Episode #
36

PENN Entertainment's David Lingenfelter on How Changing Regulations Have Affected the Gaming Industry's Risk Appetite

Show Notes

In this week's episode of the Future of Cyber Risk podcast, David speaks with David Lingenfelter, Chief Information Security Officer at PENN Entertainment. They discuss the challenge of securing assets that you did not create yourself and how evolving regulations have affected the gaming industry's risk appetite.

David also offers his insight on the critical skills a successful security practitioner should have. He also explains his approach to educating employees on security when they might have varying degrees of knowledge on staying secure.

Topics discussed:

  • The challenges of securing assets, such as slot machines, that you did not create yourself.
  • What it's like to balance both physical and cyber security responsibilities: luckily you only have to worry about one or the other.
  • Critical skills for security practitioners to succeed in today's landscape.
  • What education looks like at an organization where employees might have diverse levels of knowledge on security.
  • How ransomware has affected the gaming industry, even as it has transitioned from brick and mortar to digital.
  • Whether the industry practices direct collaboration to help each other prevent and overcome threats even when they're competitors.
  • How evolving regulations have affected the industry, especially regarding risk appetite.

Key Takeaways:

  • Know your business and the industry. Not only should you be up to date on news and advancements in security but also the general news of the businesses you’re protecting.
  • Make friends on other teams. The legal and risk management teams are especially important to get to know because you might have to work with them.
  • Keep up with the news and advancements of security. Even if your client isn’t ready to update their tools and protections, it’s good to know what’s out there.
  • Work on your people skills. Security doesn’t happen in a vacuum, and there are always going to be teammates, stakeholders, and others who you’ll have to interact with.

Quotes from Episode

#1.) “Security isn't about just looking at the logs and things like that. It's about knowing what's going on around you. It's having the communications and being able to talk to people and translate. What we do in security can be very complicated. It can be very confusing because it's not always the same.” (11:15-11:33)

#2.) “So we have the conversations with these units and with the different teams explaining what some of the recent threats are, and we pull them from the front page and then we explain to them how it's real in our world as well.” (14:30-14:45)