Latest episode
12. Esther Schagen-van Luit (Microsoft): "Security leadership requires courage and curiosity"
52:51||Season 1, Ep. 12Join hosts Jeroen Prinse and Irfaan Santoe in this episode of re:invent security as they sit down with Esther Schagen-van Luit to explore what it truly means to be a Strategic CISO in today’s security landscape. Esther is a well-known cybersecurity leader and advocate for Diversity, Equity, and Inclusion. With years of experience advising and working alongside CISOs across various sectors, she brings a sharp, candid perspective on the disconnect between tactical security operations and the strategic needs of modern organizations. In this episode, Esther unpacks:• The common traps that keep CISOs stuck in operational mode• What separates a strategic CISO from the rest—mindset, skillset, and influence• How organizational readiness (or lack thereof) impacts a CISO’s ability to lead at the strategic level• Why aligning security with digital transformation is non-negotiable• And how DEI plays a real role in shaping stronger, smarter security leadership Esther doesn’t just talk about the role of the CISO—she challenges the assumptions around it. She shares what it takes to grow into strategic leadership, even in environments that aren’t quite ready for it, and why security professionals must be ready to challenge how value is measured and communicated. Known for her clear thinking and no-nonsense delivery, Esther reminds us that strategy isn’t about sitting at the executive table—it’s about speaking the language of the business and helping shape its future. Whether you’re a current CISO, an aspiring one, or someone who works closely with security leadership, this episode offers a grounded, honest look at the evolution of the role—and how to push it forward.Chapters:00:00 - 04:09 - Introduction of the episode and Esther Schagen van Luit 4:10 - 07:32 Reinventing security and being a driving force for good.07:33 - 9:32 What are the key differences between an operational, tactical and strategical CISO?09:33 - 12:15 What are operational and tactical CISO's lacking?12:16 - 14:20 Strategic security visions requires curiosity14:21 - 15:56 What is holding organizations back to embrace a strategical CISO?15:57 - 19:33 - What are the most important skills to become a strategical security leader?19:34 - 22:07 Example of a security leader who was successfull in aligning business objectives and security strategy22:08 - 25:00 Don't sell winter coats in the summer25:01 - 26:42 The difference between regulated and unregulated organizations26:43 - 33:21 What are the tell tale signs that an organizations is not ready for a strategical CISO?33:22 - 42:00 What are some practical/high impact steps to create high performing security teams?42:01 - 43:00 What is the one piece of advise you would like to give security leaders?43:01 - 46:28 What resources does Esther recommend to level up strategic thinking?46:29 - 52:21 Key take aways Irfaan and JeroenResources:Connect with Esther: https://www.linkedin.com/in/estherschagenvanluit/ Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/
More episodes
View all episodes
11. Carlo Alexander Schreurs (FrieslandCampina): "As a CISO, how do you lead in a Human-Centered way?"
01:02:56||Season 1, Ep. 11In this episode, we talk with Carlo Alexander Schreurs, CISO of FrieslandCampina, about his journey of reinvention after surgery and his transition into a transformational CISO role. He advocates for moving from rigid "zero trust" to a more flexible "adaptive trust" model, better suited to digital transformation. Carlo emphasizes cultural shifts in cybersecurity, highlighting storytelling, collaboration, and psychological safety to build trust and resilience. He also stresses integrating cybersecurity with business goals, going beyond compliance to drive innovation. The episode wraps up with practical advice for CISOs on staying agile in a fast-changing landscape.Chapters:00:00 - 03:14 Introduction of the episode03:15 - 06:26 Carlo reinventing himself 06:27 - 09:36 Reimagining Traditional Security09:37 - 14:16 The Drama Triangle vs. The Winner's Triangle 14:16 - 17:41 From Zero Trust to Digital/Adaptive Trust 17:42 - 23:00 The Role of Trust and Loyalty 23:01 - 26:15 The CISO as Storyteller 26:16 - 32:55 Shifting from Risk Avoidance to Value Creation 32:56 - 43:45 Human Factors and Behavioral Insights 43:46 - 45:44 Reframing Cyber Security 45:45 - 55:34 Compliance Theater 55: 35 - 58:03 Practical Steps for Agile and Adaptable Programs58:04 - 1:02:56 Key takeaways Jeroen & IrfaanResourcesDrama triangle to winner triangle:article 1: Life threw a curveball at me - on human-centric transformationsarticle 2: Beating the drama in Cybersecurity and Technology teams: uncovering hidden dynamics that drain energy and prohibit growtharticle 3: Beating the drama in cybersecurity and IT: How to shift from drama triangle to TED and build a thriving teamarticle 4: Cybersecurity Transformation: The Power of Human-Centered Leadership Storytelling: The Hidden Skill Every CISO or CIO Needs, But Few Use (On storytelling)Other source: The Cyber Samurai—Forging a Black Belt in the Digital DojoConnect with Carlo: https://www.linkedin.com/in/schreursc/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/10. Dimitri van Zantvliet (NS): “Securing Dutch Railways Amid Geopolitical Turmoil”
01:06:55||Season 1, Ep. 10Join hosts Jeroen Prinse and Irfaan Santoe in this episode of Reinvent Security as they sit down with Dimitri van Zantvliet as they talk about the challenges of securing critical infrastructure and OT at the Dutch Railways. Especially in time of geopolitical turmoil and hybrid warfare.Dimitri van Zantvliet is an accomplished leader in information security currently serving as the CISO of Dutch Railways (Nederlandse Spoorwegen). Dimitri is at the forefront of protecting one of the Netherlands’ most vital transportation networks against an ever-evolving landscape of cyber threats.His leadership has been instrumental in addressing the unique challenges of securing critical infrastructure in an era marked by hybrid warfare and complex geopolitical dynamics. Known for his bold and innovative perspectives, Dimitri emphasizes in this podcast that the “C” in CISO stands for Change—highlighting the role of security leaders as agents of transformation within organizations. He has also spoken about the disruptive potential of artificial intelligence, warning that AI is a “Weapon of Mass Disruption”.Dimitri’s expertise extends beyond technology into organizational culture, promoting resilience, adaptability, and collaboration as key components of effective cybersecurity. He is a sought-after speaker and thought leader, sharing insights on topics such as hybrid warfare, OT security, and the future of cybersecurity leadership. Under his guidance, Dutch Railways is not only defending its operations from cyber threats but also setting an example for how critical infrastructure operators can adapt and thrive in a rapidly changing world.Chapters:00:00 - 08:13 Introduction of the episode and Dimitri van Zantvliet08:14 - 17:05 The Dutch Railways, their Information Security team and team diversity17:06 - 21:29 The unique challenges of securing OT and critical infrastructure21:30 - 26:44 How does the threat landscape differ when securing critical infrastructure?26:45 - 29:59 Threat actors, influence of geopolitics and hybrid (digital) warfare30:00 - 34:10 Regulation on the security of critical infrastructure34:11 - 38:54 What can the IT security professionals learn from the OT security professionals?38:55 - 42:21 Supply chain security, procurement and information security42:22 - 45:29 What is the most exciting part of the "AI revolution"?45:30 - 50:11 Early adoption, curiosity, business enablement and innovation as security leaders50:12 - 55:39 The development of CISO Community Nederland55:40 - 1:01:09 The evolution of security leadership roles1:01:10 - 1:02:16 Wrapping Up1:02:17 - 1:06:55 Key takeaways Jeroen & IrfaanResourcesWerken bij de NS (https://www.werkenbijns.nl/vacatures)Black-out (https://npo.nl/start/serie/black-out_1/seizoen-1/blackout)CISO Community Nederland (https://www.cisocommunity.nl/)Connect with Dimitri: https://www.linkedin.com/in/vanzantvliet/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/9. Dr. Nikki Robinson (IBM) on Effective Vulnerability Management: Beyond Tools, Towards People
52:28||Season 1, Ep. 9In this episode of Reinvent Security, we dive deep into the world of vulnerability management with Dr. Nikki Robinson, a distinguished cybersecurity expert, author, and educator. With years of experience in IT operations and cybersecurity, Dr. Robinson brings a unique perspective to managing vulnerabilities in today’s ever-evolving threat landscape. During the episode, Dr. Robinson shares her journey from IT operations to earning a doctorate in cybersecurity, highlighting the pivotal moments that shaped her approach to vulnerability management. She emphasizes the importance of looking beyond patching to address the broader aspects of risk reduction, including human factors, automation, and AI. Whether you are a seasoned cybersecurity professional or someone looking to strengthen your organization’s approach to vulnerabilities, this episode is packed with actionable insights and strategies. As a bonus, Dr. Robinson shares her thoughts on the differences between vulnerability management practices in the U.S. and Europe, and how global frameworks like NIST are fostering consistency across borders.Chapters:0:00 Introduction4:31 Nikki’s Journey in Cybersecurity7:57 Defining Vulnerability Management10:35 Key takeaways from her book on Effective Vulnerability Management22:00 First Steps to Mature Vulnerability Management29:10 Prioritizing Vulnerabilities Beyond CVSS Scores32:30 Automation in Vulnerability Management39:15 Governance and Vulnerability Management44:20 Key TakeawaysResources:Dr. Nikki Robinson’s books: Effective Vulnerability Management and Mind the Tech GapSecurity Fatigue: https://www.researchgate.net/publication/361595380_Stress_Burnout_and_Security_Fatigue_in_Cybersecurity_A_Human_Factors_ProblemHuman Factors Security Engineering: https://www.tandfonline.com/doi/full/10.1080/07366981.2023.2211429Human Factors in Cybersecurity: https://dl.acm.org/doi/abs/10.1145/3537674.3555782Vulnerability Chaining Blog parts 1 and 2: https://blog.stackaware.com/p/vulnerability-chaining-part-1-a-logical Connect with Nikki: https://www.linkedin.com/in/dr-nikki-robinson/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/8. Bibi van den Berg (LEI): “Why traditional risk management falls short in cyber security"
55:04||Season 1, Ep. 8Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they sit down with Prof. Dr. Bibi van den Berg, a renowned expert in cybersecurity governance. Bibi shares her unique perspective on the limitations of traditional risk management approaches in the rapidly evolving cyber landscape. She introduces the concept of value-driven decision-making, emphasizing the need to align security practices with organizational values, not just numbers. Discover how human behavior, technology, and regulations intertwine in cybersecurity, why data limitations pose significant challenges, and how organizations can rethink their approach to managing cyber risk. Whether you’re a seasoned security professional or new to the field, this episode offers fresh insights and practical advice to help you navigate the complexities of today’s cybersecurity challenges.Chapters:00:00 - 03:04 Introduction of the episode and Prof.dr. Bibi van den Berg03:44 - 06:03 How is Bibi contributing to reinventing security?06:04 - 08:05 Safety Science vs. Cyber Risk Management08:06 - 09:47 What inspired Bib to focus on Value Driven Decision Making?09:48 - 21:19 What would be the main limitations of traditional risk management?21:20 - 25:47 How does value driven decision making for risk differ?25:48 - 28:52 Asset prioritization and value driven decision making28:53 - 32:42 The challenge with board and the need to quantify32:43 - 43:32 How can organizations define their core values?43:33 - 48:49 Common challenges for organizations in transition to a more value based decision making approach48:50 - 55:04 Key takeaways Jeroen & IrfaanConnect with Bibi: https://www.linkedin.com/in/bibivandenberg/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/7. Sander Zwiebel (NN Group) on DORA: "The Final Countdown"
58:38||Season 1, Ep. 7Join hosts Jeroen Prinse and Irfaan Santoe as they dive in the world of DORA, together with Sander Zwiebel (NN). During this episode we discuss what DORA is, why it came to existence, the scope of DORA and challenges and solutions directions for getting DORA implemented. It is the FINAL COUNT DOWN because organizations in scope for DORA have to comply by January 2025.Chapters:0:00 Introduction to DORA01:02 Introduction of the episode and Sander Zwiebel09:01 Introduction of DORA13:06 DORA's Impact on Security17:39 DORA's Impact on Financial Industry and Third-Party Management28:59 Implementation Challenges Ahead35:55 Tips for Successful DORA Implementation40:55 Future of Regulatory Landscape45:47 Closing Thoughts on Compliance and Security52:50 Conclusion and Next StepsResources:DORA formal law Digital Operational Resilience Act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554&qid=1727030708806DORA regulatory technical standards or RTS: https://www.eiopa.europa.eu/publications/second-batch-policy-products-under-dora_enDORA Questions and answers, joinedly done by the ESA’s (Eiopa, EBA, ESMA): https://www.eiopa.europa.eu/about/governance-structure/joint-committee/joint-qas_enESA link to a dry run exercise on the information register, in order to learn as supervisor and supervisee how the information register is going to work on both sides: https://www.eiopa.europa.eu/esas-publish-templates-and-tools-voluntary-dry-run-exercise-support-dora-implementation-2024-05-30_enDutch National Bank (DNB) link to DORA: https://www.google.com/url?q=https://www.dnb.nl/en/sector-information/open-book-supervision/laws-and-eu-regulations/dora/&source=gmail&ust=1727370130061000&usg=AOvVaw3GieR7OhPwfIElBvDRye_mConnect with Sander: linkedin.com/in/sander-zwiebel-241a16Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/6. Steve Hollands (BQCM): "The future of security is quantum-proof: Start preparing today!"
50:33||Season 1, Ep. 6Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they welcome quantum computing and security expert Steve Hollands, Chair of the Board at Blackhills Quantum Computing. Steve dives deep into the fascinating and complex world of quantum computing, discussing its far-reaching implications for the future of cybersecurity. From the looming threat of quantum computers breaking traditional encryption to the opportunities quantum key distribution offers, this episode covers the cutting-edge advancements that could revolutionize security as we know it. Discover how AI and quantum computing could drastically shorten the timeline for encryption vulnerabilities, why businesses need to start preparing today, and the importance of crypto agility in a post-quantum world. Whether you're an IT professional, a cybersecurity enthusiast, or just curious about the future of technology, this episode delivers expert insights and actionable advice to help you stay ahead of the curve in the quantum era.Chapters:00:00 Welcome to the podcast00:35 Introduction of the episode and Steve Hollands02:53 How is Steve contributing to Quantum proof security?04:49 How does quantum computing differ from traditional silicon based computing?08:53 How does quantum computing impact the field of information security?12:16 What is the timeframe of quantum computing threats and opportunities?15:26 What is quantum safe cryptography and what are researchers doing?16:37 Crypto agility is a key security principle in any security strategy18:27 Are actors using quantum capabilities everybody's problem?20:54 How a Quantum Readiness Framework can help organizations towards a post quantum security strategy?24:06 What steps should organizations be taking now to prepare for the future impact of quantum computing on their security infrastructure?29:46 How to create a Quantum Secure Defense in Depth Strategy?34:57 What other steps should organizations take to prepare for the future impact of quantum computing on their security infrastructure?36:24 What are the regulatory and ethical considerations that come with the rise of quantum computing in information security?37:09 Resources for your journey into quantum and security38:26 Which board member is driving the change towards a post quantum organization?41:38 Can we make quantum secure cryptography a service for the organization?44:03 Wrap UpResources:Forbes: https://www.forbes.com/sites/adrianbridgwater/2018/01/03/neuromorphic-computing-will-build-human-like-machine-brains/Nature: https://www.nature.com/articles/s41928-021-00646-1McKinsey, timeline for Q-Day: https://www.linkedin.com/posts/activity-7229084010952478720-9nkuBlackhills new website: https://www.blackhillsquantum.com