.jpg)
Caffeinated Risk
The monthly podcast for security professionals, by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.
Episodes
43 episodes
Deviance Normalization & Risk Management with Marco Ayala
Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any...
•
Season 4
•
Episode 8
•
34:05
.jpg)
Managing Supply Chain Risk Management - with Darren Gallop
Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) is a risk management area no organization can ignore. While SolarWinds is recent common refere...
•
Season 4
•
Episode 7
•
32:34
Metawar and Fostering Resilience with Winn Schwartau
Long before the Matrix captured peoples imaginations, Winn Schwartau was steadily offering red pills for those reading his many books on information warfare. A scholastic level researcher without the pretense, Mr. Schwartau has been
•
Season 4
•
Episode 6
•
34:51
Resilience and I.R. Lessons Learned (the hard way) - with Adam McMath
Almost all incident response plans include a "lessons learned" step, and in the post adrenalin phase that follows many breaches, reviewing what worked and what needs improving doesn't excite a lot of people. Adam McMath is clearly the exc...
•
Season 4
•
Episode 5
•
34:31
ESRM a Transformation Catalyst with Radek Havlis
Amongst the industry verticals classified as critical infrastructure, few would argue that telecommunications belongs in the top that list, placing even more weight on a risk management program due to cascading impacts. Consequently, safe relia...
•
Season 4
•
Episode 4
•
29:47
Contingency Planning, Cyber Resilience and Incident Response
Regulatory frameworks from PCI-DSS to NERC-CIP to the newly minted NIST CSF 2.0 each require organizations of all sizes to have cyber incident response plans. Most of us who have spent any time in cubicle filled office towers ...
•
Season 4
•
Episode 3
•
28:33
The Business Context of Cyber Resilience with Steven J Ross
Those running a business today who have not experienced disruption due to cyber issues or attacks know it is only a matter of time. Even if their organization is not directly targeted, the modern marketplace comprised of multiple, interco...
•
Season 4
•
Episode 2
•
30:51
Building a Cyber Risk Management Program with Brian Allen
The U.S. Security Exchange Commission defined new rules for cyber risk matters facing publicly traded corporations in July of 2023. Although the SEC's mandate is limited to pub...
•
Season 4
•
Episode 1
•
30:03
CyberPHA - OT Risk management With John Cusimano
The ISA 99 standards body is one of the most recognized authorities on cyber physical security covering many aspects of a cyber security m...
•
Season 3
•
Episode 34
•
31:59
Science, Crime and Workforce Development with Dr. Martin Gill
Security and crime are often in close proximity but not always studied together. This month's episode features Martin Gill a criminologist who made the study of crime and security his life's work. After a decade as a lecturing professor a...
•
Season 3
•
Episode 33
•
31:52
ESRM a Decade In and The Emergent Threat Landscape
Post GSX conference, which included an in-depth review of ESRM and an interview with former U.S. president George W Bush, this episode considers how enterprise security risk management has stood the test...
•
Season 3
•
Episode 32
•
29:52
Business Enablement using Converged Risk Management with Michael Lashlee
The convergence buzzword has come and gone and some organizations have struggled to reap the benefits of physical and cyber security departments working in tandem toward common goals. Michael Lashlee, deputy Chief Security Officer at Mast...
•
Season 3
•
Episode 31
•
36:20
Interpreting Risk within a Regulatory Context with Terry Freestone
Calgary was an ICS cyber hub before most knew such measures were necessary, Terry Freestone was one of the ICT specialists from those early days who now applies his decades of hard-won knowledge in the offices of the Canadian Energy...
•
Season 3
•
Episode 30
•
32:28
2023 Summer Show
Keeping up the accidental annual tradition Tim and Doug take a retrospective look at risk management as a mid-year pulse. The 10th annual Cyberthreat Defense report forms the underlying theme...
•
Season 3
•
Episode 29
•
30:56
ESRM and Data Science with Rachelle Loyear
One of the original authors of the ESRM framework, now in it's tenth year, and Caffeinated Risk's first guest returns to discuss how data science is changing security and risk management. While alchemy may be a bit of a stretch, Ms....
•
Season 3
•
Episode 28
•
31:28
Attack Tree Calibration with Terry Ingoldsby
Threat modeling expert and inventor of one of the world's first attack tree modeling products talks about how to integrate subject matter expertise into the risk equation, the answer may be surprising.Bonus content not inclu...
•
Season 3
•
Episode 27
•
7:30
FAIR and ESRM, exploring common ground with Jack Freund
Factor Analysis of Information Risk (FAIR) and Enterprise Security Risk Management (ESRM) took different evolutionary paths yet share a lot more commonality than catchy 4 letter acronyms and mainstream adoption by notable organizations li...
•
Season 3
•
Episode 26
•
38:12
Cyber-Physical Convergence Revisited
In addition to hybrid work and regular time in the office being the new normal, 2023 marks the year Caffeinated Risk's co-host Tim McCreight serves as the
•
Season 3
•
Episode 25
•
34:40
ESRM Enablement via Location Intelligence with Alex Martonik
Realtors have long advocated "location, location, location" as a path to investment success. Fast forwarding a few generations, location intelligence applied to risk management is paying dividends well beyo...
•
Season 2
•
Episode 24
•
31:55
Privacy & Toxic Data with Michelle Finneran Dennedy
A great discussion point that didn't make it to air from the original 2021. Not all data is of equal value to the organization and the viable shelf life is seldom tracked or even discussed. This espresso shot takes a humorous look at a ...
•
Season 2
•
Episode 23
•
6:00
Classifying and effectively communicating enterprise security risk with Paul Mercer
Communication isn't effective until the receiver understands the message well enough to take action. That pretty much sums up the challenge facing many risk professionals today, something Paul Mercer resolved, out of necessity, by building ...
•
Season 2
•
Episode 22
•
31:15
Redefining the risk management business partnership with Rachelle Loyear
Co-author of the original book on Enterprise Security Risk Management, it only made sense to have Rachelle be the first Caffeinated Risk guest. Like many guests, there was just too much material for a...
•
Season 2
•
Episode 21
•
6:50
Resilience as a Risk Management Strategy
Anyone with a bit of time in the security industry is well acquainted with Murphy's law but crisis management specialists are who you call when things suddenly get very real. While common security guidance advocates protection, ...
•
Season 2
•
Episode 20
•
32:57
Infrastructure Resilience and Ethical Considerations
Recorded two days after the July 2022 nationwide telecom outage, co-hosts Tim and Doug explore the deeper ramifications of losing access to the very services that are so tightly integrated into our lifestyle. While the complet...
•
Season 2
•
Episode 19
•
31:48
GRC Program Development and Implementation with Josh Sokol
Sooner or later every risk management professional faces the hard reality that comprehensive risk management programs can't be implemented on spreadsheets. A corporate vice president mandate, minus the funding, started Josh Sokol on a jou...
•
Season 2
•
Episode 18
•
31:10