Caffeinated Risk
Episodes
Cyber Resilience, a National Solution with Herbert Fensury
04 Dec 2025
Contributed by Lukas
Cyber crime is now a daily fact of life and a significant concern in both the private and public sectors but our response capabilities do not seem to ...
Integrated Assurance with Patrick Hayes
23 Oct 2025
Contributed by Lukas
20 years after their paths first crossed, three Canadian security professionals regroup to discuss a new risk management strategy book based on hard w...
The Summer Show - 2025, (pt 2)
11 Sep 2025
Contributed by Lukas
Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late Decemb...
The Summer Show - 2025, (pt 1)
28 Aug 2025
Contributed by Lukas
The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Fo...
ESRM roots, revelations & resilience with John Petruzzi
31 Jul 2025
Contributed by Lukas
Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the t...
Global Risk Management as Strategic Advantage with Dominic Bowen
19 Jun 2025
Contributed by Lukas
The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an internati...
Simplifying risk analysis using FAIR and Wiley Coyote with Jack Freund
24 Apr 2025
Contributed by Lukas
A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and pract...
SMB Resilience and lessons for larger organizations with Rochelle Clarke
27 Mar 2025
Contributed by Lukas
At 45-50%, depending on your statistical source, there is no denying that small to medium sized businesses are a significant economic engine from both...
Addressing Risk and Cyber Resilience, the Alberta Approach - with Rachel Hayward
20 Feb 2025
Contributed by Lukas
A surprising number of digital innovations began in Alberta, be it the world's first public digital cellular network in 1985, the DNP3 industrial...
Security Risk Management in an Open Data Environment with Michael Spaling
09 Jan 2025
Contributed by Lukas
Ever wondered how top universities protect their cutting-edge research from prying eyes while ensuring seamless access for their scholars? Join us as ...
Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter
30 Nov 2024
Contributed by Lukas
The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a...
Deviance Normalization & Risk Management with Marco Ayala
24 Oct 2024
Contributed by Lukas
Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Althoug...
Managing Supply Chain Risk Management - with Darren Gallop
26 Sep 2024
Contributed by Lukas
Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) i...
Metawar and Fostering Resilience with Winn Schwartau
29 Aug 2024
Contributed by Lukas
Long before the Matrix captured peoples imaginations, Winn Schwartau was steadily offering red pills for those reading his many books on information w...
Resilience and I.R. Lessons Learned (the hard way) - with Adam McMath
11 Jul 2024
Contributed by Lukas
Almost all incident response plans include a "lessons learned" step, and in the post adrenalin phase that follows many breaches, reviewing...
ESRM a Transformation Catalyst with Radek Havlis
30 May 2024
Contributed by Lukas
Amongst the industry verticals classified as critical infrastructure, few would argue that telecommunications belongs in the top that list, placing ev...
Contingency Planning, Cyber Resilience and Incident Response
28 Mar 2024
Contributed by Lukas
Regulatory frameworks from PCI-DSS to NERC-CIP to the newly minted NIST CSF 2.0 each require organizations of all sizes to have cyber incident res...
The Business Context of Cyber Resilience with Steven J Ross
22 Feb 2024
Contributed by Lukas
Those running a business today who have not experienced disruption due to cyber issues or attacks know it is only a matter of time. Even if their orga...
Building a Cyber Risk Management Program with Brian Allen
25 Jan 2024
Contributed by Lukas
The U.S. Security Exchange Commission defined new rules for cyber risk matters facing publicly traded corporations in July of 2023. Although the SEC...
CyberPHA - OT Risk management With John Cusimano
14 Dec 2023
Contributed by Lukas
The ISA 99 standards body is one of the most recognized authorities on cyber physical security covering many aspects of a cyber security management sy...
Science, Crime and Workforce Development with Dr. Martin Gill
23 Nov 2023
Contributed by Lukas
Security and crime are often in close proximity but not always studied together. This month's episode features Martin Gill a criminologist who ma...
ESRM a Decade In and The Emergent Threat Landscape
28 Sep 2023
Contributed by Lukas
Post GSX conference, which included an in-depth review of ESRM and an interview with former U.S. president George W Bush, this episode considers how...
Business Enablement using Converged Risk Management with Michael Lashlee
24 Aug 2023
Contributed by Lukas
The convergence buzzword has come and gone and some organizations have struggled to reap the benefits of physical and cyber security departments worki...
Interpreting Risk within a Regulatory Context with Terry Freestone
27 Jul 2023
Contributed by Lukas
Calgary was an ICS cyber hub before most knew such measures were necessary, Terry Freestone was one of the ICT specialists from those early days who...
2023 Summer Show
29 Jun 2023
Contributed by Lukas
Keeping up the accidental annual tradition Tim and Doug take a retrospective look at risk management as a mid-year pulse. The 10th annual Cyberthrea...
ESRM and Data Science with Rachelle Loyear
25 May 2023
Contributed by Lukas
One of the original authors of the ESRM framework, now in it's tenth year, and Caffeinated Risk's first guest returns to discuss how data ...
Attack Tree Calibration with Terry Ingoldsby
23 Mar 2023
Contributed by Lukas
Threat modeling expert and inventor of one of the world's first attack tree modeling products talks about how to integrate subject matter exper...
FAIR and ESRM, exploring common ground with Jack Freund
23 Feb 2023
Contributed by Lukas
Factor Analysis of Information Risk (FAIR) and Enterprise Security Risk Management (ESRM) took different evolutionary paths yet share a lot more commo...
Cyber-Physical Convergence Revisited
19 Jan 2023
Contributed by Lukas
In addition to hybrid work and regular time in the office being the new normal, 2023 marks the year Caffeinated Risk's co-host Tim McCreight se...
ESRM Enablement via Location Intelligence with Alex Martonik
15 Dec 2022
Contributed by Lukas
Realtors have long advocated "location, location, location" as a path to investment success. Fast forwarding a few generations, loc...
Privacy & Toxic Data with Michelle Finneran Dennedy
17 Nov 2022
Contributed by Lukas
A great discussion point that didn't make it to air from the original 2021. Not all data is of equal value to the organization and the viable she...
Classifying and effectively communicating enterprise security risk with Paul Mercer
20 Oct 2022
Contributed by Lukas
Communication isn't effective until the receiver understands the message well enough to take action. That pretty much sums up the challenge facin...
Redefining the risk management business partnership with Rachelle Loyear
08 Sep 2022
Contributed by Lukas
Co-author of the original book on Enterprise Security Risk Management, it only made sense to have Rachelle be the first Caffeinated Risk guest. Like...
Resilience as a Risk Management Strategy
18 Aug 2022
Contributed by Lukas
Anyone with a bit of time in the security industry is well acquainted with Murphy's law but crisis management specialists are who you call when...
Infrastructure Resilience and Ethical Considerations
21 Jul 2022
Contributed by Lukas
Recorded two days after the July 2022 nationwide telecom outage, co-hosts Tim and Doug explore the deeper ramifications of losing access to the ve...
GRC Program Development and Implementation with Josh Sokol
16 Jun 2022
Contributed by Lukas
Sooner or later every risk management professional faces the hard reality that comprehensive risk management programs can't be implemented on spr...
Strategies for meeting the cyber skill set challenge with Martin Dinel
19 May 2022
Contributed by Lukas
Chief Information Security Officer Martin Dinel has all the same technology challenges of every other large organization. Placing Alberta in front of ...
Risk management in the cloud with Illena Armstrong
21 Apr 2022
Contributed by Lukas
Very few organizations, from three letter agencies to the local brew pub are not using cloud services to some degree and those previously resistant ha...
Cyber Crime and Risk Management Strategies with Cara Wolf
17 Mar 2022
Contributed by Lukas
Acknowledged by IT World Canada as one of the top 20 women in cyber, Cara Wolf shares insights into the Canadian tech industry , the need for inno...
Continuous Authentication and Risk Management with Ian Paterson
16 Feb 2022
Contributed by Lukas
The threat landscape is evolving, if your security controls are not, the outcome is all but assured. In this episode Tim and Doug are joined by Canadi...
Castles and Network Management with Winn Schwartau
03 Feb 2022
Contributed by Lukas
A light hearted espresso shot with renowned information security writer Winn Schwartau and Tim McCreight discussing the serious and all too common pro...
Unpacking the Security Value Chain - Dave Tyson
20 Jan 2022
Contributed by Lukas
An espresso shot covering a great idea Dave Tyson originally shared in his book and discussed during our 2021 interview on identifying where securit...
Innovation and Influence
16 Dec 2021
Contributed by Lukas
The year end episode does some comparing and contrasting of risk management in different areas, including things outside of cyber. Ironically, recorde...
Applying Scientific Principles to Risk Management - With Doug Millward
18 Nov 2021
Contributed by Lukas
While many in risk management or cyber security reference standards and leading practices, it can often be based on tacit acceptance, rather than deep...
Risk and Kinetic Consequences - with Paul Smith
21 Oct 2021
Contributed by Lukas
Skilled penetration testers are some of the more specialized people within the information security industry. When it comes to safely testing kinetic ...
Privacy Engineering, Manifesto & Beyond with Michelle Finneran Dennedy
16 Sep 2021
Contributed by Lukas
Formerly vice president and chief privacy office at Cisco, CEO of Drumwave and a licensed attorney, Michelle Finneran Dennedy is recognized as a visio...
Following the Money in Cybersecurity with Larry Whiteside Jr.
19 Aug 2021
Contributed by Lukas
A business without cash flow isn't a business for long and security solutions are seldom free yet cyber security is a line item that business own...
Back to work, just in time for summer
22 Jul 2021
Contributed by Lukas
Cohosts Tim and Doug explore the security implications of workers returning to the corporate networks after over a year working remotely. Is there a ...
A Business First Security Focus with Dave Tyson
16 Jun 2021
Contributed by Lukas
Dave Tyson literally wrote the book on Managing Enterprise Security Risk through converged security while serving as the CSO for the City of Vancouv...
Security risk analysis using attack trees with Terry Ingoldsby
19 May 2021
Contributed by Lukas
"We need more science in Cyber Security" David Hechler, TAG Cyber Law Journal Threat modeling should be step 0 of any security architectu...
Transitions and transformation within the security industry with Scott Klososky
14 Apr 2021
Contributed by Lukas
Serial entrepreneur, author and futurist Scott Klososky explores some new approaches to physical and cyber security that are innovative, potentially...
Security through management of time and trust with Winn Schwartau
18 Mar 2021
Contributed by Lukas
A security luminary before such a title was even coined, Winn Schwartau's predictions about the internet and global security problems have been s...
Rethinking Security Control Design with Rachelle Loyear
17 Feb 2021
Contributed by Lukas
Co-author of Enterprise Security Risk Management: Concepts and Applications , Rachelle Loyear has spent her career managing programs in corporate...
Preview Trailer: ESRM & Critical Infrastructure
17 Jan 2021
Contributed by Lukas
The first full episode is scheduled for release February 18th. The trailer includes a few conversation segments between the cohosts on enterprise secu...