Caffeinated Risk

Exploring the evolution of network asset management post-2007 and the challenges it brings. Drawing parallels between network management and medieval castles to enhance security and streamline access.

Exploring where security can add value in business operations, preventing value loss, and enhancing competitiveness. Discussing a cyber incident involving thwarting a threat actor selling SCADA app kit, highlighting the importance of collaboration between security and business for success.

Comparing and contrasting risk management in various areas, including beyond cyber threats. Discussing the complexities of navigating through uncertainty and human behavior in security. Offering suggestions on influencing action despite competing agendas within organizations.

Exploring the integration of scientific principles in risk management with Doug Millward, a computer scientist sharing insights on cyber security evolution from the 1970's to current threat landscape. The discussion delves into applying data-driven assessments, biases in product advertising, and transitioning to composable systems in cloud technology. The chapter ends with gratitude for audience support and anticipation for future episodes.

Skilled penetration testers are some of the more specialized people within the information security industry. When it comes to safely testing kinetic systems the pool of talented ethical hackers shrinks again but does include Paul Smith who has written a brand new book on the subject. An ICS security specialist before it was a recognized specialty, Paul Smith has been a field operator, security tester, product manager, ICS vulnerability researcher and more. This episode explores risk consideration when impacts are measured in environmental damage and human life rather than records in a database.  Mr. Smith's new book, "Pentesting Industrial Control Systems: An ethical hacker's guide to analyzing, compromising, mitigating and securing industrial processes" , will be released November 9th 2021.

Explore privacy engineering, challenges of policy implementation, security professionals' practical approach, translating user needs, leadership in regulations, and balancing data collection with privacy concerns in a lively discussion with Michelle Finneran Dennedy on privacy and security.

Exploring the intersection of money and cybersecurity, Larry Whiteside Jr. discusses the importance of cash flow in businesses. He emphasizes the need for cost and risk management, while also highlighting the efforts to increase diversity in the cybersecurity industry. The podcast delves into the challenges of navigating technology, funding, and third party risks in cybersecurity, and the benefits of transitioning to a service-based model.

Cohosts discuss cybersecurity challenges as employees return to the office post-pandemic, emphasizing the importance of enhanced security measures. The podcast explores the evolution of cyber fraud, focusing on the shift to ransomware attacks. They also delve into the implications of a $70 million cyber attack and stress the need for continuous improvement in incident analysis within the ESRM framework.

Dave Tyson discusses the origins of security convergence and the importance for organizations to explore it now. He emphasizes gaining support from the executive suite by removing value chain friction created by security processes. The podcast also explores the evolution of security convergence and risk management, the changing landscape of cybersecurity roles, and the significance of comprehensive risk management in IT infrastructure.

The podcast discusses the importance of threat modeling in security architecture. Terry Ingoldsby, a cyber risk professional, shares insights on attack trees and their application in risk assessments. They explore the challenges of presenting risk analyses to executives and the need for thorough assessments in organizational settings.