Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Pricing
Podcast Image

Cyber Risk Management Podcast

Technology Business

Activity Overview

Episode publication activity over the past year

Episodes

Showing 1-100 of 199
Page 1 of 2 Next → »»

EP 199: AI Phishing at SecureWorld Seattle

16 Dec 2025

Contributed by Lukas

How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opp...

EP 198: Breaches within Breaches (Contract Obligations post security incident)

02 Dec 2025

Contributed by Lukas

What happens when a HIPAA Business Associate Agreement gets tested in court after a ransomware attack? And what can we learn from it? Let's find out w...

EP 197: Operational Cyber Resilience

18 Nov 2025

Contributed by Lukas

What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a ...

EP 196: Rogue AI Agents: What's Identity Got To Do With It?

04 Nov 2025

Contributed by Lukas

AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go ro...

EP 195: Board Cyber Reporting: The Right Questions, The Right Data

21 Oct 2025

Contributed by Lukas

Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with o...

EP 194: Why Are We Sitting Ducks for Phishing Attacks?

07 Oct 2025

Contributed by Lukas

Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petroc...

EP 193: Secure AI Transformation

23 Sep 2025

Contributed by Lukas

Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their ...

EP 192: How I Use AI (And You Can Too)

09 Sep 2025

Contributed by Lukas

How can generative AI transform your cybersecurity work without replacing your expertise? And why should you start experimenting now? Let's explore wi...

EP 191: How to Make FBI Your Best Ally

26 Aug 2025

Contributed by Lukas

How would you add law enforcement as a valuable resource to your cybersecurity program? And why would you want to? Let's find out with our guest Super...

EP 190: Augmented with AI (REPLAY)

12 Aug 2025

Contributed by Lukas

How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose ...

EP 189: Agentic AI and Ransomware

29 Jul 2025

Contributed by Lukas

Unit 42 (Palo Alto Networks) just showed they can use AI to conduct a complete ransomware attack in 25 minutes, a 100x speed increase. What does this ...

EP 188: Verizon DBIR 2025 Part 2

15 Jul 2025

Contributed by Lukas

And, here's part 2 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's in the rest of the 2025 report? Let's find out with y...

EP 187: Verizon DBIR 2025 Part 1

01 Jul 2025

Contributed by Lukas

It's time for part 1 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's new for 2025? Let's find out with your hosts Kip Bo...

EP 186: "Fire Doesn't Innovate" second edition

17 Jun 2025

Contributed by Lukas

The second edition of "Fire Doesn't Innovate" has dropped. What's new? Why it was updated? How can different types of readers get the most value from ...

EP 185: Courts and Non-deterministic Computing

03 Jun 2025

Contributed by Lukas

Is evidence from Artificial Intelligence and Quantum Computing devices legally admissible in court? And how are courts actually handling this influx? ...

EP 184: Spies, Honeypots, and Lawsuits

20 May 2025

Contributed by Lukas

Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with C...

EP 183: NIST CSF: The Missing Manual

06 May 2025

Contributed by Lukas

The implementation manual for the NIST Cybersecurity Framework gone missing. Can it be found? Let's find out with your hosts Kip Boyle, CISO with Cybe...

EP 182: When Webcams Turn Evil

22 Apr 2025

Contributed by Lukas

How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk O...

EP 181: Deploying AI Securely and Privately

08 Apr 2025

Contributed by Lukas

How can businesses securely and privately use AI tools? And, what are the top cyber risks of AI, anyway? Let's find out with your hosts Kip Boyle, CIS...

EP 180: The “Compliance Hammer” Alternative

25 Mar 2025

Contributed by Lukas

Tired of swinging the “compliance hammer” and hitting people until they submit to you? Would you rather be influential, and not dictatorial? Let's...

EP 179: Cybersecurity With No Money

11 Mar 2025

Contributed by Lukas

You're a recently hired, lone cybersecurity analyst. Your mandate is to pay off on the data and system protection promises your senior decision makers...

EP 178: New HIPAA Security Rule

25 Feb 2025

Contributed by Lukas

The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Heal...

EP 177: Workplace Injuries from Ransomware

11 Feb 2025

Contributed by Lukas

How do you protect cybersecurity responders from workplace injuries, particularly PTSD from ransomware attacks? Is that even a thing? Let's find out w...

EP 176: LIVE! Top 10 NIST SP 800-Series

28 Jan 2025

Contributed by Lukas

It’s our first time recording an episode LIVE with an audience. We were at the December 2024 the monthly membership meeting of the ISC2 Seattle Chap...

EP 175: What's a "Hacker"?

14 Jan 2025

Contributed by Lukas

What's a "hacker"? Are they good or bad? How do they think? Can their thinking help us in other problem spaces? Let's find out with our guest Ted Harr...

EP 174: The CrowdStrike Episode

31 Dec 2024

Contributed by Lukas

Have you done a post-mortem of the CrowdStrike IT outage of 2024? What are the major lessons? Let's find out with your hosts Kip Boyle, CISO with Cybe...

EP 173: Data Privacy in Cars

17 Dec 2024

Contributed by Lukas

What data do modern cars collect, how do they collect it, and why? And what should your company do about it? Let's find out with our guest Andrea Amic...

EP 172: Basic Legal Literacy for the CISO

03 Dec 2024

Contributed by Lukas

What does the CISO need to practice everyday in terms of basic legal literacy? Let's answer that question by looking through the lens of data breach a...

EP 171: Getting Buy-In for Cybersecurity

19 Nov 2024

Contributed by Lukas

How can you get high levels of buy-in for a cybersecurity program at the state level? Let's find out with our guest Michael Gregg, the CISO of North D...

EP 170: Augmented with AI

05 Nov 2024

Contributed by Lukas

How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose ...

EP 169: Cybersecurity Hiring Manager Insights

22 Oct 2024

Contributed by Lukas

What's the current cybersecurity hiring manager’s perspective on hiring? Talent scouting, employer reputation, etc.? Let's find out with our guest R...

EP 168: Staying Ahead of Cyber Risk Management Trends

08 Oct 2024

Contributed by Lukas

How can cybersecurity practitioners easily keep up with the changes in the "big picture" of cyber risk management? Let's find out with your hosts Kip ...

EP 167: Security Champions Program

24 Sep 2024

Contributed by Lukas

"Want to expand your cybersecurity tream? Do it with a ""Security Champions"" program. Let's find out how with our guest Bonnie Viteri. Your hosts Kip...

EP 166: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 2

10 Sep 2024

Contributed by Lukas

Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCI...

EP 165: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 1

27 Aug 2024

Contributed by Lukas

"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your host...

EP 164: Why are we so bad at vulnerability management?

12 Aug 2024

Contributed by Lukas

"Vulnerability management is really difficult, especially at scale. And after 20+ years that's still true. Our guest Alex Wood, who's the CISO of Upli...

EP 163: Self-Care

30 Jul 2024

Contributed by Lukas

"Self-care is a crucial yet seldom discussed topic. Why is that? How should we be taking care of ourselves and why? Let's find out with our guest Chri...

EP 162: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), part 2

16 Jul 2024

Contributed by Lukas

Let's continue unpacking the "Cyber Incident Reporting for Critical Infrastructure Act". What else do you need to know? Let's find out with your hosts...

EP 161: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)

02 Jul 2024

Contributed by Lukas

CIRCIA stands for the "Cyber Incident Reporting for Critical Infrastructure Act". But what does it really mean? Let's find out with your hosts Kip Boy...

EP 160: How to Find Your Top 5 Cyber Risks

18 Jun 2024

Contributed by Lukas

"You can find your top 5 cyber risks using a “top down” approach with the NIST Cybersecurity Framework. Along the way, you can shift your organiza...

EP 159: FTC 2023 Privacy and Data Security Update

04 Jun 2024

Contributed by Lukas

What kinds of unfair trade practices does the FTC look for when it comes to privacy and data security? Let's find out with your hosts Kip Boyle, CISO ...

EP 158: Business Continuity as a Revenue Generator?

21 May 2024

Contributed by Lukas

"Is overnight viral success is a kind of disruption that the business continuity (BC) discipline can help preapre you for? Let's find out with our gue...

EP 157: How To Assess Cyber Risk (REPLAY)

07 May 2024

Contributed by Lukas

"What's the definitive method for assessing cyber risk? Does it exist? How do you do it? Let's find out with your hosts Kip Boyle, CISO with Cyber Ris...

EP 156: Change Healthcare

23 Apr 2024

Contributed by Lukas

What happened in the Change Healthcare cyberattack? What are the impacts and how can cyber resilience be a competitive advantage? Let's find out with ...

EP 155: Cybersecurity and data privacy in M&A transactions

09 Apr 2024

Contributed by Lukas

The role of cybersecurity and data privacy due diligence when buying or selling a company has gone way up compared to five years ago. Why? And, what's...

EP 154: NIST AI Risk Management Framework, part 2

26 Mar 2024

Contributed by Lukas

Here's part 2 of what's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your ...

EP 153: NIST AI Risk Management Framework, part 1

12 Mar 2024

Contributed by Lukas

What's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, ...

EP 152: Boards of Directors and Cybersecurity

27 Feb 2024

Contributed by Lukas

The SEC says that Boards of Directors need cybersecurity expertise. But how exactly does that work? Let's find out with our guest Vanessa Pegueros, fo...

EP 151: Does Ransomware Kill Sick People?

13 Feb 2024

Contributed by Lukas

"Is there any reliable evidence that sick people die at a higher rate when their hospital is disabled by ransomware? Let's find out with your hosts Ki...

EP 150: Privacy Laws Driving Demand for Cybersecurity

30 Jan 2024

Contributed by Lukas

Twelve US states now have major privacy laws, up from only five last year. How is that driving demand for cybersecurity? Let's find out with your host...

EP 149: The Tools and Rules of Digital Trust

16 Jan 2024

Contributed by Lukas

How do you take a very important, yet ethereal, idea like digital trust and make it more concrete and actionable? Let's find out with your hosts Kip B...

EP 148: SEC Disclosure Rules on Cybersecurity

02 Jan 2024

Contributed by Lukas

What are the SEC’s new rules for cybersecurity disclosures, including cyber incidents AND annually about cybersecurity risk management and governanc...

EP 147: SEC Complaint against SolarWinds Corporation

19 Dec 2023

Contributed by Lukas

"What can we learn about the SEC Complaint against SolarWinds Corporation and Timothy G. Brown? Let's find out with your hosts Kip Boyle, CISO with Cy...

EP 146: Security Metrics

05 Dec 2023

Contributed by Lukas

"How can we measure success with cybersecurity? Let's find out with our guest Jared Pfost. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunitie...

EP 145: Why Do Employees Keep Ignoring Workplace Cybersecurity Rules?

21 Nov 2023

Contributed by Lukas

Why do employees keep ignoring workplace cybersecurity rules? And, what should cyber risk managers to do about it? Let's find out with your hosts Kip ...

EP 144: SecureWorld

07 Nov 2023

Contributed by Lukas

Have you heard of a regional cybersecurity conference in the US called SecureWorld? We really like it. So we invited Brad Graver, who’s the presiden...

EP 143: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 2

24 Oct 2023

Contributed by Lukas

Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCI...

EP 142: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 1

10 Oct 2023

Contributed by Lukas

Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts...

EP 141: What's New in NIST CSF v2

26 Sep 2023

Contributed by Lukas

What’s going to be in version 2 of the NIST Cybersecurity Framework? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, a...

EP 140: Entry Level IT & Cybersecurity Certifications Are Broken

12 Sep 2023

Contributed by Lukas

Entry level IT and Cybersecurity certifications cost too much and produce too many "paper tigers". How do we fix that? Let's find out with your hosts ...

EP 139: How to Use Cyber Insurance as a Cyber and Privacy Risk Management Tool

29 Aug 2023

Contributed by Lukas

How does an attorney think about using cyber insurance to manage cyber and privacy risks? Let's find out with our guest Jane Petoskey. Your hosts are ...

EP 138: What's With NIST Special Publication 800-171, Revision 3 and CMMC

15 Aug 2023

Contributed by Lukas

How is Revision 3 of NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification (CMMC) related to each other? Let's find out ...

EP 137: How to Make Tabletop Exercises (TTX) Fun!

01 Aug 2023

Contributed by Lukas

Traditional incident response exercises are often boring and awkward. That's why we don't do them, even though we should. Want a new way to get people...

EP 136: Why Cyber Resilience is a Business Advantage

18 Jul 2023

Contributed by Lukas

"An $8 billion company was hit by ransomware and then was sued in court by one of its best customers. What's the connection with cyber resilience? Let...

EP 135: Measuring Cyber Risk

04 Jul 2023

Contributed by Lukas

"Is the idea of measuring cyber risk ""hooey!"" as one of the InfoSec godfathers once said? Let's find out with our guest Ryan Leirvik. Your hosts are...

EP 134: The Business Value of Business Continuity

20 Jun 2023

Contributed by Lukas

"Is there any business value in “business continuity”? If so, how can we explain it so anyone can understand? Our guest is Erika Andresen, the Fou...

EP 133: ChatGPT and Cyber Risk Management

06 Jun 2023

Contributed by Lukas

"Can ChatGPT help us manage Cyber Risk? Can any generative artificial intelligence be helpful? If so, how? And are there any limitations? Let's find o...

EP 132: Helping Activists Operating Under a Repressive Regime

23 May 2023

Contributed by Lukas

How would you help political and human rights activists stay safe while using digital communications as they live under a repressive regime? One of us...

EP 131: How Identity Really Works on the Internet Today

09 May 2023

Contributed by Lukas

"What does identity on the Internet mean? What does the failure of identity cost us? Do we need to make any changes to the way we do digital identity?...

EP 130: How To Assess Cyber Risk

25 Apr 2023

Contributed by Lukas

"What's the definitive method for assessing cyber risk? Does it exist? How do you do it? Let's find out with your hosts Kip Boyle, CISO with Cyber Ris...

EP 129: Some Other Things I've Made for You

11 Apr 2023

Contributed by Lukas

"Beyond this podcast, I've made a lot of resources (most are free) to help you. In fact, you can now download a six page list of them all. Let me quic...

EP 128: Secrets of Cyber Risk Management at Non-Profits

28 Mar 2023

Contributed by Lukas

Are non-profits at risk for cyber exploitation? If so, why? And what should they do about it? Let's find out with our guest, Lew Bader, the Finance Di...

EP 127: Proactively Protect Your Reputation (#1 digital asset)

14 Mar 2023

Contributed by Lukas

"How do you proactively protect your #1 digital asset, which is your reputation? Let's find out with our guest, Sameer Somal, the CEO of Blue Ocean Gl...

EP 126: Due diligence as a Risk Management Approach

28 Feb 2023

Contributed by Lukas

"Can you “demonstrate due diligence to a defensible standard of care” as your risk management approach? This would replace ""red/yellow/green"" ap...

EP 125: Applied Security Design Principles

14 Feb 2023

Contributed by Lukas

There are many security design principles we can use to build and evaluate products and services. Can we use them to understand the LastPass incidents...

EP 124: Case Study for Cyber as a Material Business Risk

31 Jan 2023

Contributed by Lukas

"A $100 million Texas company called “United Structures of America” got struck by ransomware in 2019. You'll be surprised at what happened next. Y...

EP 123: How to Really Reduce the Risk of People Falling for Phishing

17 Jan 2023

Contributed by Lukas

What can we learn from a recently released research report called “Phishing in Organizations: Findings from a Large-Scale and Long-Term Study”? Le...

EP 122: Best Episode of 2022

03 Jan 2023

Contributed by Lukas

What's our "best episode" of 2022? This one had the highest number of downloads. Let's find out which one it was with your hosts Kip Boyle, CISO with ...

EP 121: The Myth Busters Episode

20 Dec 2022

Contributed by Lukas

What are the biggest, yet wrong, ideas that float around all the time and often cause senior decision makers to make poor decisions? Let's find out wi...

EP 120: The 2022 Verizon Data Breach Investigations Report (DBIR) Part 2

06 Dec 2022

Contributed by Lukas

Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCI...

EP 119: The 2022 Verizon Data Breach Investigations Report (DBIR) Part 1

22 Nov 2022

Contributed by Lukas

Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts...

EP 118: Chief Operating Officer is also CISO

08 Nov 2022

Contributed by Lukas

What if your Chief Operating Officer was also your Chief Information Security Officer? What would that be like? And, who would do it? Let's find out w...

EP 117: Cyber Risk Management During Company Acquisition

25 Oct 2022

Contributed by Lukas

How can Deal Teams and M&A Teams understand and manage cyber risk so they can make better business decisions during the company acquisition proces...

EP 116: Update of State Data Security Laws

11 Oct 2022

Contributed by Lukas

Did you know there’s an avalanche of state and federal privacy laws and regulations that are either being actively debated or have been passed and w...

EP 115: Insurance Companies as Cybersecurity Leaders

27 Sep 2022

Contributed by Lukas

Can the insurance industry find a way to reduce the rate of major cyber incidents like it did by promoting airbags to reduce highway death rates or sp...

EP 114: Cyber Insurance Drives Security Beyond Your Cyber Policy

13 Sep 2022

Contributed by Lukas

Can small-medium-sized businesses benefit from cyber insurance even if they don't buy a policy? How? Let's find out with my guest Jason Rebholz, CISO ...

EP 113: Self-Insuring for Cyber Risks

30 Aug 2022

Contributed by Lukas

Cybersecurity is intertwining with D&O litigation and more companies are self-insuring for cyber risks. Why? Our guest is Rachel Jenkins, the Mana...

EP112: How to Work With CFOs on Cyber Risk Management

16 Aug 2022

Contributed by Lukas

You’re going to need the CFO’s support to be successful managing cybersecurity. Why? If for no other reason than the CFO controls the purse string...

EP 111: Ethical Phisheries

02 Aug 2022

Contributed by Lukas

How do you run a successful anti-phishing program that will actually reduce your risk without sacrificing employee goodwill? Our guest, Ean Meyer, kno...

EP 110: Thriving in this Crazy Cyber Insurance Market

19 Jul 2022

Contributed by Lukas

Cyber insurance, once so easy to get, is now scarce and expensive. Why did this happen? How long will it last? What can you do until sanity returns? F...

EP 109: FTC’s Strange Action Against Cafe Press

05 Jul 2022

Contributed by Lukas

The Federal Trade Commission unusually took action against the current AND former owners of CafePress over the February 2019 customer data breach. Why...

EP 108: Some Workgroups Deserve More Protection Against Malware

21 Jun 2022

Contributed by Lukas

Due to the way some workgroups must work, they deserve more protection against malware. But how can you do that in a minimum viable way? Let's find ou...

EP 107: Response Side of Vendor Due Diligence

07 Jun 2022

Contributed by Lukas

What are the challenges of smaller vendors responding to due diligence requests from their large customers? And what can they do about them? Let's fin...

EP 106: Anatomy of a Hack: Pandora Papers

24 May 2022

Contributed by Lukas

What are the Pandora Papers? Where did they come from? What's the impact of the Pandora Papers on the legal industry? What are the practical cybersecu...

EP 105: Your IT Person is Not Your Cybersecurity Person

10 May 2022

Contributed by Lukas

IT and cybersecurity actually have very little overlap. The people performing them have similar skills but they have very different goals and very dif...

EP 104: Easy Target due to Corporate Identity Crisis

26 Apr 2022

Contributed by Lukas

Can an identity crisis make organizations an easy target for cyber-criminals? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportun...

EP 103: SEC's Proposed Rules for Cyber Risk Management

12 Apr 2022

Contributed by Lukas

What's in the Security Exchange Commission’s proposal for new cybersecurity risk management rules for investment advisers and investment companies? ...

EP 102: Cybersecurity Hiring Manager Handbook

29 Mar 2022

Contributed by Lukas

Do you want to attract and retain top tier talent for your InfoSec team? To work “on your program” instead of working “in your program”? Learn...

EP 101: FTC's Major Updates to GLBA Safeguards Rule

15 Mar 2022

Contributed by Lukas

Is your business “significantly engaged” in providing financial products or services of any kind? Then you need to know about the updates to the S...

EP 100: Celebrating our One Hundredth Episode!

03 Mar 2022

Contributed by Lukas

When we first started this podcast, we weren't thinking about 50 episodes, let alone 100. How did we make it this far? What's next? Let's find out wit...
Page 1 of 2 Next → »»