Caffeinated Risk

Hosted by McCreight & Leece

Business Technology NewsInterviews guests

Website RSS feed

Episodes

Latest episode

May 2026

Language

EN-US

About the show

The monthly podcast for security professionals, by security professionals.Two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and forward looking discussions with guests working in information security and risk management.

Listen to episodes

57 recent

May 7, 2026Episode 332 min

Risk Management - Enabling the pursuit of excellence with Joe Olivarez

Visiting the Jacobs Engineering website you'll undoubtedly encounter the phrase "challenging today", an acknowledgement that the world is much more complex than ever before. While "it ain't like it used to be" can be said of any risk manager's portfolio, Joe Olivarez became the first global security leader in Jacobs history more than a dozen years ago. How much has changed in the last 3 years, let alone 13. Currently the Vice President, Operational Center of Excellence for Jacobs, Joe shares a candid discussion on how risk management has changed both wholistically as a profession and more specifically with large infrastructure projects. In addition to executive leadership for a world renowned organization, Mr. Olivarez is the most recent past president of ASIS , joining the show's own ASIS past president discussing ESRM roots.

March 12, 2026Episode 234 min

Risk conversations; Awkward, Unpopular and Essential - with Joshua Copeland

Joshua Copeland's cyber security moniker is "The Unpopular Opinion Guy", while most of us in security roles have been that person with an unpopular opinion at least a time or two, Copeland turned it into both a book and a bit of a movement through numerous posts on Linkedin about many of the challenges in our industry.That said, this is not a mud slinging episode, Joshua had numerous, pragmatic examples of both the problem space and ways to address them. There are a lot of misconceptions about cyber security but there are also a wide array of real world impacts in our daily lives making this a very difficult area to master. Mr. Copeland has some of the unlock codes, making for another compelling episode.

January 22, 2026Episode 133 min

Cyber Security, the legal perspective with Brent Arnold

"Legal and Regulatory" is a common receptor category in most enterprise risk matrices but with any luck most organizations have limited direct experience with cyber litigation matters. This episode jumps right into the deep end with one of Canada's preeminent cyber lawyers, Brent Arnold. Business law has evolved over hundreds of years, cybersecurity precedents began to appear on the legal landscape in the late 1980s and AI is the new kid on the block, barely out of diapers. While this episode can not be considered legal advice the chance to listen in on the ideas and opinions of from someone on the frontlines of this emerging risk vector should not be missed.

December 4, 2025Episode 1030 min

Cyber Resilience, a National Solution with Herbert Fensury

Cyber crime is now a daily fact of life and a significant concern in both the private and public sectors but our response capabilities do not seem to be keeping up. This episode dives deep into one organization that is combatting this problem with a combination of academic research, industry expertise and hands-on training with the founder and CEO, Herbert Fensury. While cyber security is a global problem, economics and politics dictate different solution requirements. The Canadian Cyber Assessment, Training and Experimentation (CATE) Centre is both cutting edge and focused on Canadian cyber resilience at both a regional and national level.

October 23, 2025Episode 934 min

Integrated Assurance with Patrick Hayes

20 years after their paths first crossed, three Canadian security professionals regroup to discuss a new risk management strategy book based on hard won field experience. Patrick Hayes was a security strategist before organizations knew this was success differentiator. For decades he has been guiding organizations large and small, public, private and government on balancing business objectives with security. Mr. Haye's new book "Integrated Assurance: Unified Risk Strategy" is destined to become a reference for others tasked with supporting enterprise security and he has recently added a Substack series on the emerging threats of AI, again from the focus of an adversary intent on mission interruption.

September 11, 2025Episode 827 min

The Summer Show - 2025, (pt 2)

Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late December and early January. Eight or nine months later, how accurate where they? Take a listen, there are a couple surprises.The conversation uncovers a few ongoing challenges with the cyber security industry, from the digital divide associated with aging to organizational shifts away from engineering principles. A book by security pioneer Bruce Schneier is mentioned late in the show and Doug managed to mangle the title twice, but did read, and does recommend the book.

August 28, 2025Episode 726 min

The Summer Show - 2025, (pt 1)

The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Forever unscripted, Tim and Doug wind up reflecting on the growing gap between physical and virtual information systems. While it is easy to lament, from a cognitive perspective there is little hope, the BSides movement, alive and well in Western Canada, is helping address that. It is almost inevitable that security and risk conversations involving society veer into AI, but get back on track with ESRM. Stay tuned for the predictions portion in part 2.

July 31, 2025Episode 635 min

ESRM roots, revelations & resilience with John Petruzzi

Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the three people responsible for promoting ESRM in the early days of it's reintroduction through ASIS. John Petruzzi is now the CEO of Unlimited Technology and leading them toward an expanded influence in the enterprise security industry, sharing insights for what works with fortune 250 organizations, government and even local school boards. As the title implies, resilience is the discipline most organizations need to improve upon, and Mr. Petruzzi's personal and professional opinions on this gap may surprise some. The threat landscape is changing at a pace and breadth few could have predicted, those that navigate it well will prosper.

June 19, 2025Episode 535 min

Global Risk Management as Strategic Advantage with Dominic Bowen

The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partner and Head of Strategic Advisory at 2Secure, one of Europe's leading risk management consulting firms, as well as the host of the International Risk Podcast. Political tensions are higher than they have been for years and there is seldom a month that goes by without a technical disruption that affects numerous businesses and services due to the interconnected nature of our modern world. Despite the serious topics covered, Dominic Bowen offers some practical solutions based on experience in the business world , the higher stakes of military service and humanitarian relief offering an unexpected, potentially positive outcome. I.E., accepting the tempo of constant crisis and becoming and effective manager of those risks can actually accelerate success.

April 24, 2025Episode 48 min

Simplifying risk analysis using FAIR and Wiley Coyote with Jack Freund

A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and practice into the main stream. A bonus from that original recording is now an espresso shot discussing how to fast track an assessment when the threat vectors are numerous. While the metaphor Jack used is somewhat unexpected it's both memorable and an excellent approach to dealing with an entire class of attacks in a single assessment. A pro tip from one of the original practitioners of the FAIR methodology well worth a listen.

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Business podcasts

SowGrow Marketing Council

sgmc

BusinessMarketing

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting