support your
employees. Refrain from long shopping lists with
unrealistic boxes for candidates to tick. Women can be
more hesitant to apply for a job with long lists of
requirements, especially if their experience doesn’t match
100% for each requirement to deliver on.
Recognize transferable and soft skills, they are
critical. Research shows that technical skills take less
effort to teach and learn than soft skills. Hiring a candidate
with strong communication, collaboration, curiosity,
adaptability, passion, and critical thinking skills, can be
invaluable to your team’s success. When hiring, look at the
bigger picture, break down the criteria of what makes a
candidate successful in that position, and what can be
learned.
by Heide Young, the UAE
Heide Young - Manager, Cyber Strategy & Engagement,
TONOMUS, NEOM; Founding Partner, Women in Cyber
Security Middle East (WiCSME), ranked in the Top 10
Technology Leaders across the Middle East 2022.
Formerly part of the leadership team for Australian
Women in Security Network, and Females in IT&Telecom
mentor, Heide Young is Founding Partner and Board
Member of Women in Cyber Security Middle East.
Serving on the Advisory Board for the Arab International
Cybersecurity Summit, Mentoring at / for CyberSafe
Foundation CyberGirls Fellowship, Liaisoning for women
at Women in Security & Resilience Alliance, Heide Young
is creating significant contributions for improving the
representation of women in cybersecurity, while being
instrumental in creating opportunities for women to
network, learn and grow within the industry.
79

Women
unite InCyber!
“Let’s stand tall together, as one”
~ Top Cyber News MAGAZINE team
80

81

Dr. K Royal, JD, the USA
Dr. K Royal is a Global Privacy Attorney with a PhD in Public Affairs. She holds multiple
certifications in privacy including the Fellow of Information Privacy from the IAPP and has been
recognized globally for her work in privacy and cyber law along with diversity and inclusivity
efforts.
Dr. Royal is currently the Global Chief Privacy Officer for Crawford & Company and sits on the
boards of several nonprofits. She is also the co-host of one of the world's most popular data
protection podcasts, ‘Serious Privacy’, and teaches Privacy Law at the Sandra Day O'Connor
College of Law at Arizona State University where she is also on the Executive Committee of the
Center for Law, Science, and Innovation.
82

Isabel María Gómez, Spain
Isabel María Gómez has over 18 years’ experience in security and information technologies, and in
the course of her career has specialized in several areas related to security. Some of them are:
Risk Management, Cybersecurity, Continuity and Resilience IT, Privacy and Personal Data
Protection, Compliance with Regulations and Digital Transformation. Her legal, regulatory,
technical, and financial background let her manage and coordinate efficiently different legal and
technical areas.
Previously, Isabel has had various executive roles in information security in leading companies in
their respective lines of business, such as SegurCaixa, Bankia, and Medtronic; she has also led
multiple normative and regulatory initiatives in international bodies such as the Information
Security Forum. Having attended her Higher Engineering Computing studies at the Madrid
Polytechnic University, Isabel María Gomez is also a forensic computing expert. She holds a
master’s degree in Information Security Management and the following certifications: CISA, CISM,
CRIC, CGEIT, and CDPSE by ISACA.
83

Claudia Bonard de Carvalho, Brazil
Recognized as one of the Top Women in Cybersecurity LATAM in 2020 & 2021 by WOMCY -
Women in Cybersecurity, Claudia Bonard de Carvalho is a criminal lawyer in Rio de Janeiro -Brazil.
Graduated from the State University of Rio de Janeiro and trained in cyber risk management at
FGV-SP, Claudia is specializing in corporate cybercrime.
Claudia Bonard de Carvalho’s distinction spans the continent and her additional roles include:
Professor of Cybercriminology at the Future Law course; speaker at Mind the Sec (most important
cybersecurity event in Latin America); writer of articles on cybercrime; columnist for the
CybertechBrasil Movement; author of the book Direito Penal 4.0; mentor in cybercrime at AB2L
(Brazilian Association of Legal Techs).
84

Kerissa Varma, South Africa
Kerissa Varma leads Cybersecurity with dispersed teams across Africa for Vodacom and Vodafone.
She is a seasoned cybersecurity and technology leader who believes strongly that technology is a
critical economic lever that is pivotal to growth in Africa. Vodacom is a leading and purpose-led
African connectivity, digital and financial services company. Starting from its roots in South Africa,
the company has expanded its operations to encompass regions in Tanzania, the Democratic
Republic of the Congo (the DRC), Egypt, Mozambique, Lesotho, Kenya, and Ethiopia. Their mobile
networks now provide coverage to a population of over 500 million people.
Kerissa has held multi-national CISO roles in multiple sectors, demonstrating history of building
and scaling security capabilities across healthcare, telecommunications, transport, government and
financial services and is a passionate advocate for everything cybersecurity. She volunteers widely
to increase cybersecurity skills across the globe with a keen focus in Africa and she is the Founder
and President of Women in Cybersecurity (WiCyS) Southern Africa and the Cybersecurity Digital
Alliance South Africa (CDSA).
85

Dr. Bianca Lins, LL.M., Liechtenstein
Dr. Bianca Lins, LL.M. is a passionate Legal & Compliance Officer at the Liechtenstein Office for
Communications (OfCom), the regulatory authority for the sector of the electronic communi-cation.
She is the focal and contact point for several Committees and Working Groups and responsible for
the implementation of legal requirements. As a drafter for national legal acts, she co-drafted the
Liechtenstein Space Law and the Liechtenstein Cybersecurity Act.
Before working for OfCom, she was a researcher at the University of Liechtenstein, focusing on digitalization,
notably Cybersecurity, and where still teaches Cybersecurity & Law. Her master’s thesis on Robo Advice was
awarded best paper and she completed her doctorate “summa cum laude”. Previously, she graduated at the top of
her class from the certificate course “Cybersecurity: Managing the risks in the digital age” at Harvard. In her
early career she worked in IT and financial markets.
86

Professor of International Law of the University of Bari ‘Aldo Moro’, Italy; a Member of the
Advisory Board of the European Union Agency for Cybersecurity – ENISA, Athens, Greece, and
Cybersecurity Researcher Fellow at the Jerusalem Institute for Strategy and Security (JISS),
Israel, Dr. Adv. Annita Larissa Sciacovelli, is a member of the Defense Innovation Office of the
Italian Chief of Defense Staff (Italian Ministry of Defense); a member of the Cyber Security &
Warfare Commission, of the Italian Society of studies on intelligence; a Member of the Advisory
Board of the International Institute for Peace, Vienna, (Austria), a Member of the International
Institute of Humanitarian Law of San Remo (Italy).
Dr. Adv. Sciacovelli is a member of the Editorial board of the Review of Military Justice, edited by
the Ministry of Defense, and of the review Security & Intelligence, Anti money laundering &
Compliance. She coordinates the scientific activities of the Center of International Legal Sciences &
New Technologies of the University of Cassino (Italy). Dr. Adv. Sciacovelli is Vice President of the
Global Professionals for Artificial Intelligence - GP4AI, & she teaches International Law at
University of international studies - UNINT in Rome.
Dr. Adv. Annita Larissa Sciacovelli, Italy
87

88

Dr. Diane M. Janosek, JD, the USA
Dr. Diane M. Janosek, JD, CISSP, LPEC, is an award-winning cybersecurity leader. She serves as
Executive Director of Capitol Tech's Center for Women in Cyber. Served in United States’ Defense
Intelligence Senior Executive Service for over a decade, including time at the White House,
Pentagon, National Security Agency, & Department of Justice.
Multiple award winner for leadership and expertise in cybersecurity. Leveraging both a PhD and
Juris Doctorate, she is CEO of Janos LLC, a specialized consultancy focused on improving
companies’ cybersecurity, privacy, and data governance programs. Licensed Professional in Ethics
& Compliance and CISSP. Appeared on TV and has published dozens of academic articles.
89

Dr. Diane M. Janosek: In today’s digital
economy, data is THE key global
currency. Data is created, enriched,
shared, distributed, enriched again,
accessed, stored, and eventually deleted.
Every step of the “data creation to data
destruction lifecycle” involves privacy
rights and responsibilities, as well as
cybersecurity defense to address data
integrity needs. Each step has key
responsibilities for all data owners.
Accordingly, these responsibilities must
be understood and fully appreciated by all
data owners and corporate leadership.
The roles of wise counsel for guidance on
proper data governance and handling is
essential to the defensibility of one’s data
governance program.
“The nexus and collaboration of privacy
legal professionals with cybersecurity
professionals is a must!”
After
Word
Peace Missionary
~ The Magnificent Seven
My prediction: the two areas of privacy and cybersecurity are on the verge of merger with
benefits to all sectors! Data is the common denominator. This joint comprehensive guidance will
undoubtedly yield improved governance, solid data handling, increased privacy protection, and
enhanced cybersecurity defenses. Win Win For All!
Dr. K Royal: Cyber and privacy lawyers have never been in more demand than they are now.
Cybersecurity professionals are likewise in high demand. And both are needed for their
companies and projects to succeed. Both sides are highly skilled in their respective areas and
rarely are either well-trained or knowledgeable in the other area. Therefore, cooperation and
collaboration are critical for success. My best friends at work are often the cybersecurity
professionals because we work alongside each other so often. I have questions on tech; they
have questions on law. It’s a perfect friendship / partnership based on mutual respect and humor.
Lots and lots of humor.
Isabel María Gómez: Some of the biggest focuses of boards of directors and management
committees are legal compliance and the level of cybersecurity. Both are sides of the same
coin whose interrelation, collaboration and joint work promotes the protection of assets and
personal data, enriches the ESG (Environmental, Social, and Corporate Governance) reports for
the shareholders, helps state law enforcement agencies and enhances the value of the company
in the eyes of insurers, among others, reinforcing the due diligence of the company's
management.
90

Prof. Annita Larissa Sciacovelli: It should be kept in mind that international law is an essential
pillar of stability and order in the international system and is the framework of binding standards for
States to set their behaviour also in cyber space.
Claudia Bonard de Carvalho: The partnership between privacy lawyers and cybersecurity experts is
of utmost importance. This collaboration is crucial due to the various ways in which data protection
issues can impact a company's daily operations. For example, they can influence contracts within the
supply chain, the hiring of a labour force, and various other situations that carry the risk of data
breaches. There are many cases of suppliers who do not have privacy policies, and this
compromises the security of the services for the clients.
Dr. Bianca Lins, LL.M.: Cybersecurity is a multidisciplinary field, and it involves various Experts
with specialized knowledge and skills to protect digital systems, networks, and data from cyber
threats. The collaboration of these Cyber Experts is vital throughout all sectors. Legal Experts, like
myself, serve as a crucial bridge between the complex world of cybersecurity and the legal
framework that governs it. It’s our job to ensure that individuals and organizations navigate the digital
landscape while adhering to legal and ethical standards and protect rights and interests.
However, Cybersecurity Analysts, Ethical Hackers, Security Architects, Incident Responders,
Cryptography Experts, Network Security Specialists, and many more are needed to forge a safer
digital world. Together, we engage in a continuous exchange of insights, striving to improve
communication and cooperation. This collaborative spirit is driven by the recognition that
cybersecurity is not merely a technical issue; it is also a legal and ethical concern. In conclusion, our
collective dedication, expertise, and commitment to preserving our digital rights and security
epitomize the collaborative spirit required to confront the evolving challenges of the digital age.
Kerissa Varma: Stop, Collaborate, Listen! Why a Rapper From 30 Years Ago Has Valid Cyber Advice
for 2024 and beyond? When I was a child, vanilla Ice (a famous American rapper) released a song
called “Ice, Ice baby” which quickly spread through the world in flurry of popularity. A phrase that has
always stuck with me from the song “Stop, collaborate and listen” is the inspiration for my advice for
Cybersecurity community. Stop trying to build strong fences and forgetting about the outside world,
collaborate to find solutions to global cybersecurity problems and listen to the murmurs of your
people – increasing and retaining talent is critical.
Stop thinking you are an island: we are an ecosystem. For years we have focused on building strong
boundaries from the outside world and pretending we could insulate ourselves from external impact.
The trend of vulnerabilities in our supply chain impacting organisations globally is becoming
increasingly common and will continue. Supply chain risk proves that societal upliftment of cyber
posture is critical for all our protection. Additionally, our ability to rapidly determine impact and
respond to supply chain risk will become more critical in 2024 as frequency continues to rise.
Collaborate: Collaboration will increase in 2024 – cross sector, cross-industry, private- public
collaboration will increase out of necessity. In realising we are a hyperconnected ecosystem
increased collaboration will become a critical tool to curb cybercrime. Problems too big to be solved
individually will benefit greatly from this level of focus and integration.
Listen: War on talent will continue into 2024 – The last years has catalysed a demand for digital
capabilities. Along with this demand, the need for cybersecurity skills has grown exponentially and
will continue to do so in 2024 and beyond. Our ability to encourage young and mid-career individuals
into the field and provide rewarding work for those in our current teams becomes critical in the
future landscape.
Standing Together! The Magnificent Seven
>>
91

The Importance of Cybersecurity
Cybersecurity is the practice of protecting
computer systems and networks from
unauthorized access, theft, and damage.
Cybersecurity threats are continually evolving,
and cybercriminals are becoming more
sophisticated in their methods. The
consequences of a successful cyberattack can
be severe, including financial loss, reputational
damage, and legal liability.
Effective cybersecurity measures include the
use of strong passwords, firewalls, antivirus
software, and regular software updates.
Cybersecurity awareness training is also crucial
for employees who handle sensitive data.
Cybersecurity laws are essential in protecting
individuals, businesses, and governments from
cyber threats.
The Importance of Data Privacy
Data privacy refers to the protection of personal
information, including sensitive information
such as financial and medical records. With the
increasing use of technology, data privacy has
become a significant concern. Many companies
collect personal information from their
customers, including their browsing habits,
location data, and purchasing history. This data
is often used for marketing purposes, but it can
also be sold to third-party companies without
the consumer's knowledge or consent.
Data breaches can have severe consequences,
including identity theft, financial loss, and
reputational damage. Cybercriminals can use
stolen data to commit fraud, blackmail, or other
criminal activities. Data privacy laws are
essential in protecting individuals from these
risks.
Cyber Law and Data Privacy
Protecting Digital Rights in the Digital Age
by Dr.K.V.N.Rajesh, India
In our digital age, we rely heavily on technology
for our daily lives. From online banking to social
media, we share personal information online.
However, with this increased reliance on
technology, there is a growing concern for data
privacy and cybersecurity. Cyber law plays a
crucial role in protecting our digital rights and
ensuring that our personal information is kept
safe. In this article, we will explore the
importance of cyber law and data privacy in the
digital age.
What is Cyber Law?
Cyber law is a branch of law that deals with the
legal aspects of the internet and technology. It
encompasses a wide range of issues, including
data privacy, cybercrime, intellectual property,
and e-commerce. Cyber law is essential in
protecting individuals, businesses, and
governments from the risks associated with the
use of technology.
92

by Dr.K.V.N.Rajesh
>>
The Future of Cyber Law and Data Privacy
As technology continues to advance, the
importance of cyber law and data privacy will
only increase. New technologies, such as
artificial intelligence and the Internet of Things
(IoT), present new challenges for cybersecurity
and data privacy. Cyber law and data privacy
regulations will need to keep pace with these
developments to ensure that individuals' digital
rights are protected.
Conclusion
In conclusion, cyber law and data privacy play a
critical role in protecting individuals' digital
rights and ensuring that personal information is
kept safe. With the increasing use of technology,
the importance of these issues will only
continue to grow. It is essential that individuals,
businesses, and governments prioritize
cybersecurity and data privacy measures to
mitigate the risks associated with the use of
technology. As technology continues to evolve,
cyber law and data privacy regulations must
keep pace to ensure that digital rights are
protected. By doing so, we can ensure a safer
and more secure digital future for all.
Data Privacy Laws and Regulations
There are several data privacy laws and
regulations in place to protect individuals'
personal information. The most well-known of
these is the General Data Protection Regulation
(GDPR), which was introduced in the European
Union in 2018. The GDPR aims to protect
individuals' personal data and gives them more
control over how their data is collected, used,
and shared.
Other data privacy laws include the California
Consumer Privacy Act (CCPA) and the Personal
Information Protection and Electronic
Documents Act (PIPEDA) in Canada. These laws
require companies to be transparent about their
data collection and use practices and give
consumers the right to access and delete their
personal information.
Cybersecurity Laws and Regulations
Cybersecurity laws and regulations are essential
in protecting individuals, businesses, and
governments from cyber threats. The most well-
known of these is the Cybersecurity Information
Sharing Act (CISA) in the United States. CISA
encourages the sharing of cybersecurity threat
information between the government and
private companies.
Other cybersecurity laws include the
Cybersecurity Act in Singapore and the
Cybersecurity Law in China. These laws aim to
protect critical infrastructure, such as power
plants and transportation systems, from cyber
threats.
With over 18 years of experience in training,
Dr.K.V.N.Rajesh, has imparted his knowledge and
skills to over 10,000 participants in his career. He
holds both a B.Tech and M.Tech in Computer Science
and has completed his Ph.D in the area of Deep
Learning, highlighting his advanced expertise in the
field of technology. His passion for technology and
training is evident in his impressive track record and
dedication to providing top-quality education to his
clients and students. He has been recognized with
numerous awards, one of which includes winning
the Microsoft Blogathon in 2022.
93

“I Always Repeat…
Read, Read,
Read!” Nadine Gordimer
Nobel Prize in Literature, 1991
94

95

LTC Francel Margareth Padilla-Taborlupa is an esteemed cybersecurity professional holding the
distinguished position as the sole female Battalion Commander of the 7th Signal Battalion, Signal
Regiment, Philippine Army. Demonstrating exceptional versatility, Francel spearheads innovation in
Command, Control, Communications, and Cyber systems. Beyond her technical expertise, she is
recognized as the driving force behind the visionary "Cyber for Peace" initiative, promoting technology for
sustainable development. Francel’s outstanding contributions have earned her prestigious titles, including
being hailed as a Cybersecurity Woman Leader of the Year 2023, an Epic woman in Cyber and a Wonder
Woman in Tech and Top 30 Women in Security in ASEAN. Francel’s impactful presence continues to
shape the cybersecurity landscape.
LTC Francel Margareth
Padilla-Taborlupa,
Philippines
96

Cyber for Peace
97

98

A Man of Ambitions
99

War - Terrorism - Automation
Editorial by Morgan Wright, the USA
Chief Security Advisor for SentinelOne
We should care because of what becomes
the third offset and how it enables all five
domains of warfare.
Artificial Intelligence
Until the arrival of modern technology, only
nation-states could wage war across all five
domains. That has ended. AI has enabled the
automation of war for nation-states and terrorist
groups. It provides an asymmetrical capability at
a low barrier of entry.
Ransomware, for example, is more than
malware. It is a geopolitical tool that serves the
objectives of hostile nation-states. From
NotPetya to WannaCry, these are two examples
from a much broader threatscape.
Computing power is available to anyone with a
credit card or bitcoin. Generative AI is widely
used and incorporated into technologies from
the smallest company to the largest.
Automated cyberattacks, augmented by AI, are
developing in capability and frequency. They are
no longer the sole province of nation-states.
Terrorist organizations are increasing their
arsenal of technologically advanced weaponry
to include cyberattacks.
The battlefield is not some distant scene played
out on multiple news broadcasts. It's fought at
the keyboard hourly and is no longer
constrained by geography.
The need for enhanced cybersecurity will
become more critical than actual weapons of
war. The ability of an adversary to take down
command and control is linked to how secure
the computing environment is. The safety of our
critical infrastructure depends on the same.
In the future, bits and bytes will be more
dangerous than bombs and bullets.
For thousands of years, the only two
domains of war were land and sea.
Men fought battles with rudimentary weapons
that were blunt, inaccurate, or massive (e.g.,
siege weapons).
It wasn't until World War One that a new
domain - air - was added.
Forty-three years later, in April 1961, space
became the fourth domain when the Soviet
Union launched Vostok 1 and Yuri Gagarin.
In 2011, the United States Department of
Defense officially incorporated cyberspace
as the fifth domain of war. The advance of
technology has brought the ability to wage war
and terrorism to our front door.
Consider another aspect of warfare--the offset.
An offset is about asymmetrically compensating
for a disadvantage. After World War Two, the
Soviets far outnumbered American forces, even
when combined with NATO. Nuclear deterrence
was the first offset of war and provided a
strategy to contain and deter Soviet aggression
and expansion.
That only lasted a few years to the early 1960s
until the Soviet Union achieved parity in nuclear
capability, creating the conditions for a second
offset. The role of technology provided a
superior advantage during this time.
The ability of NATO to 'look deep-shoot deep'
offset the numerical superiority of the Warsaw
Pact--NATO's counterpart behind the Iron
Curtain. Precision-guided weapons could wipe
out follow-on forces in the event of an invasion.
The offset lasted until the collapse of the USSR
on December 26, 1991.
So, how do the domains of war and offsets
intersect? Why should we care?
100

Morgan Wright, the USA
Morgan Wright is an internationally recognized expert on cybersecurity strategy,
cyberterrorism, national security, and intelligence. He currently serves as a Senior Fellow
at The Center for Digital Government, Chief Security Advisor for SentinelOne, and the
Chief Technology Analyst for Fox News and Fox Business. Morgan's landmark testimony
before Congress on Healthcare.gov changed how the government collected personally
identifiable information.
Previously Morgan was a Senior Advisor in the US State Department Antiterrorism
Assistance Program, the Senior Law Enforcement Advisor for the 2012 Republican
National Convention, taught behavioral analysis at the National Security Agency, and spent
a year teaching the FBI how to conduct internet investigations. In addition to 18 years in
state and local law enforcement as a highly decorated state trooper and detective, Morgan
has developed solutions in defense, justice and intelligence for the largest technology
companies in the world including Cisco, SAIC, Unisys, and Alcatel-Lucent/Bell Labs.
101

102

"Visionaries of Science for Cybersecurity“ 2023 represents special
editions of Top Cyber News MAGAZINE aimed at showcasing exceptional
thought leaders and their perspectives on the symbiosis of science and
cybersecurity.
The current “Visionaries of Science for Cybersecurity” edition aims to
foster the exchange of ideas, thoughts, and expertise, benefiting current
and future students, researchers, and experts in the fields of science
and cybersecurity. It conveys a sense of dynamism and a commitment
to scientific endeavours.
A fundamental quality of visionary talents lies in their ability to recognize
possibilities that escape others. This edition also highlights the
characteristic of innovators who, through their contributions, integrate
and harness possibilities that remain invisible to the general public.
Young talents from India, France, Qatar, and the USA wholeheartedly
share their independent perspectives, inviting your insightful
commentary, practical suggestions, and fostering a hopeful convergence
of ideas through continued dialogue.
Integrating Excellence With The Future!
Top Cyber News MAGAZINE
Fore
Word
103

104

Dr. Nacira Guerroudji-Salvan,
Founder and President of CEFCYS
CErcle des Femmes de la
CYberSécurité.
Here, with the First Lady of
France - Madame Brigitte Macron
105

On December 13, the CEFCYS - Cercle des Femmes de la
CyberSécurité Association organized it’s 4th edition of the European
Cyber Women Excellence Awards in the magnificent Salle Gaveau in
Paris XVIII
Photo: Laureates of the 2023 Award
106

After
Word
Dear Cybersecurity Community!
As we step into the year 2024, let our watchwords be "Aware" “Change” and "Believe." In the ever-
evolving landscape of digital threats and technologies, awareness is our armor, and belief in our
collective strength is our shield. Together, we can navigate this complex terrain with resilience and
purpose.
Be aware and deeply understand the intricacies of new threats and emerging technologies.
Knowledge is our greatest asset, and it is through understanding that we fortify our defenses
against the endless number of cyber challenges. Stay vigilant, stay informed, and let your
awareness be your guidance.
Build new friendships within the cybersecurity community, for it is through collaboration that we
find the strength to defend against the smartest adversaries. Together, we are a strong network,
sharing knowledge, expertise, and support to safeguard our digital world.
It is time to flip the switch and find out roots. In a world sometimes overshadowed by uncertainty
and chaos, let us radiate kindness, genuine love, and heavenly light. It is time to rediscover the
hope and positivity that have always been the guiding stars of our human existence. In this digital
realm, let our actions and interactions reflect the very best of our humanity.
107

An internationally acclaimed strategist, author, and creative thinker, Founder and President of the
United Cybersecurity Alliance (non-profit organization), Carmen Marsh carries out a very
important mission and vision to unite the global cybersecurity community as well as provide a
platform for women to learn cybersecurity, enhance their skills, and gain hands-on experience
for a successful entry and retention within the field.
Awaken curiosity within yourselves, for it is curiosity that fuels the fires of progress and innovation.
Spend time getting to know the remarkable people around you, for in them, you may find new
friendships that will enrich your journey. Seek out fresh opportunities to make a positive impact, for
every small act of kindness can change the world in profound ways.
Believe in the inherent goodness of humanity, for even in the darkest of times, there are sparks of light
that can illuminate our path. Let us transform the unbelievable into the believable and doubters into
believers, for it is through our collective faith and effort that we can shape a brighter future.
The loss of loved ones reminds us of our own mortality, but it also serves as a strong reminder to live
our lives with intention. Let this year be the one where you uncover your higher purpose, infusing your
actions and words with profound meaning.
Take a moment to appreciate the journey that has brought you to this point but remember that 2024 is a
new canvas waiting to be painted with your dreams and aspirations. Embrace the changes that come
your way, for change is the heartbeat of progress. Believe that you, too, can contribute to the
transformation that will make our world a better place to live in.
Let love guide you, hope inspire you, and kindness be your compass. Together, we can make the
impossible possible, and with unwavering belief in ourselves and in humanity, we can create a world
filled with boundless prosperity, light, and positivity. With love and optimism, Carmen Marsh
by Carmen Marsh
>>
108

MAGAZINE
TOP CYBER NEWS
«Thank you for making us all a true global Cyber Community! Our
Cyber Community, as exemplified in Top Cyber News MAGAZINE is
the ENVY of all other industries! We celebrate each other, and do so
across continents and language barriers. Today we celebrate Top
Cyber News MAGAZINE, Ludmila Morozova-Buss!»
Dr. Diane M JANOSEK, JD, CISSP, LPEC, Deputy Director of Compliance
at National Security Agency, USA
«Thanks for publishing your MAGAZINE It helps big companies as well
as SME and citizens to beware of cyber threats!»
Prof. Dr. Annita Larissa SCIACOVELLI, Professor of International law,
Cybersecurity Specialist. Italy
«Top Cyber News MAGAZINE continues to highlight those leaders of
cybersecurity that others may not know and at the same time inspiring
many others to become our future leaders in a cyber career that is so
desperately in need of additional employees»
Dr. Bradford SIMS, FRAeS, President at Capitol Technology University, USA
«Ludmila Morozova-Buss fantastic work and keep it up! I love reading
about the people in your articles and looking forward in reading more
in the future. All the best Ludmila.»
James CASTLE, Chairperson (CEO), Cyber Security Global Alliance & CSGA
Cyber Accelerator | CEO/CISO/CSO, Terranova Defense Solutions & Terranova Cyber
Solutions | CSO, Terranova Health Network, Canada
«Thank you Ludmila Morozova-Buss Top Cyber News MAGAZINE for
bringing the smile on our faces after long debate hours.»
Liliana MUSETAN, Head of Unit at Council of the European Union. Brussels,
Belgium
109

AN AWARD -WINNING DIGITAL MAGAZINE
ABOUT PEOPLE, BY PEOPLE, FOR PEOPLE

Almanac 2023. Top Cyber News MAGAZINE. Published in January 2024

More Related Content

Similar to Almanac 2023. Top Cyber News MAGAZINE. Published in January 2024 (20)

More from Dr. Ludmila Morozova-Buss (20)

Recently uploaded (20)

Almanac 2023. Top Cyber News MAGAZINE. Published in January 2024