Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 105
Afternoon Cyber Tea with Ann Johnson 4.22.25
Ep 105 | 4.22.25

Game Plans and Playbooks: Building and Implementing a Cybersecurity Strategy

Show Notes
Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea" where we explore the intersection of innovation and cybersecurity. I'm your host Ann Johnson. From the front lines of digital defense to groundbreaking advancements shaping our digital future we will bring you the latest insights, expert interviews, and captivating stories to stay one step ahead. Today I'm excited to welcome Christina Morillo who is the head of information security at the National Football League's New York Giants. With decades of enterprise leadership experience, Christina is known for transforming organizational security programs with strategies that marry deep technical expertise and business acumen. Her approach combines strategic oversight with practical execution to make security accessible and actionable at all levels. Welcome to "Afternoon Cyber Tea," Christina.

Christina Morillo: Thank you so much Ann. Thanks for having me.

Ann Johnson: So you have had such an amazing career. Multiple industries. You've worked in financial services. You've worked in technology. And now you're working in professional sports. Can you take us through your background and how you find your way in to cybersecurity leadership?

Christina Morillo: So I started my career too many years ago, too many decades ago, in technology. And I was actually a technical support associate for Dell Computers back in the day. It was at a call center. And from there I kind of honed my experience and moved in to more desktop support, help desktop support, which led me in to like junior network administration, system administration. So I've always been hands on and pretty technical, but also super curious which led me in to the financial services domain here in New York City working specifically within an IT security department focused on identity and access management at the time. We didn't call the -- you know we didn't call cybersecurity cybersecurity. So that's pretty much how I broke in and it was because I was able to leverage my existing like, you know, system and network administration experience. I ended up at Microsoft and that's where I gained all of my cloud knowledge and especially in terms of like data protection and cloud identity and how and what was just like the hybrid world all about. And so that was just like building my toolkit, building my toolkit. A lot of the experience I got I think, a lot of my greatest experience, was at Microsoft which then led me to this role. Right? Where I was able to combine and encapsulate everything I've learned throughout my years and also learn things that I didn't really have experience in. And yeah. Still learning.

Ann Johnson: I think that's core and key to cyber. Right? It's an always be learning industry. And you have a -- you know there are no traditional backgrounds, but you have a background that's super relevant given, you know, you did support and you did network work. You and I had the opportunity to work together briefly and I was always so impressed with your acumen. I was impressed with how you thought about problems. It's just one of those things like cyber requires so much critical thinking skills.

Christina Morillo: 100%.

Ann Johnson: So when you think about your journey and you think about new organizations and different roles how do you go about assessing where the team is on their cyber journey? And what is your approach to actually taking and shaping a strategy that meets them where they are, but gets them to the place of maturity where you want them to be?

Christina Morillo: So that's always a tough one. One thing that I will say is that I never walk in with a checklist. I always walk in with curiosity. One of my first moves is to listen. A cross function. I want to know how people have experienced security, if they understand security, what -- you know, what our corporate leaders, how they feel about security, where there are any gaps in terms of the culture as well. That's super important for me. In parallel I also assess fundamentals. Right? I look at our policies, architecture, our identity, awareness, detection. But I'm not really just looking to audit. I'm kind of looking for alignment. I'm looking to see where our security goals are in sync with business priorities, where they're not in sync. And then I build a strategy rooted in where we are. Right? Not where we wish we were. Of course I leverage frameworks. Right? When we talk about like NIST in my case today I use a specific custom framework that the NFL leverages which is a combination of NIST and a few other frameworks. So it's like our own internal one. So I leverage that framework as well. And then I focus on early wins to build momentum and that's exactly what I did here at the Giants'. So while focusing on early wins, building momentum, I continuously design our road map with the intention that we mature or that security matures with the organization. So it sounds like making a pizza, but it's like it's really complicated, but it's definitely possible if you enter with that kind of flexible and growth mindset.

Ann Johnson: I think that's really great that. I know a lot of leaders will come in and just immediately make changes. Right? Without even trying to assess the org. And the fact that you sit back, assess the org, and then try to take the approach okay change needs to be made, though let me do this thoughtfully is better for long term success. At least the opinion of Ann.

Christina Morillo: It also helps because coming in to any organization, especially an organization that has not had security leadership, you -- you are pretty confident that you are going to face a little bit of resistance. Right? It's like going in and trying to call, you know, someone's baby ugly. Right? You don't want to do that. You want to focus on the positive and you want to really build like a collaborative function. And if you go in changing things unfortunately you're going to kind of rub people the wrong way. So you just -- it's just a matter of being strategic.

Ann Johnson: That's great. And I hope everyone who's listening thinks about that advice and how they would implement it, particularly when they're going in to a new org or a new function. So cyber is full of misconceptions. Right? Even my family, you know, they -- they'll see movies and it's always the cyber person has -- it looks like a hacker with a black hoodie in a basement in a dark room. So what do you think about the misconceptions in the industry? What have you seen from either maybe your executives or newcomers to the industry? And how do you go about helping people get from that misconception to actually having a really mature understanding of the industry and a responsible understanding?

Christina Morillo: Oh my god. This is such a good one. That's such a great question. One of the biggest misconceptions that I see within cybersecurity is that it's just an IT thing. It's IT's job. It's something technical that sits off to the side. IT will take care of it. It falls under IT. And that's it. The truth, as we both know, is that it's a business risk issue, not just a technical one. So part of what I do is, you know, I work really hard to bring security in to broader conversations like -- with, you know -- with operations, with finance. Even with HR, right, in terms of like identity and on boarding and all of that stuff so that people understand like how their day to day decisions impact the organization's risk posture. Something else that I see a lot is oh if we're compliant we're secure. Right? Like just check the box and that makes it secure. And that's not true and that's something that I have to emphasize over and over again just kind of making clear that compliance is the floor is not the ceiling. And what I try to do is like I try to incorporate real world examples. There's so many breaches and examples nowadays I feel like we see one every other week where companies are fully compliant and still got hit. Right? Because maybe they weren't actually secure where it mattered the most. Right? Maybe there was a process failure as an example. Not necessarily a technical one. So my real focus is just to make security relatable. Right? Across the organization. I've seen over and over again that people refuse to engage with things that they don't understand. So my take is to meet people where they are, speak their language even if it means learning football and learning football speak. I was not a football person prior to this experience. It really makes people feel that you care about what they have to say and then you can bring them on and make them a part of something and just make them a part of the security journey.

Ann Johnson: That's fantastic and you and I had talked about the football remember. I'd offered to trade you football expertise for your identity expertise.

Christina Morillo: Yes. Yes. I've been even thinking up on that because there's still so much stuff I have to learn.

Ann Johnson: Any question. If I don't know I'll go find out for you because it will be interesting for me to learn it. I've watched so much football I always want to know what's going on and the rules change, as you know.

Christina Morillo: Yes. Yes. Yes. Absolutely.

Ann Johnson: So when you think about -- you talked about compliance. Right? Just because you're compliant you're not secure. And I think that leads to the next question which talks about risk. How do you think about risk when you're building a security strategy? And how do you think about compliance and how do you get your leadership and your peers aligned around the risk and aligned around the cyber risk even if it isn't related to compliance?

Christina Morillo: I will say that that is always a journey. It's a never ending journey. But one thing I've learned is that risk isn't always about the math. It's about the story. Right? Or your ability to tell the proper story. So for me, you know, when I get push back I don't really argue. I -- what I try to do is I try to reframe the conversation around business impact. And again I go back to those real world scenarios. You know? I'll say something like, "Hey. Here's how this type of risk has played out for others." Or, "Hey. If this happened here, what would this cost us in down time or reputation or how would this impact football operations?" Right? So I always start with that business impact and what's at stake if the risk plays out. I've in terms of like revenue, reputation, operations, etcetera, but I've learned that leveraging table tops for this, like executive level table tops, has been fantastic because I feel like even hearing it from like an external entity really helps kind of to reinforce that message. So for me I like to use these frameworks, but I layer it or I ground the frameworks in reality. Right? Because sometimes these frameworks are not necessarily one to one. And there's nothing about football in the frameworks. Right? So -- so I listen for push back of course. I tell stories around it. I give examples. I, you know, listen at scale. I try to understand where the push back is coming from, if there's just like a lack of awareness, if there's a misconception somewhere. And then, you know, ultimately if things start to feel a little bit subjective I try to turn them in to decision points. Right? So are we going to accept this? Are we going to mitigate it? Are we transferring it? All the while trying to be a little bit more intentional. But it's difficult. Right? It's a journey. You have to be flexible. You have to pivot. I think the most important thing though is to keep protecting the mission top of mind. Like whatever our mission is. Right? If our mission is to win football games, if our mission is to, you know, delight our fans and our customers, like I have to keep that at the forefront.

Ann Johnson: That's fantastic. I tell folks here that the customer's at the center of everything we do. Right? And we have to be secure, but the customer is in the center circle and one of the reasons we're keeping things secure is to protect our IP, to protect their platforms, to protect their environments. I think it's so important to align cyber to the mission so people see you as a blocker, not just -- people don't see you as a blocker. They don't see you as just some IT department that's coming there to tell them no. They understand. Yeah. They understand your mission focus. I love that. Let's talk about AI for a moment. I can't get through a podcast without talking about AI. So I'd love to get your perspective. Do you think AI has a unique role in helping build, implement, security strategies? And how are you thinking about what tools are the most useful right now?

Christina Morillo: I think AI absolutely has a role. I also don't think it's a silver bullet. I like to think of it today as an accelerant, not a replacement for like our core security fundamentals. At least not yet. Right? I'm optimistic that we'll get there, but we're not there today. What I'm seeing is that it's been great for like spotting patterns, obviously reducing alert fatigue. There's a lot of that. And definitely automating repetitive tasks so that the team can work on like more higher value items. But what I'm also finding is that not every AI labeled tool is created equal. Right? So what I do is that I evaluate these tools the same way that I do any solution. Some of my core questions are does this tool solve a real problem. Right? Or is it going to just add new noise? Can this tool integrate cleanly with our current workflows or do we need to create or rethink/revise our existing workflows? And most importantly for me are what are the risks. Right? Especially around data privacy, model transparency. Is our data being leveraged for training these models? And so there's so many questions. I think we're still in the middle of it. I know that there is I'm seeing a lack of tactical tools, governance tools. I think the industry's still trying to catch up in terms of AI's moving super super quick and just these innovations are moving super super quick, but I think that some of the tools, some of the governance tools, are not moving as quick. And so while I am optimistic about AI's potential, especially in those areas like detection, identity, and behavioral analytics, I'm pairing my optimism with caution. Right? Because I think moving too quickly is good in some scenarios, but I think you have to also be cautious because when you're talking about an organization.

Ann Johnson: Yeah. I do think you have to be cautious. I do think it's prudent for particularly with data. Right? To make sure that your data is properly classified labelled encrypted, and you know what data is going in to your AI systems. You had said something. I want to pull the thread for a second and just ask a follow on question. As you know, I've written about AI for years. Right? I do think that it's a promise for the industry. I also think it's a big promise in non human identities. We none of us are great on service identities, machine identities, etcetera. Do you have any thoughts on that?

Christina Morillo: We've struggled with identity for so many years. I mean I remember when we were still talking about role based access controls. Right? And I hear it pop up every now and again and I'm like yeah we haven't got that right. And now with all of these SAS applications integrating at the API level, right, it's non human identities have proliferated across these organizations whether on prem, whether in the cloud. Both. And so I think there is huge promise. I just think that everything is coming so quickly. We're seeing so much so fast that I think we haven't placed things. What I do think is that leading an organization like your organization is huge. Right? Because you guys have the tools. You have the capability to -- capabilities to do that research and then to kind of surface those learnings to your customers. So I think looking at that stuff suite platforms is always a win. But the problem is that companies are integrating or security tools are integrating machine learning and AI within their existing tool kits. Right? So it's coming from everywhere and we just I think the community's having a hard time figuring out how to secure, what to secure. And going back to the data security and classification labeling I'm seeing tons of organizations that are not even there yet. So a lot of organizations don't know what their crown jewels are in terms of data, don't know what they have, don't know what they don't have. So I think that has also expedited that journey. Like for me that's what I've been looking at. Right? Recently. Like just how do we classify all of this data? How do we do it strategically? How do we leverage AI to help us, you know, make more contextual decisions in terms of classification so that we can move quicker? I was talking to a company recently. I forget the name of the organization, but they focused on non human identities and I though some of this stuff that they're working on is super innovative and I'm just I'm excited to see how it progresses and how it also changes the entire identity landscape.

Ann Johnson: I agree, and also you said something about data classification and labeling. Humans are notoriously bad at that including humans who are in cyber.

Christina Morillo: Yep. Yep. Yep. 100%

Ann Johnson: Yeah. If AI can start automating that it would be a big win for us as an industry. If they could work off key words and start automating classification and labeling and have really high efficacy, it would be such a big win.

Christina Morillo: And that's the key, really high efficacy. That's what I'm looking for today. And I've seen some -- I've seen some heavy hitters in the space that I don't get impressed often, but I was recently impressed by a specific tool that I'm looking to POC that is doing that. So.

Ann Johnson: Oh. Well, you and I will talk offline because --

Christina Morillo: Yes. Yes. I'll tell you. I'll tell you which one it is.

Ann Johnson: Yeah. We're always looking for good technology. But all right. I am really fortunate in timing with reporting this because you just posted or recently posted on Linked In. We were talking about the expression culture eats strategy for breakfast and you went one step further and said, and I'm quoting, "Behind closed doors it's not strategy that drives outcomes. It's culture." How do you bring that in to your program, Christina? How do you think about strategy? How do you think about driving outcomes and drive the culture so that they're persistent outcomes?

Christina Morillo: So yes. I wrote -- I wrote something about that. That was heavy on my mind. So for me like culture is everything. Right? And that -- that quote holds so true and for me now it's like extremely powerful because I live it. And I think we all do really. No strategy, you know, regardless of how good it is will land if the culture resists. Right? And that's from the top to the bottom, the bottom to the top. So one of the things that I like to do is, you know -- and I still do it today is I pay attention to how people communicate, how people escalate, how people respond to friction, how people respond to change. Right? And I gauge that. Something else that I look to do is I communicate with everyone. Right? I want to know what everybody's doing and what you're working on. What do you -- even if like you're asking me questions about your personal data hygiene and data security, I love that. I love when people do that. And I actually send internal newsletters about personal data security as well because I want folks to take this in to their homes. Right? And share with their families in terms of things that they can do. Right? Like just basics. So it's not always about the organization, but I think that's a great win for the organization because then folks are thinking and just having that security mindset. But, you know, I don't like to build in isolation. When it comes to strategy I like to think of it as co-creating with the people that the strategy affects. Obviously we always want to align with the business. We want to ensure that our stakeholders in terms of our executives, our boards, that we're on the same page in terms of what their expectations are. But I always like to think of how do I do a little bit more. How do I achieve a little bit more? You know if I have like a top level item I want to try to break that in to like five things, five wins. Right? Even if it's something as simple as like deploying Windows Hello to increase support for IT or something like that. Right? Like so that folks are extremely excited about how easy it is to log in to their computers now and it's not cumbersome so that they start to see, you know, our departments as solution providers, right, and not blockers. So I think it's just about changing how we talk about security, celebrating progress, not just flagging these risks. Helps to shift the culture over time. But I think it's not only about security. Right? I think there's like a deeper conversation to be had in terms of overall culture. And I think the organization's leaders, you know, starting with the CEO and his lieutenants or her lieutenants will drive that. There has to be that intentional advocacy starting at the top. If not, it will all fail.

Ann Johnson: I think that makes sense and I think it makes a lot of sense that we have to, and I've talked about this, you know - that we have to start talking about cybersecurity differently. We can't -- we can't be scary all the time. If we're scary all the time no one wants to come on the journey with us. They run away.

Christina Morillo: Exactly. Exactly. Be approachable. Right? It's like you have to be human.

Ann Johnson: Exactly. Can we talk a bit about governance? So orgs will often have this robust cyber governance document or policy in place, but they don't translate the policies in to steps. How do you think about the policies you have in place, the frameworks you have in place, with how you enforce them and how you message them, communicate them? And again I'm going to use your word. Drive the right outcomes.

Christina Morillo: Yeah. You know one of the things I think is that governance needs to guide, not suffocate. I'm seeing a lot of -- it's always interesting to see the conversations around like governance risk and compliance because the narrative is that it's like either check box controls or it's going to suffocate what everyone else does. I like to think of these policies as living documents. Right? That should be usable, not just auditable. Which also means that they're subject to change. Right? Depending on how things are working or not working. So one of the things that I like to do is co-design governance frameworks policies, approaches, whether tactical or not with other teams including legal. So at the Giants like I am part of an information security committee that includes our senior leaders and so we discuss all of these things. Right? And so it's not something that I'm designing in isolation. I bring up the topic. I kind of drive the conversation. And I look at how do we get more adoption. Right? Here's what I recommend. Here's what I don't recommend. Right? Or here's what has worked. Here's what I've tested. But I think for me -- and again take this with a grain of salt because every organization is different and you need to learn your organization before you implement anything obviously. It's going to look different the way you approach it. But I think for me the secret formula is like clarity, flexibility, lands you in to that sweet spot. But the key is that that formula will change, right, over time. And it could be -- over time could be every other day. It could be in a week. Right? So you have to be flexible, not rigid, especially with governance. This is what I found. People want to help. People don't want to be a blocker, but I think that sometimes it's not clear what they need to do. Over time they get there's like a sense of frustration that starts to build. So if you're clear and you take folks along for the journey I think the governance piece is like a piece of cake. It's never a piece of cake. I'm being sarcastic. But, you know, it can be a little bit. It can be a sweeter cake. Right? And not as rigid.

Ann Johnson: I think communication. Right? I think communication and language that people actually understand will get your soul.

Christina Morillo: Yeah.

Ann Johnson: Well let's talk about, you know, strategy is only successful if it's well adopted and if you measure it. Right? And if you continually measure it and then continually get feedback, get everyone on board going on a journey. As you think about your role, your current role with the New York football Giants -- I always want to say that because, as you know, there were the New York baseball Giants once.

Christina Morillo: Yes.

Ann Johnson: How are you collaborating across internal departments and with key stakeholders across the other NFL teams? And what is the key to managing those relationships?

Christina Morillo: So it's amazing. I mean I won't take credit for like the community that has been set up. That's, you know, credit to the NFL CISO and his information security office. They've done a great thing with bringing us all together, like the 32 clubs. So we're -- you know we're always on phone calls multiple times a month. We have we share threat intel. We meet in person a few times a year as well. So it's super collaborative. A lot of it starts with -- for me I feel like a lot of it starts with building that trust. I mean we all meet up through those sessions, but we also speak independently as well. Right? So I'm on a thread with a few of the clubs because building those relationships are super important. I mean I get so much intel from folks. I share intel. At the end of the day we all have the same shared goal, right, which is to protect our fans, protect our clubs, protect the overall league. So our focus is really just to collaborate and collectively reach those goals by sharing things like intelligence, tools, processes, and more. So one of my favorite elements of this entire journey has been meeting other information security officers across the different teams and learning more about their strategy, their processes, and us kind of like comparing and exchanging notes. That has been a joy because it's like our own little security community. I'm always encouraging people to share more externally so that the overall cyber community can get more of this goodness. We're not there yet, but I'm hoping to convince the people that need to be convinced. But it's all about relationships I think, you know. It really for me has been about relationship building, making that time not only when they're urgent moments, but just overall. So it's been fantastic.

Ann Johnson: That's great. I'm glad you have such a big community. I do think it's incredibly important. We do too. Right? We may compete with technology companies, but we also very much are peer with them from a cyber standpoint. I don't know that people realize that.

Christina Morillo: I don't think they do. But it's good to -- you know it's good to share it because I think that the more -- you know the more we share the more people know and remember.

Ann Johnson: A couple more questions. Even in the best teams, right -- I like to think we have a world class team. I'm sure you have a world class team. Even in the best teams with the smartest people with the best strategies in place you can't do everything. Right? You have to prioritize. How do you make peace with that and how do you prevent burn out from your team when they know there are hard problems to solve, but they just can't get to them because they're solving other hard problems?

Christina Morillo: I'm going to be so transparent and say not well because as much as I say I want to prioritize what matters the most, you know not necessarily what's loudest, sometimes we do have to be a bit reactive. So balancing the proactive productivity with reactivity is difficult. You know it's something that I'm always looking to learn how to be better at and ask my peers, you know, within the league and outside of the league how they do it. But I think one of the things that I'm coming to terms with slowly is accepting that we will never be at 100% and that's okay. Right? There is no 100%. There is no done in cybersecurity anyway. Right? So what I try to encourage is I try to model balance. Right? Like I want to set boundaries. I want to take time off. I'm a big fan of professional development. Super big fan. And it doesn't necessarily mean that I have to take a cyber class. I mean if I want to go learn pottery or gardening like why not? Right? I'm still developing myself. And I'm becoming a better human in the process. But I think most importantly is celebrating wins. There's always something to do and there's always going to be a bunch of things to do every day. So I think that celebrating small wins which I don't really see them as small wins, but just any win, as small as it may be, it may come across, because it matters. Right? And I think that also builds enthusiasm for you and your team. And really keeping like the progress over perfection mindset top of mind as well. Right? Just keeping that front and center. It's about progress. It's not about perfection. Perfection does not exist. I think as long as you're giving it your all every single day and we come prepared and come ready to learn, come ready to ask and answer questions, I think we're doing everything that we can. But tactically, right, it's just again it's about prioritizing what we can do within the time allotted. In our world, you know, we have the off season which really just means that there are no games on TV, but that's where we are able to implement a lot of changes behind the scenes in terms of technology tool kits, etcetera. And like modernization because during the off season it's a little bit more challenging. Right? You don't want to break production during the time that there's a football game like tomorrow night. Right? So kind of keeping those things top of mind. So we try to prioritize what we can during each off season. So like from January to like July there's time to do all of this stuff and more and then planning for whatever is not priority for this year will go in to like the next year bucket or the do we have any downtime right before the season or right at the cusp of the end of the season. It's a balancing act for sure. I don't think I've perfected it yet. I may need to take notes from you.

Ann Johnson: I don't think anyone's perfected it yet by the way the teams are always stressed and you just try to -- you try to check in. My thing is I check in with people. How are you doing? How are you feeling? Why don't you take the afternoon off? Just little things like that. Knowing that your leader is checking in has a huge impact that you generally care about the mental health and the burn out and the productivity of your team equally. Right?

Christina Morillo: I've danced with burn out a few times. So that's why I think boundaries for me are super important and taking overall just like taking that time off and encouraging others to take time off is super important.

Ann Johnson: So last question. As we close out I'm a cyber optimist. I say this every "Afternoon Cyber Tea." I try to be optimistic. I wouldn't get out of bed in the morning if I weren't an optimist about what I do. With that in mind, what are you optimistic about for the future of cyber?

Christina Morillo: Yeah. So much. So and to your point some days it's difficult so you always have to like keep your little optimism notes like everywhere. Right? Just to remind you. I'm optimistic about the shift towards more human centered security. I like this idea of designing with and for people, not just training them harder or throwing more training at folks. Another thing that I'm excited about is that I'm seeing more like diversity. You know, diversity in thought, background, leadership, in the industry. And that's super powerful. Like I'm seeing so many more voices that I haven't seen in the past and I love that. And finally I'm seeing security becoming more of a strategic function and I continue to see that and my hope is that we see that even more. Right? I feel like we've been looked at as or brought in as an after the fact, as an afterthought. But I see that now many security leaders are helping to shape what's next. You know when we talk, have these discussions about AI, about kind of the business impact, about risk, I think that it puts us all in a better position and just the industry as a better position as a whole. So I think there's so much coming. And I'm also excited about the new generation of cybersecurity folks. Right? I have a few mentees that, you know, while it's been difficult I think that, you know, helping them strategize how to enter the field has been challenging, but has been very rewarding. So I'm interested in their -- in those ideas, in their perspectives on how to solve these problems.

Ann Johnson: Perfect. And I also as you know am very enthusiastic about the next generation because they're going to think about things differently than we do. They're going to bring different approaches. They're going to, you know, push us out eventually. Right? With their great ideas. And I'm looking forward to that.

Christina Morillo: Yes. Same.

Ann Johnson: Well thank you so much, Christina. I really appreciate it. I know you're busy. I appreciate you making the time to join me today.

Christina Morillo: Thank you always. Any time.

Ann Johnson: And many thanks to our audience for listening. Join us next time on "Afternoon Cyber Tea." Christine and I have known each other for several years and I invited her to come on because she is a true champion ensuring security enables business success. Christina has transformed security postures for organizations across multiple sectors. She knows what it takes to make security a priority from the board room to the break room. You know I often get asked how to build an effective security strategy and I know our community is going to gain a lot of value from listening to Christina's insights. [ Music ]

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, Corporate Vice President Cybersecurity at Microsoft, talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers. Ann and her guests explore the risk and promise of emerging technologies, as well as the impact on how humans work, communicate, consume information, and live in this era of digital transformation. Please note, the opinions expressed by guests on this podcast are their own and are not endorsed by, nor do they necessarily reflect opinions of, Microsoft or Ann Johnson.
Schedule: Tuesdays
Credits: Executive Producer is Charlynn Settlage, Producers are Rob Petrillo and Greg Ormsby. Production Manager is Max Solomon, Scheduling and Administrative Support is Katie Zwart, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft