Caffeinated Risk

Darren Gallop, a serially successful Canadian tech entrepreneur, shares his insights on supply chain risk management. He revisits significant breaches like Target's, emphasizing the evolution of compliance standards. Darren discusses challenges in vendor risk management and critiques traditional approaches that focus more on compliance than proactive assessments. He highlights the need for startups to integrate meaningful cybersecurity practices into their culture. Despite current risks, he sees a promising future for organizations willing to adapt.

Winn Schwartau, an internationally recognized security thinker, shares his insights on navigating the complexities of our tech-saturated world. He discusses the battle between big tech and our cognitive faculties while promoting the need for mental resilience. The conversation dives into the lessons from his new book, addressing challenges posed by AI and disinformation. Schwartau emphasizes the importance of enhancing security awareness, fostering critical thinking, and building cognitive defenses against information overload.

Adam McMath, an expert in incident response with a rich background in both cyber and physical security, dives into resilience and risk management. He shares transformative lessons from his firefighting days, emphasizing structured incident response frameworks. Adam advocates for a business-centric approach to cybersecurity, aligning security measures with organizational goals. He also discusses the vital connection between organizational culture and effective security, highlighting the human element in navigating threats and the pivotal role of training.

Radek Havlis, VP at O2 Telefonica, discusses the evolution of ESRM in the telecommunications industry, emphasizing the importance of visionary leadership, risk management philosophy, and security as a business enabler. Topics include navigating regulations, security transformation, cultural integration, and the evolving role of risk advisors within organizations.

Exploring cyber incident response plans mandated by various regulatory frameworks, the podcast delves into recent Canadian cyber incidents, the challenges they pose, and the importance of using ESRM principles to enhance cybersecurity programs. With a focus on building resilience, the discussion emphasizes the need for contingency planning, agility, and effective communication with executives to navigate cybersecurity incidents effectively.

Learn from cyber security expert Steven J Ross about the importance of cyber resilience in the business world. Explore topics such as privacy in data management, AI impact on privacy, data recovery challenges, cyber resilience in healthcare, and building trust with clients through transparent cybersecurity communication.

Brian Allen, co-author of a new book on Cyber Risk Management Program, discusses the SEC mandated requirement for cyber risk management. Topics include the framework of a cyber risk management program, balancing risk-informed decision making, and the significance of understanding the role of security professionals.

John Cusimano, former chairman of the ISA subcommittee, talks about the origins of the OT-specific risk assessment process, managing and perceiving the methodology, and the future of cloud computing. They also discuss the integration of engineering disciplines in cyber risk management, involving subject matter experts in the risk assessment process, and the significance of collaboration and tailoring the process. The chapter on understanding a risk-based approach in OT security programs emphasizes the importance of baseline controls.

Explore the intersection of security and crime with criminologist Martin Gill. Learn about evidence-based security practices, the evolving security industry landscape, and the importance of understanding security from an offender's perspective. Discover the significance of effective security measures, professional training, and collaboration within the security industry.

Former U.S. president George W Bush discusses ESRM, ransomware, and threat intelligence. The podcast explores the evolution of risk management, financial decisions in the face of cyber attacks, and the importance of resilience in cybersecurity.