Jack Jones and Doug Hubbard explain how to measure what matters on the new frontier of risk management.
by Nikhil Chawla
The CISO is confronting countless “swords of damocles.” Each one seems critical. Each one is waiting to drop on their head. Their job is to eliminate those risks before they drop. Unfortunately, security is expensive and budgets are limited. Where to start when you only get to pick one, two, or three things to mitigate out of dozens of possibilities? The straight forward answer is, “Just shoot for getting the biggest bang for you’re buck!” This is easier said than done. The risk of some yet to happen event causing real impact is highly uncertain. The value of security control in mitigating those risks are also uncertain. And, the range of impacts that can occur add more fuel to the fire of uncertainty. This podcast bring the foremost thinkers on modeling cyber risk together – to discuss modern approaches for measuring risk and deciding on the best way forward economically. Meaning, the best way forward in terms of both cost as risk reduction.
Getting executive sign-off on a new control? Hard. Getting peer buy-in on security initiatives when they don’t report to you? Harder. In modern organizations, cybersecurity professionals often find themselves in the ultimate matrix of organizational challenges: you need buy-in from every department within the organization – operations, sales, HR, and finance – but none of […]
The average enterprise relies on hundreds—sometimes thousands—of third-party vendors to operate. Yet when security leaders are asked for a complete inventory of these vendors, the response is often a patchwork of spreadsheets, outdated procurement lists, and educated guesses. This vendor blindness isn’t just an operational inconvenience—it’s a critical business risk that’s becoming increasingly expensive to […]
The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure. Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 […]
Spotify
Apple Podcast
Google Podcast