Chattinn Cyber

Marc Schein
  • 4.8(10개의 평가)
  • 비즈니스
  • 매월 업데이트

Is a podcast that focuses on how companies can quantify and qualify the cost of a data breach. Chattinn Cyber features some of the most well respected privacy and cyber experts in the world.

  1. 1일 전

    The Origins of Cyber Insurance with Pioneer Bob Parisi

    Summary In this milestone 100th episode of Chattinn Cyber, Marc Schein sits down with one of the most influential figures in cyber insurance, Bob Parisi. Widely regarded as a pioneer in the space, Parisi reflects on the origins of cyber insurance, tracing its roots back to the late 1990s during the dot-com boom and the early recognition that traditional insurance products were not equipped to handle emerging digital risks. Parisi shares a candid look at how cyber insurance evolved from a niche product designed for tech companies into a critical component of enterprise risk management. From the early days of privacy breach notification laws to the growing realization that business interruption and operational dependency on technology represent the true magnitude of cyber risk, the conversation highlights the key inflection points that shaped today’s market. The discussion also explores how the insurance industry has responded to ongoing complexity and volatility. From “silent cyber” to the challenges of aligning capacity across a fragmented marketplace, Parisi explains why cyber insurance still exhibits characteristics of an emerging market—even after decades of development. He emphasizes the importance of integrating cyber coverage with broader risk management strategies rather than treating it as a standalone solution. Looking ahead, Marc and Bob dive into some of the most pressing issues facing the industry today, including geopolitical risk, evolving privacy regulations, and the rapid rise of artificial intelligence. Parisi offers a grounded perspective, arguing that while AI introduces new complexities, it should ultimately be understood as another form of technology—one that must be managed thoughtfully rather than feared outright. Throughout the conversation, Parisi reinforces a consistent theme: the importance of balance. Whether discussing underwriting practices, organizational governance, or emerging technologies, he highlights the need for measured, informed decision-making. As cyber risk continues to evolve, this episode provides valuable insight into how organizations, insurers, and brokers can navigate uncertainty with clarity and discipline. 5 Key Takeaways Cyber insurance has deeper roots than most people realize. It began in the late 1990s and has evolved through multiple distinct phases—not just the post-2015 “boom” many reference. The real risk isn’t privacy—it’s operational dependency on technology. Business interruption and reliance on digital infrastructure are the true drivers of loss. Cyber should never be treated in isolation. It must be integrated with other lines of coverage and broader risk management strategies. The market still struggles with fragmentation and alignment. Despite abundant capacity, insurers often cannot align on large risks due to differing approaches and models. AI is not fundamentally different—it’s just another technology. The real concern is not AI itself, but the speed at which it is being adopted. 5 Key Quotes “AI is technology. Plain and simple.” “We’ve been doing this for almost 30 years… I’m not sure at what point it gets called a mature market.” “The biggest problem has always been the dependence upon technology.” “If you’re going to write cyber, do it with the appropriate policy, underwriting, pricing, and reserving.” “It’s not the technology itself that concerns me—it’s the speed of adoption.” About Our Guest Bob Parisi is a widely recognized leader in the cyber insurance industry and one of the pioneers behind the development of modern cyber insurance products. With a career spanning nearly three decades, he has played a key role in shaping how insurers underwrite and manage cyber risk, from the early days of the dot-com era to today’s complex digital landscape. Currently serving in a senior underwriting role at Munich Re, Parisi is known for his deep expertise, practical perspective, and influence across the insurance and risk management community. Follow Our Guest LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    53분

  2. 4월 7일

    Beyond Passwords: Passkeys, AI & Identity with Ben Wilcox

    Summary On this episode of Chattinn Cyber, Marc is chattin’ with Ben Wilcox, Chief Technology Officer and Chief Information Security Officer at ProArch. Their chat opens by focusing on high-impact, practical ways organizations can reduce cyber risk. Ben highlights identity as the top priority: his team moved to passkeys to remove passwords and lower the attack surface. He stresses that threat actors increasingly use man-in-the-middle techniques and that AI has accelerated the automation of credential-theft, which makes strengthening identity controls essential. The chat then moves to AI and data governance. Ben describes rolling out visibility tools to monitor internal AI use — what prompts users run and what data is fed into models — and pairing that with data labeling and classification. He warns organizations to restrict where AI tools are allowed and to implement compensating data controls to prevent accidental or intentional leaks of sensitive information. Ben cautions that AI and cybersecurity must be adopted in parallel, because AI will reveal existing misconfigurations and permission drift. He gives practical examples (like Copilot showing information a user shouldn’t see because of incorrect permissions) to illustrate how AI surfaces weaknesses in access controls. The takeaway is that AI can be a force-multiplier but also a magnifier of existing security gaps. On leadership and tradeoffs, Ben explains how combining CTO and CSO responsibilities can be an enabler if balanced correctly. He argues for marrying a product/technology lens with a risk lens, leveraging internal expertise, and making business enablement and security complementary so organizations can move quickly while maintaining the right groundwork. Finally, Ben addresses translating cyber risk into financial terms for CFOs and boards. He recommends business impact analysis—linking key system outages (e.g., Active Directory) to production downtime costs—to quantify risk and justify security investments. He shares real incident cost ranges (low seven figures to tens of millions in some cases), underscores the role of compensating controls, and concludes with a call to monitor industry trends, assess outage and reputational costs, and prioritize risk reduction. Key Points Identity-first approach: move away from passwords (passkeys) and reduce reliance on MFA tokens that can be intercepted or automated by attackers. AI visibility and data controls: monitor internal AI usage, restrict sites/tools, and enforce labeling/classification to prevent data leakage. AI exposes existing weaknesses: adopting AI without fixing permission drift and misconfigurations surfaces risks rather than hiding them. Speed and detection advantage: AI can accelerate detection and response in SOCs—gaining even seconds can materially reduce impact. Translate risk to business terms: use business impact analysis to quantify downtime costs and build the financial case for security investments and insurance. Key Quotes “Last year we took the initiative and we moved to pass keys.” “AI has sped up that weaponization and being able to turn that around and get those tokens automatically.” “AI is going to expose the weaknesses that are inherent within your security controls that you already have in place.” “If we can get even 5 seconds faster or 10 seconds faster or 20 seconds faster, sometimes that makes a difference.” “And that’s why they should have bought cyber insurance.” About Our Guest Ben Wilcox is a seasoned technology leader with over 25 years of experience driving innovation and solving complex business challenges. Serving as both Chief Technology Officer and Chief Information Security Officer at ProArch, Ben combines a forward-looking vision with a hands-on approach to cybersecurity. He is passionate about leveraging technology to accelerate business outcomes while embedding security best practices into organizational culture and operations. Ben’s strategic mindset and dedication to excellence have strengthened ProArch’s resilience and helped protect clients’ data and systems. Outside of work, Ben channels his relentless drive into racing as an instructor and competitor with the Northeast Audi Club, and enjoys gardening, cooking, and spending quality time with his family. As he puts it, “Security isn’t just about defending against threats—it’s about enabling trust, protecting growth, and ensuring every decision we make strengthens the foundation of the business.” Follow Our Guest LinkedIn | Website About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    13분

  3. 3월 10일

    Bridging the Cybersecurity Gap: Leadership, AI, and Real-World Strategies for 2026

    Summary In this episode of Chattinn Cyber, Marc Schein is chattin’ with Mike Armistead, a seasoned cybersecurity expert with over 40 years of experience, including more than 20 years as a vendor in the cybersecurity space. The conversation opens with a discussion about the challenges security leaders face in 2026. Mike highlights the complexity of their role, comparing it to that of a CFO managing financial risk, but notes that cybersecurity leaders often lack the comprehensive management tools that CFOs have. He emphasizes the fragmented nature of cybersecurity tools and the difficulty in stitching together disparate signals to form a coherent security posture. Mike further explains that the human element is the critical glue in cybersecurity programs. The effectiveness of security teams depends heavily on the leadership and the ability of individuals to contextualize technical signals within the business environment. This need for situational awareness is driving interest in AI technologies, particularly on the defender side, to augment human capabilities and expand the scope and depth of security operations. The chat then shifts to the role of AI in cybersecurity products. Mike observes that while AI is increasingly integrated into detection tools, the industry has largely shifted focus away from prevention. He advocates for a strategic return to prevention, where AI can play a significant role in helping security leaders develop and implement risk mitigation strategies tailored to their organizations. Mike stresses the importance of a holistic approach that goes beyond real-time detection to include employee training, access control, and disaster recovery. Addressing the challenges faced by middle-market organizations, Mike points out that these companies are often expected to meet the same cybersecurity standards as large enterprises but with far fewer resources. He advises middle-market CISOs to prioritize protecting their most critical assets—their “crown jewels”—and to have candid conversations with leadership about realistic security goals. This pragmatic approach helps ensure that limited resources are focused on the highest risks rather than attempting to cover every possible threat. Finally, Mike shares information about a community he helped start called the Security Impact Circle, which focuses on cybersecurity leadership issues such as board engagement. This community facilitates workshops that bring together CSOs and board directors to bridge the communication gap and align security priorities with business needs. Mike encourages listeners to visit securityimpactcircle.org to learn more and get involved. Five Key Points Covered Cybersecurity leaders face complex challenges similar to CFOs but lack equivalent management tools. Human expertise is essential to contextualize technical security signals within the business environment. AI is increasingly used in detection but should also be leveraged to enhance prevention strategies. Middle-market organizations must prioritize protecting their most critical assets due to limited resources. The Security Impact Circle community helps improve communication and alignment between security leaders and boards. Five Key Quotes from the Conversation “Security leaders have a tough job… it’s not unlike what a CFO has to think about, right? That risk happens to be financial, and the CISOs really happens to be in cyber.” “The security teams are really bound by how good not only their leader, but the deputies, the managers, the architects, those individual contributors that really help lead it.” “I think the opportunity is to swing it back to prevention… AI can really start to help on the prevention strategy side of cybersecurity.” “Middle-market leaders are expected to do everything that the largest enterprises do, but they don’t have the resources to cover all the ground.” “We bring in a director from a public company’s audit committee to run workshops… it’s less about what a CSO thinks they should say and more about what the director thinks they need to hear.” About Our Guest Mike Armistead brings nearly 40 years of business experience marked by a proven track record of building companies, navigating strategic acquisitions, and leading growth at every stage. As co-founder and CEO of Respond Software, acquired by Mandiant for $200 million, and co-founder of Fortify Software, acquired by HP for $285 million, Mike has played pivotal roles in multiple successful startups, including serving as SVP on the turnaround team at WhoWhere (acquired by Lycos for $133 million) and contributing to Pure Software’s IPO. His post-acquisition leadership includes key roles as VP of Products & UX at Mandiant, Director at Google Cloud, and VP & GM for Fortify and ArcSight business groups at HPE, where he drove significant expansion and over $400 million in revenue impact. Alongside these successes, Mike gained valuable insights from two brief ventures, including leading InLeague through post-9/11 financial challenges and emphasizing product-market fit in another startup. Beginning his career as a Product Manager at HP in the late 1980s, Mike’s multifaceted experience spans diverse industries and company sizes. Today, he remains passionate about building high-performing teams and tackling complex, noble challenges. Follow Our Guest LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    12분

  4. 2월 10일

    Bridging Cybersecurity and Economic Strategy: Insights from Cyber Policy Pioneer Alex Niejelow

    Summary Today Marc is chattin’ with Alex Niejelow, a respected figure in cybersecurity. The episode opens with Marc highlighting Alex’s unique background growing up in Philly and his diverse career path. Alex shares how his early career as a Durham police officer and later as a lawyer shaped his mindset around public service and supporting people and businesses. He then transitioned into federal and state government roles, including significant positions in the Obama administration and Homeland Security, focusing on trade, customs, and national security issues such as counterfeit semiconductors in supply chains. They then chat about Alex’s role on the National Security Council, where he worked on the intersection of trade and cybersecurity, a concept that was not widely recognized in the early 2010s but has since become central to government policy. Alex explains his involvement in developing the first-ever cyber sanctions regime, a tool designed to economically disincentivize cybercriminals and nation-states from monetizing stolen intellectual property and trade secrets. This approach was innovative in addressing the asymmetry in cyber threats, where traditional law enforcement and diplomatic tools were insufficient. The chat then shifts to the challenges Alex faced working across multiple government agencies with differing priorities, which, while complex, ultimately led to better outcomes through collaboration and creative problem-solving. Alex emphasizes the importance of reducing asymmetry in cybersecurity, noting that companies remain vulnerable at their weakest points. He highlights the evolution of the cyber insurance industry, which has become more sophisticated with risk engineers engaging deeply with clients to improve cybersecurity postures and insurance terms. Alex explains his motivation for founding Hilco Global Cyber Advisors, driven by the need to support middle-market companies that often lack adequate cybersecurity resources despite their sophistication and capital. He critiques the cybersecurity industry’s tendency to self-silo and stresses the importance of aligning cybersecurity solutions with the nature of the products and services businesses provide to increase adoption and effectiveness. Finally, the chat turns to artificial intelligence (AI) as a major cybersecurity topic in 2025. Alex acknowledges both the threats and opportunities AI presents, noting that threat actors are leveraging AI to scale traditional cyberattacks like phishing. He expresses optimism about the cybersecurity community’s commitment to addressing these challenges and highlights regulatory efforts, such as guidance issued to the insurance industry on AI use in underwriting, to mitigate risks including bias. The episode closes with Alex sharing a personal anecdote from his time at the White House and providing contact information for Hilco Global Cyber Advisors. Key Points Alex’s career journey from police officer to cybersecurity expert in public and private sectors Development of the first-ever cyber sanctions regime to economically deter cybercrime The importance of collaboration across government agencies to address complex cyber challenges The evolution and sophistication of the cyber insurance industry in reducing asymmetry The dual impact of AI on cybersecurity: expanding threats and fostering innovative defenses. Key Quotes “The idea that cybersecurity issues and economic issues were actually interconnected was not widely accepted [in 2010]. It was still emerging. Fast forward to today. It is abundantly clear the intersectionality of those issues.” “Companies are always as weak as their weakest link.” “If you let the nature of the products and services that are being provided better inform and drive the cybersecurity solutions instead of vice versa, I think there will be a greater adoption.” “Threat actors are expanding their capacity and capabilities leveraging AI … but it is the speed and scale at which it is becoming exacerbated that I think is most concerning.” About Our Guest Alexander Niejelow is Executive Director of Global Cyber Advisors at Hilco Global, bringing deep expertise in cybersecurity, fintech, and digital policy from leadership roles in both the private sector and government. He previously served as Deputy Superintendent for Innovation Policy at the New York Department of Financial Services, leading initiatives on AI and emerging fintech. At Mastercard, he was Senior Vice President for Cybersecurity Coordination and Advocacy, overseeing global cybersecurity and technology policy efforts. Alex also held key government positions, including Director of Cybersecurity Policy at the White House National Security Council and Chief of Staff to the U.S. Intellectual Property Enforcement Coordinator. He began his career as a litigator and holds a JD from the University of Pennsylvania and a BA from Duke University. Alex actively contributes to cybersecurity policy through board roles with the Center for Cybersecurity Policy and Blue Star Families, and has led global coalitions focused on cyber risk reduction and digital protection. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    19분

  5. 1월 20일

    Context is King: Tailoring Cybersecurity with Courtney Hans

    Summary In this episode of Chattinn Cyber, Marc Schein is chattin’ with Courtney Hans, a seasoned cyber professional with a unique background. Courtney shares that her path into cybersecurity was nontraditional, having started as a literature major and then spending about a decade as an adventure travel guide. She reflects on how the skills she developed during that time—understanding people’s motivations and goals—have been invaluable in her cybersecurity career, particularly in tailoring security strategies to individual organizational contexts. Courtney emphasizes that cybersecurity is not a one-size-fits-all problem. She explains how, during her time at a SaaS startup, she prioritized cybersecurity investments based on the company’s specific risks and environment, such as focusing on application security over endpoint detection due to budget constraints and business needs. She stresses the importance of context in determining where organizations should focus their people, processes, and technology investments to have the greatest impact. The chat then shifts to practical advice on how organizations can begin improving their cybersecurity posture, particularly through tabletop exercises. Courtney encourages organizations to leverage resources from their cyber insurance providers, many of which offer free or low-cost training and virtual tabletop exercises. She advises starting simple—having conversations about incident response plans and ensuring everyone knows their role if a cyber incident occurs. Courtney also discusses the importance of engaging leadership in cybersecurity exercises. She suggests setting clear expectations, respecting executives’ time, and framing tabletop exercises as safe spaces to practice responses without pressure. She highlights that cyber incidents affect the entire organization, not just IT, and that practice builds muscle memory and helps identify gaps before a real crisis occurs. Finally, Courtney outlines best practices for following up after tabletop exercises, including documenting observations, assigning responsibilities, and setting deadlines to ensure improvements are made. She acknowledges the discomfort some may feel participating in these exercises but stresses that creating a supportive environment where it’s okay to say “I don’t know” is crucial for identifying and addressing security gaps effectively. Key Points 1. Nontraditional Path to Cybersecurity: Courtney’s background in literature and adventure travel shaped her people skills, which are critical in cybersecurity for understanding motivations and tailoring solutions. 2. Context is King: Cybersecurity solutions must be customized to an organization’s specific risks, environment, and priorities rather than applying generic controls. 3. Value of Tabletop Exercises: These exercises are essential for preparing organizations to respond to cyber incidents, helping build muscle memory and identify gaps in a safe environment. 4. Leveraging Cyber Insurance Resources: Many cyber insurance providers offer free or low-cost resources, including virtual tabletop exercises, which organizations should utilize. 5. Leadership Engagement and Follow-Up:Successful cybersecurity preparedness requires executive buy-in, clear expectations, and diligent follow-up with assigned responsibilities to ensure continuous improvement. Key Quotes 1. “Context is king… each of our clients, in the insurance space, are different. What their risks are, what their environment looks like, dictates where their investments will have outsized impact.” 2. “Practice builds muscle memory, practice builds an awareness of where the gaps are, and always better to identify the gaps in a safe environment versus a real environment.” 3. “Plans are useless, but planning is indispensable.” — Dwight Eisenhower, quoted by Courtney. 4. “If you see something, say something… make sure people feel comfortable bringing those concerns to light.” 5. “It’s absolutely okay, maybe desirable, to say ‘I don’t know that yet’ because that’s what we’re here to figure out—where our gaps are.” About Our Guest Currently the Vice President of Cyber Services for AmTrustCyber, Courtney Hans brings a variety of experience into her work. In her early career, Courtney was an adventure travel guide with a short window to make a strong impression. Curiosity became her superpower as she learned how to uncover the inner motivations of diverse groups of guests. Guiding, just like cybersecurity, requires agility and a cool head during a crisis. Formerly the Head of Security and IT for a growing SaaS startup, Courtney joined AmTrust to help to reduce risk and deepen the relationship between carrier and insured. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    17분

  6. 2025. 12. 18.

    Unveiling the Dark Web: Cyber Threat Intelligence and Forensics with Alyssa Lisiewski

    Summary In this episode of Chattinn Cyber, Marc is chattin’ with Alyssa Lisiewski, Managing Director at Ankura and one of the best known and respected cybersecurity experts in the country. The conversation begins with Alyssa sharing her early introduction to technology, influenced by her father who taught her to take apart and reassemble computers from a young age. Initially interested in forensic crime scene investigations, Alyssa shifted her focus to cybersecurity due to her father’s encouragement and foresight about the field’s growth. She started her career as an intern in diplomatic security’s computer investigations and forensics unit, then pursued a master’s degree while working as a government contractor, honing her skills in cybersecurity and high-tech crime investigations. Alyssa’s career progressed into the intelligence community, where she specialized in digital forensics from an intelligence perspective, which differed from traditional digital forensics. She later worked at the Department of Defense Cyber Crime Center in Maryland, conducting forensic examinations and testifying in court cases. Transitioning to the private sector, Alyssa led a digital forensics team at a major financial company focusing on insider threats before joining Anchor, where she combines her cyber threat and forensic expertise. The discussion then shifts to clarifying common internet terminology: the surface web, deep web, and dark web. Alyssa explains that the surface web is the small portion of the internet most people use daily, such as Google and social media. The deep web contains more anonymous and legal content like academic and medical documents, while the dark web is accessed via Tor and is often associated with illicit activities but also hosts legitimate anonymous communications. Alyssa emphasizes the importance of proactive dark web monitoring for businesses. Beyond just detecting if stolen data is posted, monitoring can reveal chatter among threat actors about industries or competitors, enabling companies to anticipate and mitigate attacks. She shares a real-life example where her team identified a threat actor group’s tactics early, allowing a client to detect an intrusion that had gone unnoticed for a month, demonstrating the value of threat intelligence in incident response. Finally, Marc and Alyssa chat about the benefits and challenges of incorporating dark web analysis into post-incident investigations. While it can clarify the true impact of a breach and assist in legal mediation, there are limitations due to the trustworthiness of data posted by criminals. Her team validates findings through metadata analysis and breach research. The episode closes with Alyssa inviting listeners to connect with her via email or LinkedIn for further discussion, highlighting her openness to sharing knowledge and engaging with the cybersecurity community. Key Points Alyssa’s Journey: Alyssa’s early exposure to technology and career path from forensic interests to cybersecurity and digital forensics. Web Infrastructure: Explanation of the surface web, deep web, and dark web, including their differences and common misconceptions. Threat Detection: The strategic value of proactive dark web monitoring for businesses to detect threats and industry chatter before breaches occur. A real-world example of how threat intelligence helped identify a threat actor’s tactics and detect a breach earlier than usual. The role of dark web analysis in post-incident investigations, including its benefits, limitations, and methods to validate data. Key Quotes “When I was four, my dad taught me how to take apart a computer and put it back together… he made sure I was learning about it from a very young age.” “The surface web is really only 4 or 5% of the web. The majority of the web is the deep web and the dark web.” “If you’re not monitoring proactively the dark web, chances are the first time you’re looking at the dark web is after that breach.” “We knew … the threat actor group… and because of that, we were able to identify the actual true start of the incident, about a month prior to the update we were working on.” “There are going to be situations where we may not be able to identify if data is out there, or we may identify it but not give any context… that’s why we do other things to try to validate it.” About Our Guest Alyssa Lisiewski is a Managing Director at Ankura in Washington, DC, bringing over 14 years of specialized experience in digital forensics, cybersecurity, and insider threat investigations. She has a proven track record of leading and conducting complex cyber investigations that protect critical digital assets across diverse industries including government, financial services, and legal sectors. Alyssa is highly skilled in operating within digital forensic lab environments, adhering to industry standards for evidence handling, and analyzing electronically stored information. She has been qualified as an expert witness in federal and military courts and has played key roles in program leadership, strategic service development, and partner engagement, driving innovation and excellence in cyber risk management. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    12분

  7. 2025. 11. 17.

    AI Unmasked: Navigating Legal Risks and Realities with Cyber Attorney Ryan Steidl

    Summary In this insightful episode of the Chattinn Cyber podcast, host Marc Schein is chattin’with Ryan Steidl, a leading privacy and artificial intelligence attorney, to explore the evolving landscape of AI from a legal and cybersecurity perspective. Ryan shares his journey from Maryland to becoming a respected figure in data privacy and AI law, highlighting the influence of pioneering professors and his early work at Under Armour. He frames AI as an evolutionary technology that builds on existing data privacy and security issues but introduces new complexities due to limited human intervention in its processes. Their chat delves into the current regulatory environment surrounding AI in the United States, which Ryan describes as a patchwork of state laws with no comprehensive federal framework yet in place. He discusses the recent veto of Virginia’s AI bill and the ongoing debate over a proposed federal moratorium on state AI legislation, emphasizing the tension between innovation and safety. Ryan also notes the role of federal agencies like the FTC and EEOC in shaping AI policy and how shifts in administration priorities—from safety to innovation—impact regulatory approaches. Ryan advises business leaders to focus on the purpose behind AI adoption, urging them to carefully assess use cases, data needs, and risk tolerance before allowing AI tools in their organizations. He stresses the importance of governance, recommending cross-functional oversight teams and clear ownership at multiple levels—from enterprise governance to tool implementation and output accountability. He also highlights the necessity of rigorous vetting and ongoing risk assessments to manage AI-related risks effectively. The chat further clarifies the distinctions between open-source AI models, public tools like ChatGPT, and private sandbox environments. Ryan warns against indiscriminate use of public AI models with sensitive data and advocates for controlled environments that offer greater security and customization. He also touches on emerging trends like synthetic data and regulatory sandboxes, which balance innovation with risk mitigation, citing Utah’s AI lab as a pioneering example. Concluding on the topic of AI’s impact on cyber risk, Ryan offers a nuanced view: AI can both help manage and exacerbate cyber risks depending on how it is used. He underscores the increasing complexity AI introduces and the critical role of human oversight in accountability and enforcement. Ryan predicts that insurers will push organizations toward proactive risk management rather than reactive responses, emphasizing the need for continuous monitoring and anticipation of AI-related pitfalls. He closes by inviting listeners to access further resources and contact his team for guidance. Key Points AI as an Evolutionary Technology: AI builds on existing data privacy and security frameworks but introduces new challenges due to limited human intervention in its processes. Fragmented AI Regulation: The U.S. currently has a patchwork of state-level AI laws with no comprehensive federal legislation, complicated by political debates such as the proposed moratorium on state AI laws. Governance and Ownership: Effective AI adoption requires clear governance structures, cross-functional oversight, and defined ownership at multiple organizational levels. Risk Assessment and Documentation: Organizations must implement thorough vetting processes, conduct ongoing risk assessments, and maintain detailed documentation to demonstrate accountability and compliance. Safe AI Adoption Practices: Businesses should avoid using public AI models with sensitive data, favor sandbox or private instances, and consider synthetic data to mitigate privacy and compliance risks. Key Quotes “AI is more evolutionary than revolutionary, at least. It builds on a lot of topics that we’re pretty familiar with, especially in cybersecurity.” “AI’s processing with limited human intervention heightens potential risk, so we have to dive deep into how we approach, analyze, control, and comply with it.” “The current AI regulatory landscape in the U.S. is a patchwork, with states like California, Utah, and Colorado leading, but no comprehensive federal law yet.” “Purpose, purpose, purpose — understanding why you’re using AI and what problem you’re solving is the foundation for managing risk.” “Humans will need to be involved in AI no matter how much intervention happens … Insurers will demand organizations be proactive, not reactive, in managing AI risks.” About Our Guest Ryan Steidl, based in Seattle, Washington, is a member of Constangy’s Cyber Team and part of its compliance advisory group, where he provides strategic guidance on navigating complex data privacy and cybersecurity laws. He advises clients on compliance with diverse state, federal, and international privacy regulations, helping them develop business-focused data protection strategies that minimize legal risk and align with operational goals. Prior to joining Constangy, Ryan spent eight years at Grant Thornton as a founding member of their Cyber Practice and Senior Manager of the Privacy & Data Protection team, leading regulatory risk assessments, privacy program development, and compliance advisory for a broad range of clients including Fortune 500 companies, multinationals, private equity firms, and startups. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    29분

  8. 2025. 09. 23.

    Inside the Mind of a Cyber Sleuth: Digital Forensics, Insider Threats, and the Future of Cybersecurity with Devon Ackerman

    Summary In this episode of Chattinn Cyber, Marc Schein is chattin’ with Devon Ackerman, a highly respected figure in the digital forensics and incident response (DFIR) community. Devon shares his background, starting from his upbringing in upstate New York, moving to Georgia, and how a chance encounter with an article about digital forensics at Champlain College sparked his interest in the field. He explains his early career in IT and web design during the dot-com boom, and how his curiosity and passion for troubleshooting led him to pursue digital forensics as a career. Devon elaborates on the core concepts of digital forensics and incident response, describing digital forensics as the scientific discipline of preserving, validating, and interpreting digital data, often for legal purposes. Incident response builds on this foundation by focusing on reacting to cyber incidents, preserving evidence, and supporting organizations during and after attacks. He recounts his FBI career, highlighting a significant case involving espionage where a trusted insider stole sensitive data for a foreign government, demonstrating the real-world impact and importance of DFIR work. The conversation shifts to emerging cyber threats and the evolving landscape of cyber risk. Devon emphasizes that threat actors are highly motivated, whether financially or politically, and continuously adapt to stay ahead of defenders. He discusses the widespread availability of offensive cyber capabilities among nation-states and criminal groups, and how geopolitical tensions can influence cyber activity. The discussion also touches on the role of AI in cybersecurity, acknowledging its potential benefits but warning about risks related to rapid adoption without adequate security controls. Devon addresses the insider threat, distinguishing between malicious insiders and those who pose risks unintentionally through mistakes or misconfigurations. He stresses that human factors remain a critical vulnerability in cybersecurity, as trusted employees can inadvertently expose sensitive data. He offers advice for newcomers to the DFIR field, encouraging a mindset of continuous learning, experimentation, and resilience in the face of failure, noting the complexity and ever-changing nature of digital forensics. Finally, Devon describes his current role at Cybereason, a cybersecurity company known for its endpoint detection and response technology. He explains how Cybereason has expanded its services to include both proactive advisory and reactive incident response capabilities, supporting clients globally across the entire cyber risk lifecycle. He provides contact information for listeners interested in learning more or engaging their services, and the episode concludes with Marc thanking Devon for sharing his insights and experiences. Key Points 1. Career Path to Digital Forensics: Devon’s journey from IT and web design to becoming a leading expert in digital forensics and incident response, sparked by early exposure to the field and a passion for troubleshooting. 2. Definition and Scope of DFIR: Explanation of digital forensics as a scientific discipline and incident response as the reactive process to cyber incidents, including their importance in legal and investigative contexts. 3. Notable FBI Case: A detailed recount of a high-profile espionage investigation involving insider theft of sensitive data, illustrating the practical application and impact of DFIR work. 4. Evolving Cyber Threat Landscape: Discussion on the motivations and capabilities of threat actors, the proliferation of offensive cyber tools among nation-states and criminals, and the influence of geopolitical factors. 5. Insider Threat and Human Factor: Insight into insider threats, both malicious and accidental, emphasizing the ongoing risk posed by human error and the need for vigilance and security awareness. Key Quotes 1. “Digital forensics is the scientific discipline by which we investigate digital information or digital data… It’s the basis for incident response and legal interpretation.” 2. “The insider threat isn’t always malicious; sometimes it’s a trusted employee making a mistake that inadvertently exposes sensitive data.” 3. “Threat actors are incentivized, whether financially or politically, and they continuously adapt to stay ahead of defenders.” 4. “AI is a buzzword and a powerful tool, but rapid adoption without security safeguards can lead to data spillage and new risks.” 5. “For those entering the field, be hungry to learn, be ready to fail, and understand that digital forensics is a never-ending journey of discovery.” About Our Guest Devon Ackerman is a highly respected expert in digital forensics and incident response (DFIR), known for leading the DFIR Definitive Compendium Project and bringing extensive experience from his tenure as a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner with the FBI. During his FBI career, he oversaw and coordinated digital forensic operations nationwide, handling critical cases involving domestic terrorism, mass shootings, and large-scale electronic evidence collection. Devon has also contributed significantly to the field by co-authoring FBI training curricula, developing forensic tools, and providing expert testimony in federal and state courts. Beyond his public service, he has been recognized as Digital Forensic Investigator of the Year, spoken at major industry conferences, and shared his expertise through media appearances and publications. Prior to the FBI, Devon ran a technical services firm supporting small and medium businesses, underscoring his broad technical and investigative background. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

    32분
모두 보기(90개)

4.8
최고 5점
10개의 평가

소개

Is a podcast that focuses on how companies can quantify and qualify the cost of a data breach. Chattinn Cyber features some of the most well respected privacy and cyber experts in the world.

정보

  • 제작진
    Marc Schein
  • 방송 연도
    2020년 - 2026년
  • 에피소드
    90
  • 등급
    전체 연령 사용가
  • 웹사이트 보기
    Chattinn Cyber