Cyber Risks Unmasked: Reporting the Threats #DTF016 - podcast episode cover

Cyber Risks Unmasked: Reporting the Threats #DTF016

DTF Cyber Podcast
Aug 18, 20251 hr 7 minEp. 16
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Join hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday!

0:00:00 - Intro: Special guest Dina Mathers

0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches

0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates

0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling

0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms

0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI

0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable

0:28:40 - Real-world angles: Procurement pushback, business use cases

0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks

0:40:00 - Basics failures: Weak creds, poor segmentation, no logging

0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships

0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams

0:58:25 - Tease: Non-human identities (NHI) as future ep topic

1:00:01 - Fern's thought: Security leaders as elite salespeople

1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells

1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold

1:06:15 - Outro

Articles:

https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06b


https://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/


"Periodic Table" :

https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/


Linkedin:


Dina Mathers: https://www.linkedin.com/in/dinamathers/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/


Business Inquiries: dtf at cyberpodcast dot net

For the best experience, listen in Metacast app for iOS or Android