Cyber Risk Management Podcast

EP 212: The AI Worked. The Process Didn't. Jun 16, 2026 00:47:11 Anthropic, the company that built Claude, just accidentally published the full source code of their most important product. And it was their second data exposure in five days. What does this teach every organization buying AI tools right now? Kip Boyle shares the best takeaways from CRO's AI governance training and explains why the risk of AI isn't the AI itself. Your host is Kip Boyle, CISO

EP 211: What Sea-Tac’s Ransomware Revealed Jun 2, 2026 00:47:05 In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let’s find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, wh

EP 210: How Boards of Directors Are Thinking About Generative AI May 19, 2026 00:46:18 What does the generative AI conversation actually sound like inside a boardroom? Is the board ready to govern it? And what do board members wish CISOs understood about how they make decisions? Let’s find out with our guest, Vanessa Pegueros, former CISO at Docusign and U.S. Bank, and current board member at LivePerson and BECU. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, an

EP 209: Mythos: When AI Finds More Than We Can Fix May 5, 2026 00:52:31 Anthropic released Claude Mythos Preview. The headline is "AI can now find zero-days." Yes, but the real story is the gap between what AI finds and what organizations can fix. About 99 percent of Mythos findings are still unpatched. We cover what Mythos is in plain English, why the patching gap matters most, what duty of care means when your board knows these tools exist, where AIR-MAP fits,

EP 208: Flan Recipes and Prompt Injection Apr 21, 2026 00:52:39 A Stripe employee hid a message in his LinkedIn profile telling any AI that read it to include a flan recipe. A month later, an AI recruiter emailed him one. It's funny until you realize the same technique can exfiltrate data, generate phishing content, or hijack automated business processes. What is prompt injection, why does OWASP rank it as the number one risk to large language models, and

EP 207: Defend the Business from Cybersecurity Apr 7, 2026 00:45:16 What happens when a cybersecurity team designs controls without asking the business what they need? And what role exists specifically to prevent that? Let's find out with our guests Brian Shea and Maggie Amato, former Business Information Security Officers at Salesforce. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Brian She

EP 206: Fire Doesn't Innovate. AI Does. Are You Ready? Mar 24, 2026 00:31:30 Fire hasn't changed since the dawn of humanity, but our cyber adversaries evolve every single day. What happens when organizations spend $10 on AI transformation for every $1 on cybersecurity? In this special ROCon 2025 keynote replay, Kip shares two stories that changed how he thinks about risk: a "perfect" employee who became an insider threat in four weeks, and a $12M deepfake that defeate

EP 205: Making Privacy Compliance Sustainable Mar 10, 2026 00:42:02 Privacy laws keep multiplying, regulations keep changing, and AI is making everything more complex. How do businesses build privacy compliance that actually sticks instead of just checking a box? Let's find out with our guest Jordan Fischer, Founder and Partner at Fischer Law and Cybersecurity Lecturer at UC Berkeley. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bern

EP 204: Carpets and Diamonds Feb 24, 2026 00:50:05 Most cybersecurity people talk at CFOs instead of with them. What if there were a simple test to know when a CFO wants to learn about cyber risk versus when they just need someone to trust? Let's find out with our guest James Wheeler, a highly experienced CFO who now runs kept.pro, providing fractional accounting teams to businesses across the country. Your hosts are Kip Boyle, CISO with Cybe

EP 203: Cyber Risk Quantification Feb 10, 2026 00:48:31 Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein,

EP 202: Why Fortune 500s Still Run on Windows 2003 Jan 27, 2026 00:38:15 Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Lin

EP 201: AI Powered Espionage Jan 13, 2026 00:44:51 AI-driven attacks aren't coming; they're here. A Chinese state-sponsored group just ran cyber espionage operations that were 80 to 90 percent autonomous. What does this means for defenders? Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Here's Anthropic's report -- https://www.anthropic.com/news/disrupting-AI-espionage

EP200: Future of Cyber Defense Dec 30, 2025 00:45:17 AI can supercharge your security team. But it can also supercharge attackers. So how do you stay ahead in an AI-powered threat landscape? Let's find out in our special 200th episode! Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Kip's keynote address -- https://youtu.be/DNRNbT0IaKM "Fire Doesn’t Innovate: Thriving in the Fac

EP 199: AI Phishing at SecureWorld Seattle Dec 16, 2025 00:19:37 How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 198: Breaches within Breaches (Contract Obligations post security incident) Dec 2, 2025 00:42:52 What happens when a HIPAA Business Associate Agreement gets tested in court after a ransomware attack? And what can we learn from it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. "New HIPAA Security Rule" episode: https://cr-map.com/podcast/178

EP 197: Operational Cyber Resilience Nov 18, 2025 00:43:18 What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. "Cyber Incident Reporting for Criti

EP 196: Rogue AI Agents: What's Identity Got To Do With It? Nov 4, 2025 00:33:33 AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go rogue? Let's find out with our guest Matthew Hansen, Regional Chief Security Officer for the Americas with Okta. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. NIST AI RMF episodes

EP 195: Board Cyber Reporting: The Right Questions, The Right Data Oct 21, 2025 00:49:58 Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with our guest Dr. Keri Pearlson, MIT Sloan School of Management. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. HBR Article -- https://hbr.org/2023/10/a-tool-to-help-boards-measure-cy

EP 194: Why Are We Sitting Ducks for Phishing Attacks? Oct 7, 2025 00:40:05 Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petrocchi-Merriman, Executive Coach with "WorksWell Labs Coaching & Training". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Email -- lisamerriman@workswell.info LinkedIn -- h

EP 193: Secure AI Transformation Sep 23, 2025 00:41:00 Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their digital assets along the way? Let's find out with our guest Jenny Moshea, former CIO for Sellen Construction. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- h

EP 192: How I Use AI (And You Can Too) Sep 9, 2025 00:31:19 How can generative AI transform your cybersecurity work without replacing your expertise? And why should you start experimenting now? Let's explore with our host Kip Boyle, CISO with Cyber Risk Opportunities, as he shares nearly three years of hands-on AI experience and practical strategies for staying ahead of the curve. “Delegate Smarter with People and AI: Lead More, Do Less.” https:/

EP 191: How to Make FBI Your Best Ally Aug 26, 2025 00:31:35 How would you add law enforcement as a valuable resource to your cybersecurity program? And why would you want to? Let's find out with our guest Supervisory Special Agent Douglas Domin of the Federal Bureau of Investigation. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. “Cyber Resilience in the Age of AI: Threats, Responses

EP 190: Augmented with AI (REPLAY) Aug 12, 2025 00:45:34 How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Website: https://danielmiessler.com/ LinkedIn:

EP 189: Agentic AI and Ransomware Jul 29, 2025 00:40:19 Unit 42 (Palo Alto Networks) just showed they can use AI to conduct a complete ransomware attack in 25 minutes, a 100x speed increase. What does this mean for defenders? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 188: Verizon DBIR 2025 Part 2 Jul 15, 2025 00:47:35 And, here's part 2 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's in the rest of the 2025 report? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 187: Verizon DBIR 2025 Part 1 Jul 1, 2025 00:58:02 It's time for part 1 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's new for 2025? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 186: "Fire Doesn't Innovate" second edition Jun 17, 2025 00:32:04 The second edition of "Fire Doesn't Innovate" has dropped. What's new? Why it was updated? How can different types of readers get the most value from it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. You can pick up a copy of "Fire Doesn't Innovate" second edition (paperback or Kindle versions) -- https://a.co

EP 185: Courts and Non-deterministic Computing Jun 3, 2025 00:49:57 Is evidence from Artificial Intelligence and Quantum Computing devices legally admissible in court? And how are courts actually handling this influx? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 184: Spies, Honeypots, and Lawsuits May 20, 2025 00:39:26 Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. If you want to know more about honeypots, check out Kip's newest LinkedIn Learning course: “Active Defense: The New Frontier in Cybersecurity” -- https://www.linkedin.

EP 183: NIST CSF: The Missing Manual May 6, 2025 00:50:33 The implementation manual for the NIST Cybersecurity Framework gone missing. Can it be found? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want a deep discount on Kip's new Udemy course "Implement version 2 of NIST Cybersecurity Framework"? This one is valid until May 31, 2025 -- CRM_PODCAST_FRIEND https

EP 182: When Webcams Turn Evil Apr 22, 2025 00:38:09 How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want to quickly come up to speed with the Essential Eight (E8)? Listen to this episode: https://cr-map.com/podcast/63/

EP 181: Deploying AI Securely and Privately Apr 8, 2025 00:42:24 How can businesses securely and privately use AI tools? And, what are the top cyber risks of AI, anyway? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want to quickly come up to speed with the NIST AI Risk Management Framework? Listen to these two episodes: Part 1 -- https://cr-map.com/podcast/153 Part 2 -- ht

EP 180: The “Compliance Hammer” Alternative Mar 25, 2025 00:44:57 Tired of swinging the “compliance hammer” and hitting people until they submit to you? Would you rather be influential, and not dictatorial? Let's find out how you can with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. See our previous episode on the subject of "buy-in" with our guest Michael Gregg, the CISO of North Dakota -- https

EP 179: Cybersecurity With No Money Mar 11, 2025 00:44:53 You're a recently hired, lone cybersecurity analyst. Your mandate is to pay off on the data and system protection promises your senior decision makers made to an exciting new customer. Plot twist: You have no money. Now what? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 178: New HIPAA Security Rule Feb 25, 2025 00:46:57 The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Health Information. Yes, this is HIPAA. But what will it mean for covered entities and their business associates? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Show not

EP 177: Workplace Injuries from Ransomware Feb 11, 2025 00:40:39 How do you protect cybersecurity responders from workplace injuries, particularly PTSD from ransomware attacks? Is that even a thing? Let's find out with our guest Alexander Abney-King, a workplace psychologist and virtual CIO. He helps businesses adapt to world changes. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn pro

EP 176: LIVE! Top 10 NIST SP 800-Series Jan 28, 2025 00:50:13 It’s our first time recording an episode LIVE with an audience. We were at the December 2024 the monthly membership meeting of the ISC2 Seattle Chapter. Our topic: What has NIST released in its Special Publication (SP) 800 series that could be of great value to your work? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gat

EP 175: What's a "Hacker"? Jan 14, 2025 00:40:39 What's a "hacker"? Are they good or bad? How do they think? Can their thinking help us in other problem spaces? Let's find out with our guest Ted Harrington, who’s dedicated his career to ethical hacking in order to help organizations build better, more secure systems. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profi

EP 174: The CrowdStrike Episode Dec 31, 2024 00:43:44 Have you done a post-mortem of the CrowdStrike IT outage of 2024? What are the major lessons? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Incident background and impacts -- https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages

EP 173: Data Privacy in Cars Dec 17, 2024 00:38:31 What data do modern cars collect, how do they collect it, and why? And what should your company do about it? Let's find out with our guest Andrea Amico, the founder and CEO of Privacy4Cars. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/%F0%9F%9B%A1%EF%B8%8F%F0%9F%9A%98-andrea-amico

EP 172: Basic Legal Literacy for the CISO Dec 3, 2024 00:36:42 What does the CISO need to practice everyday in terms of basic legal literacy? Let's answer that question by looking through the lens of data breach and privacy class action litigation. Our guest is Douglas Brush, a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery. Your hosts Kip Boyl

EP 171: Getting Buy-In for Cybersecurity Nov 19, 2024 00:39:25 How can you get high levels of buy-in for a cybersecurity program at the state level? Let's find out with our guest Michael Gregg, the CISO of North Dakota. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile -- https://www.linkedin.com/in/michaelgregg01/ SecureWorld -- https://www.secureworld.io/events

EP 170: Augmented with AI Nov 5, 2024 00:44:52 How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Website: https://danielmiessler.com/ LinkedIn: ht

EP 169: Cybersecurity Hiring Manager Insights Oct 22, 2024 00:39:14 What's the current cybersecurity hiring manager’s perspective on hiring? Talent scouting, employer reputation, etc.? Let's find out with our guest Reanna Schultz. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Reanna Schultz’s LinkedIn profile -- https://www.linkedin.com/in/reanna-schultz/ Reanna's company "CyberSpeak Labs LLC" -- h

EP 168: Staying Ahead of Cyber Risk Management Trends Oct 8, 2024 00:13:40 How can cybersecurity practitioners easily keep up with the changes in the "big picture" of cyber risk management? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 167: Security Champions Program Sep 24, 2024 00:42:25 "Want to expand your cybersecurity tream? Do it with a ""Security Champions"" program. Let's find out how with our guest Bonnie Viteri. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""How to Really Make Sure that Cybersecurity is Everyone’s Job"" (pt 1 & 2) <https://cr-map.com/podcast/88/> <https://cr-map.com/podcas

EP 166: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 2 Sep 10, 2024 00:58:29 Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 165: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 1 Aug 27, 2024 00:54:16 "Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"

EP 164: Why are we so bad at vulnerability management? Aug 12, 2024 00:36:00 "Vulnerability management is really difficult, especially at scale. And after 20+ years that's still true. Our guest Alex Wood, who's the CISO of Uplight, will help us understand why and consider practical suggestions for getting better. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Alex Wood's LinkedIn Profile -- https://www.

EP 163: Self-Care Jul 30, 2024 00:39:44 "Self-care is a crucial yet seldom discussed topic. Why is that? How should we be taking care of ourselves and why? Let's find out with our guest Chris Roberts, who most recently was the CISO of Boom Supersonic. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Chris Roberts' LinkedIn Profile -- https://www.linkedin.com/in/sidrago

EP 162: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), part 2 Jul 16, 2024 00:47:59 Let's continue unpacking the "Cyber Incident Reporting for Critical Infrastructure Act". What else do you need to know? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 161: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Jul 2, 2024 00:48:16 CIRCIA stands for the "Cyber Incident Reporting for Critical Infrastructure Act". But what does it really mean? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 160: How to Find Your Top 5 Cyber Risks Jun 18, 2024 00:46:22 "You can find your top 5 cyber risks using a “top down” approach with the NIST Cybersecurity Framework. Along the way, you can shift your organization towards better practice of reasonable cybersecurity. Know how? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. You can see our ""zero through ten"" scale scorecard

EP 159: FTC 2023 Privacy and Data Security Update Jun 4, 2024 00:50:05 What kinds of unfair trade practices does the FTC look for when it comes to privacy and data security? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 158: Business Continuity as a Revenue Generator? May 21, 2024 00:47:07 "Is overnight viral success is a kind of disruption that the business continuity (BC) discipline can help preapre you for? Let's find out with our guest Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Erika's Book, ""How to Not Kill Your Business"" -- https://www.ama

EP 157: How To Assess Cyber Risk (REPLAY) May 7, 2024 00:49:30 "What's the definitive method for assessing cyber risk? Does it exist? How do you do it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. If you want to know more, Kip has a course on LinkedIn Learning you can check out: ""IT and Cybersecurity Risk Management Essential Training"" -- https://www.linkedin.com/lea

EP 156: Change Healthcare Apr 23, 2024 00:42:41 What happened in the Change Healthcare cyberattack? What are the impacts and how can cyber resilience be a competitive advantage? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 155: Cybersecurity and data privacy in M&A transactions Apr 9, 2024 00:42:25 The role of cybersecurity and data privacy due diligence when buying or selling a company has gone way up compared to five years ago. Why? And, what's at stake? Let's find out with our guest Brian Levine. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 154: NIST AI Risk Management Framework, part 2 Mar 26, 2024 00:48:06 Here's part 2 of what's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 153: NIST AI Risk Management Framework, part 1 Mar 12, 2024 00:40:49 What's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 152: Boards of Directors and Cybersecurity Feb 27, 2024 00:47:14 The SEC says that Boards of Directors need cybersecurity expertise. But how exactly does that work? Let's find out with our guest Vanessa Pegueros, former CISO of DocuSign. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 151: Does Ransomware Kill Sick People? Feb 13, 2024 00:41:36 "Is there any reliable evidence that sick people die at a higher rate when their hospital is disabled by ransomware? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. “Hacked to Pieces? The Effects of Ransomware Attacks on Hospitals and Patients” University of Minnesota - Twin Cities - School of Public Health htt

EP 150: Privacy Laws Driving Demand for Cybersecurity Jan 30, 2024 00:40:31 Twelve US states now have major privacy laws, up from only five last year. How is that driving demand for cybersecurity? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 149: The Tools and Rules of Digital Trust Jan 16, 2024 00:49:03 How do you take a very important, yet ethereal, idea like digital trust and make it more concrete and actionable? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 148: SEC Disclosure Rules on Cybersecurity Jan 2, 2024 00:38:59 What are the SEC’s new rules for cybersecurity disclosures, including cyber incidents AND annually about cybersecurity risk management and governance? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 147: SEC Complaint against SolarWinds Corporation Dec 19, 2023 00:49:02 "What can we learn about the SEC Complaint against SolarWinds Corporation and Timothy G. Brown? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. EP 96: ""Normalizing Greater Accountability For Cybersecurity Fraud"" <https://cr-map.com/podcast/96/> EP 109: ""FTC’s Strange Action Against Cafe Press"" <

EP 146: Security Metrics Dec 5, 2023 00:48:20 "How can we measure success with cybersecurity? Let's find out with our guest Jared Pfost. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. See Jared's ""Security Metrics Reference"" here -- https://www.cr-map.com/metrics"

EP 145: Why Do Employees Keep Ignoring Workplace Cybersecurity Rules? Nov 21, 2023 00:38:50 Why do employees keep ignoring workplace cybersecurity rules? And, what should cyber risk managers to do about it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 144: SecureWorld Nov 7, 2023 00:40:11 Have you heard of a regional cybersecurity conference in the US called SecureWorld? We really like it. So we invited Brad Graver, who’s the president of SecureWorld, to tell us what makes them different from all the other conferences we could go to. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 143: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 2 Oct 24, 2023 00:50:11 Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 142: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 1 Oct 10, 2023 00:47:32 Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 141: What's New in NIST CSF v2 Sep 26, 2023 00:39:36 What’s going to be in version 2 of the NIST Cybersecurity Framework? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 140: Entry Level IT & Cybersecurity Certifications Are Broken Sep 12, 2023 00:36:42 Entry level IT and Cybersecurity certifications cost too much and produce too many "paper tigers". How do we fix that? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 139: How to Use Cyber Insurance as a Cyber and Privacy Risk Management Tool Aug 29, 2023 00:39:22 How does an attorney think about using cyber insurance to manage cyber and privacy risks? Let's find out with our guest Jane Petoskey. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 138: What's With NIST Special Publication 800-171, Revision 3 and CMMC Aug 15, 2023 00:43:31 How is Revision 3 of NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification (CMMC) related to each other? Let's find out with our guest Jacob Horne. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 137: How to Make Tabletop Exercises (TTX) Fun! Aug 1, 2023 00:33:54 Traditional incident response exercises are often boring and awkward. That's why we don't do them, even though we should. Want a new way to get people excited about doing one? Let's learn about a proven innovation with our guest Glen Sorensen. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 136: Why Cyber Resilience is a Business Advantage Jul 18, 2023 00:45:43 "An $8 billion company was hit by ransomware and then was sued in court by one of its best customers. What's the connection with cyber resilience? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Case Study for Cyber as a Material Business Risk"" -- https://www.cr-map.com/124"

EP 135: Measuring Cyber Risk Jul 4, 2023 00:49:27 "Is the idea of measuring cyber risk ""hooey!"" as one of the InfoSec godfathers once said? Let's find out with our guest Ryan Leirvik. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Ryan's book ""Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program"" -- https://www.amazon.com

EP 134: The Business Value of Business Continuity Jun 20, 2023 00:44:48 "Is there any business value in “business continuity”? If so, how can we explain it so anyone can understand? Our guest is Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Erika's Book, ""How to Not Kill Your Business"" -- https://www.amazon.com/gp/product/199018538X

EP 133: ChatGPT and Cyber Risk Management Jun 6, 2023 00:42:54 "Can ChatGPT help us manage Cyber Risk? Can any generative artificial intelligence be helpful? If so, how? And are there any limitations? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Suggested ""ChatGPT Prompt Engineering"" course by Sean Melis: https://www.udemy.com/course/chatgpt-101-supercharge-your-work

Episodes

Recommended