Episode 14

Andrea Bonime-Blanc - CEO & Founder, GEC Risk Advisory LLC; Global Ethicist; NYU Cybersecurity Professor; Book Author

Published on: 6th January, 2022

Dr. Bonime-Blanc spent two decades as a c-suite global corporate executive at Bertelsmann, Verint, and PSEG overseeing legal, governance, risk, ethics, corporate responsibility, crisis management, compliance, audit, InfoSec and environmental health and safety, among other functions. She began her career as an international corporate lawyer at Cleary Gottlieb, was born and raised in Europe and is multi-lingual.

She serves on several Boards and Advisory Boards including Greenward Partners (a Spanish green energy firm), Ethical Intelligence (an EU-based AI ethics firm), ProtectedBy.AI (A US based AI cybersecurity firm), Epic Theatre Ensemble (a NYC nonprofit), the NACD New Jersey Chapter and NYU Stern-based think tank, Ethical Systems. She also serves as a Governance Mentor at Plug & Play Tech Centre, a global start-up eco-system. She is a NACD Board Leadership Fellow and Governance faculty and holds the Carnegie Mellon CERT Certification in Cyber-Risk Oversight.

Andrea is a global speaker, including at Davos, and appears regularly on Bloomberg TV, Yahoo Finance, Cheddar and other media. She is faculty at NYU’s Center for Global Affairs Masters program teaching “Cyber Leadership, Risk Oversight and Resilience”. She is an extensively published author of many articles and several books including The Reputation Risk Handbook, Emerging Practices in Cyber-Risk Governance and The Artificial Intelligence Imperative. Her latest book, Gloom to Boom: How Leaders Transform Risk into Resilience and Value (Routledge 2020) debuted as an Amazon #1 Hot Release in Business Ethics and Game Theory. She serves on the board of directors at Cyber Future Foundation, a non-profit and think tank of doers and executives. She lives in New York City with her family and is an avid photographer and artist.

About This Discussion:

Highlights:

0:00 - Intros & How did Andrea Get into GRC and Ethics?

  • WHY GRC?
  • Started out life as a lawyer at a start up
  • Moved to be Crisis Management, Became the person that got the non-financial issues
  • Y2K was her first contact to prepare the team and IT people and coordinate
  • Grew Up in Germany and Spain, came to US at 17
  • Social Sciences have always interested Andrea

7:40 - Crisis of The Week - Launching her own business

  • Frustrated with the corporate world on corporate responsibilities, GRC, Cyber issues, etc
  • Saw opportunity to be an outside advisor across multiple industries for clients who really care
  • Notably, clients are doing the right things and want to do better

12:00 - Legal Background and Cybersecurity

  • Legal background and how it helps differentiate to advise
  • Don't consider herself as "narrow" but looking at situational awareness
  • Moving from legal to strategic consultant
  • World have a perception that lawyers
  • Process is commonality in legal and cybersecurity industries - Andrea's German Mom help instill discipline and rigor to establish process
  • Keep learning and helps to drive for themselves or others

19:00 -  Difference between GRC and Security

  • There is a parallel threads between GRC and Security communities
  • Big push in cybersecurity for CISO to be on the C-suite and Boards
  • Andrea  argues that not all CISOs are equal, so multiple backgrounds, though good, the CISO needs to have a broad view.
  • CISO runs risk of being relegated as a focused expert versus an equal peer who speaks the language of business and CRG, Cybersecurity, etc.

22:52- TALENT Question and GRC

  • Cybersecurity is so broad and multi-faceted, so different ways of thinking is welcome in GRC
  • Finding solutions in the world that is dynamic and be curious
  • Don't need to be in the bucket
  • Master Program - Cybercrime and International Security
  • Students - May not have a career in cyber, but she helps connect the dots to help others understand and recognize

27:00 - How do people get into GRC

  • Requires design
  • Interesting on Risk Management
  • Meeting Executives for the first time that addresses areas of 
  • Don't be alarming about it, 
  • Risk can be opportunity
  • Risk is always going to exist because things are constantly evolving
  • Look at perspectives - There is always opportunity to look at risk
  • People need to go where passion and talents and be a learning person to create a new world

32:30 - Avoiding Burn Out

  • Burn out is a real problem
  • Living in NYC during pandemic
  • Default position is to work, but she loves what she does
  • Finding YES to too many things
  • Volunteer work and
  • Constant reading and doing things, but needs to stop occasionally

37:00 - Is it Achievable to Stop To Smell The Roses

  • Give yourself a day off and say no
  • Personal designated times are important
  • Covid has underscored a mentality shifts, ie. leaning to introverted side
  • Misses Traveling, especially with her girlfriends in Mallorca

Final Thoughts:

Spread the word and bring people with different backgrounds in all spaces.

LinkedIn: https://www.linkedin.com/in/andreabonimeblanc/

Twitter: https://twitter.com/GlobalEthicist

World Economic Forum Contributed Piece, co-Authored: The 5 'Ts' of cyber-crisis readiness for every kind of organization

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The CISO Diaries

About the Podcast

The CISO Diaries
The path to cybersecurity leadership is not a direct route and it's those divergent routes that create the amazing stories and histories of leaders who are driving security to keep businesses and people safe.

We’re Leah McLean and Syya Yasotornrat and we intend to give CISOs and cybersecurity professionals a place to be their authentic selves. These are the unedited stories told of how they got into cybersecurity, the real struggles they’ve persevered through, personal anecdotes that make them tick, and leadership advice based on experiences.

We aren't the kind of cybersecurity podcasts that focuses on the technologies, or recent incidents. We are the podcast that focuses on the people behind the headlines and the incredible diversity of experiences and backgrounds. (And it's not lost on us that we're two awesome female hosts)!

Let's face it: we are a cybersecurity tribe and we need all hands on deck!

We hope you enjoy our CISO diary entries.

After all, we're only human, right?

Special thanks to our sponsor, Cyber Future Foundation, a non-profit global cybersecurity executive leadership community, where leaders, thinkers, and futurists discuss and develop actionable guidance and frameworks for a trusted and safer world.

About your hosts

Syya Yasotornrat

Profile picture for Syya Yasotornrat
Syya is a tenured tech sales professional with her time at SonicWALL and Hewlett Packard (HPE) with some hospitality at the Walt Disney Company and IT recruitment experience in the mix. She is currently a podcast strategist and consultant, helping others to bring out their voice and legacy through podcasting. She loves to learn and talk about anything, so feel free to reach out!

Leah McLean

Profile picture for Leah McLean
Leah is Vice President, Cybersecurity Specialist at Mastercard. She is focused on implementing strategy and programs to evolve cybersecurity risk management approaches and cybersecurity awareness and training. She actively contributes in community working groups to advance cybersecurity risk management and third-party risk. Leah is also a mentor to candidates breaking into cybersecurity careers, and collaborates with employers to rethink their workforce and hiring strategies.
Leah is a co-founder at Whole Cyber Human Initiative, a non-profit focused on redefining how we identify, train, equip, advance knowledge, and build workforce development within IT and Cybersecurity. She also volunteers for Cyber Future Foundation, a non-profit driving workforce development initiatives and private and public sector collaboration.
Previously Leah held senior level roles as a cybersecurity practitioner at Armor, a cloud security company protecting data for SMB and mid-market customers, Apstra (acquired by Juniper Networks), A10 Networks and Cisco Systems. Leah serves on the Board of Advisors for Cloud Defense, Inc., a breach visibility cloud security startup and is on the board for the Cloud Security Alliance North Texas Chapter.
Leah holds a bachelor’s degree in Political Science, with an emphasis in International Relations from the University of California, Santa Barbara. She is an active outdoor junkie always chasing adventure.