Cyber Risk Management Podcast

Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.    If you want to know more about honeypots, check out Kip's newest LinkedIn Learning course: “Active Defense: The New Frontier in Cybersecurity” -- https://www.linkedin.com/learning/active-defense-the-new-frontier-in-cybersecurity/

The implementation manual for the NIST Cybersecurity Framework gone missing. Can it be found? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.    Want a deep discount on Kip's new Udemy course "Implement version 2 of NIST Cybersecurity Framework"? This one is valid until May 31, 2025 -- CRM_PODCAST_FRIEND   https://www.udemy.com/course/implement-version-2-of-nist-cybersecurity-framework/?couponCode=CRM_PODCAST_FRIEND   If you need to quickly get up-to-speed with the changes in NCSF v2 listen to this episode -- https://cr-map.com/podcast/141/

How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.    Want to quickly come up to speed with the Essential Eight (E8)? Listen to this episode:   https://cr-map.com/podcast/63/

How can businesses securely and privately use AI tools? And, what are the top cyber risks of AI, anyway? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.  Want to quickly come up to speed with the NIST AI Risk Management Framework? Listen to these two episodes: Part 1 -- https://cr-map.com/podcast/153 Part 2 -- https://cr-map.com/podcast/154

Tired of swinging the “compliance hammer” and hitting people until they submit to you? Would you rather be influential, and not dictatorial? Let's find out how you can with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. See our previous episode on the subject of "buy-in" with our guest Michael Gregg, the CISO of North Dakota -- https://cr-map.com/podcast/171/

You're a recently hired, lone cybersecurity analyst. Your mandate is to pay off on the data and system protection promises your senior decision makers made to an exciting new customer. Plot twist: You have no money. Now what? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Health Information. Yes, this is HIPAA. But what will it mean for covered entities and their business associates? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Show notes: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C

How do you protect cybersecurity responders from workplace injuries, particularly PTSD from ransomware attacks? Is that even a thing? Let's find out with our guest Alexander Abney-King, a workplace psychologist and virtual CIO. He helps businesses adapt to world changes. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/alexanderabney-king/ Website -- https://www.secureittulsa.com/services/vcio

It's our first time recording an episode LIVE with an audience. We were at the December 2024 the monthly membership meeting of the ISC2 Seattle Chapter. Our topic: What has NIST released in its Special Publication (SP) 800 series that could be of great value to your work? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. List of all SP 800 public releases: https://csrc.nist.gov/publications/sp800

What's a "hacker"? Are they good or bad? How do they think? Can their thinking help us in other problem spaces? Let's find out with our guest Ted Harrington, who's dedicated his career to ethical hacking in order to help organizations build better, more secure systems. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/securityted/ Website -- https://www.tedharrington.com/

Have you done a post-mortem of the CrowdStrike IT outage of 2024? What are the major lessons? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Incident background and impacts -- https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages

What data do modern cars collect, how do they collect it, and why? And what should your company do about it? Let's find out with our guest Andrea Amico, the founder and CEO of Privacy4Cars. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/%F0%9F%9B%A1%EF%B8%8F%F0%9F%9A%98-andrea-amico-a44aa/ Website -- https://privacy4cars.com Website – https://www.vehicleprivacyreport.com

What does the CISO need to practice everyday in terms of basic legal literacy? Let's answer that question by looking through the lens of data breach and privacy class action litigation. Our guest is Douglas Brush, a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Doug's LinkedIn profile -- https://www.linkedin.com/in/douglasabrush/ Doug's Website -- https://brushcyber.com/

How can you get high levels of buy-in for a cybersecurity program at the state level? Let's find out with our guest Michael Gregg, the CISO of North Dakota. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/michaelgregg01/ SecureWorld -- https://www.secureworld.io/events

How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Website: https://danielmiessler.com/ LinkedIn: https://www.linkedin.com/in/danielmiessler/ X: https://x.com/DanielMiessler Fabric: https://github.com/danielmiessler/fabric Blog Post: https://danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong

What's the current cybersecurity hiring manager's perspective on hiring? Talent scouting, employer reputation, etc.? Let's find out with our guest Reanna Schultz. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Reanna Schultz's LinkedIn profile -- https://www.linkedin.com/in/reanna-schultz/ Reanna's company "CyberSpeak Labs LLC" -- https://www.cyberspeaklabs.com/ "Cybersecurity Hiring Manager Handbook" -- https://cybersecurity-hiring-manager-handbook.netlify.app/ "Your Cyber Path" podcast -- https://www.YourCyberPath.com "IRRESISTIBLE" cybersecurity job hunter's course on Udemy -- https://www.udemy.com/course/irresistible-cybersecurity

How can cybersecurity practitioners easily keep up with the changes in the "big picture" of cyber risk management? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Want to expand your cybersecurity tream? Do it with a ""Security Champions"" program. Let's find out how with our guest Bonnie Viteri. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""How to Really Make Sure that Cybersecurity is Everyone's Job"" (pt 1 & 2) Bonnie Viteri's LinkedIn profile: https://www.linkedin.com/in/bonnie-b-242a0b11b/ "

Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"

"Vulnerability management is really difficult, especially at scale. And after 20+ years that's still true. Our guest Alex Wood, who's the CISO of Uplight, will help us understand why and consider practical suggestions for getting better. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Alex Wood's LinkedIn Profile -- https://www.linkedin.com/in/alexbwood/ Colorado = Security -- https://www.colorado-security.com/ "

"Self-care is a crucial yet seldom discussed topic. Why is that? How should we be taking care of ourselves and why? Let's find out with our guest Chris Roberts, who most recently was the CISO of Boom Supersonic. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Chris Roberts' LinkedIn Profile -- https://www.linkedin.com/in/sidragon1/"

Let's continue unpacking the "Cyber Incident Reporting for Critical Infrastructure Act". What else do you need to know? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

CIRCIA stands for the "Cyber Incident Reporting for Critical Infrastructure Act". But what does it really mean? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"You can find your top 5 cyber risks using a “top down” approach with the NIST Cybersecurity Framework. Along the way, you can shift your organization towards better practice of reasonable cybersecurity. Know how? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. You can see our ""zero through ten"" scale scorecard here -- https://b.link/scorekey You can watch our interview prep video here -- https://b.link/interview"

What kinds of unfair trade practices does the FTC look for when it comes to privacy and data security? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Is overnight viral success is a kind of disruption that the business continuity (BC) discipline can help preapre you for? Let's find out with our guest Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Erika's Book, ""How to Not Kill Your Business"" -- https://www.amazon.com/gp/product/199018538X Website -- https://www.eaasc.com/ LinkedIn Profile -- https://www.linkedin.com/in/erika-andresen/"

"What's the definitive method for assessing cyber risk? Does it exist? How do you do it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. If you want to know more, Kip has a course on LinkedIn Learning you can check out: ""IT and Cybersecurity Risk Management Essential Training"" -- https://www.linkedin.com/learning/it-and-cybersecurity-risk-management- essential-training/ Kip also has a Udemy course that describes our semi-quantitative approach: ""Implementing NIST Cybersecurity Framework"" -- https://www.udemy.com/course/nist-cybersecurity-framework/ "

What happened in the Change Healthcare cyberattack? What are the impacts and how can cyber resilience be a competitive advantage? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

The role of cybersecurity and data privacy due diligence when buying or selling a company has gone way up compared to five years ago. Why? And, what's at stake? Let's find out with our guest Brian Levine. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Here's part 2 of what's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

What's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

The SEC says that Boards of Directors need cybersecurity expertise. But how exactly does that work? Let's find out with our guest Vanessa Pegueros, former CISO of DocuSign. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Is there any reliable evidence that sick people die at a higher rate when their hospital is disabled by ransomware? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. “Hacked to Pieces? The Effects of Ransomware Attacks on Hospitals and Patients” University of Minnesota - Twin Cities - School of Public Health https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4579292 ""Killware"" -- https://www.cr-map.com/97"

Twelve US states now have major privacy laws, up from only five last year. How is that driving demand for cybersecurity? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

How do you take a very important, yet ethereal, idea like digital trust and make it more concrete and actionable? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

What are the SEC's new rules for cybersecurity disclosures, including cyber incidents AND annually about cybersecurity risk management and governance? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"What can we learn about the SEC Complaint against SolarWinds Corporation and Timothy G. Brown? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. EP 96: ""Normalizing Greater Accountability For Cybersecurity Fraud"" EP 109: ""FTC's Strange Action Against Cafe Press"" "

"How can we measure success with cybersecurity? Let's find out with our guest Jared Pfost. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. See Jared's ""Security Metrics Reference"" here -- https://www.cr-map.com/metrics"

Why do employees keep ignoring workplace cybersecurity rules? And, what should cyber risk managers to do about it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you heard of a regional cybersecurity conference in the US called SecureWorld? We really like it. So we invited Brad Graver, who's the president of SecureWorld, to tell us what makes them different from all the other conferences we could go to. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

What's going to be in version 2 of the NIST Cybersecurity Framework? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Entry level IT and Cybersecurity certifications cost too much and produce too many "paper tigers". How do we fix that? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

How does an attorney think about using cyber insurance to manage cyber and privacy risks? Let's find out with our guest Jane Petoskey. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

How is Revision 3 of NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification (CMMC) related to each other? Let's find out with our guest Jacob Horne. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Traditional incident response exercises are often boring and awkward. That's why we don't do them, even though we should. Want a new way to get people excited about doing one? Let's learn about a proven innovation with our guest Glen Sorensen. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"An $8 billion company was hit by ransomware and then was sued in court by one of its best customers. What's the connection with cyber resilience? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Case Study for Cyber as a Material Business Risk"" -- https://www.cr-map.com/124"

"Is the idea of measuring cyber risk ""hooey!"" as one of the InfoSec godfathers once said? Let's find out with our guest Ryan Leirvik. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Ryan's book ""Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program"" -- https://www.amazon.com/Understand-Manage-Measure-Cyber-Risk/dp/1484278208/ Website -- https://www.neuvik.com/ LinkedIn Profile -- https://www.linkedin.com/in/leirvik/"

"Is there any business value in “business continuity”? If so, how can we explain it so anyone can understand? Our guest is Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Erika's Book, ""How to Not Kill Your Business"" -- https://www.amazon.com/gp/product/199018538X Website -- https://www.eaasc.com/ LinkedIn Profile -- https://www.linkedin.com/in/erika-andresen/"