Caffeinated Risk

McCreight & Leece
  • 5.0 (10)
  • MANAGEMENT
  • UPDATED BIMONTHLY
Caffeinated Risk

The monthly podcast for security professionals, by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.

  1. JUN 19

    Global Risk Management as Strategic Advantage with Dominic Bowen

    The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partner and Head of Strategic Advisory at 2Secure, one of Europe's leading risk management consulting firms, as well as the host of the International Risk Podcast.  Political tensions are higher than they have been for years and there is seldom a month that goes by without a technical disruption that affects numerous businesses and services due to the interconnected nature of our modern world.  Despite the serious topics covered, Dominic Bowen offers some practical solutions based on experience in the business world , the higher stakes of military service and humanitarian relief offering an unexpected, potentially positive outcome. I.E., accepting the tempo of constant crisis and becoming and effective manager of those risks can actually accelerate success.

    36 min

  2. APR 24 · BONUS

    Simplifying risk analysis using FAIR and Wiley Coyote with Jack Freund

    A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and practice into the main stream. A bonus from that original recording is now an espresso shot discussing how to fast track an assessment when the threat vectors are numerous.  While the metaphor Jack used is somewhat unexpected it's both memorable and an excellent approach to dealing with an entire class of attacks in a single assessment. A pro tip from one of the original practitioners of the FAIR methodology well worth a listen.

    9 min

  3. MAR 27

    SMB Resilience and lessons for larger organizations with Rochelle Clarke

    At 45-50%, depending on your statistical source, there is no denying that small to medium sized businesses are a significant economic engine from both an employment and innovation perspective.  In 1978 Microsoft numbered 11 people. Unfortunately small businesses are also the least likely to survive a major disruption, an experience that changed Rochelle Clarke's corporate leadership trajectory to a business founder. The Continuity Strength founder shares insights on the needs of small to medium businesses and how to develop resilience plans while simultaneously addressing the two biggest concerns of most SMB owners, time and money.   Prior to founding Continuity Strength, Ms. Clarke was the Country Manager, Global Strategy for Heineken, a management consultant and is on multiple board and academic committees.

    31 min

  4. FEB 20

    Addressing Risk and Cyber Resilience, the Alberta Approach - with Rachel Hayward

    A surprising number of digital innovations began in Alberta, be it the world's first public digital cellular network in 1985, the DNP3 industrial controls protocol and  becoming the first Google international research lab in 2017.   CyberAlberta is another innovative collaboration focused on strengthening the cyber resilience of Alberta organizations.  At almost 330 billion annually, protecting the Alberta economy and it's citizens from digital attacks is an important mission.  In a very candid conversation, Rachel Hayward, Executive Director of CyberAlberta shares both successes and challenges observed with cyber workforces and organizational readiness. Her previous tenure with the Alberta Privacy commissioner adds some additional nuance in these times of ever greater tests of personal rights.

    36 min

  5. JAN 9

    Security Risk Management in an Open Data Environment with Michael Spaling

    Ever wondered how top universities protect their cutting-edge research from prying eyes while ensuring seamless access for their scholars? Join us as Michael Spaling, Principal Security Architect at the University of Alberta, takes us behind the scenes of this high-stakes balancing act. Just like any other large organization, research universities have many different stakeholder, operational and regulatory requirements, thousands of employees and tens of thousands of customers. In a strange twist, both Mr. Spaling and podcast cohost Tim McCreight are also recent recipients of industry awards, prompting a few questions that reveals some darker elements of social media while continuing to offer security leadership.

    36 min

  6. 2024-11-30

    Engineering, Risk Management for Cyber-Physical Systems with Andrew Ginter

    The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints. Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles.  A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution.  Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.

    29 min

  7. 2024-10-24

    Deviance Normalization & Risk Management with Marco Ayala

    Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any management system is our human tendencies. This episode explores how organizations can make slow, steady migration from first principles to risky undertakings without noticing. Marco Ayala, an operational technology cybersecurity expert and current Houston InfraGard president, joins this episode to further explore the reasons behind this normalization of deviance, a concept first introduced to OT cyber specialists at S4 in 2024. Mr. Ayala is also CCE proponent and facilitator leading to a discussion on possible options for course correction back off the normalization path.  Although solutions must always be tailored to work within organizational constraints, the early contributors to catastrophic outcomes associated with the Challenger space shuttle and Boeing 737 Max warrant exploration or we will inevitably repeat.

    34 min

  8. 2024-09-26

    Managing Supply Chain Risk Management - with Darren Gallop

    Whether it's the NIST CSF, 8276 or the new European Cyber Resilience Act there is no denying the expectation that supply chain management (SCM) is a risk management area no organization can ignore.  While SolarWinds is recent common reference in many SCM discussions, this episode's guest takes us back to Target's major data breach that resulted in significant changes to the PCI-DSS standard.  Darren Gallop, a serially successful Canadian tech entrepreneur, recounts the early journey into the software as a service business up to his current role as CEO of Carbide. The episode talks frankly about the current challenges with supply chain management, but Mr. Gallop also shares where he sees bright lights on the horizon and a path forward for organizations willing to consider the shift.

    33 min
See All (49)

5
out of 5
10 Ratings

About

The monthly podcast for security professionals, by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.

Information

  • Creator
    McCreight & Leece
  • Years Active
    2021 - 2025
  • Episodes
    49
  • Rating
    Explicit
  • Copyright
    © 2025 Caffeinated Risk
  • Show Website
    Caffeinated Risk

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada