The Cybersecurity Readiness Podcast Series

Hosted by Dr. Dave Chatterjee

Business Careers EntrepreneurshipInterviews guests

Website RSS feed

Episodes

107

Latest episode

Jun 2026

Language

About the show

The Cybersecurity Readiness Podcast Series provides a reflective, thought-provoking, and jargon-free discussion on how to enhance the state of cybersecurity at an individual, organizational, and national level. As of September 2, 2024, the podcast series has produced over 70 episodes, been downloaded over 10K times, and has listeners in 105 countries. The podcast episodes are used in classrooms and for corporate training and serve as insight sources in research and publications. Host Dr. Dave Chatterjee converses with subject matter experts, business and technology leaders, trainers and educators, and members of user communities. He has been studying cybersecurity for over a decade. He has delivered talks, conducted webinars, consulted with companies, and served on a cybersecurity SWAT team with Chief Information Security Officers (CISOs). Dr. Chatterjee is a Visiting Professor at Duke University and has served as a tenured professor at The Terry College of Business at the University of Georgia. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/

Listen to episodes

60 recent

June 10, 202650 min

Episode 106 -- The Invisible Attack Surface: Zero Trust for SAP and ERP Environments

In Episode 106 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Holger Hügel, Chief Technology Officer of SecurityBridge and a global authority on SAP cybersecurity with over 26 years of experience — to address a governance blind spot that exists inside the security perimeters of even the most mature enterprise organizations: the SAP environment.Opening with the August 2024 ransomware attack on Stoli Group USA — where attackers went straight for the company's SAP enterprise resource planning (ERP) system, disrupting financial operations and contributing directly to a bankruptcy filing within three months — Dr. Chatterjee frames the episode's central challenge: organizations can have zero trust architecture, network segmentation, and identity governance fully deployed across their IT landscape, and still be critically exposed, because most CISOs have never formally claimed accountability for SAP security, and most SAP teams do not think of themselves as part of the security function.Hügel explains the structural gap at the heart of this problem. SAP systems are simultaneously the most business-critical and the least security-governed assets in most large organizations. The C-suite depends on them for financial operations, payroll, procurement, and supply chain continuity, yet SAP teams and security teams speak different languages, operate under different budgets, and rarely collaborate. SAP departments typically define "security" as managing user authorizations and privileges — a narrow interpretation that leaves configuration drift, patch backlogs, and monitoring gaps entirely unaddressed.Analyzed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) framework, the conversation translates SAP cybersecurity from a technical niche into a governance imperative. The Medtronic case study demonstrates what good looks like: a CISO who crossed the organizational divide, sponsored SAP hardening from the cybersecurity budget, built a continuous patch management process, and created the governance structure that allowed the team to respond to an out-of-band vulnerability within hours rather than weeks.The episode's central message is neither technical nor abstract: the organizations that will survive the next ERP-targeted ransomware attack are not those with the most sophisticated tools — they are the ones that have claimed ownership of the problem, built the processes to address it continuously, and created the cross-functional governance structures that SAP and cybersecurity teams cannot build on their own.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-106-the-invisible-attack-surface-zero-trust-for-sap-and-erp-environments/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

May 21, 202634 min

Episode 105 -- The Invisible Layer: Governing Routing Security as a Supply Chain Risk

In Episode 105 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Andrei Robachevsky — Technical Director of the Internet Integrity Program at the Global Cyber Alliance, founding contributor to MANRS (Mutually Agreed Norms for Routing Security), former CTO of RIPE NCC, and former Senior Director of Technology Programs at the Internet Society — to examine a cybersecurity risk that almost no enterprise security team is governing: the internet routing layer.Opening with the June 2024 Cloudflare 1.1.1.1 BGP hijack incident — where two Brazilian network operators’ routing mistakes propagated to over 300 networks across 70 countries, silently rerouting traffic for several hours without triggering a single enterprise security alert — Dr. Chatterjee frames the episode’s central challenge: organizations with excellent perimeter controls, clean firewalls, and healthy identity systems can still have their user traffic redirected to unintended destinations by failures occurring on networks they have never heard of, in countries they have no operations in, governed by routing norms they have never been asked to consider.Drawing on the February 2026 MANRS Report, Robachevsky explains that the Border Gateway Protocol (BGP) — the foundational routing system across nearly 80,000 autonomous networks — has no built-in authentication. Routing incidents occur 200 to 300 times per month, most of which are invisible to enterprise security teams, manifesting as unexplained outages or performance degradation rather than as identifiable threats. The implications range from SLA breaches and erosion of customer trust to man-in-the-middle exposure of silently rerouted traffic.Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear and actionable message: routing security is not a network engineering problem — it is a supply chain governance problem. The tools already exist. RPKI exists. MANRS exists. MANRS+ is nearly here. The gap is entirely on the governance side, and it is closeable. The organizations that will not find themselves in the next routing incident are the ones that start with a map of their connectivity supply chain and a single question to every provider: Are you MANRS+ certified?To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-105-the-invisible-layer-governing-routing-security-as-a-supply-chain-risk/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

May 11, 202646 min

Episode 104 -- Hidden Fault Lines: Why Modern Security Breaks Under Pressure

In Episode 104 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee, Ph.D., is joined by Khalid Kark, Field CIO at Cloudflare, a network handling over 20% of global Internet traffic, and a 20-year veteran of advising Fortune 500 boards and C-suites at Deloitte and Forrester, to examine six hidden fault lines threatening organizational resilience in an AI-driven, hyperconnected world.Opening with the 2024 CrowdStrike incident, where a single misconfigured content file simultaneously disabled 8.5 million Windows devices, grounding Delta flights, disrupting emergency services, and canceling hospital appointments. Dr. Chatterjee frames the episode’s central challenge: organizations with excellent compliance postures and green dashboards can still fail catastrophically because their security tool became the attack vector. The failure was not a missed threat. It was an unexamined structural dependency.Drawing on Cloudflare’s 2026 Security Signals Report, Kark introduces the concept of fault lines — hidden structural cracks that remain invisible under normal conditions but fracture catastrophically under stress. The six fault lines identified are: (1) Governing AI at Scale, (2) Trust at Machine Speed, (3) Shadow Supply Chains, (4) Signals of Intent, (5) The Debt Trap of Legacy Architecture, and (6) The Cloud Mirage.Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear message: organizational resilience in the AI era is not a technical upgrade — it is a leadership, architecture, and governance transformation that requires executive accountability for AI-driven decisions, modular and decoupled infrastructure design, and continuous discipline that evolves at the pace of the threat landscape itself.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-104-hidden-fault-lines-why-modern-security-breaks-under-pressure/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

April 29, 202640 min

The Clock Is Ticking: Navigating Quantum Risk and the Path to Crypto Agility

In Episode 103 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Peterson Gutierrez—Vice President of Information Security at Barracuda Networks and a 28-year cybersecurity veteran with experience spanning private industry, the Big Four, and New York City Cyber Command—to examine one of the most consequential and underestimated challenges facing security leaders today: the quantum computing threat and what it truly means to become cryptographically agile.Opening with a vivid scenario—a healthcare organization whose encrypted data is exfiltrated today and decrypted after a quantum breakthrough years from now—Dr. Chatterjee introduces the concept of Q Day risk: the danger is not a dramatic breach tomorrow, but decisions made today that leave organizations exposed later. The episode moves beyond the industry’s fixation on which post-quantum algorithm to adopt, making the case that algorithm selection is the wrong problem to solve. The right goal is crypto agility: the organizational discipline to abstract encryption from code and adapt continuously as the cryptographic landscape evolves.Framed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) lens, the conversation delivers a clear and actionable message: crypto agility is not a technical upgrade—it is a leadership, architecture, and governance challenge that requires executive ownership, modular system design, proactive vendor engagement, and continuous organizational discipline before Q Day makes inaction catastrophic.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-103-the-clock-is-ticking-navigating-quantum-risk-and-the-path-to-crypto-agility/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

April 15, 202644 min

AI Is Rewriting the Threat Model: Are Security Leaders Keeping Up?

In Episode 102 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Chris Cochran—Field CISO and VP of AI Security at the SANS Institute, and a veteran of the U.S. Marine Corps, NSA, and U.S. Cyber Command—to examine how artificial intelligence is fundamentally rewriting the cybersecurity threat model, and whether security leaders are evolving fast enough to keep pace.From the rapid and largely ungoverned adoption of AI across enterprises, to the collapse of traditional threat modeling assumptions, to the rise of autonomous agentic systems operating without human intervention, the episode surfaces a stark reality: AI is no longer a future risk—it is an active, present-tense governance challenge that most organizations are still approaching reactively.Framed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) lens, the conversation delivers a clear and urgent message: security leaders must establish AI asset visibility, embed security into AI deployment from the start, and build disciplined governance structures before the next wave of AI-enabled attacks makes the cost of inaction catastrophic.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-102-ai-is-rewriting-the-threat-model-are-security-leaders-keeping-up/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

February 27, 202644 min

Episode 101: AI vs. AI in Cybersecurity: Why Continuous Validation Is Now Essential

In this forward-looking Episode 101 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Snehal Antani—CEO and Co-Founder of Horizon3.ai and former Chief Technology Officer at Joint Special Operations Command (JSOC)—to examine the rapidly emerging reality of AI-versus-AI cyber warfare.As AI dramatically compresses attacker dwell time and lowers the skill barrier for sophisticated intrusions, traditional defensive postures are proving insufficient. Drawing on real-world demonstrations and national-security-grade operational experience, Antani explains how offensive AI is transforming cyber risk by enabling attackers to move at machine speed, scale attacks indiscriminately, and expose systemic weaknesses in organizational defenses.Framed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) lens, the episode reframes cybersecurity readiness as a continuous validation discipline—one that demands organizations train like they fight, reduce blast radius, and build muscle memory for inevitable breaches. The conversation delivers a clear message: in the age of autonomous threats, resilience belongs to organizations that continuously test themselves faster than adversaries can exploit them.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-101-ai-vs-ai-in-cybersecurity-why-continuous-validation-is-now-essential/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

January 28, 202618 min

Episode 100: From Cyber Defense to Trust Governance

In this milestone 100th episode of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee reflects on nearly one hundred conversations that collectively reveal a hard-earned truth: cybersecurity has crossed a point of no return. It is no longer a technical function or an episodic response to crises—it has become a trust discipline.Rather than celebrating longevity, Episode 100 serves as a moment of synthesis and reckoning. Drawing on insights from global practitioners, scholars, regulators, and executives, Chatterjee distills why trust collapses, why recovery is slow, and why organizations that invest in readiness consistently outperform those that rely on reaction.Tracing the podcast’s origins—from an experimental idea inspired by a University of Georgia undergraduate to a globally recognized platform reaching listeners in over 117 countries—this episode reframes cybersecurity as a leadership, governance, and enterprise resilience challenge. Through the lens of the Commitment–Preparedness–Discipline (CPD) framework, Episode 100 captures how cybersecurity has evolved from control-centric defense to a core pillar of organizational credibility and trust governance.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-100-from-cyber-defense-to-trust-governance/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

January 14, 202644 min

Episode 99: Access Control Reimagined — Why Identity, Devices, and Zero Trust Must Converge

In this landmark 99th episode of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Denny LeCompte—CEO of Portnox (https://www.portnox.com/) and a former SolarWinds executive—to examine one of cybersecurity’s oldest yet most persistently exploited challenges: access control.Despite decades of investment in passwords, MFA, and perimeter defenses, breaches rooted in access failures continue to dominate headlines. Drawing on firsthand experience—including lessons learned from the SolarWinds Sunburst breach—LeCompte explains why password-centric security models are fundamentally misaligned with human behavior and modern digital environments.Together, Chatterjee and LeCompte argue for a decisive shift toward passwordless, device-centric, zero-trust access models that assume human fallibility, eliminate implicit trust, and dramatically reduce attack surfaces. Framed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) lens, the episode reframes access control not as an IT configuration issue, but as a core pillar of cybersecurity governance, business resilience, and competitive survival.Time Stamps00:49 — Episode framing and the persistence of access control failures03:15 — Why passwords remain fundamentally broken05:54 — Enterprise vs. consumer passwordless realities09:25 — SolarWinds breach lessons and access control failures17:52 — Zero trust explained without the buzzwords23:07 — Device identity, IoT risk, and network visibility28:02 — Why identity and device controls must converge35:52 — How leaders should assess access control maturity42:52 — Designing security for human behavior43:30 — Closing reflectionsTo access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-99-access-control-reimagined-why-identity-devices-and-zero-trust-must-converge/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

December 30, 202538 min

Episode 98 -- Beyond Certification — Turning Compliance into Competitive Firepower

In this timely and hard-hitting episode, Dr. Dave Chatterjee is joined by Sandeep Pauddar—an accomplished global auditor with over 30 years of experience—to challenge a deeply entrenched misconception: that cybersecurity certifications and compliance are merely regulatory checkboxes. Instead, the conversation reframes compliance as a strategic asset—one that can strengthen trust, resilience, and competitive positioning in an era defined by AI, global regulations, and escalating cyber risk.Drawing on real-world breach examples, audit insights, and cross-industry comparisons, Pauddar explains why organizations that treat compliance reactively often pay a steep price—financially, operationally, and reputationally. Dr. Chatterjee integrates his Commitment–Preparedness–Discipline (CPD) governance framework to demonstrate how leadership mindset, continuous audit readiness, and disciplined execution transform certifications from defensive necessities into engines of strategic value.Together, they explore why leadership engagement—not regulatory pressure alone—determines compliance effectiveness, how audit culture can shift from adversarial to collaborative, and why proactive organizations outperform peers by embedding governance into everyday operations rather than scrambling after incidents occur.Time Stamps00:49 — Episode introduction and framing compliance as competitive firepower02:22 — Podar’s professional background and global audit experience05:01 — Real-world consequences of non-compliance07:30 — Sector comparisons and leadership mindset gaps09:36 — Global regulatory approaches to cybersecurity and AI12:33 — Compliance overload and framework fatigue14:56 — Why audits fail to drive change16:10 — Shifting from adversarial to collaborative audits18:17 — Leadership’s role in cybersecurity culture21:44 — Proactive vs. reactive compliance models23:54 — Leadership best practices for audit readiness25:45 — CPD framework applied to certifications29:37 — AI standards and proactive governance34:24 — Human risk, awareness, and phishing realities37:44 — Closing reflectionTo access and download the entire podcast summary with discussion highlights -https://www.dchatte.com/episode-98-beyond-certification-turning-compliance-into-competitive-firepower/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

December 16, 202539 min

Episode 97 -- AI’s Missing Puzzle Piece — Why Information Readiness Determines AI Success

In this insightful episode, Dr. Dave Chatterjee speaks with Greg Clark—longtime enterprise content management and cybersecurity leader—about a foundational but overlooked ingredient of AI success: information readiness. While organizations rush to implement artificial intelligence, many neglect the quality, governance, security, and contextual integrity of the data fueling these systems. As Clark notes, without clean, curated, and governed information, even the most advanced AI models will misfire—sometimes with damaging or legally significant consequences.Together, they explore why “garbage in, garbage out” is more relevant than ever in the AI era, especially as enterprises confront fragmented data, weak metadata, inconsistent governance, and high regulatory scrutiny. Dr. Chatterjee weaves in his Commitment–Preparedness–Discipline (CPD) governance framework, demonstrating why information readiness must be treated as a strategic capability, not a technical afterthought. The conversation illuminates how trust, data integrity, and responsible model oversight are emerging as competitive differentiators in the age of GenAI and agentic AI.Time Stamps00:49 — Dave introduces Greg Clark02:43 — Clark’s 20+ year journey07:14 — Defining information readiness08:32 — Importance of understanding data09:58 — Data chaos and pitfalls12:00 — Trust erosion13:29 — Air Canada chatbot case16:22 — Auditability and explainability18:51 — CPD applied to AI governance20:43 — Operational maturity22:53 — JPMorgan’s Responsible AI Council25:43 — Security as strategic capability27:35 — Zero trust and data protection30:32 — Mayo Clinic example31:25 — Metrics for buy-in32:50 — Destroy-your-business scenarios34:21 — Trust-first culture36:09 — Human-in-the-loop37:20 — GDPR case38:23 — Final reflectionsTo access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-97-ais-missing-puzzle-piece-why-information-readiness-determines-ai-success/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.