Created with Sketch.
31 minutes | Oct 21, 2021
Risk and Kinetic Consequences - with Paul Smith
Skilled penetration testers are some of the more specialized people within the information security industry. When it comes to safely testing kinetic systems the pool of talented ethical hackers shrinks again but does include Paul Smith who has written a brand new book on the subject. An ICS security specialist before it was a recognized specialty, Paul Smith has been a field operator, security tester, product manager, ICS vulnerability researcher and more. This episode explores risk consideration when impacts are measured in environmental damage and human life rather than records in a database. Mr. Smith's new book, "Pentesting Industrial Control Systems: An ethical hacker's guide to analyzing, compromising, mitigating and securing industrial processes" , will be released November 9th 2021.
31 minutes | Sep 16, 2021
Privacy Engineering, Manifesto & Beyond with Michelle Finneran Dennedy
Formerly vice president and chief privacy office at Cisco, CEO of Drumwave and a licensed attorney, Michelle Finneran Dennedy is recognized as a visionary leader in information systems privacy. Currently the co-founder of Privatus Consulting supporting clients working through the wicked problem of privacy in this digital age.Much to the benefit of Caffeinated Risk listeners she is also a friend of co-host Tim McCreight and her wonderful sense of humor results in some very entertaining banter on a traditionally serious subject. Ms. Dennedy is also the co-author of the Privacy Engineer's Manifesto, a must have reference for any privacy or security professional made freely available via Amazon digital download.
36 minutes | Aug 19, 2021
Following the Money in Cybersecurity with Larry Whiteside Jr.
A business without cash flow isn't a business for long and security solutions are seldom free yet cyber security is a line item that business owners ignore at their peril. Cost management and risk management come together in this lively podcast with special guest Larry Whiteside Jr. a former US Air Force division chief who has held a number of senior cyber security executive positions since returning to civilian life in 2002. Mr. Whiteside is also the co-founder of the the International Consortium of Minority Cybersecurity Professionals (ICMCP), a non-profit organization working to increase female and visible minority professionals in the industry. He offers some sage advice to all those currently struggling to enter the industry and those searching for talent while still keeping an eye on the bottom line.
28 minutes | Jul 22, 2021
Back to work, just in time for summer
Cohosts Tim and Doug explore the security implications of workers returning to the corporate networks after over a year working remotely. Is there a new art of the possible to be considered based on the changes most organizations needed to make to networks and applications to get through the pandemic lockdown? Is this now more important than ever since the financial impacts of ransomware have reached new record levels and how might ESRM practices support resilience improvements.
30 minutes | Jun 16, 2021
A Business First Security Focus with Dave Tyson
Dave Tyson literally wrote the book on Managing Enterprise Security Risk through converged security while serving as the CSO for the City of Vancouver during the winter Olympic games. A practitioner rather than a theorist, Tyson has held senior security leadership positions at multiple major organizations including eBay, Pacific Gas and Electric and SC Johnson.In this episode Dave Tyson discusses the origins of security convergence, why organizations need to explore this now more than ever and how to gain support with the executive suite by identifying and removing value chain friction created by security processes.
35 minutes | May 19, 2021
Security risk analysis using attack trees with Terry Ingoldsby
"We need more science in Cyber Security" David Hechler, TAG Cyber Law Journal Threat modeling should be step 0 of any security architecture but often goes completely unconsidered. This episode features Terry Ingoldsby, a veteran cyber risk professional, physicist, computer scientist and inventor of Securitree. Ingoldsby created the attack tree development platform because he felt cyber security assessments should be defendable rather than just the educated opinion of assessor.Despite being the inventor, there is no sales pitch. Terry, Tim and Doug talk risk, engineering, business cases and why there is no AI magic when it comes to identifying events that could end your organization.
35 minutes | Apr 14, 2021
Transitions and transformation within the security industry with Scott Kolosky
Serial entrepreneur, author and futurist Scott Klososky explores some new approaches to physical and cyber security that are innovative, potentially controversial and necessary as more and more of our daily way of life is affected by these security problems. Ten years before Youtube Mr. Klososky founded a startup that delivered webcasted media for commercial, government, sports and entertainment. Scott has consistently demonstrated the ability to identify market opportunities and technology trends well in advance. Following the success of Webcasts.com with a second generation online banking platform that enabled smaller financial companies to compete head to head with the majors.Today Scott Kolosky supports business leaders and boards by merging hard won success in technology with forward looking analysis to create concepts and models needed in today's hyper competitive markets. Whether those needs are the fusion of humans and technology within an organization, data intelligence or risk management and the development of an integrated security model.
31 minutes | Mar 18, 2021
Security through management of time and trust with Winn Schwartau
A security luminary before such a title was even coined, Winn Schwartau's predictions about the internet and global security problems have been scarily spot on for more than 30 years. Named the “Civilian Architect of Information Warfare” by Admiral Patrick Tyrrell of the British Ministry of Defense, Schwartau also testified before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. His new book, "Analogue Network Security" is a mathematical, time-based and probabilistic approach to justifiable security. Winn and the Caffeinated Risk hosts explore how the the management of time and trust as an alternative approach to blind faith in the castle & moat model that continues to fail us.
30 minutes | Feb 17, 2021
Rethinking Security Control Design with Rachelle Loyear
Co-author of Enterprise Security Risk Management: Concepts and Applications , Rachelle Loyear has spent her career managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.She is currently active on a number of projects including: - refining and releasing a Global ESRM approach to customer solution development for G4S - working with customer focus groups to understand what the security industry really needs to manage risk – using Design Thinking principlesRachelle also shares lessons learned on identifying and effectively communicating with the correct stakeholders for risk acceptance.
6 minutes | Jan 17, 2021
Preview Trailer: ESRM & Critical Infrastructure
The first full episode is scheduled for release February 18th. The trailer includes a few conversation segments between the cohosts on enterprise security risk management and critical infrastructure. Visit CaffeinatedRisk.com for more articles on the intersection of risk management and technology.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2021