top of page

Episode #


Omnicon's Norman Levine on Auditing, AI, and Advancing Your Skill Set

Show Notes

In this episode, David speaks to Norman Levine, Senior Manager of Cyber Risk Management at Omnicom. During the episode, they discuss the evolution of security since the 1990s, new technology security practitioners should be paying attention to, and key skills needed to be a successful security practitioner.

Topics discussed:

  • Norman's history in cybersecurity, from purchasing a book written about the internet in 1994, to starting a website that sold the first HTML editor, to being the senior manager of cyber risk at the top advertising and marketing company.

  • How cyber security has evolved over the past thirty years, including the changes in complexity, landscape, and sentiments.

  • How the rise in Internet of Things and connected devices is adding to the complexity of cyber security approaches.

  • How the emergence of artificial intelligence and machine learning will impact security in both positive, helpful ways, and potentially harmful ways.

  • How Norman's background in auditing influences his security approaches, especially when it comes to evaluating third-party vendor risk.

  • Advice for those managing cyber risk at public companies, and why paranoia can be a helpful tool.

  • A list of the most critical skills a security professional can possess, and how security professionals need to keep their skills updated because of the industry continuous changes.

Quotes from Episode


"My other two favorite areas that we're just starting to see — I have to put a smile on my face for this one — and that's the emergence of artificial intelligence and machine learning. If done incorrectly, there are really great tools to help you in terms of your security, and monitoring assistance throughout your environment. But they could also be used to attack companies through their misuse. And I don't know how we're gonna manage that." (7:51)


"You got to have continuous monitoring. Clearly, they're going to be looking at the outside, your websites. But from my perspective, what happens is, if they find something like, you're not patching your servers correctly or in time, what's happening on the outside is probably also happening internally. So if you're doing your due diligence internally, it's going to reflect on the outside. Conversely, if you're not doing your due diligence on the outside, it's probably good to reflect on the inside." (18:43)


"So I think security practitioners really need to clearly develop and to really update their skill so they can stay ahead of the threat. Things are continuously changing. I remember the days when it maybe took 18 months or 24 months for technology to evolve. Today, it's less than 12 months, in many cases. Things are moving that quickly. So I think you have to really be diligent and stay on top of a number of different areas." (26:59)

bottom of page