36

In this week's episode of the Future of Cyber Risk podcast, David speaks with David Lingenfelter, Chief Information Security Officer at PENN Entertainment. They discuss the challenge of securing assets that you did not create yourself and how evolving regulations have affected the gaming industry's risk appetite.

David also offers his insight on the critical skills a successful security practitioner should have. He also explains his approach to educating employees on security when they might have varying degrees of knowledge on staying secure.

Topics discussed:

• The challenges of securing assets, such as slot machines, that you did not create yourself.

• What it's like to balance both physical and cyber security responsibilities: luckily you only have to worry about one or the other.

• Critical skills for security practitioners to succeed in today's landscape.

• What education looks like at an organization where employees might have diverse levels of knowledge on security.

• How ransomware has affected the gaming industry, even as it has transitioned from brick and mortar to digital.

• Whether the industry practices direct collaboration to help each other prevent and overcome threats even when they're competitors.

• How evolving regulations have affected the industry, especially regarding risk appetite.

Key Takeaways:

• Know your business and the industry. Not only should you be up to date on news and advancements in security but also the general news of the businesses you’re protecting.

• Make friends on other teams. The legal and risk management teams are especially important to get to know because you might have to work with them.

• Keep up with the news and advancements of security. Even if your client isn’t ready to update their tools and protections, it’s good to know what’s out there.

• Work on your people skills. Security doesn’t happen in a vacuum, and there are always going to be teammates, stakeholders, and others who you’ll have to interact with.