DiscoverCaffeinated Risk
Caffeinated Risk
Claim Ownership

Caffeinated Risk

Author: McCreight & Leece

Subscribed: 2Played: 3


The monthly podcast for security professionals by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.
9 Episodes
Formerly vice president and chief privacy office at Cisco, CEO of Drumwave and a licensed attorney, Michelle Finneran Dennedy is recognized as a visionary leader in information systems privacy.  Currently the co-founder of Privatus Consulting supporting clients working through the wicked problem of privacy in this digital age.Much to the benefit of Caffeinated Risk listeners she is also a friend of  co-host Tim McCreight and her wonderful sense of humor results in some very entertaining banter on a traditionally serious subject.  Ms. Dennedy is also the co-author of the Privacy Engineer's Manifesto, a must have reference for any privacy or security professional made freely available via Amazon digital download.
A business without cash flow isn't a business for long and security solutions are seldom free yet cyber security is a line item that business owners ignore at their peril.  Cost management and risk management come together in this lively podcast with special guest Larry Whiteside Jr. a former US Air Force division chief who has held a number of senior cyber security executive positions since returning to civilian life in 2002. Mr. Whiteside  is also the co-founder of the the International Consortium of Minority Cybersecurity Professionals (ICMCP),  a non-profit organization working to increase female and visible minority professionals in the industry.  He offers some sage advice to all those currently struggling to enter the industry and those searching for talent while still keeping an eye on the bottom line.
Cohosts Tim and Doug explore the security implications of workers returning to the corporate networks after over a year working remotely. Is there a new art of the possible to be considered based on the changes most organizations needed to make to networks and applications to get through the pandemic lockdown? Is this now more important than ever since the financial impacts of ransomware have reached new record levels and how might ESRM practices support resilience improvements.
Dave Tyson literally wrote the book on Managing Enterprise Security Risk through converged security  while serving as the CSO for the City of Vancouver during the winter Olympic games.  A practitioner rather than a theorist, Tyson has held senior security leadership positions at multiple major organizations including eBay, Pacific Gas and Electric and SC Johnson.In this episode Dave Tyson discusses the origins of security convergence, why organizations need to explore this now more than ever and how to gain support with the executive suite by identifying and removing value chain friction created by security processes.
"We need more science in Cyber Security"  David Hechler, TAG Cyber Law Journal Threat modeling should be step 0 of any security architecture but often goes completely unconsidered. This episode features Terry Ingoldsby, a veteran cyber risk professional, physicist, computer scientist and inventor of Securitree. Ingoldsby created the attack tree development platform because he felt cyber security assessments should be defendable rather than just the educated opinion of assessor.Despite being the inventor, there is no sales pitch. Terry, Tim and Doug talk risk, engineering, business cases and why there is no AI magic when it comes to identifying events that could end your organization. 
Serial entrepreneur, author and futurist Scott Klososky  explores some new approaches to physical and cyber security that are innovative, potentially controversial and necessary as more and more of our daily way of life is affected by these security problems. Ten years before Youtube Mr. Klososky founded a startup that delivered webcasted media for commercial, government, sports and entertainment.  Scott has consistently demonstrated the ability to identify market opportunities and technology trends well in advance. Following the success of with a second generation online banking platform that enabled smaller financial companies to compete head to head with the majors.Today Scott Kolosky supports business leaders and boards by merging hard won success in technology with forward looking analysis to create concepts and models needed in today's hyper competitive markets. Whether those needs are the fusion of humans and technology within an organization,  data intelligence or risk management and the development of an integrated security model.
A security luminary before such a title was even coined, Winn Schwartau's predictions about the internet and global security problems have been scarily spot on for more than 30 years.  Named the “Civilian Architect of Information Warfare” by Admiral Patrick Tyrrell of the British Ministry of Defense, Schwartau also testified before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. His new book, "Analogue Network Security" is a mathematical, time-based and probabilistic approach to justifiable security. Winn and the Caffeinated Risk hosts explore how the the management of time and trust as an alternative approach to blind faith in the castle & moat model that continues to fail us. 
Co-author of Enterprise Security Risk Management: Concepts and Applications ,  Rachelle Loyear has spent  her career managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.She is currently active on a number of projects including: - refining and releasing a Global ESRM approach to customer solution development for G4S - working with customer focus groups to understand what the security industry really needs to manage risk – using Design Thinking principlesRachelle also shares lessons learned on identifying and effectively communicating with the  correct stakeholders for risk acceptance.
The first full episode is scheduled for release February 18th. The trailer includes a few conversation segments between the cohosts on enterprise security risk management and critical infrastructure. Visit for more articles on the intersection of risk management  and technology.
Download from Google Play
Download from App Store