Cyber Risk Management Podcast

EP 207: Defend the Business from Cybersecurity

Tue, 07 Apr 2026 15:00:26 +0000

What happens when a cybersecurity team designs controls without asking the business what they need? And what role exists specifically to prevent that? Let's find out with our guests Brian Shea and Maggie Amato, former Business Information Security Officers at Salesforce. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Brian Shea's LinkedIn profile -- https://www.linkedin.com/in/brianshea/

Maggie Amato's LinkedIn profile -- https://www.linkedin.com/in/maggie-amato-021624164/

EP 206: Fire Doesn't Innovate. AI Does. Are You Ready?

Tue, 24 Mar 2026 15:00:25 +0000

Fire hasn't changed since the dawn of humanity, but our cyber adversaries evolve every single day. What happens when organizations spend $10 on AI transformation for every $1 on cybersecurity? In this special ROCon 2025 keynote replay, Kip shares two stories that changed how he thinks about risk: a "perfect" employee who became an insider threat in four weeks, and a $12M deepfake that defeated every technical control on the dashboard. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Get Kip's book, "Fire Doesn't Innovate" 2nd Edition -- https://a.co/d/0bYatohy

EP 205: Making Privacy Compliance Sustainable

Tue, 10 Mar 2026 15:00:22 +0000

Privacy laws keep multiplying, regulations keep changing, and AI is making everything more complex. How do businesses build privacy compliance that actually sticks instead of just checking a box? Let's find out with our guest Jordan Fischer, Founder and Partner at Fischer Law and Cybersecurity Lecturer at UC Berkeley. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Jordan Fischer's website: https://jordanfischerlaw.com

Shoshana Zuboff's book: https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism

EP 204: Carpets and Diamonds

Tue, 24 Feb 2026 16:00:24 +0000

Most cybersecurity people talk at CFOs instead of with them. What if there were a simple test to know when a CFO wants to learn about cyber risk versus when they just need someone to trust? Let's find out with our guest James Wheeler, a highly experienced CFO who now runs kept.pro, providing fractional accounting teams to businesses across the country. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn: https://www.linkedin.com/in/jamesdavidwheeler/

"Fire Doesn't Innovate" by Kip Boyle: https://a.co/d/0bYatohy

EP 203: Cyber Risk Quantification

Tue, 10 Feb 2026 16:00:22 +0000

Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/scott-stransky-92659095/

Top 12 Report -- https://www.marsh.com/en/services/cyber-risk/insights/cybersecurity-signals.html

Marsh Cyber Risk Intelligence Center -- https://www.corporate.marsh.com/solutions/cyber-resilience/cyber-risk-intelligence-center.html

EP 202: Why Fortune 500s Still Run on Windows 2003

Tue, 27 Jan 2026 16:00:26 +0000

Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/chuvakin/

Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/

EP 201: AI Powered Espionage

Tue, 13 Jan 2026 16:00:23 +0000

AI-driven attacks aren't coming; they're here. A Chinese state-sponsored group just ran cyber espionage operations that were 80 to 90 percent autonomous. What does this means for defenders? Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Here's Anthropic's report -- https://www.anthropic.com/news/disrupting-AI-espionage

EP200: Future of Cyber Defense

Tue, 30 Dec 2025 16:00:21 +0000

AI can supercharge your security team. But it can also supercharge attackers. So how do you stay ahead in an AI-powered threat landscape? Let's find out in our special 200th episode! Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Kip's keynote address -- https://youtu.be/DNRNbT0IaKM

"Fire Doesn’t Innovate: Thriving in the Face of Evolving Cyber Risks"

In this ROCon 2025 keynote, Kip Boyle challenges audiences to rethink how they approach modern threats in the age of AI. Using the metaphor of fire — a static risk that hasn’t changed for millennia — Kip explores how cyber adversaries are innovating daily while many organizations remain trapped in outdated mindsets. He closes with a compelling call to action: adapt like firefighters did with fire — or risk being left behind.

EP 199: AI Phishing at SecureWorld Seattle

Tue, 16 Dec 2025 16:00:21 +0000

How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 198: Breaches within Breaches (Contract Obligations post security incident)

Tue, 02 Dec 2025 16:00:37 +0000

What happens when a HIPAA Business Associate Agreement gets tested in court after a ransomware attack? And what can we learn from it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"New HIPAA Security Rule" episode:

https://cr-map.com/podcast/178

EP 197: Operational Cyber Resilience

Tue, 18 Nov 2025 16:00:18 +0000

What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes:

https://cr-map.com/podcast/161

https://cr-map.com/podcast/162/

EP 196: Rogue AI Agents: What's Identity Got To Do With It?

Tue, 04 Nov 2025 16:00:27 +0000

AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go rogue? Let's find out with our guest Matthew Hansen, Regional Chief Security Officer for the Americas with Okta. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

NIST AI RMF episodes:

https://cr-map.com/podcast/153/

https://cr-map.com/podcast/154/

EP 195: Board Cyber Reporting: The Right Questions, The Right Data

Tue, 21 Oct 2025 15:00:29 +0000

Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with our guest Dr. Keri Pearlson, MIT Sloan School of Management. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

HBR Article -- https://hbr.org/2023/10/a-tool-to-help-boards-measure-cyber-resilience

LinkedIn -- https://www.linkedin.com/in/kpearlson/

EP 194: Why Are We Sitting Ducks for Phishing Attacks?

Tue, 07 Oct 2025 15:00:25 +0000

Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petrocchi-Merriman, Executive Coach with "WorksWell Labs Coaching & Training". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Email -- lisamerriman@workswell.info

LinkedIn -- https://www.linkedin.com/in/lisa-merriman/

EP 193: Secure AI Transformation

Tue, 23 Sep 2025 15:18:11 +0000

Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their digital assets along the way? Let's find out with our guest Jenny Moshea, former CIO for Sellen Construction. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/jmoshea/

Free Guide -- https://getjennergy.com/

Website -- https://www.kinetiqshift.com/

EP 192: How I Use AI (And You Can Too)

Tue, 09 Sep 2025 15:00:30 +0000

How can generative AI transform your cybersecurity work without replacing your expertise? And why should you start experimenting now? Let's explore with our host Kip Boyle, CISO with Cyber Risk Opportunities, as he shares nearly three years of hands-on AI experience and practical strategies for staying ahead of the curve.

“Delegate Smarter with People and AI: Lead More, Do Less.”

https://maven.com/kipboyle/people-ai?promoCode=KIP50

EP 191: How to Make FBI Your Best Ally

Tue, 26 Aug 2025 15:02:17 +0000

How would you add law enforcement as a valuable resource to your cybersecurity program? And why would you want to? Let's find out with our guest Supervisory Special Agent Douglas Domin of the Federal Bureau of Investigation. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

“Cyber Resilience in the Age of AI: Threats, Responses & Human Stories” at MIT April 2025 -- https://youtu.be/6Jlg4tZV3TU

FBI field office directory -- https://www.fbi.gov/contact-us/field-offices

CISA/FBI/NSA Joint Advisories -- https://www.cisa.gov/news-events/cybersecurity-advisories

EP 190: Augmented with AI (REPLAY)

Tue, 12 Aug 2025 15:00:21 +0000

How should individuals be thinking about generative artificial intelligence at work and at home? Let's find out with our guest Daniel Miessler, whose mission is “Working towards Human 3.0 so we can survive and thrive as humans after AI". Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Website: https://danielmiessler.com/

LinkedIn: https://www.linkedin.com/in/danielmiessler/

X: https://x.com/DanielMiessler

Fabric: https://github.com/danielmiessler/fabric

Blog Post: https://danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong

EP 189: Agentic AI and Ransomware

Tue, 29 Jul 2025 15:00:24 +0000

Unit 42 (Palo Alto Networks) just showed they can use AI to conduct a complete ransomware attack in 25 minutes, a 100x speed increase. What does this mean for defenders? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 188: Verizon DBIR 2025 Part 2

Tue, 15 Jul 2025 15:00:21 +0000

And, here's part 2 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's in the rest of the 2025 report? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 187: Verizon DBIR 2025 Part 1

Tue, 01 Jul 2025 15:00:19 +0000

It's time for part 1 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's new for 2025? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 186: "Fire Doesn't Innovate" second edition

Tue, 17 Jun 2025 15:00:21 +0000

The second edition of "Fire Doesn't Innovate" has dropped. What's new? Why it was updated? How can different types of readers get the most value from it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

You can pick up a copy of "Fire Doesn't Innovate" second edition (paperback or Kindle versions) -- https://a.co/d/64hzmxN

See Episode 124 for full details on the “United Structures of America” case -- https://cr-map.com/podcast/124/

See Episode 136 for full details on the “iRobot lawsuit against Expeditors International” -- https://cr-map.com/podcast/136/

See Episode 141 for full details on the “NIST Cybersecurity Framework version 2” update -- https://cr-map.com/podcast/141/

EP 185: Courts and Non-deterministic Computing

Tue, 03 Jun 2025 15:00:21 +0000

Is evidence from Artificial Intelligence and Quantum Computing devices legally admissible in court? And how are courts actually handling this influx? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 184: Spies, Honeypots, and Lawsuits

Tue, 20 May 2025 15:00:23 +0000

Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

If you want to know more about honeypots, check out Kip's newest LinkedIn Learning course: “Active Defense: The New Frontier in Cybersecurity” -- https://www.linkedin.com/learning/active-defense-the-new-frontier-in-cybersecurity/

EP 183: NIST CSF: The Missing Manual

Tue, 06 May 2025 15:00:23 +0000

The implementation manual for the NIST Cybersecurity Framework gone missing. Can it be found? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Want a deep discount on Kip's new Udemy course "Implement version 2 of NIST Cybersecurity Framework"? This one is valid until May 31, 2025 -- CRM_PODCAST_FRIEND

https://www.udemy.com/course/implement-version-2-of-nist-cybersecurity-framework/?couponCode=CRM_PODCAST_FRIEND

If you need to quickly get up-to-speed with the changes in NCSF v2 listen to this episode -- https://cr-map.com/podcast/141/

EP 182: When Webcams Turn Evil

Tue, 22 Apr 2025 15:00:22 +0000

How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Want to quickly come up to speed with the Essential Eight (E8)? Listen to this episode:

https://cr-map.com/podcast/63/

EP 181: Deploying AI Securely and Privately

Tue, 08 Apr 2025 15:00:27 +0000

How can businesses securely and privately use AI tools? And, what are the top cyber risks of AI, anyway? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Want to quickly come up to speed with the NIST AI Risk Management Framework? Listen to these two episodes:

Part 1 -- https://cr-map.com/podcast/153

Part 2 -- https://cr-map.com/podcast/154

EP 180: The “Compliance Hammer” Alternative

Tue, 25 Mar 2025 15:00:21 +0000

Tired of swinging the “compliance hammer” and hitting people until they submit to you? Would you rather be influential, and not dictatorial? Let's find out how you can with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

See our previous episode on the subject of "buy-in" with our guest Michael Gregg, the CISO of North Dakota -- https://cr-map.com/podcast/171/

EP 179: Cybersecurity With No Money

Tue, 11 Mar 2025 15:00:21 +0000

You're a recently hired, lone cybersecurity analyst. Your mandate is to pay off on the data and system protection promises your senior decision makers made to an exciting new customer. Plot twist: You have no money. Now what? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 178: New HIPAA Security Rule

Tue, 25 Feb 2025 16:00:21 +0000

The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Health Information. Yes, this is HIPAA. But what will it mean for covered entities and their business associates? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Show notes:

https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C

EP 177: Workplace Injuries from Ransomware

Tue, 11 Feb 2025 16:00:26 +0000

How do you protect cybersecurity responders from workplace injuries, particularly PTSD from ransomware attacks? Is that even a thing? Let's find out with our guest Alexander Abney-King, a workplace psychologist and virtual CIO. He helps businesses adapt to world changes. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/alexanderabney-king/

Website -- https://www.secureittulsa.com/services/vcio

EP 176: LIVE! Top 10 NIST SP 800-Series

Tue, 28 Jan 2025 16:00:24 +0000

It’s our first time recording an episode LIVE with an audience. We were at the December 2024 the monthly membership meeting of the ISC2 Seattle Chapter. Our topic: What has NIST released in its Special Publication (SP) 800 series that could be of great value to your work? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

List of all SP 800 public releases: https://csrc.nist.gov/publications/sp800

EP 175: What's a "Hacker"?

Tue, 14 Jan 2025 16:00:25 +0000

What's a "hacker"? Are they good or bad? How do they think? Can their thinking help us in other problem spaces? Let's find out with our guest Ted Harrington, who’s dedicated his career to ethical hacking in order to help organizations build better, more secure systems. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/securityted/

Website -- https://www.tedharrington.com/

EP 174: The CrowdStrike Episode

Tue, 31 Dec 2024 16:00:23 +0000

Have you done a post-mortem of the CrowdStrike IT outage of 2024? What are the major lessons? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Incident background and impacts -- https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages

EP 173: Data Privacy in Cars

Tue, 17 Dec 2024 16:00:35 +0000

What data do modern cars collect, how do they collect it, and why? And what should your company do about it? Let's find out with our guest Andrea Amico, the founder and CEO of Privacy4Cars. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/%F0%9F%9B%A1%EF%B8%8F%F0%9F%9A%98-andrea-amico-a44aa/

Website -- https://privacy4cars.com

Website – https://www.vehicleprivacyreport.com

EP 172: Basic Legal Literacy for the CISO

Tue, 03 Dec 2024 16:00:26 +0000

What does the CISO need to practice everyday in terms of basic legal literacy? Let's answer that question by looking through the lens of data breach and privacy class action litigation. Our guest is Douglas Brush, a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Doug's LinkedIn profile -- https://www.linkedin.com/in/douglasabrush/

Doug's Website -- https://brushcyber.com/

EP 171: Getting Buy-In for Cybersecurity

Tue, 19 Nov 2024 16:00:21 +0000

How can you get high levels of buy-in for a cybersecurity program at the state level? Let's find out with our guest Michael Gregg, the CISO of North Dakota. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

LinkedIn profile -- https://www.linkedin.com/in/michaelgregg01/

SecureWorld -- https://www.secureworld.io/events

EP 170: Augmented with AI

Tue, 05 Nov 2024 16:00:13 +0000

Website: https://danielmiessler.com/

LinkedIn: https://www.linkedin.com/in/danielmiessler/

X: https://x.com/DanielMiessler

Fabric: https://github.com/danielmiessler/fabric

Blog Post: https://danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong

EP 169: Cybersecurity Hiring Manager Insights

Tue, 22 Oct 2024 15:00:15 +0000

What's the current cybersecurity hiring manager’s perspective on hiring? Talent scouting, employer reputation, etc.? Let's find out with our guest Reanna Schultz. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Reanna Schultz’s LinkedIn profile -- https://www.linkedin.com/in/reanna-schultz/

Reanna's company "CyberSpeak Labs LLC" -- https://www.cyberspeaklabs.com/

"Cybersecurity Hiring Manager Handbook" -- https://cybersecurity-hiring-manager-handbook.netlify.app/

"Your Cyber Path" podcast -- https://www.YourCyberPath.com

"IRRESISTIBLE" cybersecurity job hunter’s course on Udemy -- https://www.udemy.com/course/irresistible-cybersecurity

EP 168: Staying Ahead of Cyber Risk Management Trends

Tue, 08 Oct 2024 15:00:14 +0000

How can cybersecurity practitioners easily keep up with the changes in the "big picture" of cyber risk management? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 167: Security Champions Program

Tue, 24 Sep 2024 15:00:16 +0000

"Want to expand your cybersecurity tream? Do it with a ""Security Champions"" program. Let's find out how with our guest Bonnie Viteri. Your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

""How to Really Make Sure that Cybersecurity is Everyone’s Job"" (pt 1 & 2)

Bonnie Viteri’s LinkedIn profile:

https://www.linkedin.com/in/bonnie-b-242a0b11b/

EP 166: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 2

Tue, 10 Sep 2024 15:00:09 +0000

Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 165: The 2024 Verizon Data Breach Investigations Report (DBIR) Part 1

Tue, 27 Aug 2024 15:00:09 +0000

"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"

EP 164: Why are we so bad at vulnerability management?

Mon, 12 Aug 2024 15:00:10 +0000

"Vulnerability management is really difficult, especially at scale. And after 20+ years that's still true. Our guest Alex Wood, who's the CISO of Uplight, will help us understand why and consider practical suggestions for getting better. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Alex Wood's LinkedIn Profile -- https://www.linkedin.com/in/alexbwood/

Colorado = Security -- https://www.colorado-security.com/

EP 163: Self-Care

Tue, 30 Jul 2024 15:00:14 +0000

"Self-care is a crucial yet seldom discussed topic. Why is that? How should we be taking care of ourselves and why? Let's find out with our guest Chris Roberts, who most recently was the CISO of Boom Supersonic. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Chris Roberts' LinkedIn Profile -- https://www.linkedin.com/in/sidragon1/"

EP 162: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), part 2

Tue, 16 Jul 2024 15:00:08 +0000

Let's continue unpacking the "Cyber Incident Reporting for Critical Infrastructure Act". What else do you need to know? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 161: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)

Tue, 02 Jul 2024 15:00:22 +0000

CIRCIA stands for the "Cyber Incident Reporting for Critical Infrastructure Act". But what does it really mean? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 160: How to Find Your Top 5 Cyber Risks

Tue, 18 Jun 2024 15:00:12 +0000

"You can find your top 5 cyber risks using a “top down” approach with the NIST Cybersecurity Framework. Along the way, you can shift your organization towards better practice of reasonable cybersecurity. Know how? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

You can see our ""zero through ten"" scale scorecard here -- https://b.link/scorekey

You can watch our interview prep video here -- https://b.link/interview"

EP 159: FTC 2023 Privacy and Data Security Update

Tue, 04 Jun 2024 15:00:14 +0000

What kinds of unfair trade practices does the FTC look for when it comes to privacy and data security? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 158: Business Continuity as a Revenue Generator?

Tue, 21 May 2024 15:00:09 +0000

"Is overnight viral success is a kind of disruption that the business continuity (BC) discipline can help preapre you for? Let's find out with our guest Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Erika's Book, ""How to Not Kill Your Business"" -- https://www.amazon.com/gp/product/199018538X

Website -- https://www.eaasc.com/

LinkedIn Profile -- https://www.linkedin.com/in/erika-andresen/"

EP 157: How To Assess Cyber Risk (REPLAY)

Tue, 07 May 2024 15:00:11 +0000

"What's the definitive method for assessing cyber risk? Does it exist? How do you do it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

If you want to know more, Kip has a course on LinkedIn Learning you can check out:

""IT and Cybersecurity Risk Management Essential Training"" -- https://www.linkedin.com/learning/it-and-cybersecurity-risk-management- essential-training/

Kip also has a Udemy course that describes our semi-quantitative approach:

""Implementing NIST Cybersecurity Framework"" -- https://www.udemy.com/course/nist-cybersecurity-framework/

EP 156: Change Healthcare

Tue, 23 Apr 2024 15:00:11 +0000

What happened in the Change Healthcare cyberattack? What are the impacts and how can cyber resilience be a competitive advantage? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 155: Cybersecurity and data privacy in M&A transactions

Tue, 09 Apr 2024 15:00:13 +0000

The role of cybersecurity and data privacy due diligence when buying or selling a company has gone way up compared to five years ago. Why? And, what's at stake? Let's find out with our guest Brian Levine. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 154: NIST AI Risk Management Framework, part 2

Tue, 26 Mar 2024 15:00:17 +0000

Here's part 2 of what's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 153: NIST AI Risk Management Framework, part 1

Tue, 12 Mar 2024 15:00:07 +0000

What's in the NIST Artificial Intelligence Risk Management Framework (NIST AT-RMF)? And, how do you use it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 152: Boards of Directors and Cybersecurity

Tue, 27 Feb 2024 16:00:15 +0000

The SEC says that Boards of Directors need cybersecurity expertise. But how exactly does that work? Let's find out with our guest Vanessa Pegueros, former CISO of DocuSign. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 151: Does Ransomware Kill Sick People?

Tue, 13 Feb 2024 16:00:17 +0000

"Is there any reliable evidence that sick people die at a higher rate when their hospital is disabled by ransomware? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

“Hacked to Pieces? The Effects of Ransomware Attacks on Hospitals and Patients”

University of Minnesota - Twin Cities - School of Public Health

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4579292

""Killware"" -- https://www.cr-map.com/97"

EP 150: Privacy Laws Driving Demand for Cybersecurity

Tue, 30 Jan 2024 16:00:07 +0000

Twelve US states now have major privacy laws, up from only five last year. How is that driving demand for cybersecurity? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 149: The Tools and Rules of Digital Trust

Tue, 16 Jan 2024 16:00:09 +0000

How do you take a very important, yet ethereal, idea like digital trust and make it more concrete and actionable? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 148: SEC Disclosure Rules on Cybersecurity

Tue, 02 Jan 2024 16:00:08 +0000

What are the SEC’s new rules for cybersecurity disclosures, including cyber incidents AND annually about cybersecurity risk management and governance? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 147: SEC Complaint against SolarWinds Corporation

Tue, 19 Dec 2023 16:00:11 +0000

"What can we learn about the SEC Complaint against SolarWinds Corporation and Timothy G. Brown? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 96: ""Normalizing Greater Accountability For Cybersecurity Fraud""

EP 109: ""FTC’s Strange Action Against Cafe Press""

EP 146: Security Metrics

Tue, 05 Dec 2023 16:00:13 +0000

"How can we measure success with cybersecurity? Let's find out with our guest Jared Pfost. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

See Jared's ""Security Metrics Reference"" here -- https://www.cr-map.com/metrics"

EP 145: Why Do Employees Keep Ignoring Workplace Cybersecurity Rules?

Tue, 21 Nov 2023 16:00:12 +0000

Why do employees keep ignoring workplace cybersecurity rules? And, what should cyber risk managers to do about it? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 144: SecureWorld

Tue, 07 Nov 2023 16:00:14 +0000

Have you heard of a regional cybersecurity conference in the US called SecureWorld? We really like it. So we invited Brad Graver, who’s the president of SecureWorld, to tell us what makes them different from all the other conferences we could go to. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 143: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 2

Tue, 24 Oct 2023 15:00:13 +0000

Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 142: The 2023 Verizon Data Breach Investigations Report (DBIR) Part 1

Tue, 10 Oct 2023 15:00:08 +0000

Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 141: What's New in NIST CSF v2

Tue, 26 Sep 2023 15:00:16 +0000

What’s going to be in version 2 of the NIST Cybersecurity Framework? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 140: Entry Level IT & Cybersecurity Certifications Are Broken

Tue, 12 Sep 2023 15:00:10 +0000

Entry level IT and Cybersecurity certifications cost too much and produce too many "paper tigers". How do we fix that? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 139: How to Use Cyber Insurance as a Cyber and Privacy Risk Management Tool

Tue, 29 Aug 2023 15:00:09 +0000

How does an attorney think about using cyber insurance to manage cyber and privacy risks? Let's find out with our guest Jane Petoskey. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 138: What's With NIST Special Publication 800-171, Revision 3 and CMMC

Tue, 15 Aug 2023 15:00:11 +0000

How is Revision 3 of NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification (CMMC) related to each other? Let's find out with our guest Jacob Horne. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 137: How to Make Tabletop Exercises (TTX) Fun!

Tue, 01 Aug 2023 15:00:16 +0000

Traditional incident response exercises are often boring and awkward. That's why we don't do them, even though we should. Want a new way to get people excited about doing one? Let's learn about a proven innovation with our guest Glen Sorensen. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 136: Why Cyber Resilience is a Business Advantage

Tue, 18 Jul 2023 15:00:17 +0000

"An $8 billion company was hit by ransomware and then was sued in court by one of its best customers. What's the connection with cyber resilience? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

""Case Study for Cyber as a Material Business Risk"" -- https://www.cr-map.com/124"

EP 135: Measuring Cyber Risk

Tue, 04 Jul 2023 15:00:11 +0000

"Is the idea of measuring cyber risk ""hooey!"" as one of the InfoSec godfathers once said? Let's find out with our guest Ryan Leirvik. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Ryan's book ""Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program"" -- https://www.amazon.com/Understand-Manage-Measure-Cyber-Risk/dp/1484278208/

Website -- https://www.neuvik.com/

LinkedIn Profile -- https://www.linkedin.com/in/leirvik/"

EP 134: The Business Value of Business Continuity

Tue, 20 Jun 2023 15:00:18 +0000

"Is there any business value in “business continuity”? If so, how can we explain it so anyone can understand? Our guest is Erika Andresen, the Founder and Owner of EaaS Consulting, LLC. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Erika's Book, ""How to Not Kill Your Business"" -- https://www.amazon.com/gp/product/199018538X

Website -- https://www.eaasc.com/

LinkedIn Profile -- https://www.linkedin.com/in/erika-andresen/"

EP 133: ChatGPT and Cyber Risk Management

Tue, 06 Jun 2023 15:00:09 +0000

"Can ChatGPT help us manage Cyber Risk? Can any generative artificial intelligence be helpful? If so, how? And are there any limitations? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Suggested ""ChatGPT Prompt Engineering"" course by Sean Melis:

https://www.udemy.com/course/chatgpt-101-supercharge-your-work-life-500-prompts-inc/"

EP 132: Helping Activists Operating Under a Repressive Regime

Tue, 23 May 2023 15:00:09 +0000

How would you help political and human rights activists stay safe while using digital communications as they live under a repressive regime? One of us has been doing it for almost a year and he'll tell you. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 131: How Identity Really Works on the Internet Today

Tue, 09 May 2023 15:00:11 +0000

"What does identity on the Internet mean? What does the failure of identity cost us? Do we need to make any changes to the way we do digital identity? Let's find out with our guest our guest, Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA). Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

https://www.idsalliance.org/

https://www.linkedin.com/in/jreich/"

EP 130: How To Assess Cyber Risk

Tue, 25 Apr 2023 15:00:13 +0000

If you want to know more, Kip has a course on LinkedIn Learning you can check out:

""IT and Cybersecurity Risk Management Essential Training"" -- https://www.linkedin.com/learning/it-and-cybersecurity-risk-management- essential-training/

Kip also has a Udemy course that describes our semi-quantitative approach:

""Implementing NIST Cybersecurity Framework"" -- https://www.udemy.com/course/nist-cybersecurity-framework/

EP 129: Some Other Things I've Made for You

Tue, 11 Apr 2023 14:32:06 +0000

"Beyond this podcast, I've made a lot of resources (most are free) to help you. In fact, you can now download a six page list of them all. Let me quickly skim through that list with you in this episode. I'm your host, Kip Boyle, CISO with Cyber Risk Opportunities.

You can download ""the list"" here -- https://www.cr-map.com/thelist "

EP 128: Secrets of Cyber Risk Management at Non-Profits

Tue, 28 Mar 2023 15:00:15 +0000

Are non-profits at risk for cyber exploitation? If so, why? And what should they do about it? Let's find out with our guest, Lew Bader, the Finance Director at "Counseling In Schools". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 127: Proactively Protect Your Reputation (#1 digital asset)

Tue, 14 Mar 2023 15:00:10 +0000

"How do you proactively protect your #1 digital asset, which is your reputation? Let's find out with our guest, Sameer Somal, the CEO of Blue Ocean Global Technology. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Mentioned during this episode:

""The effects of cyberattacks on corporate reputation and consumer confidence with Casey Boggs"" -- https://www.cr-map.com/48

""Normalizing Greater Accountability For Cybersecurity Fraud"" -- https://www.cr-map.com/96

EP 126: Due diligence as a Risk Management Approach

Tue, 28 Feb 2023 16:00:12 +0000

"Can you “demonstrate due diligence to a defensible standard of care” as your risk management approach? This would replace ""red/yellow/green"" approaches or advanced statistics. Let's find out with our guest, Karen Worstell, who is a “Senior Cybersecurity Strategist” and a “CxO Security Advisor” with VMware. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

If you want to learn more about DOCRA (The Duty of Care Risk Analysis Standard) check out our previous episode -- https://cr-map.com/59

""Risk-Based Security is the Emperor's New Clothes""

https://taosecurity.blogspot.com/2006/06/risk-based-security-is-emperors-new.html

EP 125: Applied Security Design Principles

Tue, 14 Feb 2023 16:00:25 +0000

There are many security design principles we can use to build and evaluate products and services. Can we use them to understand the LastPass incidents from late 2022? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 124: Case Study for Cyber as a Material Business Risk

Tue, 31 Jan 2023 16:00:16 +0000

"A $100 million Texas company called “United Structures of America” got struck by ransomware in 2019. You'll be surprised at what happened next. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

“Cyber Extortion of Patients”--https://cr-map.com/podcast/51/

“Quick Look at the ‘Essential Eight’ mitigations”--https://cr-map.com/podcast/63/

""How to Really Make Sure that Cybersecurity is Everyone’s Job"" (pt 1 & 2)

https://cr-map.com/podcast/88/

https://cr-map.com/podcast/89/

EP 123: How to Really Reduce the Risk of People Falling for Phishing

Tue, 17 Jan 2023 16:00:08 +0000

What can we learn from a recently released research report called “Phishing in Organizations: Findings from a Large-Scale and Long-Term Study”? Let’s find out with our guest, Jason Rebholz, the CISO of Corvus Insurance. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Jason Rebholz prior guest appearance–https://cr-map.com/podcast/114/

“Some Workgroups Deserve More Protection Against Malware”–https://cr-map.com/podcast/108/

“How to Really Make Sure that Cybersecurity is Everyone’s Job” (pt 1 & 2)

https://cr-map.com/podcast/88/

https://cr-map.com/podcast/89/

EP 122: Best Episode of 2022

Tue, 03 Jan 2023 16:00:16 +0000

What's our "best episode" of 2022? This one had the highest number of downloads. Let's find out which one it was with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 121: The Myth Busters Episode

Tue, 20 Dec 2022 16:00:10 +0000

What are the biggest, yet wrong, ideas that float around all the time and often cause senior decision makers to make poor decisions? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

“Compliance Versus Practicing Cybersecurity” https://www.cr-map.com/12

“Busted: The Truth about Cloud Security” https://www.cr-map.com/77

“Your IT Person is Not Your Cybersecurity Person” https://www.cr-map.com/105

EP 120: The 2022 Verizon Data Breach Investigations Report (DBIR) Part 2

Tue, 06 Dec 2022 16:00:12 +0000

Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 119: The 2022 Verizon Data Breach Investigations Report (DBIR) Part 1

Tue, 22 Nov 2022 16:00:14 +0000

Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 118: Chief Operating Officer is also CISO

Tue, 08 Nov 2022 16:00:09 +0000

What if your Chief Operating Officer was also your Chief Information Security Officer? What would that be like? And, who would do it? Let's find out with our guest, Peter Hitschler the COO of Tri Tech Manufacturing. Your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 117: Cyber Risk Management During Company Acquisition

Tue, 25 Oct 2022 15:00:10 +0000

How can Deal Teams and M&A Teams understand and manage cyber risk so they can make better business decisions during the company acquisition process? Let's find out with our guest, Shay Colson, the Managing Partner at Coastal Cyber Risk Advisors, LLC. Your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 116: Update of State Data Security Laws

Tue, 11 Oct 2022 15:00:12 +0000

Did you know there’s an avalanche of state and federal privacy laws and regulations that are either being actively debated or have been passed and will soon take effect starting in January 2023? Let’s find out which ones matter most with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 115: Insurance Companies as Cybersecurity Leaders

Tue, 27 Sep 2022 15:00:14 +0000

Can the insurance industry find a way to reduce the rate of major cyber incidents like it did by promoting airbags to reduce highway death rates or sprinklers for buildings reducing fires deaths? Let's find out with our guest Andy Anderson, CEO of DataStream Cyber Insurance. Your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Andy's podcast "The Cyber Crime Lab" --

EP 114: Cyber Insurance Drives Security Beyond Your Cyber Policy

Tue, 13 Sep 2022 08:00:07 +0000

Can small-medium-sized businesses benefit from cyber insurance even if they don't buy a policy? How? Let's find out with my guest Jason Rebholz, CISO at Corvus Insurance. Your host is Kip Boyle, vCISO with Cyber Risk Opportunities.

EP 113: Self-Insuring for Cyber Risks

Tue, 30 Aug 2022 08:00:08 +0000

Cybersecurity is intertwining with D&O litigation and more companies are self-insuring for cyber risks. Why? Our guest is Rachel Jenkins, the Managing Director for Customer Success at Founder Shield. Your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP112: How to Work With CFOs on Cyber Risk Management

Tue, 16 Aug 2022 15:00:12 +0000

You’re going to need the CFO’s support to be successful managing cybersecurity. Why? If for no other reason than the CFO controls the purse strings! So how do you do it? Let's find out with your host Kip Boyle, vCISO with Cyber Risk Opportunities.

EP 111: Ethical Phisheries

Tue, 02 Aug 2022 08:00:12 +0000

How do you run a successful anti-phishing program that will actually reduce your risk without sacrificing employee goodwill? Our guest, Ean Meyer, knows how. Ean is Associate Director of Security Testing and Assurance at Marriott Vacations Worldwide. Your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"How to Really Make Sure that Cybersecurity is Everyone’s Job" (pt 1 & 2)

EP 110: Thriving in this Crazy Cyber Insurance Market

Tue, 19 Jul 2022 09:00:14 +0000

Cyber insurance, once so easy to get, is now scarce and expensive. Why did this happen? How long will it last? What can you do until sanity returns? Find out with our guest Jennifer Cohen, the Cyber & Governance Director at HUB International. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 109: FTC’s Strange Action Against Cafe Press

Tue, 05 Jul 2022 08:00:11 +0000

The Federal Trade Commission unusually took action against the current AND former owners of CafePress over the February 2019 customer data breach. Why and what does it mean? Also, an update on the False Claims Act from Episode 96. Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 96: "Normalizing Greater Accountability For Cybersecurity Fraud"

EP 108: Some Workgroups Deserve More Protection Against Malware

Tue, 21 Jun 2022 08:00:08 +0000

Due to the way some workgroups must work, they deserve more protection against malware. But how can you do that in a minimum viable way? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 63: Quick look at the “Essential Eight” mitigations

"Implementing the NIST Cybersecurity Framework"

EP 107: Response Side of Vendor Due Diligence

Tue, 07 Jun 2022 08:00:13 +0000

What are the challenges of smaller vendors responding to due diligence requests from their large customers? And what can they do about them? Let's find out with our guest Caroline McCaffery of ClearOPS. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 106: Anatomy of a Hack: Pandora Papers

Tue, 24 May 2022 08:00:09 +0000

What are the Pandora Papers? Where did they come from? What's the impact of the Pandora Papers on the legal industry? What are the practical cybersecurity lessons for everyone? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 105: Your IT Person is Not Your Cybersecurity Person

Tue, 10 May 2022 08:00:09 +0000

IT and cybersecurity actually have very little overlap. The people performing them have similar skills but they have very different goals and very different ways of thinking. Let's find out how different with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 104: Easy Target due to Corporate Identity Crisis

Tue, 26 Apr 2022 08:00:08 +0000

Can an identity crisis make organizations an easy target for cyber-criminals? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 103: SEC's Proposed Rules for Cyber Risk Management

Tue, 12 Apr 2022 08:00:11 +0000

What's in the Security Exchange Commission’s proposal for new cybersecurity risk management rules for investment advisers and investment companies? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

You can find the SEC's Fact Sheet and proposed Rules here -- https://www.sec.gov/news/press-release/2022-20

EP 102: Cybersecurity Hiring Manager Handbook

Tue, 29 Mar 2022 08:00:15 +0000

Do you want to attract and retain top tier talent for your InfoSec team? To work “on your program” instead of working “in your program”? Learn how with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Get the Handbook for free here -- https://b.link/hiring-handbook

Register for training here -- https://www.antisyphontraining.com/hiring-handbook-how-to-build-an-infosec-team-that-gets-stuff-done-w-kip-boyle/

EP 101: FTC's Major Updates to GLBA Safeguards Rule

Tue, 15 Mar 2022 08:00:15 +0000

Is your business “significantly engaged” in providing financial products or services of any kind? Then you need to know about the updates to the Safeguards Rule. Let's see what they are with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Join us for our next CLE at noon Pacific time on Wednesday, March 30th where we'll explore the impact of the Pandora Papers on the legal industry and the practical, cybersecurity lessons for attorneys and their clients.

https://www.eventbrite.com/e/anatomy-of-a-hack-pandora-papers-tickets-255528421387

EP 100: Celebrating our One Hundredth Episode!

Thu, 03 Mar 2022 00:45:04 +0000

When we first started this podcast, we weren't thinking about 50 episodes, let alone 100. How did we make it this far? What's next? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

https://www.eventbrite.com/e/anatomy-of-a-hack-pandora-papers-tickets-255528421387

EP 99: Metamorphic Malware Called Tardigrade

Sun, 20 Feb 2022 20:26:27 +0000

Here’s the latest in the evolution of dynamic cyber risks: A metamorphic malware called Tardigrade. What does it mean? How do you deal with it? Let’s find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Join us for our next CLE at noon Pacific time on Wednesday, March 30th where we’ll explore the impact of the Pandora Papers on the legal industry and the practical, cybersecurity lessons for attorneys and their clients.

https://www.eventbrite.com/e/anatomy-of-a-hack-pandora-papers-tickets-255528421387

EP 98: Minimum Viable Risk Assessment and Data Backups

Tue, 01 Feb 2022 08:00:35 +0000

Today's episode is a replay of the free online continuing legal education session that Jake and I delivered back on December 15, 2021. You'll learn how to conduct meaningful cyber risk assessments and create ransomware-proof data backups.

https://www.eventbrite.com/e/anatomy-of-a-hack-pandora-papers-tickets-255528421387

EP 97: Killware

Tue, 18 Jan 2022 21:13:13 +0000

What's happening at the convergence of cyber-attacks and the loss of human life? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 96: Normalizing Greater Accountability For Cybersecurity Fraud

Tue, 04 Jan 2022 08:00:20 +0000

What is the False Claims Act and how will the Department of Justice start using it to help keep the nation safe from cyber criminals and adversaries? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 95: What To Do about the Massive Insider Threat?

Tue, 21 Dec 2021 08:00:01 +0000

There is a massive insider threat in all our organizations according to the Verizon Data Breach Investigations Report (DBIR). Why is that and what should we do about it? Our guest, John Grim, one of the long-time authors of the report, will tell us. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 94: Inside the Poly Network Hack

Tue, 07 Dec 2021 08:00:01 +0000

What can the Poly Network hack tell us about the state of cyber risk in the world of blockchain and smart contracts? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

You’ll find more details about the hack here:

https://research.kudelskisecurity.com/2021/08/12/the-poly-network-hack-explained/

and here: https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f/

Sign up for our free ethics CLE on December 15, 2021: https://www.eventbrite.com/e/1-hour-cutting-edge-cle-on-december-15th-at-12-pm-pacific-tickets-187700476177

Want to better understand crypto currency? Check this out: https://youtu.be/rYQgy8QDEBI

EP 93: Executive Order on Ransomware and Cybersecurity

Tue, 23 Nov 2021 08:00:44 +0000

Is there anything helpful in the US President's “Improving the Nation’s Cybersecurity” Executive Order and the follow-on Ransomware Memo from the White House? Let's find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Sign up for our free ethics CLE on December 15, 2021: https://www.eventbrite.com/e/1-hour-cutting-edge-cle-on-december-15th-at-12-pm-pacific-tickets-187700476177

EP 92: Going Behind the Darknet Diaries…

Tue, 09 Nov 2021 08:00:39 +0000

If you’re not listening to the Darknet Diaries, you’re missing out on some relatable stories that will help you better tell your own cyber risk story to your senior decision makers. Find out how with the host of Darknet Diaries, Jack Rhysider, along with Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Sign up for our free ethics CLE on December 15, 2021 at noon Pacific Time: https://www.eventbrite.com/e/1-hour-cutting-edge-cle-on-december-15th-at-12-pm-pacific-tickets-187700476177

EP 91: Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?

Tue, 26 Oct 2021 08:00:39 +0000

Is the Verizon Data Breach Investigations Report (DBIR) trustworthy enough for cyber risk managers to use it to choose new or improved mitigations? Our guest Suzanne Widup, one of the long-time authors of the report, will tell us how the report is made and why you can trust it. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 90: How to Buy Cyber Insurance in this Turbulent Market

Tue, 12 Oct 2021 08:00:41 +0000

Cyber insurance coverages are going down and prices are going up. Not everyone who wants to buy a policy will be able to get one. Why? Our guest Chris Brumfield, cyber insurance expert from brokerage Alliant, will explain. And if you're an attorney, Jake Bernstein, Partner with K&L Gates explains why this matters to your firm and your clients (and you'll get an ethics CLE if you listen to the end). This episode was originally broadcast as “The Ethics of Cybersecurity: How to Buy Cyber Insurance for Your Law Practice”.

EP 89: How to Really Make Sure that Cybersecurity is Everyone’s Job (Part 2)

Fri, 01 Oct 2021 08:00:37 +0000

What if you could intensionally build a cybersecurity subculture inside your orgnaization? You can! Learn how to pull the right levers with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 88: How to Really Make Sure that Cybersecurity is Everyone’s Job (Part 1)

Tue, 14 Sep 2021 08:00:36 +0000

EP 87: Cybersecurity for Small Companies

Tue, 31 Aug 2021 08:00:32 +0000

What are the best options for small and medium-sized businesses when it comes to cybersecurity? Let's look at the common barriers what and options they have with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Check out the CR-MAP that Kip mentions here: https://www.cr-map.com/

EP 86: The 2021 edition of the Verizon Data Breach Investigations Report (DBIR) Part 2

Tue, 17 Aug 2021 08:00:07 +0000

Let's conclude our look at the 2021 Verizon DBIR report. Today we'll review the data by industry and the revised attack patterns with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 85: The 2021 edition of the Verizon Data Breach Investigations Report (DBIR) Part 1

Tue, 03 Aug 2021 08:00:43 +0000

Have you read the Verizon DBIR report for 2021? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 84: Minimum Viable Planning for a Cyber Business Disruption

Tue, 20 Jul 2021 08:00:34 +0000

Do you have a minimum viable plan for a major business disruption in the age of ransomware and other intense cyber risks? Learn how to make one with our guest Dan Weedin. We're your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 83: FBI on the Cyber Offensive

Tue, 06 Jul 2021 08:00:53 +0000

The FBI is publicly releasing details about their active defense of the U.S. Is this a good thing? Find out your with hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

EP 82: Recommendations from the Ransomware Task Force

Tue, 22 Jun 2021 08:00:15 +0000

Ransomware is a big problem that's getting bigger. Learn about a new set of recommendations released by the Institute for Security + Technology’s Ransomware Task Force for dealing with the growing threat of ransomware with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

AND: Will all attorneys please join us online for a free, one-hour CLE on June 23, 2021 at 12 pm Pacific where Kip and Jake will teach you how to answer client questions about ransomware?

EP 81: Something for everyone in latest NYDFS Consent Order

Tue, 08 Jun 2021 08:00:23 +0000

What can you learn from the latest NYDFS Consent Order? A lot. Learn with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

AND: Will all attorneys please join us online for a free, one-hour CLE on June 23, 2021 at 12 pm Pacific where Kip and Jake will teach you how to answer client questions about ransomware?

EP 80: Cybersecurity Insurance makes progress in the right direction

Tue, 25 May 2021 08:00:06 +0000

Cyber insurance companies are starting to figure out what practices actually reduce the risk of a major cyber incident. Walk through an insurance application with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead.

AND: Will all attorneys please join us online for a free, one-hour CLE on June 23, 2021 at 12 pm Pacific where Kip and Jake will teach you how to answer client questions about ransomware?

EP 79: What should the US government do about rampant cyber crime?

Tue, 11 May 2021 08:36:15 +0000

Our guest is Michael Garcia, who co-authored a report for the US government, entitled “A Roadmap to Strengthen US Cyber Enforcement: Where Do We Go From Here?” Find out his top 3 recommendations with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead.

AND: Will all attorneys please join us online for a free, one-hour CLE on June 23, 2021 at 12 pm Pacific where Kip and Jake will teach you how to answer client questions about ransomware?

EP 78: Importance of Internal Audit Teams

Tue, 27 Apr 2021 08:00:17 +0000

Do you know how Internal Audit Teams can assist a CISO?! Take a look from an Internal Audit teams perspective and learn more on important of an role they play in your Cyber Risk Management, with hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 77: Busted: The Truth about Cloud Security

Tue, 13 Apr 2021 08:00:01 +0000

What do you know about Cloud Security Marketing?! In today's episode, we do some mythbusting, specifically targeting common cloud security marketing messages, with the help of our guest, Paul Rich. To see more about Paul Rich check out his LinkedIn Profile: https://www.linkedin.com/in/parich/

EP 76: Implications of denial of class certification in data breach cases

Tue, 30 Mar 2021 08:00:42 +0000

What does it mean for cybersecurity professionals trying to create defensibly reasonable cybersecurity programs if a data breach lawsuit is filed against their employer and it fails to gain class certification? Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 75: How to Pass your CISSP Exam

Tue, 16 Mar 2021 08:00:26 +0000

How do you prepare for the CISSP exam and what should you expect? Listen to Jake and Kip tell you how to prep for the exam using a 3-point plan. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 74: Lessons Learned from Ransomware Attack

Tue, 02 Mar 2021 08:00:23 +0000

By reviewing a recent ransomware response case let's see what we can learn so our listeners can prevent their own ransomware disasters. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 73: Negotiating the Data Security Addendum

Tue, 16 Feb 2021 08:00:35 +0000

How do you prepare for the negotiation process when you’re staring at your customer’s new data security addendum? Learn how with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 72: The Failure of the Cybersecurity Market

Tue, 02 Feb 2021 08:01:00 +0000

We're collectively spending $100 billion each year to manage cyber risks and still the damages are going up. It's due to a big disfunction in the marketplace. But there's a cure! Learn more with Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 71: Learning from Latest in Cyber Insurance Claims

Fri, 18 Jan 2019 11:28:11 +0000

A new cyber insurance claims study of smaller businesses shows the top types of cyber-attacks, as well as their causes, for the first half of 2020. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 70: A Trial Attorney Tells You How to Get the Most from your Cyber Insurance

Tue, 05 Jan 2021 08:00:03 +0000

We take a look at cyber insurance coverage (and exposure) from a litigator’s perspective with the help of our guest, Josh Franklin. Learn with Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 69: More Reasons to Not Pay Ransomware Demands

Fri, 18 Dec 2020 08:00:23 +0000

We have some insightful updates on ransomware trends, along with an OFAC reminder from the US government, to give you yet more reasons not to pay cyber-attackers who encrypt your data. Learn with Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group.

EP 68: Role of General Counsel in Cyber Risk Management

Tue, 08 Dec 2020 08:00:14 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, turns the tables and puts Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, in the guest chair to ask him about the role of general counsel in cyber risk management.

EP 67: New Rules for Attorney-Client Privilege over Data Breach Reports

Tue, 24 Nov 2020 08:00:28 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, discuss the “lessons learned” from the Capital One Consumer Data Security Breach litigation ruling relating to the attorney-client privilege for data breach reports.

EP 66: Challenges for Cybersecurity Pros of Sudden “Work From Home” requirements due to COVID-19

Tue, 10 Nov 2020 08:00:28 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, talk with our guest, Dan Blum, about the challenges posed by the COVID-19 shutdown specifically for the cybersecurity professional. Dan will also share information about his new book, "Rational Cybersecurity for Business".

EP 65: Cyber Exploitation Through Supply Chains

Tue, 27 Oct 2020 08:00:10 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, explore cyber exploitation through supply chains with our guest, Steven Carnovale, Assistant Professor of Supply Chain Management at the Rochester Institute of Technology.

EP 64: Current trends in Internet Freedom

Tue, 13 Oct 2020 08:00:25 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, review trends in Internet Freedom with our guest, Harold Li, Vice President of ExpressVPN.

EP 63: Quick look at the “Essential Eight” mitigations

Tue, 29 Sep 2020 08:00:49 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, do a quick review of the Essential Eight mitigations published by the Australian Signals Directorate.

EP 62: Going deeper into the 2020 edition of the DBIR

Tue, 15 Sep 2020 08:00:00 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, go deeper into the 2020 edition of the Verizon Data Breach Investigations Report (DBIR).

EP 61: The 2020 edition of the Verizon Data Breach Investigations Report (DBIR)

Tue, 01 Sep 2020 08:00:26 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, do a quick analysis of the 2020 edition of the Verizon Data Breach Investigations Report.

EP 60: LabCorp shareholder sues senior decision makers over cybersecurity failures

Tue, 18 Aug 2020 08:00:19 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, explain how 3rd-party cybersecurity failures have resulted in a shareholder derivative lawsuit that names senior decision makers as defendants.

EP 59: Can DoCRA (Duty of Care Risk Analysis) tell you if your cybersecurity controls are reasonable?

Tue, 04 Aug 2020 08:00:39 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discusses DoCRA – Duty of Care Risk Analysis. It’s an approach that helps organizations figure out whether their cybersecurity controls are reasonable. And we'll do that with the help of our guest, Chris Cronin.

EP 58: Why some companies are so intense about managing supply chain cyber risk

Tue, 21 Jul 2020 08:00:04 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss why some companies are so intense about managing cyber risk in their supply chains.

EP 57: The new “At a Minimum” FTC standard

Tue, 07 Jul 2020 08:00:35 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss the FTC’s new “at a minimum” language in its cybersecurity decisions and what that means for cyber risk managers.

EP 56: How to quickly and profitably close deals with your cybersecurity intensive customers

Mon, 22 Jun 2020 08:00:50 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss the three steps business leaders should follow to overcome pre-sales cybersecurity due diligence sales hurdles with prospective customers.

EP 55: How to graduate skilled cybersecurity analysts in only six months

Tue, 09 Jun 2020 08:00:34 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss how the Prelude Institute is helping to make up the shortfall in qualified cybersecurity professionals with our guest, Ted Ipsen.

EP 54: The legal and economic aftermath of cybersecurity breaches

Tue, 26 May 2020 08:00:58 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss how liability and blame is a serious obstacle to keeping the internet secure with our guest, professor and published author, Josephine Wolff.

EP 53: Post data breach requirements for law firms

Tue, 12 May 2020 08:00:34 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss ABA Formal Opinion 483, which sets out requirements for law firms who suffer breaches of client data.

EP 52: SysAdmins and the multi-million dollar privacy violations they will cause

Tue, 28 Apr 2020 08:00:50 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, reveal how people with privileged accounts are managing bigger risks to their organization than ever before. In the world of CCPA, GDPR, and SHIELD, not carefully setting permissions on those data lakes will lead to massive penalties for some organizations.

EP 51: Cyber Extortion of Patients

Tue, 14 Apr 2020 08:00:00 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss how cyber criminals are sending ransom demands to the people in the records they steal.

EP 50: Results of annual listener survey

Tue, 31 Mar 2020 08:00:02 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss the results of the annual listener survey.

EP 49: Utility computing for cybersecurity is “reasonable”

Tue, 17 Mar 2020 08:00:02 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss how organizations using Office 365 and G Suite should be using the many "hidden" but very affordable cybersecurity functions. Their availability is changing the definition of "reasonable cybersecurity".

EP 48: The effects of cyberattacks on corporate reputation and consumer confidence

Tue, 03 Mar 2020 09:51:23 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss the effects of cyberattacks on corporate reputation and consumer confidence with the help of our friend and public relations expert, Casey Boggs.

EP 47: California’s IoT Security Law: Why It Matters

Tue, 18 Feb 2020 09:50:33 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss California's new "Internet of Things" security law and its intersection with reasonable cybersecurity.

EP 46: Experiences with Law Enforcement on Cyber Crime Cases

Tue, 04 Feb 2020 11:49:11 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, share what is was like for each of them to work with FBI and Secret Service on two recent cyber crime cases.

EP 45: CCPA regulations and the New York SHIELD Act

Tue, 21 Jan 2020 09:00:49 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, give an update on CCPA and the New York SHIELD Act.

EP 44: Cybersecurity for entrepreneurs (and their employees)

Tue, 07 Jan 2020 09:00:09 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss why entrepreneurs need special guidance on cybersecurity.

EP 43: Why does the FTC settle on cybersecurity cases?

Tue, 24 Dec 2019 09:00:52 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss why the FTC tends to setting their cybersecurity cases instead of going to trial.

EP 42: Exploiting IT Service Providers and their Customers

Tue, 10 Dec 2019 09:00:47 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, discuss how cyber-attackers are abusing the trusted relationship between IT service providers and their customers.

EP 41: Security Outsourcing: Vendor Selection and Management

Tue, 26 Nov 2019 09:31:21 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss Security Outsourcing: Vendor Selection and Management.

EP 40: Ransomware Defenses for cities

Tue, 12 Nov 2019 16:26:59 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, discuss a recent Dark Reading article by Sara Peters: "It Saved Our Community: 16 Realistic Ransomware Defenses for Cities"

EP 39: The Major Cyber Risk of Private Equity Firms

Tue, 29 Oct 2019 08:00:27 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, review the rise and fall of Colorado Timberline, a one-time porfolio company of Frontenac and Charter Oak Equity.

EP 38: The new data breach notification law in Washington

Tue, 15 Oct 2019 09:00:36 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal PLLP, discuss the revised Washington State data breach notification law and why it matters to all our listeners.

EP 37: Cyber risk and public relations

Tue, 01 Oct 2019 08:00:28 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talk with guest Casey Boggs about how to manage cyber risk with good public relations.

EP 36: The emerging “Reasonableness Test” for cybersecurity

Tue, 17 Sep 2019 09:00:12 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, discuss "The Sedona Conference Draft Commentary on Reasonable Security Test"

EP 35: Wholesaler perspective in cyber insurance

Tue, 03 Sep 2019 00:01:01 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Peter Marchel about the current state of the wholesale cyber insurance market.

EP 34: Why The ASUS Supply Chain Cyberattack Is a Big Deal

Tue, 20 Aug 2019 00:01:54 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about what cyber risk managers can learn from the ASUS supply chain cyberattack.

EP 33: How the blame game that follows big data breaches affects defenders

Tue, 06 Aug 2019 09:01:10 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about what cyber risk managers can still learn from the 2012 data breach at the South Carolina Department of Revenue.

EP 32: Independent broker’s perspective on cyber insurance

Tue, 23 Jul 2019 15:11:38 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Chris Brumfield about the current state of the cyber insurance market.

EP 31: Protecting your accounts payable function from cyberattack

Tue, 09 Jul 2019 04:01:27 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Debra Richarson about how finance professionals should protect their company from common financial cyber fraud.

EP 30: Company Sues Employee For Being Phished

Tue, 25 Jun 2019 00:01:00 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about a company that sued its employee for being phished out of $260,000.

EP 29: What the Private Sector Can Learn about Incident Response from the Military

Tue, 11 Jun 2019 00:06:11 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Melissa Van Buhler about what the military can teach the private sector about incident response.

EP 28: The Rise of WebApps and Their Impact on Cybersecurity

Tue, 28 May 2019 00:01:07 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how some people believe that by using webapps, they are more secure than when using traditional software.

EP 27: What’s at the intersection of AI and cybersecurity?

Tue, 14 May 2019 00:01:44 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about three things that cyber risk managers will find at the intersection of artificial intelligence and cybersecurity.

EP 26: Computer Fraud and Abuse Act (Revisited)

Tue, 30 Apr 2019 15:15:01 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how the 35-year-old Computer Fraud and Abuse Act (CFAA) is a useful tool for today's cyber risk managers.

EP 25: BONUS: New book: “Fire Doesn’t Innovate” on sale now

Mon, 14 Jan 2019 00:01:03 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about his new book, Fire Doesn’t Innovate, on sale January 15, 2019. It includes a free, online Cyber Risk Workbook that automates Part 2 of the book: The creation of your Cyber Risk Management Game Plan.

EP 24: How fake advertising fuels other cybercrimes

Tue, 16 Apr 2019 15:06:05 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how new techniques for automating ad fraud will probably lead to other types of cybercrime.

EP 23: What the last 30 years of cyber risks tells us about what’s ahead

Tue, 02 Apr 2019 00:01:45 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about what the next 30 years of cyber risks will look like.

EP 22: Cyber risks of autonomous vehicles

Tue, 19 Mar 2019 00:01:41 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about the cyber risks of autonomous vehicles.

EP 21: What germs can teach us about dealing with cyber-attacks

Tue, 27 Nov 2018 16:18:07 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, today we talked about how germs can teach us a lot about how to deal with cyber-attacks.

EP 20: New book: “Fire Doesn’t Innovate”

Tue, 30 Oct 2018 00:01:33 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, provide a preview of a new book to help executives thrive as cyber risk managers.

EP 19: Business Judgment Rule

Tue, 05 Mar 2019 00:01:27 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, discuss how cyber risk management is actually a fiduciary duty of corporate directors and officers.

EP 18: Six “must read” non-technical books for cyber risk managers

Wed, 20 Feb 2019 00:00:06 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, discuss six "must read" non-technical books for cyber risk managers.

EP 17: The golden age for cyber-criminals

Tue, 05 Feb 2019 00:01:16 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about why this is a golden age for cyber criminals.

EP 16: Threat Intelligence

Wed, 23 Jan 2019 00:01:32 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how executives should think about threat intelligence: What it is, where to get it, how to use it, and how to get started. They also discuss how artificial intelligence and machine learning can help make threat intelligence more useful.

EP 15: California Consumer Privacy Act (CCPA)

Tue, 21 Aug 2018 00:01:40 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about talk about the new California Consumer Privacy Act or CCPA and how executives should be thinking about this new cyber risk.

EP 14: Contractual Firewalls

Tue, 08 Jan 2019 00:01:18 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how executives can create strong contractual firewalls between themselves and their vendors and customers to guard against excessive financial loss due to cybersecurity failures.

EP 13: Small Companies Struggle with Big Company Cybersecurity Questionnaires

Wed, 26 Dec 2018 00:01:47 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how smaller companies struggle to respond to cybersecurity questionnaires from bigger customers.

EP 12: Compliance Versus Practicing Cybersecurity

Tue, 11 Dec 2018 16:26:23 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, on the difference between focusing on compliance with cybersecurity laws and regulations versus practicing cybersecurity.

EP 11: Cyber Risk and Law Firms

Tue, 13 Nov 2018 00:01:34 +0000

Kip Boyle talks with Jake Bernstein on the need for law firms to have reasonable cyber security. They also discuss how law firms can provide Attorney Client Privilege (ACP) to their clients who conduct Cyber Risk Assessments.

EP 10: Methods and Legality of “Active Defense”

Tue, 16 Oct 2018 00:01:59 +0000

Kip Boyle and Jake Bernstein describe "active defense" as an emerging technique for dealing with cyber-attackers and the legality of the various methods.

EP 9: Non-Technical Ways to Manage Cyber Risk

Tue, 02 Oct 2018 00:01:28 +0000

Kip Boyle and Jake Bernstein explain how you need to use people, process, and management (in addition to technology) in order to have reasonable cybersecurity.

EP 8: How to deal with Ransomware

Tue, 18 Sep 2018 00:01:20 +0000

Kip Boyle and Jake Bernstein discuss whether organizations should pay a ransom to regain control over their data and systems.

EP 7: What is GDPR?

Wed, 08 Aug 2018 00:01:43 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, summarize the European Union's General Data Protection Regulation or, GDPR.

EP 6: Cyber Risk Management and Attorney Client Privilege

Tue, 04 Sep 2018 00:01:28 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, describe how Attorney Client Privilege (ACP) and Attorney Work Product (AWP) doctrine can increase the quality of your cyber risk management practices.

EP 5: How the FTC Defines “Reasonable Cybersecurity”

Tue, 24 Jul 2018 00:01:42 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about how the FTC has been working since 2010 to define "Reasonable Cybersecurity" standard.

EP 4: The “Reasonable Cybersecurity” Standard

Tue, 10 Jul 2018 21:32:41 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about the emerging "Reasonable Cybersecurity" standard: Where it's coming from and what how it should affect the decisions made by cyber risk managers.

EP 3: Why Your Company Needs Cyber Risk Management

Fri, 15 Jun 2018 22:23:56 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about why every company needs good cyber risk management.

EP 2: Your Newest Competitor Creates Most of Your Cyber Risk

Fri, 15 Jun 2018 22:21:13 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about who is really driving the over $6 trillion in damage expected in 2021 due to cyber failures.

EP 1: Introducing Cyber Risk Management Podcast

Thu, 07 Jun 2018 21:19:46 +0000

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about who we are, what we do, and why we do it.