The Podcast

Season 4 – Episode 2 (Steven Ross)

Steven Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP), a Certified Information Systems Auditor (CISA) and a Certified Data Privacy Solutions Engineer (CDPSE).  He is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, Data Privacy and IT Disaster Recovery Planning services.

He has implemented Information Security programs for numerous banks, government agencies and industrial corpo­rations. Prior to founding Risk Masters, Steven was a Director and global practice leader with Deloitte & Touche. 

In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes.  In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks. 

Steven has published a book, Creating a Culture of Security. He was editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. Since 1998, Steven has regularly published the column, “IS Security Matters”, in the ISACA Journal.  In 2022, he was inducted into the ISACA Hall of Fame. 

Here’s a link to the episode on Buzzsprout:

Season 4 – Episode 2

Season 4 – Episode 1 (Brian Allen)

Brian Allen spent 15 years as the Chief Security Officer for Time Warner Cable, a Fortune 120 critical infrastructure provider. An authoritative voice in enterprise security risk management (ESRM), he has authored two seminal books on the subject. He extends his knowledge as an Adjunct Professor at the University of Connecticut, teaching cybersecurity risk and enterprise risk management within their MBA Financial Risk Management program.

During his tenure at EY, Brian engaged with board members and C-suite leaders at globally ranked institutions, guiding them through cyber risk oversight obligations and assessing their cyber risk programs. His expertise spans a broad spectrum of critical areas, including cybersecurity, physical security, AI risk management, operational resilience, board governance, crisis and fraud management, and enterprise risk management. Currently, as the SVP of Emerging Technology Risk Management at The Bank Policy Institute, he liaises with top financial institutions, advocating for the sector’s interests before key stakeholders such as regulators, legislators, and intelligence agencies.

Brian has extended his involvement in several critical infrastructure groups, including executive roles within Comm-ISAC and the Comm-Sector Coordinating Council. His appointment by the FCC Chairman to collaborate with NIST on the Cybersecurity Framework, and his active participation in committees within FS-ISAC and FSSCC, highlight his commitment to advancing industry standards in cybersecurity and risk management.

Here’s a link to the episode on Buzzsprout:

Season 4 – Episode 1

Season 3 – Episode 10 (John Cusimano)

John Cusimano is an industrial control system (ICS) / OT cybersecurity expert with a strong background in process control and functional safety engineering. Since 2009, John has started up and successfully led 2 ICS/OT cybersecurity consulting practices at boutique consulting/engineering firms (exida and aeSolutions). Both practices experienced above average growth and profitability under his leadership.

John has personally performed countless ICS cybersecurity vulnerability and risk assessments in wide range of industries per NIST, ISA/IEC 62443 and NERC CIP standards. He developed the CyberPHA methodology through a combination of his work on standards committees and by working with key clients who shared his interest in applying process safety engineering discipline to ICS cybersecurity. The CyberPHA methodology has become a globally recognized method of performing risk assessments of ICS and safety systems.

John is not only a successful business leader and ICS cybersecurity practitioner, but he is also a highly respected thought leader in the ICS cybersecurity field. He was a leader in the development of the ISASecure™ certification scheme and launched the first ANSI accredited ISASecure testing laboratory at exida. He was a SME for the first LOGIIC SIS project. He led the development of 3 ICS cybersecurity courses for ISA (ISA IC33, IC34 and IC34) as well as the accompanying certificate programs. He also led the development of the “ICS Cybersecurity for Manager’s” course hosted by SANS. John served as Chairman of the ISA 99 subcommittee that authored the recently approved ISA/IEC 62443-3-2 standard, “IACS Security Risk Assessment & Design”.

Currently, John is a managing director for Deloitte in the Cyber OT and IoT organization. John leads a ICS/OT cybersecurity focused practice and a team of 20+ experienced and highly qualified ICS cybersecurity specialists. Many of his clients are Fortune 500 multinational companies with both domestic and international operations. His practice’s flagship ICS cybersecurity service is CyberPHA but their services range from cybersecurity program development, CyberFAT and SAT testing, ICS and IIoT cybersecurity risk assessments, design & implementation of industrial network security solutions, evaluation and deployment of ICS cybersecurity products, security operations & maintenance support and training.

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 10

Season 3 – Episode 9 (Dr. Martin Gill)

Professor Martin Gill is a criminologist and Director of Perpetuity Research which started life as a spin out company from the University of Leicester. He holds honorary/visiting Chairs at the Universities of Leicester and London. Martin has been actively involved in a range of studies relating to different aspects of security, private policing and business crime on topics including: organised crime and fraud; why offenders offend; the (in)effectiveness of different security measures; and the scope of security management.

Martin has been extensively involved with evaluation research and with the offender’s perspective looking at how they target certain people and premises and aim to circumvent security measures. He has published 15 books including the third edition of the ‘Handbook’ of Security’ which was published in 2022. He is the organiser and Chair of the Security Thought Leadership webinar series. Martin is a Fellow of The Security Institute, a member of the Company of Security Professionals (and a Freeman of the City of London). He is a Trustee of the ASIS Foundation. In 2002 the ASIS Security Foundation made a ‘citation for distinguished service’ in ‘recognition of his significant contribution to the security profession’.

In 2009 he was one of the country’s top 5 most quoted criminologists. In 2010 he was recognised by the BSIA with a special award for ‘outstanding service to the security sector’. In 2015 and 2016 he was nominated and shortlisted for the Imbert Prize at the Association of Security Consultants and in the latter he won. In 2016 ASIS International awarded him a Presidential Order of Merit for distinguished service. In 2022 he was recognised by Security Magazine as one of the ‘Most Influential People in Security’ and also received the Mervyn David Award from the ASIS UK Chapter ‘for his significant contribution to the security profession’.

In 2016 he was awarded the Imbert Prize by the Association of Security Consultants. In 2016 ASIS International awarded him a Presidential Order of Merit for distinguished service. In 2022 he was recognised by Security Magazine as one of the ‘Most Influential People in Security’ and also received the Mervyn David Award from the ASIS UK Chapter ‘for his significant contribution to the security profession’. Martin is a Chartered Security Professional, a conference chair, a presenter and after dinner speaker.

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 9

Season 3 – Episode 8 (Doug Leece and Tim McCreight)

Post GSX conference, which  included an in-depth review of ESRM and an interview with former U.S. president George W Bush, this episode considers how enterprise security risk management has stood the test of time as well as how risk analysis will need to evolve . 

Financial receptors can be found in almost every organizational risk matrix but how do those decisions change with modern ransomware attacks? How does a threat intelligence program contribute to organizational defense and resilience?

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 8

Season 3 – Episode 7 (Michael Lashlee)

Michael Lashlee is senior vice president, deputy chief security officer for Mastercard. In this role, he is responsible for Vulnerability and Security Event Management, Facility Security, Global Regional Security, Intelligence, Enterprise Resilience, Cyber Forensics and Executive Protection.  He sits on the Advisory Board of the International Association of Financial Crimes Investigators (IAFCI) and the European Cyber Crime and Fraud Investigators (ECCFI), as well as the Strategic Advisory Committee for the Global Cyber Alliance (GCA).

Mr. Lashlee joined Mastercard in 2016 after a 25-year career with the United States Secret Service (USSS.) Mr. Lashlee was a Special Agent and supervisor on the protective details for Presidents Clinton, George W. Bush and Obama and was the supervisor for the Counter Assault Team (CAT), providing dynamic tactical support for the President. His last two postings were as Special Agent in Charge of the Forensic Services Division and the Technical Security Division, with responsibility for all technical protective countermeasures at the White House and other USSS protected facilities.

Mr. Lashlee has worked and traveled in over 95 countries, and was posted as the attaché to the U.S. Embassy – Paris, overseeing USSS protective operations, financial fraud and cybercrimes

investigations in Western Europe, Russia and parts of Africa. Mr. Lashlee led the USSS investigation into the attempted assassination of President George W. Bush in T’bilisi, Georgia in 2005.

Mr. Lashlee has over 28 years of Federal investigative and law enforcement experience and is certified under the Senior Executive Service (SES) program by the Office of Personnel Management for the Department of Homeland Security. He holds a graduate certificate in Leadership from the Key Executive Leadership program at American University in Washington, DC; a bachelor’s degree from Texas Tech University, and is CISSP certified.

Mr. Lashlee formerly served in the United States Marine Corps Reserve as a Non-Commissioned Officer. He is married with three children.

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 7

Season 3 – Episode 6 (Terry Freestone)

Calgary was an ICS cyber hub before most knew such measures were  necessary, Terry Freestone was one of the ICT specialists from those early days who now applies his decades of hard-won knowledge  in the offices of the Canadian Energy Regulator.  

Speaking as a private citizen and cyber security expert rather than a government representative,  Terry and the Caffeinated Risk team explore risk management from the energy producer’s perspective and his four point strategy for risk mitigation prioritization that works for any size staff or budget. 

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 6

Season 3 – Episode 5 (Doug Leece and Tim McCreight)

Keeping up the accidental annual tradition Tim and Doug take a retrospective look at risk management as a mid-year pulse.  The 10th annual Cyberthreat Defense report forms the underlying theme but digging under the statistics to analyze how these might pertain to ESRM. 

Communication also popped up as a topic, and Tim shares some lessons learned from the field as well as a professional development resource.

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 5

Season 3 – Episode 4 (Rachelle Loyear)

One of the original authors of the ESRM framework, now in it’s tenth year,  and Caffeinated Risk’s first guest returns to discuss how data science is changing security and risk management.  While alchemy may be a bit of a stretch, Ms. Loyear ongoing focus of including human behaviour in the risk equation is leading to the development of data science based detection capabilities that would have appeared magical even 5-10 years ago.

Rachelle Loyear is the Vice President of Integrated Security Solutions for Allied Universal and co-author of The Manager’s Guide to Enterprise Security Risk Management.

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 4

Season 3 – Episode 3 (Espresso Shot Terry Ingoldsby)

Threat modeling expert and inventor of one of the world’s first attack tree modeling  products talks about how to integrate subject matter expertise into the risk equation, the answer may be surprising.

Bonus content  not included in the original interview with Terry which dove deep into the history of attack trees, modern applications and exploring why there is no AI magic when it comes to identifying events that could end your organization.  Well worth a listen if you missed it.

Here’s a link to our the episode on Buzzsprout:

Season 3 – Episode 3

Season 3 – Episode 2 (Jack Freund)

Dr. Jack Freund is a leading voice in Information Risk measurement and management. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups.

Jack attained his Bachelor of Science in Computer Information Systems, Master’s degree in Telecom and Project Management, and was awarded a Doctorate in Information Systems. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations.

His academic credentials include being named a Senior Member of the IEEE and ACM, a Visiting Professor, Academic Advisory Board member, IAPP Fellow of Information Privacy, Fellow of the FAIR Institute, and Distinguished Fellow of the ISSA.

The book Jack coauthored with Jack Jones – Measuring and Managing Information Risk: A FAIR Approach – was inducted into the Cybersecurity Canon in 2016.  Jack is ISACA’s 2018 John W. Lainhart IV Common Body of Knowledge Award recipient, and was given an (ISC)2 Global Achievement Award in 2020.

Both Doug and I are huge fans of his work, and have referenced his book throughout our careers!

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 2

Season 3 – Episode 1 (Doug Leece and Tim McCreight)

In addition to hybrid work and regular time in the office being the new normal, 2023 marks the year Caffeinated Risk’s co-host Tim McCreight serves as the president of ASIS international.  ASIS has long been a proponent of both physical and cyber security professionalism and one of the first organizations to explore and embrace Enterprise Security Risk Management (ESRM) as an integral element of security.

Scholarly articles on cyber-physical security convergence started appearing in the late 1990s,  more than 25 years later the convergence buzz has ebbed and flowed but silo’s remain. In this episode Tim shares his insights from the past 40 years, the benefits to a converged approach as well as some of the paths toward success. 

Here’s a link to the episode on Buzzsprout:

Season 3 – Episode 1

Season 2 – Episode 13 (Alexander Martonik)

Alexander Martonik leads Esri’s business solutions team for financial services and insurance. Since 2015, he has worked alongside GIS professionals from civilian intelligence agencies, uniformed services, corporate security, and the private sector.

Through his work, Alexander has influenced geospatial innovations for corporate responsibility, social equity, business resilience, market research, and customer analytics. He graduated with distinction from the national cyber security studies program at California State University San Bernardino, and is a recent Esri Fellow to the University of Redlands School of Business & Society.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 13

Season 2 – Episode 12 (Espresso Shot Michelle Dennedy)

A great discussion point that didn’t make it to air from the original 2021. Not all data is of equal value to the organization and the viable shelf life is seldom tracked or even discussed.

This espresso shot takes a humorous look at a serious question about privacy considerations during the development cycle and check out the original full episode with privacy thought leader Michelle Finneran Dennedy.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 12

Season 2 – Episode 11 (Paul Mercer)

Paul Mercer is the founder and Managing Director of HawkSight SRM Ltd, which offers consultancy, software and training services to improve the way organisations manage and mitigate their security risks.

Responsible for the development of the HawkSight Software – winner of the Risk Management Product of the Year at the 2016 CIR Risk Management Awards – he founded the business over a decade ago following a career in the UK Military.

With a Master’s Degree in international politics, his military background includes serving as an officer in the Royal Naval Fleet Air Arm during which time he also deployed as Head of Sector Intelligence for the United Nations Mission in Georgia, Caucasus (UNOMIG).

On joining HMCE as a specialist investigator Paul conducted covert surveillance against international heroin dealers operating across the UK. He also lead a field intelligence and analysis team which was responsible for brokering a peace agreement in Acheh, Indonesia.

A founding partner of Whispering Bell Security Risk Management in the United Arab Emirates, his experience also includes providing security advice to an international rail construction contractor to the Saudi Arabian; successful evacuation of expatriates from both Egypt and Libya during the Arab Spring and helping members of the international media to enter those countries; pre-feasibility studies for an aviation service provider and US oil company re-entering Libya after the revolution; training Tripoli-based teams to support Whispering Bell clients re-entering Libya post revolution.

Today he works with clients around the globe to provide continuity of security risk analysis, comprehensive risk reporting and bespoke mitigation strategies to enable rapid and cost effective management of security risks.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 11

Season 2 – Episode 10 (Espresso Shot Rachelle Loyear)

Co-author of the original book on Enterprise Security Risk Management, it only made sense to have Rachelle be the first Caffeinated Risk guest.  Like many guests, there was just too much material for a 30 minute episode. This espresso shot encore digs into that nuanced  topic of truly partnering with business stakeholders. 

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 10

Season 2 – Episode 9 (Alexandra Hoffman and Tim Wenzel)

Alexandra Hoffmann is the CEO of Crisis Ally, which helps Crisis Leaders and their teams build the right capabilities to thrive through crises. Crisis Ally promotes diversity and blends complementary professional expertise, background, and experience through various partnerships.

Thanks to a career with the French government and large international corporations, Alexandra has a rich operational and multicultural experience with strong expertise in Business Resilience, its boosting factors, and best practices to manage it.

Alexandra is regularly interviewed in the print media to discuss corporate resilience topics, including Authority Magazine, Business Insider, or Thrive Global. She also writes for ASIS Security Management Magazine and the Crisis Response Journal, and regularly presents at international events.

Alexandra has an LLB in Criminal Law from Paris University, France, an M.Sc. in Corporate Security from John Jay College of Criminal Justice in New York, and an MBA from the University of Phoenix. Alexandra is also a Certified Coach, trained in Neurosciences, and a Certified Yoga Teacher. Last but not least, Alexandra is a mom of two!

Tim Wenzel is the Creator & Co-Founder of The Kindness Games.

2020 was a disruptive year, marked by a culture war which our Leaders & Media used to fuel division among us.  To Tim, this resembled an ideological Hunger Games, in which we were made to battle artificial enemies.

The Kindness Games was created to counter-program this culture war, to give people the option to choose to unite their spheres of influence, heal their communities, and change the world by Leading With Kindness. 

Tim began as a thought leader in the security industry, transforming the paradigms of leadership and risk management.  Through The Kindness Games, he is leading across industries, empowering people to show up intentionally, ready to make their world and the people around them better than they found them.

In 2022, Tim was named a Global Influencer & Thought Leader in the Security Industry by IFSEC.  He is noted in business for his problem-solving skills, which stem from his background in healthcare.  By properly identifying the root causes of risk, Tim and his teams create a bridge between opportunity and risk for businesses. 

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 9

Season 2 – Episode 8 (Doug Leece and Tim McCreight)

We took some time to look at the most recent telecom outage impacting Canadians, and talked about two issues we are passionate about in the security profession: resilience and ethics. This was our opportunity to look at the events that impacted Canadians from a different perspective. We also revisited our concept of resilience and the direct link to ethics.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 8

Season 2 – Episode 7 (Josh Sokol)

Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint. 

Josh spent some time as a military contractor, and recently left a ten-year career as the Information Security Program Owner at National Instruments in order to pursue a full-time role as the Creator, CEO, and CISO of the free and open-source risk management tool SimpleRisk.

Josh has spoken on dozens of security topics, including the much-hyped “HTTPSCan Byte Me” talk at Black Hat 2010.  He also served four years on the Open Web Application Security Project (OWASP) Global Board of Directors.  In his spare time, Josh volunteers as a mentor with the Cyber Titan program in the US!

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 7

Season 2 – Episode 6 (Martin Dinel)

Martin Dinel is a trusted and experienced information technology and cybersecurity professional with over 33 years of leadership experience. As Chief Information Security Officer for the Government of Alberta since August 2015, Martin is defining the Government of Alberta’s vision and strategy to counter the cyber threat and ensure that the information of Albertans is well protected.

During his tenure as CISO, Martin has been a member of various cybersecurity related committees, including the National CIO Subcommittee on Information Protection (NCSIP), a committee that includes peers from the federal, provincial, and territorial governments across Canada, acting as Chair for 4 of the past 7 years.

Martin is also the chair of the recently created CyberAlberta Community of Interest formed with the cybersecurity leads of Alberta-based organizations with the goal of strengthening Alberta’s overall cybersecurity posture.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 6

Season 2 – Episode 5 (Illena Armstrong)

Illena Armstrong is a long-time international media and business development leader who, with the help of the talented teams she has managed over the years, successfully built and maintained a wide range of award-winning, digitally driven multimedia, intelligence/research and educational offerings serving targeted audiences. Along with her current role at CSA, she serves as a Fellow with the International Association of Certified ISAOs (IACI) and is Co-Chair of the IACI Global Security Resilience Alliance (GSRA), which serves as the IACI Advisory Board. Additionally, she currently sits on the Board of Advisors for Cybersecurity Ventures, a leading researcher and publisher covering the global cyber economy and a trusted source for cybersecurity facts, figures and statistics.

Prior to these positions, she was VP, Editorial, at SC Media, a business media brand for the information security industry. While there, she spearheaded and managed all content strategy and development, as well as played a key leadership role in driving the brand’s overall business and commercial growth with the support of team members scattered across the US and UK.

Leveraging years in the cybersecurity industry and her brand-building, digital media, editorial, design, website, marketing/PR, social media, event, and overall business/commercial experience, she has established a multitude of award-winning digital content and editorial offerings, such as virtual events/webcasts, video/podcast programs, physical events, social media channels and traditional hardcopy/digital editions. Working closely with other brand and sales colleagues, she also has created and launched research-based products, single- and multi-tiered custom offerings, awards/recognition programs, and still other product lines.

In addition to being named to Cyber Defense Magazine’s “Top 25 Women in Cybersecurity” for 2019 (https://cyberdefenseawards.com/top-25-women-in-cybersecurity/), on her watch, SC won more than 40 awards from such industry groups as the American Society of Business Publication Editors, Trade Association Business Publications International, Folio and MIN Online. She has spoken/moderated at several domestic and international industry events, including RSA Conference, National Credit Union-ISAO Annual Conference, ACCOSCA/CU Difference Tour, Techno Security Conference, a plethora of virtual events/webcasts and others. Prior to these endeavours, she worked for various newspapers, consumer/business magazines and eldercare journals in New England and the southern United States at which she received still more honours.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 5

Season 2 – Episode 4 (Cara Wolf)

Cara Wolf is the CEO of Ammolite Analytx, a custom AI technology development firm specializing in advanced information security solutions in the quantum and classical regimes. She is a dynamic and experienced award-winning thought leader, author and speaker with over 15 years of executive leadership. 

She has a proven track record of conceptualizing, developing and commercializing technology-based solutions in the defence, finance and energy sectors. She has expert analytical and problem-solving skills coupled with a collaborative team leadership style. Her technical competency, business acumen and drive to succeed deliver exceptional outcomes.

Cara has won numerous awards internationally for her strategic technology innovation initiatives and guest lectures regularly on the topics of quantum technologies, artificial intelligence, cybersecurity, innovation and entrepreneurship. She has extensive experience serving at the Advisory Board and Director level for many organizations including the Automotive Parts Manufacturing Association, vCISO Catalyst and the Council of Innovation and Entrepreneurial Leadership at the University of Calgary.

She is a member of the Institute of Corporate Directors and a SHEInnovator with UN Women. She is recognized as TECTERRA’s Woman of Impact, University of Calgary’s Distinguished Graduate, Woman of Inspiration and Top 20 Women in Cybersecurity. Ammolite Analytx is recognized as a Top 25 AI Company to Watch and Top 10 Most Innovative Defense Technology Company 2022.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 4

Season 2 – Episode 3 (Ian Paterson)

Ian L. Paterson is an entrepreneur with 10+ years of experience in leading and commercializing technology companies. Paterson has raised over $15M in private and public financing, completed international M&A transactions and is co-inventor of three patents. Previously Paterson served as CEO and founder of data monetization platform Exapik (acquired), and as Director of Insights for Terapeak, a venture-backed analytics firm acquired by eBay.   

Often referred to as an “unconventional thinker”, Paterson is a regular speaker, author, media commentator, and active angel investor.

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 3

Season 2 – Episode 2 (Espresso Shot with Winn Schwartau)

A light hearted espresso shot with renowned information security writer Winn Schwartau and Tim McCreight discussing the serious and all too common problem of uncontrolled ingress and egress.

While the first electronic firewalls may have come into vogue in the late 80’s, Winn and Tim uncover parallels with perimeter security developed in the middles ages.  

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 2

Season 2 – Episode 1 (Espresso Shot with Dave Tyson)

For every podcast, we get to hear so much more than what we present! Starting in Season 2, we’re going to share some of these amazing conversations that we couldn’t fit into our monthly format.

We think you folks will enjoy them too!

This Espresso shot is from Dave Tyson, originally shared in his book and discussed during  our 2021 interview on identifying where security can contribute to the business value chain and some strategies for selling the benefits.  

Here’s a link to the episode on Buzzsprout:

Season 2 – Episode 1

Season 1 – Episode 12 (Doug Leece and Tim McCreight)

Our last podcast for 2021 is a chance for Doug and Tim to chat about Innovation and Influence! As the year comes to a close our two self proclaimed grumpy security professionals spend some time looking at ways to keep promoting the value of a risk based, business focused approach to security.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 12

Season 1 – Episode 11 (Doug Millward)

Doug Millward obtained his first degree in Computer Science and Management Science from the University of Keele a (very) long time ago. He obtained his post graduate certificate in Higher Education teaching and learning several years later from the University of Wolverhampton. He is now working on his third degree with the University of Essex.

His involvement with security and risk started at Turnbull Control Systems, a SCADA/ control systems company based in Sussex. He worked as a support engineer designing and delivering solutions to system problems for the likes of ICI and Shell. This led to a number of years globe-trotting as a technical consultant working on risk and security issues in engineering and network systems. During this time he lived in Denver, Colorado and worked in the USA, Canada, Africa, Australia, Singapore and of course from time to time in the UK.

His second career was as a freelance consultant, providing security design advice, support and hands on engineering experience to web startups, training centres and various network-related companies in the UK and elsewhere. He also found time to dabble in some teaching at sixth form level and even a bit of audio engineering and production.

Doug’s third career was with blue chip outsourcing companies like EDS, CSC, and Atos. He started as a senior developer writing .Net code (while it was still at Beta release) before progressing to solution architect, systems architect, and eventually Enterprise Architect and Head of Division. During this time, he worked on cloud solutions using .Net, Java, and eventually moved on to designing public and hybrid cloud solutions for UK Government departments as well as many large enterprises in the transport, medical and education sectors.

Now into his fourth career, Doug applied his corporate experience and teaching/ training skills to HE when he became a senior lecturer at Wolverhampton University, teaching at all levels from HND to Masters, designing a number of Security and Computer Science modules and also working as a lead researcher on the Biolive project – examining privacy issues for vulnerable adults. This fourth career has continued with work at Kaplan/ the University of Essex Online where he has designed and taught a number of computer science modules at Masters level, specialising in Cyber Security.

Doug is actively involved in research around cybersecurity, specialising in designing and modeling security in composable systems, the use of secure languages and data representations, and the application of risk frameworks and taxonomies at both the micro and macro levels.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 11

Season 1 – Episode 10 (Paul Smith)

Paul Smith has spent close to 20 years in the automation control space, tackling the “red herring” problems that are thrown his way. He has handled unique issues such as measurement imbalances resulting from flare sensor saturation, database migration mishaps, and many more.

This ultimately led to the latter part of his career, where he has been spending most of his time in the industrial cybersecurity space pioneering the use of new security technology in the energy, utility, and critical infrastructure sectors. Paul is also helping develop cybersecurity strategies through the use of red team/penetration testing engagements, cybersecurity risk assessments, and tabletop exercises for some of the world’s largest government contractors, industrial organizations, and municipalities.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 10

Season 1 – Episode 9 (Michelle Finneran Dennedy)

Before co-founding Privatus Consulting, Michelle Finneran Dennedy was CEO of DrumWave, Inc.  Previously, she was Vice President and Chief Privacy Officer at Cisco, where she worked to raise awareness and create tools that promote privacy, quality, respect, trust, and asset-level possibilities for data.

She is a unique visionary in the field of privacy and the IT industry, bringing together multifaceted approaches that provide sincere privacy protections and drive business value.

A licensed attorney, Michelle has led security and privacy initiatives, ranging from regulatory compliance, privacy engineering, advocacy and education efforts, and litigation at companies including Cisco, McAfee/Intel Security, Oracle, and Sun Microsystems.

Michelle is a sought-after keynote speaker, and the co-author of The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 9

Season 1 – Episode 8 (Larry Whiteside)

Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure. 

Larry currently serves as the Chief Trust Officer and Chief Technology Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.  

Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.  

Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention. 

Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management. 

Larry received his Bachelor of Science degree in Computer Science at Huston-Tillotson University, an HBCU that is the oldest institution of higher learning in the State of Texas. 

Here’s a link to the podcast on Buzzsprout:

Season 1 – Episode 8

Season 1 – Episode 7 (Doug Leece and Tim McCreight)

We took some time out of our summer holidays to interview each other!

We really wanted to chat about some issues that are top of mind – returning to work after a year and a half at home, what are some of the security implications we need to look at, and are we finding out what our “new normal” is going to be?

We also chatted about ransomware, among a few topics :). It was also a chance to really look at the world we’re seeing now from a cyber security perspective and if it’s getting scarier…

It was a great chance to chat and learn from each other…

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 7

Season 1 – Episode 6 (Dave Tyson)

Dave Tyson is the President of Apollo Information Systems, a concierge Cyber Security consultancy with operations across the USA and Canada. Over 30 years of experience in Cyber & Physical security leadership, battling organized crime and nation state attackers has prepared him for all aspects of Enterprise Security Risk Management. He is also the co-founder of Cyber Easy Learning, an online and classroom Cyber Security training program that teaches Cyber Security in plain English!

His previous role was as Chief Information Security Officer for SC Johnson, a global consumer package goods firm. Prior to joining SCJ he led security programs for the largest Power Utility in the USA, was the Global Security operations lead for the largest E-commerce company in the world, and the Chief Security Officer for the Host City of the 2010 Winter Olympics.

Dave has a Master’s degree in Business Administration (MBA), specializing in Digital Technology Management.  He’s also Board Certified in Security Management and obtained his Certified Protection Professional (CPP) designation.  Dave is also a Certified Information Systems Security Professional (CISSP).

Dave is frequent speaker at conferences and education events in North and South America, ASIA and Europe. He has published dozens of articles in industry magazines and published the first book on Security Convergence via Butterworth Heinemann.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 6

Season 1 – Episode 5 (Terry Ingoldsby)

Terry Ingoldsby has acquired over 25 years of cybersecurity experience. He is the President of Amenaza Technologies Ltd., and the chief technical architect of their advanced, attack tree based threat modeling.

He regularly teaches an advanced attack tree analysis course to aerospace and defense contractors, critical control system operators and IT providers.

Terry has conducted consulting engagements around the world! That’s an incredible accomplishment for a firm headquartered in Calgary, Alberta Canada! Terry has achieved his BSc in Physics, and his MSc in Computer Science. He’s also active in the Calgary IT community and has done presentations and interviews on attack tree threat modeling.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 5

Season 1 – Episode 4 (Scott Klososky)

Scott began his career fresh out of high school, where his job in a new computer division of an office products company was his springboard into the world of technology. He became the leader of their new computer sales division and then purchased it as his own company. It was eventually built into a twelve-store operation in three states.

His next endeavor was as founder and CEO of Paragraph, Inc., a Soviet/American joint venture founded in 1988, as this country was just opening up to western business models. Half of the company was sold to Silicon Graphics, and the other half sold as well a few years later.

Scott then collaborated with H.R. Haldeman to publish a diary of his years as the Chief of Staff to President Nixon, which was a bestseller (Putnam Publishing), and involved Sony Interactive in the release of a book companion CD-ROM.

In 1995 Scott started another company named Avant Digital Marketing which was later renamed Webcasts.com. This start-up was an early producer of webcasted media ranging from corporate and government communications to sporting events and entertainment. It was sold in 2000 for $115 million.

In 2007 Scott once again founded a start-up called Alkami Technology. This company developed a second-generation online banking platform with innovative features non-existent in current systems. The company is today headquartered in Dallas and has over 250 employees.

Along the way Scott has participated as a board member with a number of firms. Examples include WeGoLook which sold in 2017 for approximately $40 million and First Fidelity Bank in Oklahoma and Phoenix.

He is the author of four books including his most recent title, Did God Create the Internet? The Impact of Technology on Humanity.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 4

Season 1 – Episode 3 (Winn Schwartau)

Winn has lived Security since 1983, and now says “I think, maybe, I’m just starting to understand it“. His predictions about the internet and global security problems have been scarily spot on. He coined the term “Electronic Pearl Harbor” while testifying before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. He was named the “Civilian Architect of Information Warfare” by Admiral Patrick Tyrrell of the British Ministry of Defense.

He is currently the Chief Visionary Officer, running Research & Development for SAC Labs, developing techniques to enhance human resilience to social engineering attacks on businesses, individuals and global critical infrastructures.

His new book, “Analogue Network Security” is a mathematical, time-based and probabilistic approach to justifiable security. His goal is to provide a first set of tools and methods to “fix security and the internet”, including fake news, spam, phishing, Distributed Denial of Service (DDoS) attacks and more.

There’s a great quote from Winn that came from his testimony to the Congressional Subcommittee on Technology and Competitiveness, Committee on Science, Space and Technology about the state of security in the private sector and government:

“Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless – an Electronic Pearl Harbor waiting to happen. As a result of inadequate security planning on the part of both the government and the private sector, the privacy of most Americans has virtually disappeared.“

The testimony we’re quoting was provided June 27, 1991. Almost thirty years ago…

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 3

Season 1 – Episode 2 (Rachelle Loyear)

As Vice President of Innovation and Product Management for G4S Americas, Rachelle Loyear leads the G4S Innovation team and the Enterprise Security Risk Management approach at G4S.

Rachelle has spent her career managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.

In 2017, she released the book The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, and is a co-author of the 2018 book, Enterprise Security Risk Management: Concepts and Applications.

Rachelle serves on the Cybersecurity Advisory board for SIA, and the IT Security Community, ESRM, and Crisis Management steering committees of ASIS International. She is a Certified Information Security Manager (CISM) through ISACA, a Master Business Continuity Professional (MBCP) through DRI International, an Associate Fellow of Business Continuity International (AFBCI) and a certified Project Management Professional (PMP) through the Project Management Institute (PMI).

She’s also working on some really cool projects:

• She’s refining and releasing a Global ESRM approach to customer solution development for G4S,
• She’s part of the team revamping the ASIS Protection of Assets material to include an ESRM underlying philosophy, and
• She’s working with customer focus groups to understand what the security industry really needs to manage risk – using Design Thinking principles.

Here’s a link to the episode on Buzzsprout:

Season 1 – Episode 2