The ISF Podcast celebrates 10 years this year. Over the decade that we’ve been in your ears every week, Steve has interviewed a lot of fascinating people: visionary business leaders, neuroscientists and physicists, world leaders, and formerly notorious cyber criminals, just to name a few. We have touched on topics like AI, the human mind, cyber resilience, leadership, and the future of technology and society.

So, to kick off 2026, we wanted to give you a look back, highlighting the very best of this first decade of the ISF Podcast. And don’t worry – we’ll link all the episodes in the show notes.

Check out our favorite episodes from the last 10 years:

1. Mo Gawdat - Rethinking the Paradigm of Artificial and Human Intelligence
2. Brian Cox — Intellectual Honesty & Learning to be a Leader
3. Hannah Fry - What Data Can & Can’t Tell Us About Ourselves
4. Peter Hinssen - The Never Normal
5. Inside the Mind of Today's Cybercriminals (Brett Johnson, Part 1)
6. Steve Wozniak In Conversation with Steve Durbin
7. Captain Tammie Jo Shults - Habits, Hope and Heroes in a Time of Crisis
8. Sadie Creese — Minimising Your Attack Surface
9. Sir Bob Geldof — Challenging Orthodox Thinking
10. Bonus Episode: Reggie Butler — Bringing Your Home to Work

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

1. Steve’s four key drivers of cyber risk heading into 2026 are AI, supply chain, quantum, and geopolitical instability.
2. Crucial to cyber resilience are strong governance and a security-conscious culture.
3. Adaptive governance and adaptive security are keys to managing the challenges of 2026 and beyond.

1. Steve’s four key drivers of cyber risk heading into 2026 (2:23)
2. Questions to ask, whether you’re a board member, an executive, or practitioner (16:14)
3. The changing role of the board (18:54)

1. “ Resilience really needs an organizational wide holistic approach that takes technology, it takes governance, it takes operational readiness, and really importantly, it takes people into account.” - Steve Durbin
2. “I think boards need to really take it upon themselves to absolutely recognize that cyber risk is a national risk. It is a business ending risk, and they need to ensure that they don't just have incident response and resilience in place, but that they also have a tried and tested plan, so this is good old fashioned BCP — business continuity planning — with a cyber flavor.” - Steve Durbin
3. “Cyber risk reporting has to be business outcome oriented. Boards, business executives understand revenue, operations, customer impact, legal exposure. That's the way we have to be reporting cyber risk. It's not about how many attacks we repelled, it's not about how good our systems might be. You need to translate it into business language. If you can do that, not only will you get buy-in, but you'll also have a much richer conversation about the role that cyber and therefore cybersecurity and cyber resilience play in the business.” - Steve Durbin

1. Small and medium-sized businesses must receive support to stay up-to-date with new technologies.
2. As more automation is introduced into business operations, understanding of one’s crown jewels and how to protect them is increasingly important.
3. AI is advancing rapidly with evermore funding, and globally society is not preparing as well as it needs to for what’s to come.

1. Steve’s view on autonomous cyber defense (00:55)
2. The National Cyber Security Centre and its role in the cyber resilience of UK businesses (3:36)
3. How AI will impact jobs in cyber (7:55)

1. “You'll never get me going into an autonomous car. I just won't do it. And people will say, ‘Yes, they're being looked after by some bloke in a tower somewhere who's watching it.” I'm not buying it. I've been working in technology for far too long to know that it is fallible. And so I think we have to really move toward much more transparency in our understanding of where the AI tool is active, the data that it's using, the decisions it's making.” - Steve Durbin
2. “We are looking for large private enterprise to be working collaboratively with people like the NCSC, with people like the ISF, to really help some of these smaller organizations that don't have the luxury or resources available to them to keep a pace with [technology].” - Steve Durbin
3. “If you go back to the internet, we didn't do a good enough job of trying to forecast the way in which the internet was going to be used. We put it out there and we said, ‘Let everybody use it and let's see where it goes.” We are doing, I fear, a similar kind of thing with AI.” - Steve Durbin