GRC & Cyber Security Podcast

Welcome to the GRC & Cybersecurity Podcast. On this podcast, you’ll find the latest strategies, advice, and tangible tactics to help you succeed in today’s risk estate. The content is a mix of interviews and fireside chats with CISOs and other GRC and Cybersecurity leaders, expert advice from Risk Management professionals, and the latest insights from our Cyber Threat Briefings. Produced by SureCloud, the provider of cloud based, Integrated GRC (Governance, Risk & Compliance) products and Cybersecurity services, which reinvent the way you manage risk.

Building Organizational Resilience | James Green

In this episode of the Cyber and Risk Leaders podcast, we're joined by James Green, who does a deep dive into his resiliency Think Tank, how to run better tabletop exercises and all things how to build resiliency in organizations.Follow us on Linkedin:• Matthew Davies - https://www.linkedin.com/in/matthew-daviespm• James Green - https://www.linkedin.com/in/thejamesgreen• SureCloud - https://www.linkedin.com/company/surecloud/#cybersecurity #resilience #grc

05-07
34:49

The Role of Intelligence in CyberSecurity | AJ Nash

In this episode of the Cyber and Risk Leaders podcast, SureCloud's Matthew Davies welcomes special guest AJ Nash of ZeroFox about the role of intelligence in cybersecurity. We delve into the challenges of misinformation in the digital age, including the spread of disinformation and erosion of trust in institutions.Join us as we explore the impact of dis/mis/malinformation, the manipulation of social media and what to consider when it comes to news sources.Follow us on Linkedin:·       Matthew Davies - https://www.linkedin.com/in/matthew-daviespm·       AJ Nash - https://www.linkedin.com/in/nashaj·       SureCloud - https://www.linkedin.com/company/surecloud/

04-19
14:23

The Future of Risk Assessments | Tom Cornelius

In this episode, Matt Davies sits down with Tom Cornelius from the SCF and Compliance Forge to dive into the world of risk assessments. Together, they explore the latest developments in risk assessment practices, how recent SEC changes have influenced risk management strategies, and introduce an innovative approach to transform the way you work.In this episode, hear more about the following:Why risk assessment methods are often broken, with teams asking irrelevant questions and lacking executive management involvement.How the SEC has introduced changes that require publicly traded companies to have board oversight of cybersecurity threats and manage material risks.How the new approach to risk assessment aligns with the Secure Controls Framework (SCF) and focuses on aligning risk assessments with executive management, using control maturity, and providing situational awareness to business leaders.How to address key challenges by providing meaningful risk assessment results, speaking the language of the business, and ensuring the right people make risk decisions.Matthew Davies Linkedin: https://www.linkedin.com/in/matthew-daviesgrcTom Cornelius Linkedin: https://www.linkedin.com/in/tcorneliusSureCloud Linkedin: https://www.linkedin.com/company/surecloud

03-28
30:05

How CCM Can Level Up Your Compliance | Jodie Lash

In the latest SureCloud Cyber & Risk Leaders Podcast, Jodie Lash, a cybersecurity professional, discusses her career journey, the importance of continuous control monitoring (CCM), and the challenges and priorities in the industry. She emphasizes the need for effective security programs, automation in controls assurance, and the role of cybersecurity awareness. Jodie also shares insights on implementing CCM technology, the skills required for information security professionals, and her wish for more time to focus on solving security problems.#governance #risk #compliance #grc #cybersecurity #podcastContact Matthew Davies👉 Matthew's LinkedIn: https://www.linkedin.com/in/matthew-davies/👉 SureCloud's Website: https://www.surecloud.com/Contact Jodie Lash👉 Jodie's LinkedIn: https://www.linkedin.com/in/jodie-lash/

02-27
32:12

4 Key Steps to Reduce Your Organizational Risk & Budget | Brent Deterding

In this podcast episode, Brent Deterding, the CISO at Afni, joins Matthew Davies, the VP of Product at SureCloud. They discuss Brent's approach to organizational risk. Brent outlines his four steps for significantly reducing risks within businesses in a manner that is simple, easy, and inexpensive.Contact Brent Deterding👉 Brent's LinkedIn:  / brent-deterding  👉 Afni' website: https://afni.com/Contact Matthew Davies👉 Matthew's LinkedIn:   / matthew-daviesgrc  👉 SureCloud's Website: https://www.surecloud.com/

01-25
36:12

Automation in Compliance with Michelle Garcia | GRC & Cyber Leaders

As technology rapidly evolves, so does the landscape of compliance.  In the latest SureCloud podcast episode, Michelle Garcia, Director of Information Security and Compliance at Carnival Cruise Line, and Matthew Davies of SureCloud discuss on the transformative journey of compliance and the emerging tools reshaping its future.  In today's fast-paced tech landscape, why is automation not just an advantage but a must for compliance?  And how can businesses best use its power? 

01-10
33:05

Identity & Access Management Best Practices, with Stuart Powell | GRC & Cyber Leaders

In this podcast episode, Stuart Powell, Chief Information Security Officer (CISO) at the Government of Jersey, joins Matthew Davies, VP of Product at SureCloud, to discuss Identity and Access Management (IAM) and how you can improve this in your organization. They also talk about the topic of the moment, Artificial Intelligence (AI), and how it can impact your organization's risk and compliance management.Contact Stuart Powell👉 Stuart's LinkedIn: https://www.linkedin.com/in/stuart-powell-82968812b/👉 Government of Jersey's website: https://www.gov.je/Pages/default.aspxContact Matthew Davies👉 Matthew's LinkedIn: https://www.linkedin.com/in/matthew-daviesgrc/👉 SureCloud's Website: https://www.surecloud.com/

09-13
28:23

4 Simple, Easy & Budget-Friendly Steps to Reduce Your Organizational Risk, with Brent Deterding | GRC & Cyber Leaders

In this podcast episode, Brent Deterding, the CISO at Afni, joins Matthew Davies, the VP of Product at SureCloud. They discuss Brent's approach to organizational risk. Brent outlines his four steps for significantly reducing risks within businesses in a manner that is simple, easy, and inexpensive.Contact Brent Deterding👉 Brent's LinkedIn: www.linkedin.com/in/brent-deterding/👉 Afni's website:afni.com/Contact Matthew Davies👉 Matthew's LinkedIn: www.linkedin.com/in/matthew-daviesgrc/👉 SureCloud's Website: www.surecloud.com/

09-07
34:16

How Secure is a WordPress Website (2023 Update)? | Cyber Threat Briefing

Every month, our experts Nick, Hugh, and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. July's Cyber Threat Briefing covers: 💡 WordPress security. Is it STILL a problem in 2023? 💡 U.S. Cyber Trust Mark - Can mandatory standards really drive security improvement? 🎬 Related Video: Cybersecurity and Wearable Devices | Cyber Threat Briefing ➟ https://youtu.be/HGkw6PuaO14💻 Register for our next episode here: https://www.surecloud.com/resources/webinars/surecloud-live-cyber-threat-briefing👉 Learn more: https://www.surecloud.com/cyber-security-services/cybersecurity-as-a-service👂 Questions? Email: 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴@𝘀𝘂𝗿𝗲𝗰𝗹𝗼𝘂𝗱.𝗰𝗼𝗺👉 Nick Hayes' LinkedIn: https://www.linkedin.com/in/nickjhayes/👉 Hugh Raynor's LinkedIn: https://www.linkedin.com/in/hughraynor/👉 Arron Dowdeswell's LinkedIn: https://www.linkedin.com/in/dowdeswell/

08-15
37:53

Strategies for Business Continuity & Disaster Recovery, with Alexander Zhitenev, CISO's IFCO | GRC & Cyber Leaders

In this podcast episode, Alexander Zhitenev, CISO at IFCO Systems, joins Matthew Davies, VP of Product at SureCloud, to discuss business continuity and disaster recovery. Alexander emphasizes the significance of implementing suitable safeguards within a business to guarantee its ability to sustain operations in the face of any potential disruptions or disasters.Contact Alexander Zhitenev👉 Alexander's LinkedIn: www.linkedin.com/in/alexanderzhitenev/👉 IFCO SYSTEMS' website: www.ifco.com/Contact Matthew Davies👉 Matthew's LinkedIn: www.linkedin.com/in/matthew-daviesgrc/👉 SureCloud's Website: www.surecloud.com

07-20
37:22

MOVEit Breach & CISA Warning for Iphone: Patch Required for Vulnerabilities | Cyber Threat Briefing

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. June's Cyber Threat Briefing covers: 💡 The Worldwide Impact of the MOVEit Breach and the Latest Tactics for Future Prevention💡 CISA Sounds Alarm: iPhone Zero Day & Triangulation Trojans - Urgent Patch Required for Stealthy iMessage Exploit💻 Register for our next episode here: www.surecloud.com/resources/webinars/surecloud-live-cyber-threat-briefing👉 Learn more: www.surecloud.com/cyber-security-services/cybersecurity-as-a-service 👂 Questions? Email: 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴@𝘀𝘂𝗿𝗲𝗰𝗹𝗼𝘂𝗱.𝗰𝗼𝗺👉 Nick Hayes' LinkedIn: www.linkedin.com/in/nickjhayes/👉 Hugh Raynor's LinkedIn: www.linkedin.com/in/hughraynor/👉 Arron Dowdeswell's LinkedIn: www.linkedin.com/in/dowdeswell/

07-06
31:34

Cybersecurity Leadership: A New Era, with Karla Reffold, COO at Orpheus Cyber | GRC & Cyber Leaders

In this podcast edition, Karla Reffold, award-winning cyber security professional and Chief Operating Officer (COO) at Orpheus Cyber, joins Matthew Davies, VP of Product at SureCloud, to explore the surge of board advisory roles for CISOs in today's cyber landscape. They also discuss her transition from Human Resources (HR) to a COO role, her current activities as a Board Advisor of two cyber-related organizations and a Non-executive Director at Trident Search, as well as her 'Advisory Boards Guide Book'.Contact Karla Reffold👉 Karla Reffold's LinkedIn: https://www.linkedin.com/in/karlareffold/👉 Karla Reffold's website: https://karlareffold.co.uk/👉 Orpheus Cyber's website: https://orpheus-cyber.com/👉 Advisory Boards Guide book: https://karlareffold.co.uk/wp-content/uploads/2023/04/Cybersecurity-advisory-boards-guide-book-2.pdfContact Matthew Davies👉 Matthew Davies' LinkedIn: https://www.linkedin.com/in/matthew-daviesgrc/👉 SureCloud's Website: https://www.surecloud.com/

06-06
20:29

AI in Cybersecurity: Opportunities, Risks, and Changes to Job Roles? | Cyber Threat Briefing

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. May's Cyber Threat Briefing covers:💡 What is meant by 'Artificial Intelligence' (AI)?💡 Where does AI's potential lie in cybersecurity?💡 What cybersecurity risks does AI present?💡 How is AI transforming cybersecurity jobs?

05-23
31:36

Why AI is a Threat to Your Business, with Sam Bisbee, F5's Senior Director & Distinguished Engineer | GRC & Cyber Leaders

Artificial Intelligence (AI) has been transforming various industries, and organizations are increasingly incorporating this technology into their operations. In this podcast edition, Sam Bisbee, Senior Director and Distinguished Engineer at F5, joins Matthew Davies, VP of Product at SureCloud, to discuss the dangers of ChatGPT and AI within organizations and how to mitigate those risks. 

05-18
29:14

Consumer Protection: US Government vs Tech Firms Disclaimers, with Jim Dempsey, Lecturer & Senior Policy Advisor | GRC & Cyber Leaders

In this podcast edition, James (Jim) Dempsey, Lecturer at UC Berkeley Law School and Senior Policy Advisor at Stanford Cyber Policy Center, joins Matthew Davies, VP of Product at SureCloud, to talk about cybersecurity law, in particular about the new approach announced by the US government, which aims to prevent technology providers from using disclaimers to protect themselves from liability. 

04-27
48:35

ChatGPT & AI, Malware Traffic and C3X Supply Chain Attack | Cyber Threat Briefing

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. April's Cyber Threat Briefing covers:💡 C3X app compromised by North Korean hackers in a supply chain attack💡 Over 1/10 businesses have malware traffic on their network💡 Does ChatGPT pose a risk to your company?

04-25
28:09

TPRM for Securing Healthcare, with Robert Wood, Chief Information Security Officer at CMS | GRC & Cyber Leaders

In this podcast edition, Robert Wood, Chief Information Security Officer (CISO) at Centers for Medicare & Medicaid Services (CMS) and Founder of the Soft Side of Cyber, joins Matthew Davies, VP of Product at SureCloud, to have an in-depth discussion on Third Party Risk Management (TPRM) for healthcare. Additionally, Robert tells about his TPRM-related challenges and how he approaches them.Warning: This podcast episode has background noise in a few spots. 

03-31
33:52

Microsoft OneNote Malware, TPM 2.0 Flaws, The Good & Bad in Cybersecurity | Cyber Threat Briefing

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. March's Cyber Threat Briefing covers:💡 Microsoft OneNote used to spread malware across networks💡 TPM 2.0 flaws leave cryptographic keys vulnerable💡 The line between good and bad in cybersecurity

03-28
30:46

Europe under Russian Cyberattack, Reddit Security Incident & GoDaddy Hacked | Cyber Threat Briefing

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. February's Cyber Threat Briefing covers:💡 European infrastructure under cyberattack from Russian hackers💡 Reddit's security "incident". What happened?💡 GoDaddy subject to a multi-year cyberattack campaign

03-06
43:20

Implementing Factor Analysis of Information Risk, with Tyler Britton, Cyber Risk Manager at Dropbox | GRC & Cyber Leaders

In this podcast edition, Tyler Britton, Cyber Risk Manager at Dropbox, joins Matthew Davies, VP of Product at SureCloud, to discuss Factor Analysis of Information Risk methodology and how he has embedded it in his organization, Dropbox. He explains his role as a Quantitative Cyber Risk Manager and goes through the challenges and benefits of implementing Factor Analysis of Information Risk (FAIR) methodology in organizations.

03-01
40:15

Reba

Please consider an episode on metrics. Everyone recommends metrics as KPI, KRI, et cetera but there are rarely specifics on what are good areas to measure, why and how to measure them. What metrics should be shared at an executive level vs. lower level? I realize some of this may be industry dependent but if you are not in an industry that is highly regulated it is difficult to know what is helpful, especially if your management doesn't know what they don't know....

10-14 Reply

Recommend Channels