Breaches & Brews

Hosted by Rivial Data Security

BusinessInterviews guests

Website RSS feed

Episodes

Latest episode

May 2026

Language

EN-US

About the show

The Rivial Data Security team discusses all things cybersecurity while enjoying their favorite brews. We keep it fun and laidback with special guests, personal stories, and some great advice for anyone managing a cybersecurity program.

Listen to episodes

30 recent

May 28, 202652 min

Building AI Governance from Scratch: NIST AI RMF, Shadow AI, and Board Reporting

78% of organizations now use AI in at least one business function, but most haven't gone beyond putting a basic AI policy in place. In this workshop, Rivial Data Security founder Randy Lindberg and senior consultant Molly Ford walk through a practical approach to AI governance using the NIST AI Risk Management Framework. Topics include why AI risk belongs inside your existing cyber risk program instead of a separate silo, the eight elements you need to properly measure AI risk, how to catalog AI systems when tools like Copilot and Gemini are already embedded in your environment, how to combat shadow AI through smarter procurement and change management, reporting AI risk to the board using quantitative framing instead of heat maps, and the key differences between the NIST AI RMF and the Financial Services AI RMF. Whether you're just getting started or looking to mature your program, this session gives you a realistic first step.

May 13, 202653 min

Two NCUA Cybersecurity Examiners Tell Us What They're Looking For in 2026

We sat down with two NCUA Regional Information Security Officers to ask them point blank: what are you finding in exams, what do you want credit unions to fix, and what does "good" actually look like?Charles has been with the NCUA for 27 years. Murray left the agency, worked at a credit union, and came back. Between them, they've examined institutions from $50 million to $13 billion in assets. They don't hold back.In this episode, they walk through the most common deficiencies from 2025 exams (access controls, MFA gaps, vendor incident response), explain why expressing cyber risk in dollar terms is the single most important thing you can do for your board, and share what they're actually looking for on AI governance right now - even though the NCUA itself is still catching up.If you're prepping for an exam, presenting to your board, or trying to figure out what to do about AI, this is the episode.Resources we mentioned: 📘 How to Measure Anything in Cybersecurity Risk - Douglas Hubbard & Richard Seiersen 📊 Free Cyber Risk Assessment - rivialsecurity.com/cyber-risk-assessment 📄 AI Risk Management Whitepaper - rivialsecurity.com/resources 📋 AI Governance Assessment (NIST AI RMF) - rivialsecurity.com/resources 👥 Private Community for CU & Bank Leaders - rivialsecurity.com/community🔗 rivialsecurity.com 📅 Book time with our team: rivialsecurity.com/contact-us#NCUA #CreditUnion #CyberRisk #CreditUnionPodcast #AIGovernance #RiskManagement #BoardReporting

April 9, 202650 min

Navigating AI and Security: Strategies for Credit Unions in a Shifting Threat Landscape

In this insightful panel discussion, host Taylor Wells is joined by cybersecurity and IT leaders Will Reed and Kevin, representing billion-dollar credit unions from across the country. Together, they explore the pressing challenges and opportunities facing the financial sector, from the realities of AI adoption and evolving threat landscapes to the practicalities of building security teams, communicating cyber risk to boards, and staying audit-ready year-round. The conversation offers candid perspectives on managing digital transformation, preparing for NCUA exams, balancing member experience with security, and fostering a risk-aware culture—making this episode a must-listen for credit union professionals seeking actionable insights in an era of rapid technological change.

March 6, 202652 min

Mastering Third-Party Risk: Deep Dive into Vendor Cybersecurity Management

In this insightful episode, Lucas Hathaway, CRO @ Rivial Security takes listeners through the essential steps of maturing a third-party risk management program, with a special focus on cybersecurity reviews and vendor due diligence. Discover why regulators like the NCUA and FDIC are zeroing in on third-party risks and learn proven strategies for onboarding, classifying, and assessing vendors. Lucas Hathaway, CRO @ Rivial Security shares valuable stories from the field (including lessons learned from recent breaches), explains how to utilize questionnaires and SOC reports effectively, and offers practical tips for ongoing monitoring, incident response, and complementary user entity control (CUEC) testing. With actionable frameworks, relatable anecdotes, and free resources, this episode is a must-listen for financial institutions, security leaders, and anyone navigating the complexities of third-party vendor management.

February 17, 202617 min

Cyber Risk, NCUA Compliance, and Board Engagement: Insights from CU Intersect 2026

Join Jonathan Taylor, Shirley Sandwith, and guest Keaton Tanzer, Sales Manager at Rivial Security, as they broadcast from the CU Intersect 2026 conference in vibrant New Orleans. In this episode, we dive deep into the evolving world of data security and compliance for credit unions, from navigating regulatory scrutiny and examiner trends to adopting flexible frameworks for organizations of all sizes. Keaton shares practical strategies on cyber risk assessment, the importance of customizing compliance processes, and how to effectively communicate security initiatives to board members. Plus, discover how smaller credit unions can stay ahead without being overwhelmed and why fostering real conversations at the board level is critical for successful governance. Packed with actionable insights, this discussion is a must-listen for anyone in the credit union or financial institution space looking to innovate securely and keep their organization audit-ready. Featured Topics:- Recent regulatory shifts and examiner expectations - Cyber risk assessment tailored for every credit union - Best practices for board reporting and quantitative analysis - How to prepare for audits and leverage industry partnerships - Resources and support for credit unions of all sizesTune in for expert advice, industry stories, and a fresh perspective on cyber risk and compliance!

February 5, 202650 min

Reporting Cybersecurity to the Board: Metrics, Communication, and Culture Change

In this episode, hosts Taylor Wells and Lucas Hathaway, CRO @ Rivial Security are joined by Randy, founder and CEO of Rivial Security, to dive into the complexities of reporting cybersecurity to boards of directors—especially in banks and credit unions. The team discusses the importance of tailoring reports to non-technical board members, balancing regulatory and audit requirements with actionable insights, and fostering board engagement through meaningful metrics (including the shift toward quantitative, dollar-based cyber risk reporting).Listeners will hear practical advice on the length and frequency of board reports, how to train and guide boards to ask the right questions, and strategies for transitioning organizations from vague, high-medium-low risk reports to data-driven conversations about business impact and ROI. The episode answers real audience questions and shares insights from hundreds of board meetings, revealing common pitfalls and proven techniques for building trust, securing resources, and moving cybersecurity conversations beyond technical jargon into true resilience planning.Perfect for CISOs, risk leaders, and anyone responsible for cybersecurity board reporting, this episode delivers actionable takeaways, relatable stories, and expert guidance to help you elevate your next board presentation.

January 8, 202658 min

Navigating 2026: Exam Readiness, AI Risk, and Vendor Strategy for Financial Institutions

In this insightful panel episode, host Keaton Tanzer & Lucas Hathaway at Rivial Security are joined by Darrin Moorer, Senior VP and Information Security Officer at NBKC Bank, and Mike Sloan, Associate VP and ISO at the University of Kentucky Federal Credit Union, for a practical, forward-looking discussion on information security and compliance in financial institutions.Together, they unpack the most surprising and common regulator findings from 2025, discuss smooth exam experiences, and highlight the importance of continuous compliance. The conversation moves to strategies for staying "exam ready" in 2026, emphasizing documentation, ongoing evidence collection, and establishing cross-departmental ownership of risk.AI emerges as both a tool and a threat, prompting conversations around acceptable use policies, risk frameworks, custom training, and incident responses for AI-related scenarios. The panel explores how financial institutions are cautiously rolling out AI, tracking usage, and planning governance committees, while also diving into the complexities surrounding vendor and fourth-party risk assessments.The episode wraps up with budget season advice for 2026, prioritizing measurable risk reduction, the maturation and optimization of security programs, and board-level communication strategies that translate technical achievements into business impact.This episode offers actionable insights, practical tips, and real-world examples for security leaders, managers, and board members in the banking and credit union space as they navigate evolving expectations, technologies, and threats.

November 5, 202443 min

NIST CSF 2.0 Insight for Financial Institutions

Join our insightful webinar as we dive into the latest updates of NIST CSF 2.0. Gain a comprehensive understanding of its governance frameworks and discover key takeaways crucial for financial institutions. Topics we’ll cover include:Cybersecurity Defense Matrix: Explore strategic cybersecurity defense approaches, encompassing both proactive measures (Left of Boom) and reactive responses (Right of Boom).Changes to NIST CSF 2.0: Understand the revisions, additions, and enhancements, and learn how to leverage them to fortify your organization's cybersecurity posture.Introduction of Governance: Gain a foundational understanding of the governance framework and learn about the key components to effectively align cybersecurity strategies with business objectives.

November 5, 20241 hr 0 min

Cybersecurity in 2024: Predictions from Security Leaders

Tailored for security leaders, our on-demand webinar covers key topics that include:Top Priorities In Maintaining Compliance: Addressing compliance challenges in the ever-evolving cybersecurity landscapeEvolving With AI: How industry leaders are leveraging AI to enhance their security measures.Adapting To New Risk Factors: How to adapt cybersecurity strategies to counter new risks.Best Practices For Cybersecurity: New Strategies to protect your critical systems and data.Learn how your peers are tackling current cybersecurity challenges today!

November 5, 20241 hr 0 min

NCUA PANEL: INFOSEC & CYBERSECURITY IN 2024

Ensure your credit union is compliant & secure in 2024. Hear from a panel of NCUA auditors about infosec & cybersecurity best practices for your credit union.