McCreight & Leece
Caffeinated Risk
The monthly podcast for security professionals, by security professionals. Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.
Autor
McCreight & Leece
Kategorie
Podcast-Website
Neueste Folge
2. Jul 2026
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Cybercrime, Intelligence and Impact with Richard LaTulip 02.07.2026 34:53
Richard LaTulip joins Caffeinated Risk for a candid conversation connecting cybercrime investigations, threat intelligence, and practical business risk. Richard is a Field CISO with Recorded Future , a former United States Secret Service special agent, and both the author and real-life main character behind the true crime story Operation Carder Kaos . The discussion starts with Richard’s experienc...
Risk Management - Enabling the pursuit of excellence with Joe Olivarez 07.05.2026 32:20
Visiting the Jacobs Engineering website you'll undoubtedly encounter the phrase "challenging today", an acknowledgement that the world is much more complex than ever before. While "it ain't like it used to be" can be said of any risk manager's portfolio, Joe Olivarez became the first global security leader in Jacobs history more than a dozen years ago. How muc...
Risk conversations; Awkward, Unpopular and Essential - with Joshua Copeland 12.03.2026 34:00
Joshua Copeland's cyber security moniker is "The Unpopular Opinion Guy", while most of us in security roles have been that person with an unpopular opinion at least a time or two, Copeland turned it into both a book and a bit of a movement through numerous posts on Linkedin about many of the challenges in our industry. That said, this is not a mud slinging episode, Joshua had nume...
Cyber Security, the legal perspective with Brent Arnold 22.01.2026 33:42
"Legal and Regulatory" is a common receptor category in most enterprise risk matrices but with any luck most organizations have limited direct experience with cyber litigation matters. This episode jumps right into the deep end with one of Canada's preeminent cyber lawyers, Brent Arnold . Business law has evolved over hundreds of years, cybersecurity precedents began to appear o...
Cyber Resilience, a National Solution with Herbert Fensury 04.12.2025 30:01
Cyber crime is now a daily fact of life and a significant concern in both the private and public sectors but our response capabilities do not seem to be keeping up. This episode dives deep into one organization that is combatting this problem with a combination of academic research, industry expertise and hands-on training with the founder and CEO, Herbert Fensury . While cyber security is a glo...
Integrated Assurance with Patrick Hayes 23.10.2025 34:02
20 years after their paths first crossed, three Canadian security professionals regroup to discuss a new risk management strategy book based on hard won field experience. Patrick Hayes was a security strategist before organizations knew this was success differentiator. For decades he has been guiding organizations large and small, public, private and government on balancing business objectives wi...
The Summer Show - 2025, (pt 2) 11.09.2025 27:32
Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late December and early January. Eight or nine months later, how accurate where they? Take a listen, there are a couple surprises. The conversation uncovers a few ongoing challenges with the cyber security industry, from the digital divide associated with agin...
The Summer Show - 2025, (pt 1) 28.08.2025 26:05
The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Forever unscripted, Tim and Doug wind up reflecting on the growing gap between physical and virtual information systems. While it is easy to lament, from a cognitive perspective there is little hope, the BSides movement, alive and well in Western Canad...
ESRM roots, revelations & resilience with John Petruzzi 31.07.2025 35:49
Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the three people responsible for promoting ESRM in the early days of it's reintroduction through ASIS. John Petruzzi is now the CEO of Unlimited Technology and leading them toward an expanded influence in the enterprise security industry , sharing i...
Global Risk Management as Strategic Advantage with Dominic Bowen 19.06.2025 35:50
The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partner and Head of Strategic Advisory at 2Secure , one of Europe's leading risk management consulting firms, as well as the host of the International Risk Podcast . Political tensions are higher than...
Simplifying risk analysis using FAIR and Wiley Coyote with Jack Freund 24.04.2025 8:35
A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and practice into the main stream. A bonus from that original recording is now an espresso shot discussing how to fast track an assessment when the threat vectors are numerous. While the metaphor Jack used is somewhat unexpected it's both memorable and...
SMB Resilience and lessons for larger organizations with Rochelle Clarke 27.03.2025 30:44
At 45-50%, depending on your statistical source, there is no denying that small to medium sized businesses are a significant economic engine from both an employment and innovation perspective. In 1978 Microsoft numbered 11 people. Unfortunately small businesses are also the least likely to survive a major disruption, an experience that changed Rochelle Clarke's corporate leadership trajector...
Addressing Risk and Cyber Resilience, the Alberta Approach - with Rachel Hayward 20.02.2025 36:13
A surprising number of digital innovations began in Alberta, be it the world's first public digital cellular network in 1985, the DNP3 industrial controls protocol and becoming the first Google international research lab in 2017. CyberAlberta is another innovative collaboration focused on strengthening the cyber resilience of Alberta organizations. At almost 330 billion annually, protecti...
Security Risk Management in an Open Data Environment with Michael Spaling 09.01.2025 36:26
Ever wondered how top universities protect their cutting-edge research from prying eyes while ensuring seamless access for their scholars? Join us as Michael Spaling, Principal Security Architect at the University of Alberta , takes us behind the scenes of this high-stakes balancing act. Just like any other large organization, research universities have many different stakeholder, operational and...
Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter 30.11.2024 29:25
The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like ris...
Deviance Normalization & Risk Management with Marco Ayala 24.10.2024 34:05
Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any management system is our human tendencies. This episode explores how organizations can make slow, steady migration from first principles to risky undertaki...
Managing Supply Chain Risk Management - with Darren Gallop 26.09.2024 32:34
Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) is a risk management area no organization can ignore. While SolarWinds is recent common reference in many SCM discussions, this episode's guest takes us back to Target's major data breach that resulted in significant changes to the PCI-DSS...
Metawar and Fostering Resilience with Winn Schwartau 29.08.2024 34:51
Long before the Matrix captured peoples imaginations, Winn Schwartau was steadily offering red pills for those reading his many books on information warfare. A scholastic level researcher without the pretense, Mr. Schwartau has been recognized internationally as one of the leading security thinkers of our time and has a special capability for distilling complex security concepts into every day la...
Resilience and I.R. Lessons Learned (the hard way) - with Adam McMath 11.07.2024 34:31
Almost all incident response plans include a "lessons learned" step, and in the post adrenalin phase that follows many breaches, reviewing what worked and what needs improving doesn't excite a lot of people. Adam McMath is clearly the exception, leading incident response activities in both the cyber realm and physical. How do resilience and incident response lessons learned while...
ESRM a Transformation Catalyst with Radek Havlis 30.05.2024 29:47
Amongst the industry verticals classified as critical infrastructure, few would argue that telecommunications belongs in the top that list, placing even more weight on a risk management program due to cascading impacts. Consequently, safe reliable operations are essential for success while continuing to grow in a highly competitive marketplace. A security risk management challenge across many dim...
Contingency Planning, Cyber Resilience and Incident Response 28.03.2024 28:33
Regulatory frameworks from PCI-DSS to NERC-CIP to the newly minted NIST CSF 2.0 each require organizations of all sizes to have cyber incident response plans. Most of us who have spent any time in cubicle filled office towers are familiar with fire drills to clear the building and gather staff at muster points, and that is as close as we get to the real thing. Unfortunately that same lucky str...
The Business Context of Cyber Resilience with Steven J Ross 22.02.2024 30:51
Those running a business today who have not experienced disruption due to cyber issues or attacks know it is only a matter of time. Even if their organization is not directly targeted, the modern marketplace comprised of multiple, interconnected supply chains, means impact is unavoidable but this episode's guest, Steven J Ross contends planning, design and clear priorities can provide mitig...
Building a Cyber Risk Management Program with Brian Allen 25.01.2024 30:03
The U.S. Security Exchange Commission defined new rules for cyber risk matters facing publicly traded corporations in July of 2023. Although the SEC's mandate is limited to publicly traded companies in the United States, where one regulator goes others are apt to follow. Brian Allen is the co-author of a brand new book putting form, structure and traceability around the SEC mandated require...
CyberPHA - OT Risk management With John Cusimano 14.12.2023 31:59
The ISA 99 standards body is one of the most recognized authorities on cyber physical security covering many aspects of a cyber security management system for industrial control systems including risk management. This episode features John Cusimano, former chairman of the ISA subcommittee responsible for authoring the risk management portion of the standard 62443-3-2:2020 Mr. Cusimano takes us...
Science, Crime and Workforce Development with Dr. Martin Gill 23.11.2023 31:52
Security and crime are often in close proximity but not always studied together. This month's episode features Martin Gill a criminologist who made the study of crime and security his life's work. After a decade as a lecturing professor at the University of Leichester, Mr. Gill started Perpetuity Research i n 2002 and continues to provide very high quality research, both qualitiative a...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet