EP 12 – From assumptions to accountability: A CISO’s take on cloud risk

David Puner: You are listening to the Security Matters podcast. I’m David Puner, a senior editorial manager at CyberArk, the global leader in identity security.

Imagine this: you’re the lead cloud architect at a global financial firm. You’ve just launched a new cloud-native service, part of a sweeping digital transformation. The rollout’s smooth. The dashboards are quiet. Everyone’s confident. Months later, a breach investigation reveals an uncomfortable truth: the service had logging disabled by default.

Critical security controls were never turned on, and no one—not your team, not the provider—caught it. It wasn’t an exploit; it was an assumption. And the consequences? Well, they’re still unfolding.

Today’s guest, Scott Barronton, Chief Information Security Officer at Diebold Nixdorf, joins us to unpack the hidden risks of cloud default settings. He breaks down the myth of “secure by default” and explores what it really takes to safeguard how people bank and shop in a digital-first world.

Let’s do this. Here’s my conversation with Scott Barronton.

David Puner: Scott Barronton, CISO at Diebold Nixdorf, welcome to the podcast, Scott. Thanks so much for coming on.

Scott Barronton: Thanks for having me.

David Puner: We are always excited when we have a CISO on the podcast so we can really get into the weeds and talk shop. So you have been the Chief Information Security Officer—otherwise known as CISO—at Diebold Nixdorf for six years, just about six years. What does your particular CISO role entail, and how has it evolved during your time on the job?

Scott Barronton: So it is, uh, right at six years that I’ve been with Diebold, and I have your traditional information security functions you would see in any organization. Then on top of that, I also have product and solution security because we manufacture hardware and software for both the financial services and retail industries.

David Puner: I tried to put a quick summary together to explain what Diebold Nixdorf does. Tell me if this is accurate: it makes machines and software that help banks and stores run smoothly, like ATMs and checkout systems. The company also creates tools that help businesses manage money and customer transactions more safely and efficiently. Think of it as the tech team behind the scenes at your bank or go-to store.

Scott Barronton: I think you’ve got it. Couldn’t have said it in better marketing terms myself.

David Puner: All right. Well, how would you say it, uh, removing the marketing lingo?

Scott Barronton: When you walk up to the ATM, chances are that hardware was manufactured by our company. And then in stores all across Europe—and hopefully coming to the U.S. soon—we do a lot of point-of-sale and self-checkout systems. So when you go to your favorite store, and then we build software that runs on top of those platforms.

David Puner: Excellent. And I’m gonna give a little spoiler alert so folks will stay all the way to the end. There’s an ATM in Antarctica we’re gonna talk about toward the end. Yes, I don’t know how this is all gonna go, but we’re gonna get back to it no matter what—even if we have to cut it back in.

Awesome. So, in your role, you mentioned that you span both corporate and product security. How do you juggle these responsibilities, and what’s particularly challenging about managing security for both internal operations and customer-facing products?

Scott Barronton: Yeah, great question because it is challenging sometimes to be able to split your time across both of those parts. I would say first and foremost is I have a great team behind me. It’s not me. I’ve got a great team behind the scenes, and day in and day out they’re working to make sure that both our Diebold Nixdorf corporate systems are well protected, and then also a team that’s looking after our customers and making sure that we’re putting the security of our customer environments first and foremost in the way that we manufacture and build our systems.

David Puner: Among Diebold Nixdorf’s 21,000 employees in more than 130 countries worldwide, how do you approach managing a global team spread across time zones and cultures? And how do you turn those challenges into opportunities?

Scott Barronton: You know, it’s a blessing and a curse to have teams across multiple time zones like that. Sometimes I have early and late days and evenings. The benefit of it is that we end up being able to cover almost a 24-by-7 operation with the way that we have people working across the globe. And if you talk about opportunities, that’s hard to do with primarily U.S.-based operations. I’d have to run multiple shifts if I were gonna do that. But here I get the benefit of shifts without people having to work outside of a normal day schedule.

David Puner: And the company’s based in Ohio. You are based in Florida, is that correct?

Scott Barronton: That’s right. When I joined Diebold Nixdorf, the CEO gave me the opportunity to live wherever I wanted and just be willing to go to the business—wherever that may be—when needed. And so I took that opportunity, and I was living in Atlanta at the time, and it was very easy to hop on an airplane there at the Atlanta Hartsfield Airport and go anywhere in the world.

It’s worked out well, but I’ve worked remotely probably for the last 13 or 14 years.

David Puner: And do you look at remote as a challenge at this point, or is it just the norm?

Scott Barronton: It’s the norm. I think we had started that probably well before, I think, a lot of people got into it during the pandemic, but we had started it well before the pandemic.

And, matter of fact, that’s one of the things that we did—we started building our security controls to work wherever the employees are. So we don’t need them to be in the office for our security controls to operate. And so, taking that cloud-first approach to our security program actually enabled us, when the pandemic did hit, our people were just continuing to work like they always had.

And so we didn’t really have to do a whole lot different at that point. But I know a lot of companies had to really shift the way that they implemented their controls or the way that they were operating in order to be able to adjust with people working fully remote.

David Puner: So you’ve spent over 25 years in cybersecurity. What’s kept you passionate about the field, and how has your perspective changed along the way?

Scott Barronton: It’s never a boring day, I can tell you that. When I first started in security, security was identity and access management—so creating user IDs on the mainframe, because we didn’t even have a client-server environment at the time.

Doing dataset access and resetting passwords—that was the role of security at that point in time. And so I’ve seen the whole industry grow during that time, and it’s allowed me to work in some really cool technologies.

I was the young guy. I didn’t know a whole lot about mainframe. And the mainframe guys were all like, “Oh, you know, mainframe is king. Let’s let the young guy take all this new stuff because it’s just a fad. It’s not gonna stick around.” And then, you know, a few years later, now they’re all working for me because I’ve basically been building this—what now we think of as a security program—all around them.

David Puner: So then, when it comes to measuring success in cybersecurity, what metrics or outcomes matter most to you, and how do you communicate that value to the board and other stakeholders?

Scott Barronton: I like to think of it in terms of two areas: performance and risk. And so one thing that I never want to do is ask our board to be analysts. They’re not security analysts, so I can’t just throw a bunch of numbers at them and expect them to draw a meaningful conclusion out of that.

And so while we do share KPIs and KRs with our board, we’ve really changed it into things like—I’ll use vulnerabilities for example. I don’t know if one or five vulnerabilities is good or bad. I can’t tell you without context around that. What I can tell you is: how quickly are we addressing a vulnerability once we identify it? And are we addressing and remediating those vulnerabilities within a timeframe that has been deemed acceptable?

So, for example, high-risk vulnerabilities within 30 days. As long as we’re addressing the risk in that way, that gives them comfort. And so, when the timeframe to remediate starts to creep up—and it does from time to time—those are some good questions that we can talk about. But if I just told them that we had 3,000 vulnerabilities, they wouldn’t be able to know whether they needed to spur me on or support me in a certain way, or even hold me accountable in a different manner.

And so that’s been my approach: to make it clear and in terms that they can understand.

David Puner: And is keeping calm and not getting bombarded by the overwhelming nature of what this could all be kind of central to what you do—or your mindset?

Scott Barronton: You have to be. You absolutely have to be, because in the early stages of an incident, you don’t have clarity. You’re getting conflicting information. It may seem like, if you just took pieces of information at a time, it may seem like the world is falling apart.

But then you start contextualizing that. You start getting clarity in what the actual facts of the incident are, and you’re like, “Okay, well, let’s roll this back just a little bit. Maybe it’s not as bad as we originally thought that it was.”

If you just go in and you start out with the “Oh my God, you know, we gotta react,” and you’re just all over the place, you’re not gonna provide any value to the organization.

David Puner: And is that just your inherent nature, or did you learn that along the way?

Scott Barronton: Some of it I did have to learn, but I think also I have a fairly laid-back nature. But I definitely have spent time honing my craft, if you will, and accepting that feedback along the way.

David Puner: You chair the AI steering committee at Diebold Nixdorf. What inspired you to take on the role, and how has AI and GenAI changed the way you approach your job? Are you looking at it as a strategic imperative?

Scott Barronton: Let me address that first part: how did I end up with the AI steering committee? Literally, like all the rest of you, I was hearing all of the hype around generative AI. It was gonna save the world, or it was gonna destroy the world depending on who you talked to.

And so I just started asking the questions across the business: What are you doing about generative AI? Are you looking at generative AI? Have you even thought about generative AI? I didn’t like the answers that I got, so I went back to our chief legal officer at the time and I said, “Hey, I’ve asked this question. I don’t have clarity of how it’s being done inside the business, and I’m thinking about starting an AI steering committee. And then we’ll put some governance around this to see if, at least in the beginning right now, we can put a speed bump so that we can get process and governance and all those things, policy—we can get all of that built.”

He was like, “Yes, go do it.” And so I stood this up, built a cross-functional team, went to each leader, said, “Who do you want? Who’s your person that you want on this?” And so they gave me the best of our leadership across the organization, and we built out this steering committee.

Scott Barronton: So then I said, “Great. Now who can I give this to?” And they were like, “No, this is yours. This is your committee.” And so I continued to chair that committee.

But the same thing is true here: I’ve got a lot of great business partners out there that I work with, people who are the ones leading the charge are a part of this. And really, we’ve gotten to the point now where we’re able to—rather than be a speed bump—we’re telling people, “Here’s the guardrails, here’s the guidelines. If you follow these, run fast.”

Because there truly is benefit to be had. I think for us, the biggest benefit right now is on the productivity side—maybe not so much in our products, although we do have AI in our retail products—but productivity on our backend, in our corporate environment, is the biggest bang for the buck right now.

And so we’re trying to take advantage of that, but then also do it in a way that’s safe, secure, ethical, compliant, and is really providing value back to our business.

David Puner: You mentioned speed bump. Do you find that in your CISO role there is a misconception about what you do and what your team does—and that you are a speed bump?

Scott Barronton: I don’t mind being a speed bump. What I don’t want to be is perceived as the office of “No.” I talk to my team about that all the time. We’re not the office of “No.” We’re not here to tell the company “No.” We’re here to apply a risk-based lens, use our knowledge around cybersecurity and risk and threat, and then we’re to maybe say, “No, but…”

David Puner: Mm-hmm.

Scott Barronton: “No, I wouldn’t want you to do it that way, but we could be comfortable if you accomplish the same goals this other way.” We closed the office of “No” and opened up the “No, but…”

David Puner: So as a CISO then, how do you foster collaboration and find solutions that balance security with business needs?

Scott Barronton: Well, really having that relationship with the business is the key part. I wouldn’t exist if it wasn’t for our business, and so I’ve got to go in with the mindset of: How do I enable our business to operate safely and securely?

And so I always approach the business with that mindset. And then I ask them to come back as well and share with me: What is it that you’re trying to do? What is it that you want to do? Help us be an enablement function rather than coming in at the very end.

We find out that you’re trying to do something—you’ve been working on it for maybe a year or 18 months—and then we’re like, “No, you can’t do that.” It’s a lot easier if you bring me in early and we understand what you’re trying to accomplish, and then we can give you good guidance along the way rather than being that tollgate at the very end where we have to say, “No way. This is crazy. Can’t do that.”

David Puner: So then, taking that approach back to AI and agentic AI, which are often described as both a game-changer and a challenge for industries like banking and retail, where do you see the biggest opportunities and what hurdles still need to be overcome?

Scott Barronton: Well, I definitely think that productivity—so backend productivity in the corporate environment—is the number one opportunity. But we’re seeing AI become an acceptable form of interaction with consumers.

You know, if you think about it, we’re a B2B2C-type company. So our customers are businesses, but then their customers are the end consumer. We’re always trying to do things that will help the company run its business better, but do it in a way that the consumer sees the benefit and maybe is advantageous to the business.

A great example of that is we’ve got this product in our retail environment, and it is helping companies with things like anti-shrink at the self-checkout.

David Puner: Anti-shrink?

Scott Barronton: Anti-shrink. So, loss prevention. Okay, so it’s using cameras and AI. But one of the coolest things that it does is it has an age validation engine built into it. So it’s using facial features and those types of things to try to make a determination: “Hey, is Scott older than 21 years or not?”

Scott Barronton: So when I go into the store and I want to buy a bottle of wine and I put that on the self-checkout, right now in a lot of companies, an attendant gets flagged because I’ve scanned a bottle of wine. They come over and check that and want to see my ID, or they look at me and say, “Yeah, he’s obviously older than 21,” and they punch in a number and it goes.

Well, we’ve got the capability to where we can use AI in the camera to make that determination and then just approve the transaction to keep going. And so it frees up resources in the store, and it also makes it easier for the consumer.

David Puner: You’ve talked about evaluating AI for fit for purpose. I think I maybe saw that in one of the articles you’ve written out there. What does that mean—fit for purpose—and can you share an example of where AI has delivered real value in your work?

Scott Barronton: Yeah. One example of that would be we were looking at Copilot for our backend operations. And so Copilot is a very general technology, and I would say that multiple teams across the organization can take advantage of Copilot from a productivity standpoint.

But there are features that connect with Copilot—for example, Copilot for Sales. So that is an example of fit for purpose. It is something that not everybody in the organization needs to have access to, but it helps our salespeople do a better job in identifying the opportunities and the targets and putting together those targeted presentations or proposals for the customer that they’re working with.

So that’s a great example of a fit for purpose. But our company does this across multiple avenues, not just in AI. We think about this in our delivery of products to the market. We don’t need to sell a bunch of Swiss Army knives. We need to sell the tools that the people need—or the companies need—in order to enhance their business.

And so while we have all those tools, it’s really about what’s best for the customer and not trying to sell them more than they actually need.

David Puner: Moving into machine identity and machine identity security, you’ve been a champion of machine identity security across multiple organizations. Why is it such a critical focus for you, and what lessons have you learned along the way?

Scott Barronton: Yeah, so I think I’ve just really learned that machine identity is just like going back to those early days on the mainframe when the security team was focused on setting up user IDs and passwords.

Machine identity actually becomes just that very basic. It may not be a human behind the scenes that has access to your systems and your data, but it is something—we talked also about it being non-human identity.

Quite often, machines or the non-humans have a higher level of access to systems and data than humans do. But for so long, we were really just focused more on privileged access when it came to the human side of identity and access management.

And so, focusing then on machine identities as a part of that overall identity and access management program—now we’re addressing the risk on a very holistic scale rather than just looking at the human side of it.

David Puner: So then, digging in a little bit more, the industry is moving toward shorter certificate lifespans, like 47-day TLS certificates. What’s the impact of this shift, and how should organizations prepare for it?

Scott Barronton: Well, I think part of that goes back to even your last question—the proliferation of these machine identities across the environment. Now we’re talking about certificates in particular, the lifespan of them going from what was probably a year or two years previously down to 47 days.

And so we’ve got to rotate these certificates on an ongoing, continuous basis. And for a company like ours that uses a lot of certificates, from a manual perspective, having to have an administrator go in and do all these operations to rotate those certificates would be impossible.

And so, automation is key here. We wouldn’t be able to hit those goals around 47 days if we didn’t put automation in place. And thankfully, we’ve gotten there where we have automation working in our environment and we can rotate these certificates. And so, while I think it’ll be a challenge, thankfully we’re prepared because we have Venafi inside of our environment to help us with that automation of rotation of certificates.

David Puner: You may have already answered this question with automations, but how does Diebold Nixdorf approach machine identity lifecycle management, and how does it fit into your broader security strategy?

Scott Barronton: Yeah, I mean, we talked about it from a timeframe and I guess the automation of the rotation of certificates, but this has also taken this off of my team’s plate as something that we have to own.

And using the tools and technology, we’re now able to spread the ownership responsibilities across our business. And so, because now business people don’t need to necessarily know how to go and actually issue a CRL and get a new certificate and then deploy that certificate—they don’t have to know that, right?

They just have to be able to say, “Yes, this is still a valid certificate. It’s still needed, and yes, it needs to be renewed.” And so we’ve made it that simple for our business.

David Puner: So it seems like a lot of this always comes down to some simplicity—taking the complication out of it.

Scott Barronton: Yeah, always.

David Puner: Earlier on, you had mentioned cloud-based security. Cloud migration is a big focus for many organizations. What are the key challenges you’re facing, and how are you addressing them?

Scott Barronton: So right now, our products that we have in the cloud were built cloud-native, and so they were built to run in the cloud. We’ve not done a lot of data center migration where we’re just picking up servers and moving them from our data center to someone else’s and then calling it cloud.

We’re very much in a hybrid mode still, and I think we’ll stay that way for a while. But one of the challenges that I see in organizations is that these operations teams that manage the cloud and these cloud environments—they weren’t really… like, we’ve just transitioned them from the physical data center to the cloud, but we didn’t give them the training, the knowledge of how the cloud is different and why it’s different and the tools that we’ll want to use to manage the cloud.

So inevitably what we continue to see is that operations teams, when they get involved with cloud, they just continue to run it like it’s another data center using the same tools, same technologies. And so I think that’s something that has to change.

David Puner: Balancing innovation and risk is a constant challenge for CISOs. How do you approach it, specifically in industries like retail and financial services that have very different risk appetites?

Scott Barronton: Yeah, David, I think when I look at it, there are reasons that they have very different risk appetites. If we look at the retail business, it’s not very highly regulated. But if you look at financial services, it is around the globe. And I think that’s what really informs their risk appetite.

Retail is also rewarded in the market for a lot of innovation, and they have to continue to innovate to stay ahead of competition. There’s a level of that in banking as well, but it’s not at the same level.

And so, when I look at that in the security world, we have to support both sides of the fence. I’ll tell you, we tend to always lean more towards the financial services side of risk, and that’s because we’re a company that serves both. So we need to make sure that we’re serving the needs of both of our customers when we’re making these decisions.

David Puner: Having that balance probably, I would think, would help you with solutions for one another.

Scott Barronton: Yeah, that’s true. You know, I talk to our business all the time and I say, “You lose the opportunity to go and talk to your customers about things like security when you are the victim of an attack or a breach.”

And so it’s important that we keep that in mind as we operate. And so we can’t put the company at risk and our reputation because especially in the financial services space, we sell a lot of security-related products and services.

David Puner: So let’s go back to your role as CISO. Being a CISO has become increasingly high-stakes with personal accountability and legal risks on the rise. How do you manage these pressures, and what advice would you give to someone aspiring to step into this role—your role—whatever the CISO role may be?

Scott Barronton: Don’t run. No, listen—we need more really good security people that take a very balanced approach to risk. Like I said, you know, we don’t want to let the things that have happened influence us back to the office of “No.” We don’t want to be there.

David Puner: Mm-hmm.

Scott Barronton: But you mentioned the personal accountability of it, and there are risks that are associated with being a CISO these days. You can do everything totally within your realm of control and that you could possibly do, and then you have someone who makes a decision that puts the company at risk.

And then something bad happens, and all of a sudden you find yourself defending that. And it’s like—you didn’t make that decision. And chances are, most of the CISOs are behind the scenes going, “This is crazy. Don’t take this risk.”

But the business chooses to do it for whatever reasons they have. And what I don’t like seeing is when agencies or governments then want to hold the CISO accountable, but no one goes back and talks about the CEO, the CFO, maybe the CIO.

All of these people were involved along the way. You know that the CFO was talking about how much security cost and driving down that total cost of ownership, right?

David Puner: Mm-hmm.

Scott Barronton: So I think it’s unfair to hold CISOs to that level of accountability. Now listen, if they’re doing something wrong and they are making the decision without some kind of influence and they know the difference between right and wrong and they chose to do the wrong thing—absolutely hold them accountable. I have no problem with that.

But where I really start to worry is when you see CISOs being held accountable for other people’s decisions and actions.

David Puner: How much of your bandwidth is dedicated to insider threat?

Scott Barronton: Oh, you know, it’s something that we think about in really every part of our security—whether it is even on the product side, we have to help our customers think about insider threat as well. So it’s built into everything that we do.

Can we do more? Probably. But I think that at least addressing the issue upfront, trying to put the right controls in place, and making sure that our teams have visibility to be able to catch this before it becomes an issue—I think that’s the key from an insider threat perspective.

David Puner: Is there a cybersecurity trend or challenge you think isn’t getting enough attention right now but should be on every organization’s radar?

Scott Barronton: Yeah, I do. I think that we have to be acknowledging the fact that we can’t trust that everything is as it seems to be.

And so, you know, we’re starting to see a lot of attacks that are happening either through social engineering or in the example of like the North Korean IT workers. You think you’ve hired someone, you’ve maybe even sent them through all the right background checks and stuff like that, and then they just turn out to not be who they said that they were or something different happens.

And there are definitely controls that we can continue to hone and develop and build, but at some point, it probably goes back to that insider threat and making that more prevalent and being able to pick up those little nuances or telltale signs and find them faster.

So skip from one plus one plus one plus one equals, you know, four or five—I forget how many ones I had there—but go straight to one plus one equals four. Pull the trigger.

David Puner: Interesting.

David Puner: Let’s talk about podcasting and traveling. You and your wife host the Sunshine Travelers Podcast, which has grown into a multimedia platform with a large following. How did your passion for travel start, and what’s been the most rewarding part of sharing your experiences on the podcast?

Scott Barronton: Yeah, thanks, David. I mean, this is absolutely one of my greatest passions outside of security, and so I love talking about travel, and we’ll do it at any opportunity I’m given. Honestly, my job was one of the enablers that allowed me to be able to do that.

Because I’ve worked for global companies, I’ve traveled to some amazing places in the world, and we’ve just figured out how to take advantage of that. You know, often getting there is part of the challenge, but then once you’re in a place, it’s easier to move around and do and see some amazing things.

And quite honestly, it just evolved. As we traveled more, people started asking us for advice and wanted to know, “Have you ever been somewhere?” A few years ago, we just had the idea: why don’t we start capturing this information in a way that we can share it with people?

And we started doing it some on social media. It got really popular. And then we said, “Well, we could do this podcast thing,” and neither one of us knew anything about podcasting. We just kept grinding at it, and every week we put out new content.

And so, you know, now we’re over 120 episodes out there on travel content and tips and advice, and we just really enjoy it.

David Puner: Any favorite place you’ve been to?

Scott Barronton: Yeah. Last fall we did an African safari in Kenya, and we talk about it constantly. We were just talking about it the other day—literally tears welled up in my wife’s eyes as she was talking about it with some of our friends.

The experience of being there and just being part of the cultures that we interacted with, and seeing the animals in their native habitats, and just being in the wild and the beauty of everything around you—yeah, it’s just amazing.

The second—it was the exact same reason—but the Galapagos. So I think for us, the Kenyan safari and the Galapagos were both just amazing trips that we’ll always remember.

David Puner: I’m trying to figure out how you have the time for all this—traveling and being a CISO, which is a job that demands a 25th hour in the day. Are you just exceptional at managing your time? And do you also—do you have just like a portable Wi-Fi router on you at all times? Starlink?

Scott Barronton: No. Honestly, I want to call out my team because I have an awesome team behind me. And because I can trust that they’re there, it allows me to do some of this.

But, you know, a CISO’s never off the clock, right? So even in Africa, there were times that I was on my phone and answering things or giving some direction, or monitoring a situation. That’s one thing we don’t get is the ability to fully unplug.

David Puner: Right. So how does your love for travel influence your perspective on cybersecurity? Are there any lessons from the road that have shaped your leadership style?

Scott Barronton: I’m glad you asked that question because we were interviewing someone—I think it was about EIMs—and he said, “Oh, I never get on hotel Wi-Fi. I just always use my mobile data.” And I was like, “Yeah, me neither.” And my wife looks at me and she’s like, “Why have you never told me this?”

So we actually ended up doing a podcast episode on cybersecurity while you’re traveling.

David Puner: All right.

Scott Barronton: And we shared that with our listeners and just gave them some practical advice. It’s not full-on tin-foil hat, but it does make them think a little bit before you connect to that Wi-Fi.

David Puner: And is that the top tip?

Scott Barronton: That’s probably eye-opening to most folks who aren’t in the industry.

David Puner: I think so.

Scott Barronton: And it’s mostly because we have Wi-Fi on our devices set to auto-connect. And if you’ve been in this industry for a while, you know how easy it is to set up a spoofed Wi-Fi SSID, and your device is gonna connect right to that thing, and you’ll never know it. Right? You may never know it. And most people won’t.

Keep that Wi-Fi off. Just don’t set it to auto-connect.

David Puner: Don’t set that Wi-Fi to auto-connect.

Scott Barronton: Absolutely not.

David Puner: I thought this was really cool—you’re leading a group trip to Antarctica next year, which brings us full circle back to that Antarctica ATM that I mentioned earlier. Do you pull out anything from your CISO bag of tricks—if such a thing exists—to prepare for a trip to Antarctica with a group?

Scott Barronton: I think that would probably be a stretch for me to say that it is a CISO thing. The leadership piece of it—taking charge, pulling together a lot of the decisions—I think that’s just natural in what I do. My wife’s the same way, though. Sometimes it’s hard for the two of us to agree on things because we have the same personality.

But as of today, we’ve been married 31 years and figured out how to make it work. We do share, though, with our listeners and the people who are gonna go with us—we will share tips and tricks along the way to help keep them safe and not just hoard that knowledge.

David Puner: I want to go on this trip. How do I sign up? Is it too late?

Scott Barronton: I think that there’s actually still a couple of rooms available. So if you’re interested, go out to sunshinetravelers.com, and there’s a link on there for “Group Trip,” and you’ll see the Antarctica trip.

David Puner: So this is not a recreation of Shackleton’s voyage or anything like that. You’re actually gonna have shelter.

Scott Barronton: No. And matter of fact, I just finished that book. It’s called Endurance. And I told my wife, “Oh, we should give this to the people who are going on the trip.” And she looked at me and she was like, “You’re crazy. They’re not gonna go.”

So, don’t read that book before you go to Antarctica. You might change your mind. But thankfully, conditions are very different these days than they were back when he was trying to do this.

David Puner: Okay. Well, it sounds really cool. And this brings us back then to the ATM in Antarctica, which fascinates me. What security challenges come with deploying technology in such remote locations?

Scott Barronton: So it’s gonna have all of our same technology as if it was sitting in a mall in America. But I think it is a little bit easier because you’re not gonna have as big of an issue with theft and things like jackpotting and skimming—because where are you gonna go? You’re right there on Antarctica. It’s not an easy place to escape from.

And so I’m sure there’ll be cameras there the bank’s gonna have deployed, but I don’t think it’s gonna be quite as necessary.

David Puner: Who’s stocking that thing? And is it with multiple currencies, or is it just one kind of currency?

Scott Barronton: That’s a really good question, and I need to get the answer to that.

David Puner: One way or another, you’ll find out if you need cash while you’re in Antarctica.

Scott, we’ve covered a lot. Really appreciate it and your time. And it looks like the storm outside didn’t hinder us from getting through this conversation.

Scott Barronton: No, David, thanks for having me on. I appreciate it. I love sharing my security journey and hope that others will find some inspiration from it.

David Puner: All right. There you have it. Thanks for listening to Security Matters. If you like this episode, please follow us wherever you do your podcast thing so you can catch new episodes as they drop.

And if you feel so inclined, please leave us a review. We’d appreciate it very much—and so will the algorithmic winds.

What else? Drop us a line with questions, comments, and if you’re a cybersecurity professional and you have an idea for an episode, drop us a line. Our email address is [email protected].

We hope to see you next time.