Caffeinated Risk

Comparing and contrasting risk management in various areas, including beyond cyber threats. Discussing the complexities of navigating through uncertainty and human behavior in security. Offering suggestions on influencing action despite competing agendas within organizations.

Exploring the integration of scientific principles in risk management with Doug Millward, a computer scientist sharing insights on cyber security evolution from the 1970's to current threat landscape. The discussion delves into applying data-driven assessments, biases in product advertising, and transitioning to composable systems in cloud technology. The chapter ends with gratitude for audience support and anticipation for future episodes.

Skilled penetration testers are some of the more specialized people within the information security industry. When it comes to safely testing kinetic systems the pool of talented ethical hackers shrinks again but does include Paul Smith who has written a brand new book on the subject. An ICS security specialist before it was a recognized specialty, Paul Smith has been a field operator, security tester, product manager, ICS vulnerability researcher and more. This episode explores risk consideration when impacts are measured in environmental damage and human life rather than records in a database.  Mr. Smith's new book, "Pentesting Industrial Control Systems: An ethical hacker's guide to analyzing, compromising, mitigating and securing industrial processes" , will be released November 9th 2021.

Explore privacy engineering, challenges of policy implementation, security professionals' practical approach, translating user needs, leadership in regulations, and balancing data collection with privacy concerns in a lively discussion with Michelle Finneran Dennedy on privacy and security.

Exploring the intersection of money and cybersecurity, Larry Whiteside Jr. discusses the importance of cash flow in businesses. He emphasizes the need for cost and risk management, while also highlighting the efforts to increase diversity in the cybersecurity industry. The podcast delves into the challenges of navigating technology, funding, and third party risks in cybersecurity, and the benefits of transitioning to a service-based model.

Cohosts discuss cybersecurity challenges as employees return to the office post-pandemic, emphasizing the importance of enhanced security measures. The podcast explores the evolution of cyber fraud, focusing on the shift to ransomware attacks. They also delve into the implications of a $70 million cyber attack and stress the need for continuous improvement in incident analysis within the ESRM framework.

Dave Tyson discusses the origins of security convergence and the importance for organizations to explore it now. He emphasizes gaining support from the executive suite by removing value chain friction created by security processes. The podcast also explores the evolution of security convergence and risk management, the changing landscape of cybersecurity roles, and the significance of comprehensive risk management in IT infrastructure.

The podcast discusses the importance of threat modeling in security architecture. Terry Ingoldsby, a cyber risk professional, shares insights on attack trees and their application in risk assessments. They explore the challenges of presenting risk analyses to executives and the need for thorough assessments in organizational settings.

Scott Klososky discusses innovative approaches to security, his past successes, and merging technology with business. The podcast explores future cybersecurity trends, data privacy regulations, embracing digital transformation in security, and navigating risk tolerance and security investments.

Winn Schwartau, a renowned security expert with accurate predictions, discusses the need for new security approaches. He explores managing time and trust in cybersecurity, emphasizing quick decision-making and continuous measurement. The conversation touches on data integrity, risk management, and offers guidance for newcomers in the cybersecurity field.