Sooner or later every risk management professional faces the hard reality that comprehensive risk management programs can't be implemented on spreadsheets. A corporate vice president mandate, minus the funding, started Josh Sokol on  a journey that turned his initial platform solution into an opensource project that morphed into a commercial venture.  While meeting the risk management and compliance needs of organizations large and small, the Simple Risk founder remains committed to a...

Chief Information Security Officer Martin Dinel has all the same technology challenges of every other large organization. Placing Alberta in front of that CISO title brings the additional requirements of protecting government secrets, interfacing with national security, protecting financial and health information of more than 4 million people as well as the infrastructure of a province almost the size of Texas.  Mr. Dinel shares some innovative ideas for sourcing and retaining talent, ...

Very few organizations, from three letter agencies to the local brew pub are not using cloud services to some degree and those previously resistant had no choice once Covid 19 hit. In 2022, with global conflict, organized crime,  multiple supply chain and service concerns, what is required of a security professional responsible for navigating  risk for their enterprise which invariably includes "Cloud"? Illena Armstrong, president of the Cloud Security Alliance, shares her insights on these...

Acknowledged by IT World  Canada as one of the top 20 women in cyber, Cara  Wolf shares insights into the Canadian tech industry , the need for innovation and tactics for drawing senior leadership's attention to cyber security issues during a candid discussion on the changing aspects of cyber crime . Long before cyber crime was a mainstream concept Ms. Wolf was a seasoned fraud investigator with American Express travel, setting the stage for a number of entrepreneurial  ventures combining...

The threat landscape is evolving, if your security controls are not, the outcome is all but assured. In this episode Tim and Doug are joined by Canadian cyber security serial entrepreneur Ian Paterson, CEO of Plurilock. Mr. Paterson shares hard won insights from extensive data science research and development , how this intelligence enables continuous monitoring to be applied to a technology stack and bring organizations closer to a zero trust model.  Ian's wealth of experience in the...

A light hearted espresso shot with renowned information security writer Winn Schwartau and Tim McCreight discussing the serious and all too common problem of uncontrolled ingress and egress. While the first electronic firewalls may have come into vogue in the late 80's, Winn and Tim uncover parallels with perimeter security developed in the middles ages.  

An espresso shot covering a great idea Dave Tyson originally shared in his book and discussed during  our 2021 interview on identifying where security can contribute to the business value chain and some strategies for selling the benefits.   With thought leaders like Dave there are many more insights than time in each monthly episode, so in 2022 we'll be combing through older interviews and sharing previously unpublished interview content in smaller 5-8 minute blocks.  These short excerpts...

The year end episode does some comparing and contrasting of risk management in different areas, including things outside of cyber. Ironically, recorded just a couple days before most of the world learned about a module design choice in Java that suddenly makes logging dangerous, it brings home the point that our cyber threat landscape is complex . Complexity and uncertainty are nothing new for cyber security  and risk management  professionals. Navigating  through those waters despite the...

While many in risk management or cyber security reference standards and leading practices, it can often be based on tacit acceptance, rather than deep research.  There is an argument that that research is too slow compared to commercial solutions, especially considering our current threat landscape and resource constraints.  This episode explores the possibility of a middle ground and challenges a few assumptions along the way, it turns out things haven't chanced that much since the...

Skilled penetration testers are some of the more specialized people within the information security industry. When it comes to safely testing kinetic systems the pool of talented ethical hackers shrinks again but does include Paul Smith who has written a brand new book on the subject. An ICS security specialist before it was a recognized specialty, Paul Smith has been a field operator, security tester, product manager, ICS vulnerability researcher and more. This episode explores risk...

Formerly vice president and chief privacy office at Cisco, CEO of Drumwave and a licensed attorney, Michelle Finneran Dennedy is recognized as a visionary leader in information systems privacy.  Currently the co-founder of Privatus Consulting supporting clients working through the wicked problem of privacy in this digital age. Much to the benefit of Caffeinated Risk listeners she is also a friend of  co-host Tim McCreight and her wonderful sense of humor results in some very entertaining...

A business without cash flow isn't a business for long and security solutions are seldom free yet cyber security is a line item that business owners ignore at their peril.  Cost management and risk management come together in this lively podcast with special guest Larry Whiteside Jr. a former US Air Force division chief who has held a number of senior cyber security executive positions since returning to civilian life in 2002.  Mr. Whiteside  is also the co-founder of the the International...

Cohosts Tim and Doug explore the security implications of workers returning to the corporate networks after over a year working remotely.  Is there a new art of the possible to be considered based on the changes most organizations needed to make to networks and applications to get through the pandemic lockdown? Is this now more important than ever since the financial impacts of ransomware have reached new record levels and how might ESRM practices support resilience improvements.

Dave Tyson literally wrote the book on Managing Enterprise Security Risk through converged security  while serving as the CSO for the City of Vancouver during the winter Olympic games.  A practitioner rather than a theorist, Tyson has held senior security leadership positions at multiple major organizations including eBay, Pacific Gas and Electric and SC Johnson. In this episode Dave Tyson discusses the origins of security convergence, why organizations need to explore this now more than...

"We need more science in Cyber Security"  David Hechler, TAG Cyber Law Journal   Threat modeling should be step 0 of any security architecture but often goes completely unconsidered. This episode features Terry Ingoldsby, a veteran cyber risk professional, physicist, computer scientist and inventor of Securitree. Ingoldsby created the attack tree development platform because he felt cyber security assessments should be defendable rather than just the educated opinion of assessor. Despite...

Serial entrepreneur, author and futurist Scott Klososky  explores some new approaches to physical and cyber security that are innovative, potentially controversial and necessary as more and more of our daily way of life is affected by these security...

A security luminary before such a title was even coined, Winn Schwartau's predictions about the internet and global security problems have been scarily spot on for more than 30 years.  Named the “Civilian Architect of Information Warfare” by Admiral...

The first full episode is scheduled for release February 18th. The trailer includes a few conversation segments between the cohosts on enterprise security risk management and critical infrastructure. Visit CaffeinatedRisk.com for more articles on the...