AI Corporate Series - Policy and Governance from 2023-06-22T09:00

Areas to Address:

1. Adoption challenges
2. Risks
3. Governance
4. Roles and responsibilities

Sco...

Listen

Unveiling the Intersection The Impact of COVID-19, the Green Transition, the Rise of AI, Microeconomic Uncertainties, and Cybersecurity from 2023-06-15T09:00

In an interconnected world, the impact of various global trends is not limited to individual domains. The convergence of COVID-19, the green transition, the rise of AI, microeconomic uncertainti...

Upskilling and Reskilling in Cybersecurity from 2023-06-09T09:00

With increasingly sophisticated cyber threats, organizations must prioritize protecting their sensitive data and networks. As a result, the demand for skilled cybersecurity professionals has sky...

ChatGPT from 2023-04-27T09:00

Have you heard? ChatGPT 4.0 is here, so what is your corporate strategy? Let me give you a few pointers to think about.

5 Cybersecurity Controls - Reduce 85% of Cyber Risk from 2023-04-20T09:00

5 Cybersecurity Controls - Reduce 85% of Cyber Risk

A Hard Look from 2023-04-13T09:00

A Hard Look Honest communication between board members and information officers is critical to good cybersecurity. Cyber experts must relay their insights through non-technical storytelling and ...

Threat Modeling from 2023-04-06T09:00

Is your organization using threat intelligence to run threat modeling?

If not, that’s a miss-opportunity. Your organization should establish desktop exercises or an informal cross-functio...

Neglected NIST Concepts from 2023-03-30T09:00

The Neglected Pages of NIST

When you download a NIST document, whether NIST 800-53, NIST 800-39, NIST 800-37, or the NIST Cybersecurity Framework, what page do you start reading first? Listen

Financial Institutions - Theft of Funds from 2023-03-23T09:00

How a vCISO can help your organization? The CISO role is all about the strategy, leadership, management, and communication of how potential threats will be assessed and solved. The CISO will abs...

Financial Institutions - Theft of Information from 2023-03-16T09:00

Theft of Information is present in every organization and varies widely concerning value. The value of information is directly related to its criticality to the business. However, information ca...

Operational and Strategic Perspective from 2023-03-09T10:00

Do you have an operational or strategic view when protecting your organization's systems?

==========
How can a vCISO help your organization?

The CISO role is all about the strat...

Acronyms, Jargons, and Idioms from 2023-03-02T10:00

Acronyms, Jargons & Idioms Impacting Communication Between Board, C-Suite, and Specialists. Communication is a two-way street, and company executives must be prepared to ask their own questi...

Mission-Centric Risk Metrics from 2023-02-23T10:00

Mission-Centric Cyber Risk Metrics Understanding what to measure in a mission-critical risk program is important, so today, I'll discuss a framework you can use.

1. Identify the system's ...

Expanding Cyber Risk Beyond IT from 2023-02-16T10:00

Retail banking takes care of regular daily banking, for which most people know banks. This includes providing checking and saving services and issuing credit cards. Retail banking divisions may ...

Three Cybersecurity Checkups from 2023-02-09T10:00

Technologies and the methods used to hack into them continuously evolve. If you’re looking for an effective and efficient way to check the cybersecurity health of your organization, I suggest th...

Lacking Basic Cybersecurity Practices from 2021-09-09T01:00

The show today is based on an article titled, “Global utilities lacking basic cybersecurity practices.” Although the article was focused on utilities, the guidance is applicable to every industr...

Cybersecurity Basics - What you Need to Know from 2021-08-26T01:00

We are so focused on the threats and the vulnerabilities that allowed a hack to occur, that we forget the basics. The protection necessary to prevent or slow down these attacks already exists, a...

Cybersecurity Exceptions - Part 3 (FINAL) from 2021-08-19T01:00

In today's episode, I will discuss exceptions tracking and expirations. This is the last episode in a three-part series on cybersecurity standard exceptions.

Thanks.
Dr. Bill S...

Cybersecurity Exceptions - Part 2 from 2021-08-12T01:00

As I mentioned in my previous episode, there’s much more to discuss on cybersecurity exceptions, such as the risk they pose to the organization and the hidden dangers of cumulative risk.
Listen

Cybersecurity Exceptions - Part 1 from 2021-08-05T01:00

If your cybersecurity standards were written to protect the organization, why do you have security exceptions? Your standard development team writes an excellent standard; it follows all the bes...

Cybersecurity - Asset Classification from 2021-07-30T09:00

Asset classification is the foundation of everything else to come in cybersecurity; it will help your organization, for example, small or large, to better understand, manage, identify, and class...

Zero-Sum Game from 2020-12-31T04:00

In this episode, I will discuss three challenging areas where cybersecurity education is falling short in preparing students and professionals to succeed in the field.

Cybersecurity Investment&Risk Strategy from 2020-08-04T21:00

In this episode, I discuss how to leverage your risk framework to make sound cybersecurity investment decisions. I addressed two critical questions that you will need to know the answers; first,...

Critical Systems: Asking the Right Questions from 2020-06-14T17:00

To get results you need to ask the right question, collect the data, analyze, and develop a robust and factual interpretation. This episode will guide you through the thought process and give yo...

Cyber Risk Identification from 2020-06-08T23:00

Today’s episode I will discuss a strategy to identify critical systems in your organization. The steps I will discuss today will make sure your program is objective and repeatable.

The ...

Key Risk Indicators from 2020-04-25T22:00

Today’s episode we will discuss how to identify KRIs (key risk indicators). I’ll discuss a simple and effective way to do it; there seems to be a lot of confusion on what to measure and for a lo...

Tail Risks: What are you going to do differently? from 2020-04-07T22:00

Today’s episode, we will discuss “tail risk” and the impact it may have on organizations when it’s realized. Given our current environment, it seems entirely appropriate for us to have this mean...

Risk Formula: What's wrong with it? from 2020-03-01T12:00

Today’s episode we will discuss the popular risk formula, “Risk =  Threat x Vulnerability x Consequence/Impact and its limitations to actually provide accurate information for a cybersecurity in...

Threat Reports: What's Missing from 2020-01-16T22:00

I will discuss “Threat Reports,” specifically eight 2019 reports; the 2019 data breach investigations report by Verizon; 2019 data breach investigations report (executive summary) by Verizon; 20...

Security Controls Selection from 2019-12-23T20:00

Today’s episode we will discuss a strategy to select controls to assess, this strategy can be used to select any controls for your assessment, as a framework for security control selection, t...