In our latest episode of the Future of Threat Intelligence podcast, Joe Mariscal, Director of Cybersecurity and Compliance at Ryerson, shares his expertise in building hybrid cybersecurity teams and managing metals-industry-specific cyber risks. Joe shares invaluable insights from his extensive career, offering a unique look at the challenges and strategies within the metals industry.

He discusses the importance of specialized outside services, common oversights in cybersecurity practices, and the critical need for strong partnerships and team collaboration. Joe provides listeners with actionable advice and a fresh perspective on effective risk management and team building in the ever-evolving field of cybersecurity.

Topics discussed:

• Challenges and unique cyber risks in the metals industry and Ryerson's response strategies.
• Building hybrid cybersecurity teams utilizing specialized outside services and in-house skills.
• Common cybersecurity mistakes and oversights observed in the industry.
• Effective risk management strategies and maintaining strong partnerships within the organization.
• The future of cybersecurity at Ryerson and general industry trends, including the integration of new technologies.

Key Takeaways:

• Evaluate skill gaps in your team to determine whether to utilize in-house resources or specialized outside services for cybersecurity needs.
• Build strong partnerships with other business units to ensure a cohesive approach to cybersecurity and compliance.
• Stay informed about unique cyber risks specific to your industry to tailor your defensive strategies effectively.
• Conduct after-action reports regularly to learn from incidents and improve your cybersecurity posture.
• Focus on continuous learning and training to keep your team's skills up-to-date in the ever-evolving field of cybersecurity.
• Engage in open conversations with business leaders you might not frequently interact with to build stronger organizational relationships.
• Avoid being a blame-avoidance leader; instead, focus on understanding what went wrong and how to improve.
• Implement zero trust or constant validation methodologies to strengthen your cybersecurity controls.
• Seek management and company support that aligns with your professional goals and provides ample training opportunities.
• Stay vigilant about the tools and technologies you use, ensuring they are up-to-date and fully utilized for maximum security.