URM Consulting

InfoSec Insider

Business EN ↓ 93 episodes

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (B...

Author

URM Consulting

Category

Business

Podcast website

InfoSecInsider.podbean.com

Latest episode

Jul 9, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Establishing Control Over AI Usage 09.07.2026

In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, break down the key steps to establishing control over the use of artificial intelligence (AI) within organisations.  Jack and George leverage their extensive experience supporting organisations to strengthen their information security and risk management to discuss: Why organisations should be paying attention...

Next 12 Months in Privacy 02.07.2026

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, consider emerging trends in the field of data protection and privacy, and the practical implications for organisations that need to maintain compliance.  Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss: What they think will define privacy risk over the next 1...

PCI DSS and Service Providers 25.06.2026

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, explore some of the most misunderstood areas of PCI DSS scoping, focusing on service providers, merchants, and complex modern payment architectures. Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: When an orga...

Unusual GRC Questions 18.06.2026

In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, answer some of the niche and unusual questions around governance, risk and compliance (GRC).  Jack and George leverage their extensive experience supporting organisations to strengthen their information security and risk management to discuss:  • The key questions clients rarely ask despite being extremely imp...

Real-World Data Protection Questions 11.06.2026

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, answer key, real-world questions around data protection and how organisations can stay compliant.  Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss: When data is genuinely anonymous, and how easy it is to lose that status Whether things like voice, handwriting...

Business Approaches to Risk Management 04.06.2026

In this episode of InfoSec Insider, Wayne Armstrong and Chris Heighes, both Senior Consultants at URM, offer key advice on effective approaches to cyber and information security risk management from a business perspective.  Chris and Wayne draw upon their combined 45 years of experience in information security and risk management to discuss: What good, risk-based decision-making actually looks lik...

PCI DSS and Severless Architecture 28.05.2026

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, explore the use of severless architecture and Payment Card Industry Data Security Standard (PCI DSS) compliance.  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:     What ‘severless’ actually means in a PCI DS...

GDPR Compliance and BYOD 21.05.2026

In this episode of InfoSec Insider – Talk DP, Aimee Brown and Rachael Salter, both Consultants at URM, break down the data protection compliance issues that arise from the use of bring your own device (BYOD) within organisations, and how these can be overcome.  Aimee and Racheal draw on over 20 years’ combined data protection experience to discuss: Why BYOD has become so common, and why it still c...

AI Supplier Management 14.05.2026

In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can effectively manage AI suppliers and navigate the emerging risks associated with artificial intelligence in the supply chain. Jack and George draw on their experience supporting organisations with AI governance and supplier risk management to discuss: What AI suppli...

Understanding Relevant Risks 07.05.2026

In this episode of InfoSec Insider, Wayne Armstrong, Senior Information Security Consultant and Consultant Manager at URM, breaks down the fundamentals of effective information security risk assessment and treatment.  Wayne draws upon over 30 years of experience in IT, information security and risk management to discuss: What ‘risk’ actually is How to define a risk and the three component parts th...

Zero Trust Architecture in PCI DSS 30.04.2026

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss: What ‘zero trust’ is Whether...

The DSAR Reviewer’s Toolbox 23.04.2026

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, discuss context and redaction in handling data subject access requests (DSARs), and how reviewers can use these to fulfil requests in full compliance with the General Data Protection Regulation (GDPR).  Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss: Why red...

Identity and Access Management 16.04.2026

In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, share their insights on identity and access management (IAM), and the steps organisations can take to ensure their IAM is secure and resilient.  Jack and George leverage their extensive experience supporting organisations’ strengthen their information security to discuss: What IAM is, whether it just covers em...

Clause 6.3 of ISO 27001: The Importance of Planned ISMS Change Management 09.04.2026

In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, provides key insights on achieving and maintaining conformance to Clause 6.3 (Planning of changes) of ISO 27001, the International Standard for Information Security Management Systems (ISMS’).  Neil leverages over 20 years of real-world information security knowledge and experience to discuss: What Clause 6.3 is and why plan...

Cyber Security Expectations in the Medical Supply Chain 02.04.2026

In this episode of InfoSec Insider – Talk Cyber, Stuart Moran and George Ryan, Consultants at URM, explore recent shifts in cyber security expectations and regulatory requirements faced by organisations in the medical supply chain, both in the UK and across the globe.  Stuart and George leverage their extensive experience helping organisations in the medical sector enhance information and cyber se...

Unusual Questions About PCI DSS 26.03.2026

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, answer the niche and unusual questions they encounter around the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:    The strangest misconceptions they ha...

Review of Enforcement Action by the ICO in 2025 19.03.2026

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides a break down and analysis of how the Information Commissioner’s Office (ICO’s) enforced UK data protection (DP) regulations in 2025, and how this compares to the action taken by the regulator in previous years.  Stuart leverages his 25+ years of specialisation in data protection law to d...

Information Security Governance, Compliance and Asset Management 12.03.2026

In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can achieve strong information security governance and asset management that facilitate conformance to ISO 27001, the International Standard for Information Security Management Systems (ISMS).  Jack and George draw on their extensive experience supporting organisations...

The Core Functions of NIST CSF – Identify 05.03.2026

In this episode of InfoSec Insider – Talk Cyber, Mark O’Kane, Consultant at URM, explains the second of the NIST Cybersecurity Framework’s (CSF’s) five core functions, the Identify function, sharing his insights on what organisations can do in practice to meet its requirements.   Mark uses his extensive experience working in information security and risk management to discuss: Where the Identify f...

Preparing for a PCI DSS Assessment 26.02.2026

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their perspective on how organisations can most effectively and efficiently prepare for a Payment Card Industry Data Security Standard (PCI DSS) assessment.  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:...

Workplace Privacy in a Hybrid World: Monitoring, DSARs, and Building Trust 19.02.2026

In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, Data Protection Consultants at URM, explore the challenges of workplace privacy and data protection compliance in a hybrid business landscape, and how these challenges can be overcome.  Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss: Why employee data is becoming such a signif...

Minimising the Impact if a Breach Occurs 12.02.2026

In this episode of InfoSec Insider – Talk Cyber, Jack Woods and George Ryan, both Consultants at URM, outline the steps organisations can take to ensure they are prepared in the event of a cyber breach and able to minimise the impact of a breach as much as possible.  George and Jack leverage their extensive experience helping organisations strengthen their cyber and information security posture to...

The Core Functions of NIST CSF - Govern 05.02.2026

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, explores the National Institute of Standards and Technology Cybersecurity Framework’s (NIST CSF’s) newly introduced Govern Function, outlining its purpose and significance within version 2.0 of the Framework. Mark examines each of its six Categories in detail, from defining organisational context and risk management strategy to es...

Data Protection by Design and by Default 29.01.2026

In this episode of InfoSec Insider – Talk DP, Aimee Brown and Rachael Salter, both Data Protection Consultants at URM, share their insights on the principle of data protection (DP) by design and by default, particularly as it relates to small and medium-sized enterprises (SMEs).  Rachael and Aimee leverage over 20 years’ combined experience in data protection to discuss: What ‘data protection by d...

Reducing the Likelihood of a Security Breach 22.01.2026

In this episode of InfoSec Insider – Talk Cyber, Jack Woods and George Ryan, both Consultants at URM, explain the steps organisations can take to reduce the likelihood of suffering a security breach.  George and Jack leverage their extensive experience helping organisations strengthen their cyber and information security posture to discuss: What constitutes a security breach and how they are commo...

Listen to the InfoSec Insider podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.