Caffeinated Risk
The monthly podcast for security professionals, by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.
- Update frequency
- every 30 days
- Average duration
- 28 minutes
- Episodes
- 52
- Years Active
- 2021 - 2025
The Summer Show - 2025, (pt 2)
Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late December and early January. Eight or nine months later…
The Summer Show - 2025, (pt 1)
The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Forever unscripted, Tim and Doug wind up reflecting …
ESRM roots, revelations & resilience with John Petruzzi
Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the three people responsible for promoting ESRM in the…
Global Risk Management as Strategic Advantage with Dominic Bowen
The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partne…
Simplifying risk analysis using FAIR and Wiley Coyote with Jack Freund
A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and practice into the main stream. A bonus from that origi…
SMB Resilience and lessons for larger organizations with Rochelle Clarke
At 45-50%, depending on your statistical source, there is no denying that small to medium sized businesses are a significant economic engine from both an employment and innovation perspective. In 19…
Addressing Risk and Cyber Resilience, the Alberta Approach - with Rachel Hayward
A surprising number of digital innovations began in Alberta, be it the world's first public digital cellular network in 1985, the DNP3 industrial controls protocol and becoming the first Google inte…
Security Risk Management in an Open Data Environment with Michael Spaling
Ever wondered how top universities protect their cutting-edge research from prying eyes while ensuring seamless access for their scholars? Join us as Michael Spaling, Principal Security Architect at …
Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter
The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digit…
Deviance Normalization & Risk Management with Marco Ayala
Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advance…
Managing Supply Chain Risk Management - with Darren Gallop
Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) is a risk management area no organization can ignore. …
Metawar and Fostering Resilience with Winn Schwartau
Long before the Matrix captured peoples imaginations, Winn Schwartau was steadily offering red pills for those reading his many books on information warfare. A scholastic level researcher without th…
Resilience and I.R. Lessons Learned (the hard way) - with Adam McMath
Almost all incident response plans include a "lessons learned" step, and in the post adrenalin phase that follows many breaches, reviewing what worked and what needs improving doesn't excite a lot o…
ESRM a Transformation Catalyst with Radek Havlis
Amongst the industry verticals classified as critical infrastructure, few would argue that telecommunications belongs in the top that list, placing even more weight on a risk management program due t…
Contingency Planning, Cyber Resilience and Incident Response
Regulatory frameworks from PCI-DSS to NERC-CIP to the newly minted NIST CSF 2.0 each require organizations of all sizes to have cyber incident response plans. Most of us who have spent any time in…
The Business Context of Cyber Resilience with Steven J Ross
Those running a business today who have not experienced disruption due to cyber issues or attacks know it is only a matter of time. Even if their organization is not directly targeted, the modern ma…
Building a Cyber Risk Management Program with Brian Allen
The U.S. Security Exchange Commission defined new rules for cyber risk matters facing publicly traded corporations in July of 2023. Although the SEC's mandate is limited to publicly traded companies…
CyberPHA - OT Risk management With John Cusimano
The ISA 99 standards body is one of the most recognized authorities on cyber physical security covering many aspects of a cyber security management system for industrial control systems including ris…
Science, Crime and Workforce Development with Dr. Martin Gill
Security and crime are often in close proximity but not always studied together. This month's episode features Martin Gill a criminologist who made the study of crime and security his life's work. A…
ESRM a Decade In and The Emergent Threat Landscape
Post GSX conference, which included an in-depth review of ESRM and an interview with former U.S. president George W Bush, this episode considers how enterprise security risk management has stood the…