The Podcast

Once a month, a new 20-30 minute podcast by two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and looking forward discussions with guests working in information security and risk management. Co-hosts Doug Leece and Tim McCreight have been approaching security risk management from both the technical and managerial levels for a number of years yet share a common philosophy.

Visit to access current and past episodes. Subscribe with your favourite podcasting app like Apple, Spotify or Google Podcasts so new episodes appear automatically.

Guest #18 & 19 – Alexandra Hoffman and Tim Wenzel

Alexandra Hoffmann is the CEO of Crisis Ally, which helps Crisis Leaders and their teams build the right capabilities to thrive through crises. Crisis Ally promotes diversity and blends complementary professional expertise, background, and experience through various partnerships.

Thanks to a career with the French government and large international corporations, Alexandra has a rich operational and multicultural experience with strong expertise in Business Resilience, its boosting factors, and best practices to manage it.

Alexandra is regularly interviewed in the print media to discuss corporate resilience topics, including Authority Magazine, Business Insider, or Thrive Global. She also writes for ASIS Security Management Magazine and the Crisis Response Journal, and regularly presents at international events.

Alexandra has an LLB in Criminal Law from Paris University, France, an M.Sc. in Corporate Security from John Jay College of Criminal Justice in New York, and an MBA from the University of Phoenix. Alexandra is also a Certified Coach, trained in Neurosciences, and a Certified Yoga Teacher. Last but not least, Alexandra is a mom of two!

Tim Wenzel is the Creator & Co-Founder of The Kindness Games.

2020 was a disruptive year, marked by a culture war which our Leaders & Media used to fuel division among us.  To Tim, this resembled an ideological Hunger Games, in which we were made to battle artificial enemies.

The Kindness Games was created to counter-program this culture war, to give people the option to choose to unite their spheres of influence, heal their communities, and change the world by Leading With Kindness. 

Tim began as a thought leader in the security industry, transforming the paradigms of leadership and risk management.  Through The Kindness Games, he is leading across industries, empowering people to show up intentionally, ready to make their world and the people around them better than they found them.

In 2022, Tim was named a Global Influencer & Thought Leader in the Security Industry by IFSEC.  He is noted in business for his problem-solving skills, which stem from his background in healthcare.  By properly identifying the root causes of risk, Tim and his teams create a bridge between opportunity and risk for businesses. 

Here’s a quick excerpt of our interview with Alexandra and Tim!

Guest #17 – Doug and Tim

We took some time to look at the most recent telecom outage impacting Canadians, and talked about two issues we are passionate about in the security profession: resilience and ethics. This was our opportunity to look at the events that impacted Canadians from a different perspective. We also revisited our concept of resilience and the direct link to ethics.

Here’s a quick excerpt of our half year in review!

Guest #16 – Josh Sokol

Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint. 

Josh spent some time as a military contractor, and recently left a ten-year career as the Information Security Program Owner at National Instruments in order to pursue a full-time role as the Creator, CEO, and CISO of the free and open-source risk management tool SimpleRisk.

Josh has spoken on dozens of security topics, including the much-hyped “HTTPSCan Byte Me” talk at Black Hat 2010.  He also served four years on the Open Web Application Security Project (OWASP) Global Board of Directors.  In his spare time, Josh volunteers as a mentor with the Cyber Titan program in the US!

Here’s a quick excerpt of our interview with Josh!

Guest #15 – Martin Dinel

Martin Dinel is a trusted and experienced information technology and cybersecurity professional with over 33 years of leadership experience. As Chief Information Security Officer for the Government of Alberta since August 2015, Martin is defining the Government of Alberta’s vision and strategy to counter the cyber threat and ensure that the information of Albertans is well protected.

During his tenure as CISO, Martin has been a member of various cybersecurity related committees, including the National CIO Subcommittee on Information Protection (NCSIP), a committee that includes peers from the federal, provincial, and territorial governments across Canada, acting as Chair for 4 of the past 7 years.

Martin is also the chair of the recently created CyberAlberta Community of Interest formed with the cybersecurity leads of Alberta-based organizations with the goal of strengthening Alberta’s overall cybersecurity posture.

Here’s a quick excerpt of our interview with Martin!

Guest #14 – Illena Armstrong

Illena Armstrong is a long-time international media and business development leader who, with the help of the talented teams she has managed over the years, successfully built and maintained a wide range of award-winning, digitally driven multimedia, intelligence/research and educational offerings serving targeted audiences. Along with her current role at CSA, she serves as a Fellow with the International Association of Certified ISAOs (IACI) and is Co-Chair of the IACI Global Security Resilience Alliance (GSRA), which serves as the IACI Advisory Board. Additionally, she currently sits on the Board of Advisors for Cybersecurity Ventures, a leading researcher and publisher covering the global cyber economy and a trusted source for cybersecurity facts, figures and statistics.

Prior to these positions, she was VP, Editorial, at SC Media, a business media brand for the information security industry. While there, she spearheaded and managed all content strategy and development, as well as played a key leadership role in driving the brand’s overall business and commercial growth with the support of team members scattered across the US and UK.

Leveraging years in the cybersecurity industry and her brand-building, digital media, editorial, design, website, marketing/PR, social media, event, and overall business/commercial experience, she has established a multitude of award-winning digital content and editorial offerings, such as virtual events/webcasts, video/podcast programs, physical events, social media channels and traditional hardcopy/digital editions. Working closely with other brand and sales colleagues, she also has created and launched research-based products, single- and multi-tiered custom offerings, awards/recognition programs, and still other product lines.

In addition to being named to Cyber Defense Magazine’s “Top 25 Women in Cybersecurity” for 2019 (, on her watch, SC won more than 40 awards from such industry groups as the American Society of Business Publication Editors, Trade Association Business Publications International, Folio and MIN Online. She has spoken/moderated at several domestic and international industry events, including RSA Conference, National Credit Union-ISAO Annual Conference, ACCOSCA/CU Difference Tour, Techno Security Conference, a plethora of virtual events/webcasts and others. Prior to these endeavours, she worked for various newspapers, consumer/business magazines and eldercare journals in New England and the southern United States at which she received still more honours.

Here’s a quick excerpt of our interview with Illena!

Guest #13 – Cara Wolf

Cara Wolf is the CEO of Ammolite Analytx, a custom AI technology development firm specializing in advanced information security solutions in the quantum and classical regimes. She is a dynamic and experienced award-winning thought leader, author and speaker with over 15 years of executive leadership. 

She has a proven track record of conceptualizing, developing and commercializing technology-based solutions in the defence, finance and energy sectors. She has expert analytical and problem-solving skills coupled with a collaborative team leadership style. Her technical competency, business acumen and drive to succeed deliver exceptional outcomes.

Cara has won numerous awards internationally for her strategic technology innovation initiatives and guest lectures regularly on the topics of quantum technologies, artificial intelligence, cybersecurity, innovation and entrepreneurship. She has extensive experience serving at the Advisory Board and Director level for many organizations including the Automotive Parts Manufacturing Association, vCISO Catalyst and the Council of Innovation and Entrepreneurial Leadership at the University of Calgary.

She is a member of the Institute of Corporate Directors and a SHEInnovator with UN Women. She is recognized as TECTERRA’s Woman of Impact, University of Calgary’s Distinguished Graduate, Woman of Inspiration and Top 20 Women in Cybersecurity. Ammolite Analytx is recognized as a Top 25 AI Company to Watch and Top 10 Most Innovative Defense Technology Company 2022.

Here’s a quick excerpt of our interview with Cara!

Guest #12 – Ian L. Paterson

Ian L. Paterson is an entrepreneur with 10+ years of experience in leading and commercializing technology companies. Paterson has raised over $15M in private and public financing, completed international M&A transactions and is co-inventor of three patents. Previously Paterson served as CEO and founder of data monetization platform Exapik (acquired), and as Director of Insights for Terapeak, a venture-backed analytics firm acquired by eBay.   

Often referred to as an “unconventional thinker”, Paterson is a regular speaker, author, media commentator, and active angel investor.

Here’s a quick excerpt of our interview with Ian!

Continuous Automation & Risk Management

Guest #11 – Doug Leece and Tim McCreight

Our last podcast for 2021 is a chance for Doug and Tim to chat about Innovation and Influence! As the year comes to a close our two self proclaimed grumpy security professionals spend some time looking at ways to keep promoting the value of a risk based, business focused approach to security.

Here’s a quick excerpt of our last podcast for 2021!

Innovation and Influence

Guest #10 – Doug Millward

Doug Millward obtained his first degree in Computer Science and Management Science from the University of Keele a (very) long time ago. He obtained his post graduate certificate in Higher Education teaching and learning several years later from the University of Wolverhampton. He is now working on his third degree with the University of Essex.

His involvement with security and risk started at Turnbull Control Systems, a SCADA/ control systems company based in Sussex. He worked as a support engineer designing and delivering solutions to system problems for the likes of ICI and Shell. This led to a number of years globe-trotting as a technical consultant working on risk and security issues in engineering and network systems. During this time he lived in Denver, Colorado and worked in the USA, Canada, Africa, Australia, Singapore and of course from time to time in the UK.

His second career was as a freelance consultant, providing security design advice, support and hands on engineering experience to web startups, training centres and various network-related companies in the UK and elsewhere. He also found time to dabble in some teaching at sixth form level and even a bit of audio engineering and production.

Doug’s third career was with blue chip outsourcing companies like EDS, CSC, and Atos. He started as a senior developer writing .Net code (while it was still at Beta release) before progressing to solution architect, systems architect, and eventually Enterprise Architect and Head of Division. During this time, he worked on cloud solutions using .Net, Java, and eventually moved on to designing public and hybrid cloud solutions for UK Government departments as well as many large enterprises in the transport, medical and education sectors.

Now into his fourth career, Doug applied his corporate experience and teaching/ training skills to HE when he became a senior lecturer at Wolverhampton University, teaching at all levels from HND to Masters, designing a number of Security and Computer Science modules and also working as a lead researcher on the Biolive project – examining privacy issues for vulnerable adults. This fourth career has continued with work at Kaplan/ the University of Essex Online where he has designed and taught a number of computer science modules at Masters level, specialising in Cyber Security.

Doug is actively involved in research around cybersecurity, specialising in designing and modeling security in composable systems, the use of secure languages and data representations, and the application of risk frameworks and taxonomies at both the micro and macro levels.

Here’s a quick excerpt of our interview with Doug!

Guest #9 – Paul Smith

Paul Smith has spent close to 20 years in the automation control space, tackling the “red herring” problems that are thrown his way. He has handled unique issues such as measurement imbalances resulting from flare sensor saturation, database migration mishaps, and many more.

This ultimately led to the latter part of his career, where he has been spending most of his time in the industrial cybersecurity space pioneering the use of new security technology in the energy, utility, and critical infrastructure sectors. Paul is also helping develop cybersecurity strategies through the use of red team/penetration testing engagements, cybersecurity risk assessments, and tabletop exercises for some of the world’s largest government contractors, industrial organizations, and municipalities.

Here’s a quick excerpt of our interview with Paul!

Guest #8 – Michelle Finneran Dennedy

Before co-founding Privatus Consulting, Michelle Finneran Dennedy was CEO of DrumWave, Inc.  Previously, she was Vice President and Chief Privacy Officer at Cisco, where she worked to raise awareness and create tools that promote privacy, quality, respect, trust, and asset-level possibilities for data.

She is a unique visionary in the field of privacy and the IT industry, bringing together multifaceted approaches that provide sincere privacy protections and drive business value.

A licensed attorney, Michelle has led security and privacy initiatives, ranging from regulatory compliance, privacy engineering, advocacy and education efforts, and litigation at companies including Cisco, McAfee/Intel Security, Oracle, and Sun Microsystems.

Michelle is a sought-after keynote speaker, and the co-author of The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.

Here’s a quick excerpt of our interview with Michelle!

Guest #7 – Larry Whiteside

Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure. 

Larry currently serves as the Chief Trust Officer and Chief Technology Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.  

Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.  

Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention. 

Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management. 

Larry received his Bachelor of Science degree in Computer Science at Huston-Tillotson University, an HBCU that is the oldest institution of higher learning in the State of Texas. 

Here’s a quick excerpt of our interview with Larry!

Podcast #6 – Back to Work, Just in Time for Summer!

We took some time out of our summer holidays to interview each other!

We really wanted to chat about some issues that are top of mind – returning to work after a year and a half at home, what are some of the security implications we need to look at, and are we finding out what our “new normal” is going to be?

We also chatted about ransomware, among a few topics :). It was also a chance to really look at the world we’re seeing now from a cyber security perspective and if it’s getting scarier…

It was a great chance to chat and learn from each other…

Guest #5 – Dave Tyson

Dave Tyson is the President of Apollo Information Systems, a concierge Cyber Security consultancy with operations across the USA and Canada. Over 30 years of experience in Cyber & Physical security leadership, battling organized crime and nation state attackers has prepared him for all aspects of Enterprise Security Risk Management. He is also the co-founder of Cyber Easy Learning, an online and classroom Cyber Security training program that teaches Cyber Security in plain English!

His previous role was as Chief Information Security Officer for SC Johnson, a global consumer package goods firm. Prior to joining SCJ he led security programs for the largest Power Utility in the USA, was the Global Security operations lead for the largest E-commerce company in the world, and the Chief Security Officer for the Host City of the 2010 Winter Olympics.

Dave has a Master’s degree in Business Administration (MBA), specializing in Digital Technology Management.  He’s also Board Certified in Security Management and obtained his Certified Protection Professional (CPP) designation.  Dave is also a Certified Information Systems Security Professional (CISSP).

Dave is frequent speaker at conferences and education events in North and South America, ASIA and Europe. He has published dozens of articles in industry magazines and published the first book on Security Convergence via Butterworth Heinemann.

Here’s a quick excerpt from our interview with Dave!

Guest #4 – Terry Ingoldsby

Terry Ingoldsby has acquired over 25 years of cybersecurity experience. He is the President of Amenaza Technologies Ltd., and the chief technical architect of their advanced, attack tree based threat modeling.

He regularly teaches an advanced attack tree analysis course to aerospace and defense contractors, critical control system operators and IT providers.

Terry has conducted consulting engagements around the world! That’s an incredible accomplishment for a firm headquartered in Calgary, Alberta Canada! Terry has achieved his BSc in Physics, and his MSc in Computer Science. He’s also active in the Calgary IT community and has done presentations and interviews on attack tree threat modeling.

Here’s a quick excerpt from our interview with Terry!

Guest #3 – Scott Klososky

Scott began his career fresh out of high school, where his job in a new computer division of an office products company was his springboard into the world of technology. He became the leader of their new computer sales division and then purchased it as his own company. It was eventually built into a twelve-store operation in three states.

His next endeavor was as founder and CEO of Paragraph, Inc., a Soviet/American joint venture founded in 1988, as this country was just opening up to western business models. Half of the company was sold to Silicon Graphics, and the other half sold as well a few years later.

Scott then collaborated with H.R. Haldeman to publish a diary of his years as the Chief of Staff to President Nixon, which was a bestseller (Putnam Publishing), and involved Sony Interactive in the release of a book companion CD-ROM.

In 1995 Scott started another company named Avant Digital Marketing which was later renamed This start-up was an early producer of webcasted media ranging from corporate and government communications to sporting events and entertainment. It was sold in 2000 for $115 million.

In 2007 Scott once again founded a start-up called Alkami Technology. This company developed a second-generation online banking platform with innovative features non-existent in current systems. The company is today headquartered in Dallas and has over 250 employees.

Along the way Scott has participated as a board member with a number of firms. Examples include WeGoLook which sold in 2017 for approximately $40 million and First Fidelity Bank in Oklahoma and Phoenix.

He is the author of four books including his most recent title, Did God Create the Internet? The Impact of Technology on Humanity.

Here’s a quick excerpt from our interview with Scott!

Guest #2 – Winn Schwartau

Winn has lived Security since 1983, and now says “I think, maybe, I’m just starting to understand it“. His predictions about the internet and global security problems have been scarily spot on. He coined the term “Electronic Pearl Harbor” while testifying before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. He was named the “Civilian Architect of Information Warfare” by Admiral Patrick Tyrrell of the British Ministry of Defense.

He is currently the Chief Visionary Officer, running Research & Development for SAC Labs, developing techniques to enhance human resilience to social engineering attacks on businesses, individuals and global critical infrastructures.

His new book, “Analogue Network Security” is a mathematical, time-based and probabilistic approach to justifiable security. His goal is to provide a first set of tools and methods to “fix security and the internet”, including fake news, spam, phishing, Distributed Denial of Service (DDoS) attacks and more.

There’s a great quote from Winn that came from his testimony to the Congressional Subcommittee on Technology and Competitiveness, Committee on Science, Space and Technology about the state of security in the private sector and government:

“Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless – an Electronic Pearl Harbor waiting to happen. As a result of inadequate security planning on the part of both the government and the private sector, the privacy of most Americans has virtually disappeared.

The testimony we’re quoting was provided June 27, 1991. Almost thirty years ago…

Here’s a quick excerpt from our interview with Winn!

Guest #1 – Rachelle Loyear

As Vice President of Innovation and Product Management for G4S Americas, Rachelle Loyear leads the G4S Innovation team and the Enterprise Security Risk Management approach at G4S.

Rachelle has spent her career managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.

In 2017, she released the book The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, and is a co-author of the 2018 book, Enterprise Security Risk Management: Concepts and Applications.

Rachelle serves on the Cybersecurity Advisory board for SIA, and the IT Security Community, ESRM, and Crisis Management steering committees of ASIS International. She is a Certified Information Security Manager (CISM) through ISACA, a Master Business Continuity Professional (MBCP) through DRI International, an Associate Fellow of Business Continuity International (AFBCI) and a certified Project Management Professional (PMP) through the Project Management Institute (PMI).

She’s also working on some really cool projects:

  • She’s refining and releasing a Global ESRM approach to customer solution development for G4S,
  • She’s part of the team revamping the ASIS Protection of Assets material to include an ESRM underlying philosophy, and
  • She’s working with customer focus groups to understand what the security industry really needs to manage risk – using Design Thinking principles.

Here’s a quick excerpt from our interview with Rachelle!!