POPULARITY
Anthropic, the company that built Claude, just accidentally published the full source code of their most important product. And it was their second data exposure in five days. What does this teach every organization buying AI tools right now? Kip Boyle shares the best takeaways from CRO's AI governance training and explains why the risk of AI isn't the AI itself. Your host is Kip Boyle, CISO with Cyber Risk Opportunities. Subscribe to Inflection Point -- https://cr-map.com/inflectionpoint/ SecureWorld AI Security PLUS course -- https://www.secureworld.io/events "Gears Don't Guess: The Executive's Practical Guide to Thriving in the Face of AI Hype and Risk" (forthcoming book, Fall 2026) AIR-MAP AI Risk Assessment -- https://air-map.io
In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let's find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, who lived through that attack and came out the other side with hard-won lessons about executive decision-making under pressure. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/stephanie-warren-0746343/
What does the generative AI conversation actually sound like inside a boardroom? Is the board ready to govern it? And what do board members wish CISOs understood about how they make decisions? Let's find out with our guest, Vanessa Pegueros, former CISO at Docusign and U.S. Bank, and current board member at LivePerson and BECU. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/vanessapegueros Website – https://vanessapegueros.com
A Stripe employee hid a message in his LinkedIn profile telling any AI that read it to include a flan recipe. A month later, an AI recruiter emailed him one. It's funny until you realize the same technique can exfiltrate data, generate phishing content, or hijack automated business processes. What is prompt injection, why does OWASP rank it as the number one risk to large language models, and what should you do about it? Let's find out. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. OWASP Top 10 for LLM Applications -- https://genai.owasp.org
What happens when a cybersecurity team designs controls without asking the business what they need? And what role exists specifically to prevent that? Let's find out with our guests Brian Shea and Maggie Amato, former Business Information Security Officers at Salesforce. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Brian Shea's LinkedIn profile -- https://www.linkedin.com/in/brianshea/ Maggie Amato's LinkedIn profile -- https://www.linkedin.com/in/maggie-amato-021624164/
Fire hasn't changed since the dawn of humanity, but our cyber adversaries evolve every single day. What happens when organizations spend $10 on AI transformation for every $1 on cybersecurity? In this special ROCon 2025 keynote replay, Kip shares two stories that changed how he thinks about risk: a "perfect" employee who became an insider threat in four weeks, and a $12M deepfake that defeated every technical control on the dashboard. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Get Kip's book, "Fire Doesn't Innovate" 2nd Edition -- https://a.co/d/0bYatohy
Privacy laws keep multiplying, regulations keep changing, and AI is making everything more complex. How do businesses build privacy compliance that actually sticks instead of just checking a box? Let's find out with our guest Jordan Fischer, Founder and Partner at Fischer Law and Cybersecurity Lecturer at UC Berkeley. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Jordan Fischer's website: https://jordanfischerlaw.com Shoshana Zuboff's book: https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism
Most cybersecurity people talk at CFOs instead of with them. What if there were a simple test to know when a CFO wants to learn about cyber risk versus when they just need someone to trust? Let's find out with our guest James Wheeler, a highly experienced CFO who now runs kept.pro, providing fractional accounting teams to businesses across the country. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn: https://www.linkedin.com/in/jamesdavidwheeler/ "Fire Doesn't Innovate" by Kip Boyle: https://a.co/d/0bYatohy
Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/scott-stransky-92659095/ Top 12 Report -- https://www.marsh.com/en/services/cyber-risk/insights/cybersecurity-signals.html Marsh Cyber Risk Intelligence Center -- https://www.corporate.marsh.com/solutions/cyber-resilience/cyber-risk-intelligence-center.html
Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/chuvakin/ Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/
AI-driven attacks aren't coming; they're here. A Chinese state-sponsored group just ran cyber espionage operations that were 80 to 90 percent autonomous. What does this means for defenders? Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Here's Anthropic's report -- https://www.anthropic.com/news/disrupting-AI-espionage
AI can supercharge your security team. But it can also supercharge attackers. So how do you stay ahead in an AI-powered threat landscape? Let's find out in our special 200th episode! Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Kip's keynote address -- https://youtu.be/DNRNbT0IaKM "Fire Doesn't Innovate: Thriving in the Face of Evolving Cyber Risks" In this ROCon 2025 keynote, Kip Boyle challenges audiences to rethink how they approach modern threats in the age of AI. Using the metaphor of fire — a static risk that hasn't changed for millennia — Kip explores how cyber adversaries are innovating daily while many organizations remain trapped in outdated mindsets. He closes with a compelling call to action: adapt like firefighters did with fire — or risk being left behind.
How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
What happens when a HIPAA Business Associate Agreement gets tested in court after a ransomware attack? And what can we learn from it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. "New HIPAA Security Rule" episode: https://cr-map.com/podcast/178
Podcast: Cyber Risk Management Podcast (LS 35 · TOP 3% what is this?)Episode: EP 197: Operational Cyber ResiliencePub date: 2025-11-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. "Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes: https://cr-map.com/podcast/161 https://cr-map.com/podcast/162/The podcast and artwork embedded on this page are from Kip Boyle, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. "Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes: https://cr-map.com/podcast/161 https://cr-map.com/podcast/162/
AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go rogue? Let's find out with our guest Matthew Hansen, Regional Chief Security Officer for the Americas with Okta. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. NIST AI RMF episodes: https://cr-map.com/podcast/153/ https://cr-map.com/podcast/154/
Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with our guest Dr. Keri Pearlson, MIT Sloan School of Management. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. HBR Article -- https://hbr.org/2023/10/a-tool-to-help-boards-measure-cyber-resilience LinkedIn -- https://www.linkedin.com/in/kpearlson/ Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta
Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petrocchi-Merriman, Executive Coach with "WorksWell Labs Coaching & Training". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Email -- lisamerriman@workswell.info LinkedIn -- https://www.linkedin.com/in/lisa-merriman/ Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta
Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their digital assets along the way? Let's find out with our guest Jenny Moshea, former CIO for Sellen Construction. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/jmoshea/ Free Guide -- https://getjennergy.com/ Website -- https://www.kinetiqshift.com/
How can generative AI transform your cybersecurity work without replacing your expertise? And why should you start experimenting now? Let's explore with our host Kip Boyle, CISO with Cyber Risk Opportunities, as he shares nearly three years of hands-on AI experience and practical strategies for staying ahead of the curve. “Delegate Smarter with People and AI: Lead More, Do Less.” https://maven.com/kipboyle/people-ai?promoCode=KIP50
How would you add law enforcement as a valuable resource to your cybersecurity program? And why would you want to? Let's find out with our guest Supervisory Special Agent Douglas Domin of the Federal Bureau of Investigation. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. “Cyber Resilience in the Age of AI: Threats, Responses & Human Stories” at MIT April 2025 -- https://youtu.be/6Jlg4tZV3TU FBI field office directory -- https://www.fbi.gov/contact-us/field-offices CISA/FBI/NSA Joint Advisories -- https://www.cisa.gov/news-events/cybersecurity-advisories
How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Website: https://danielmiessler.com/ LinkedIn: https://www.linkedin.com/in/danielmiessler/ X: https://x.com/DanielMiessler Fabric: https://github.com/danielmiessler/fabric Blog Post: https://danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong
Unit 42 (Palo Alto Networks) just showed they can use AI to conduct a complete ransomware attack in 25 minutes, a 100x speed increase. What does this mean for defenders? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
And, here's part 2 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's in the rest of the 2025 report? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
BeyondTrust's 2025 Microsoft Vulnerability Report dropped—and it's a wake-up call. With 1,360 new vulnerabilities and elevation of privilege attacks dominating the landscape, even insurance companies are backing away from covering privileged service accounts. In this special episode, cybersecurity veterans James Maude, Paula Januszkiewicz, Sami Laiho, Kip Boyle, and Charles Henderson dig into what the data from the 2025 report really means. Forget the fearmongering—this is about clear-headed, field-tested advice. You'll hear why flashy security tools often sit unused, how simple controls could prevent 60% of attacks, and why "secure by default" still hasn't delivered. From AI-driven vulnerability discovery to cloud missteps that could sink your stack, this isn't your usual “patch faster” sermon—it's a blueprint for getting real results. If you're overwhelmed by alerts, underwhelmed by your security stack, or just tired of doing more with less, this episode is your lifeline.
It's time for part 1 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's new for 2025? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
The second edition of "Fire Doesn't Innovate" has dropped. What's new? Why it was updated? How can different types of readers get the most value from it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. You can pick up a copy of "Fire Doesn't Innovate" second edition (paperback or Kindle versions) -- https://a.co/d/64hzmxN See Episode 124 for full details on the “United Structures of America” case -- https://cr-map.com/podcast/124/ See Episode 136 for full details on the “iRobot lawsuit against Expeditors International” -- https://cr-map.com/podcast/136/ See Episode 141 for full details on the “NIST Cybersecurity Framework version 2” update -- https://cr-map.com/podcast/141/
Is evidence from Artificial Intelligence and Quantum Computing devices legally admissible in court? And how are courts actually handling this influx? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. If you want to know more about honeypots, check out Kip's newest LinkedIn Learning course: “Active Defense: The New Frontier in Cybersecurity” -- https://www.linkedin.com/learning/active-defense-the-new-frontier-in-cybersecurity/
The implementation manual for the NIST Cybersecurity Framework gone missing. Can it be found? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want a deep discount on Kip's new Udemy course "Implement version 2 of NIST Cybersecurity Framework"? This one is valid until May 31, 2025 -- CRM_PODCAST_FRIEND https://www.udemy.com/course/implement-version-2-of-nist-cybersecurity-framework/?couponCode=CRM_PODCAST_FRIEND If you need to quickly get up-to-speed with the changes in NCSF v2 listen to this episode -- https://cr-map.com/podcast/141/
How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want to quickly come up to speed with the Essential Eight (E8)? Listen to this episode: https://cr-map.com/podcast/63/
How can businesses securely and privately use AI tools? And, what are the top cyber risks of AI, anyway? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want to quickly come up to speed with the NIST AI Risk Management Framework? Listen to these two episodes: Part 1 -- https://cr-map.com/podcast/153 Part 2 -- https://cr-map.com/podcast/154
Tired of swinging the “compliance hammer” and hitting people until they submit to you? Would you rather be influential, and not dictatorial? Let's find out how you can with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. See our previous episode on the subject of "buy-in" with our guest Michael Gregg, the CISO of North Dakota -- https://cr-map.com/podcast/171/
You're a recently hired, lone cybersecurity analyst. Your mandate is to pay off on the data and system protection promises your senior decision makers made to an exciting new customer. Plot twist: You have no money. Now what? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Health Information. Yes, this is HIPAA. But what will it mean for covered entities and their business associates? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Show notes: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C
How do you protect cybersecurity responders from workplace injuries, particularly PTSD from ransomware attacks? Is that even a thing? Let's find out with our guest Alexander Abney-King, a workplace psychologist and virtual CIO. He helps businesses adapt to world changes. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/alexanderabney-king/ Website -- https://www.secureittulsa.com/services/vcio
It's our first time recording an episode LIVE with an audience. We were at the December 2024 the monthly membership meeting of the ISC2 Seattle Chapter. Our topic: What has NIST released in its Special Publication (SP) 800 series that could be of great value to your work? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. List of all SP 800 public releases: https://csrc.nist.gov/publications/sp800
What's a "hacker"? Are they good or bad? How do they think? Can their thinking help us in other problem spaces? Let's find out with our guest Ted Harrington, who's dedicated his career to ethical hacking in order to help organizations build better, more secure systems. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/securityted/ Website -- https://www.tedharrington.com/
Have you done a post-mortem of the CrowdStrike IT outage of 2024? What are the major lessons? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Incident background and impacts -- https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages
What data do modern cars collect, how do they collect it, and why? And what should your company do about it? Let's find out with our guest Andrea Amico, the founder and CEO of Privacy4Cars. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/%F0%9F%9B%A1%EF%B8%8F%F0%9F%9A%98-andrea-amico-a44aa/ Website -- https://privacy4cars.com Website – https://www.vehicleprivacyreport.com
What does the CISO need to practice everyday in terms of basic legal literacy? Let's answer that question by looking through the lens of data breach and privacy class action litigation. Our guest is Douglas Brush, a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Doug's LinkedIn profile -- https://www.linkedin.com/in/douglasabrush/ Doug's Website -- https://brushcyber.com/
How can you get high levels of buy-in for a cybersecurity program at the state level? Let's find out with our guest Michael Gregg, the CISO of North Dakota. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/michaelgregg01/ SecureWorld -- https://www.secureworld.io/events
How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Website: https://danielmiessler.com/ LinkedIn: https://www.linkedin.com/in/danielmiessler/ X: https://x.com/DanielMiessler Fabric: https://github.com/danielmiessler/fabric Blog Post: https://danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong
What's the current cybersecurity hiring manager's perspective on hiring? Talent scouting, employer reputation, etc.? Let's find out with our guest Reanna Schultz. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Reanna Schultz's LinkedIn profile -- https://www.linkedin.com/in/reanna-schultz/ Reanna's company "CyberSpeak Labs LLC" -- https://www.cyberspeaklabs.com/ "Cybersecurity Hiring Manager Handbook" -- https://cybersecurity-hiring-manager-handbook.netlify.app/ "Your Cyber Path" podcast -- https://www.YourCyberPath.com "IRRESISTIBLE" cybersecurity job hunter's course on Udemy -- https://www.udemy.com/course/irresistible-cybersecurity
How can cybersecurity practitioners easily keep up with the changes in the "big picture" of cyber risk management? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
"Want to expand your cybersecurity tream? Do it with a ""Security Champions"" program. Let's find out how with our guest Bonnie Viteri. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""How to Really Make Sure that Cybersecurity is Everyone's Job"" (pt 1 & 2) Bonnie Viteri's LinkedIn profile: https://www.linkedin.com/in/bonnie-b-242a0b11b/ "
Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"
"Vulnerability management is really difficult, especially at scale. And after 20+ years that's still true. Our guest Alex Wood, who's the CISO of Uplight, will help us understand why and consider practical suggestions for getting better. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Alex Wood's LinkedIn Profile -- https://www.linkedin.com/in/alexbwood/ Colorado = Security -- https://www.colorado-security.com/ "