Cybersecurity Risk

Hosted by Dr. Bill Souza

Technology Business Management EducationInterviews guests

Website RSS feed

Episodes

108

Latest episode

Aug 2025

Language

About the show

Feeling overwhelmed by cyber risk? You're not alone. In today's digital world, cyber threats are a complex issue and a strategic opportunity to strengthen your organization's resilience. This podcast dives deep into the world of cyber governance and risk management . We'll have open conversations with experts to help you take your organization's cybersecurity posture from "as-is" to the next level. Here's what you'll learn: Program and control assessments: Identify weaknesses in your current defenses. Risk identification and mitigation: Proactively address threats before they strike. Building a risk register: Track and prioritize your organization's vulnerabilities. Crafting effective mitigation plans: Develop strategies to minimize cyber risk. And much more! Join us and learn how to navigate the ever-evolving cyber landscape with confidence.

Listen to episodes

60 recent

August 29, 2025Episode 10811 min

Seize Control: How CTEM Can Fortify Your Organization’s Defense

Send us Fan MailIn this episode, I will dive into Continuous Threat Exposure Management (CTEM) and how it revolutionizes vulnerability prioritization. I discuss the essential steps—scoping, discovery, prioritization, validation, and mobilization—required for effective risk management. Learn how to align your security efforts with mission-based goals and leverage CTEM to protect your organization's critical assets. Gain insights into overcoming implementation challenges and the necessity of integrating various security tools while maintaining strategic oversight.00:00 Introduction and Viewer Question00:37 Understanding Risk Reduction Beyond Tools02:54 The Importance of Prioritization03:05 Five Steps to Effective Risk Management06:06 Challenges and Considerations in CTEM Implementation07:39 The Human Element in Risk Management09:12 Conclusion and Final ThoughtsDo you want to succeed in your next Cybersecurity Risk Assessment?Here is a quick start guide: https://www.execcybered.com/ECE/3-step-framework-sp/3-step-framework/

August 19, 2025Episode 1075 min

The Unexpected Role of Impact in Cybersecurity Risk – A Must Know!

Send us Fan MailUnderstanding Impact Assessment in Cybersecurity: A Deep DiveIn this video, I tackle the questions: Does impact assessment exist in cybersecurity, and how is it conducted? I break down the fundamental formula of cybersecurity risk, which includes threat, vulnerability, and impact. The different types of impact—financial, reputational, and operational—and how to classify them. Discover the importance of context in impact analysis across device-level, application-level, and organizational-level ecosystems.00:00 Introduction and Viewer Questions00:08 Understanding Impact Assessment in Cybersecurity00:33 Breaking Down the Impact Formula01:10 Contextualizing Impact in Cybersecurity01:54 Layers of Impact Analysis03:32 Operational, Financial, and Reputational Impact05:12 Standalone vs. Integrated Impact Assessment05:37 Conclusion and Final ThoughtsCyber Risk Assessment - 3-Step Framework: https://www.execcybered.com/ECE/3-step-framework-sp/3-step-framework/

July 31, 2025Episode 1068 min

Missed Vulnerabilities: How to Fix and Prevent Them in Future Assessments

Send us Fan MailIt's a common, yet unsettling, scenario in cybersecurity risk assessment: discovering a crucial component was overlooked after an assessment is complete. The question often arises: "How do you handle missing risks in a risk assessment? What can you do in the situation, and how can you prevent this from happening again?"Let's unpack this compound query, focusing on mission-based cyber risk management and practical prevention strategies.Dr. B.

July 25, 2025Episode 1058 min

Navigating the Human Element in Cybersecurity Risk Assessment

Send us Fan MailAs cybersecurity professionals, we often dive deep into the intricacies of networks, code, and vulnerabilities. We assume that identifying assets, scanning for weaknesses, and generating reports are the core of cybersecurity risk assessment. But if you've ever spent a day in a corporate environment, you know the biggest challenge isn't the technology; it's the people.Today, let's explore two critical points: how we got here and, more importantly, how we get out of it.Dr. B.

July 14, 2025Episode 1046 min

Mastering Cyber Asset Sampling: Optimize Your Assessment Process

Send us Fan MailCyber Asset Assessment: Understanding the Importance of SamplingIn this episode, I dive into the crucial step of sampling in cyber asset assessment. Learn why sampling is essential, especially when dealing with large environments and limited resources. Discover the various types of sampling methods, including probability and non-probability sampling, and understand how to statistically correlate your sample size to the total population of your cyber assets. Perfect for anyone looking to efficiently and effectively assess their organization's cyber assets.00:00 Introduction to Cyber Asset Assessment00:26 Understanding Sampling in Large Environments01:23 Statistical Ties and Inference in Sampling02:30 Why Sampling is Essential03:12 Types of Sampling Methods04:25 Implementing Non-Probability Sampling05:32 Final Thoughts on Sampling

July 7, 2025Episode 1033 min

Unlocking the True Goal of Security: What You're Really Protecting

Send us Fan MailIn this episode, I dive into the essential first steps for a successful cybersecurity risk assessment. Unlike traditional methods, we emphasize the importance of aligning cyber protection with corporate objectives and mission-critical assets. Learn why it's crucial to go beyond regulatory requirements and how to accurately identify and cross-check your assets, from application servers to firewalls. Stay tuned for upcoming videos where we break down the comprehensive process for a cyber assessment in organizations of any size.00:00 Introduction: Protecting Property vs. Cybersecurity00:27 Misconceptions in Cybersecurity01:21 Regulatory vs. Non-Regulatory Importance02:13 Identifying Critical Assets02:31 Steps for Cybersecurity Risk Assessment02:54 Validating and Cross-Checking Assets03:34 Conclusion and Upcoming Videos

June 26, 2025Episode 1027 min

Aggregate Risk Demystified: The Formula Every Business Needs

Send us Fan MailHow to Aggregate Vulnerability Risks Efficiently for Your IT EnvironmentIn this episode, we'll explore the comprehensive approach to scanning and evaluating the entire ecosystem of your application, including databases, firewalls, and routers. Discover a simple yet effective formula to aggregate the risks from hundreds of vulnerabilities and learn how to categorize these risks to support your corporate objectives and mission. This technique is especially useful for small to midsize companies without automated tools. Gain insights into the subjectivity and adjustments needed to fine-tune the risk levels applicable to your organization's risk appetite. Stay tuned for essential tips on incorporating vulnerability, aging, and external exposure into your risk assessment framework.00:00 Introduction to Environment Scanning00:55 Challenges in Vulnerability Management01:54 Formula for Aggregating Risk03:28 Adjusting Risk Based on Vulnerability06:38 Final Thoughts and Next Steps

June 12, 2025Episode 10113 min

Unpacking Trump’s Cybersecurity Orders: Key Updates and What They Mean for National Security

Send us Fan MailPresident Trump Amends Cybersecurity Executive Orders: Key Impacts and AnalysisIn this episode, we delve into President Trump's recent amendments to Executive Orders 13694 and 14144, primarily focusing on enhancing national cybersecurity. We outline six key areas of impact, including specific threat identification, secure software development, post-quantum cryptography preparations, AI in cyber defense, modernizing federal systems, and defining scope in sanctions and applications. These proactive measures aim to strengthen the U.S. cybersecurity posture against foreign threats. Join the discussion and share your thoughts on these crucial changes.00:00 Introduction to Cybersecurity Amendments00:55 Key Fact 1: Updated Policy and Threat Landscape02:21 Key Fact 2: Enhancing Secure Software Development04:30 Key Fact 3: Preparing for Post-Quantum Cryptography06:44 Key Fact 4: Promoting Security with AI08:59 Key Fact 5: Modernizing Federal Systems11:10 Key Fact 6: Scope of Applications and Sanctions13:08 Conclusion and Final Thoughts

June 6, 2025Episode 1003 min

Optimizing SIEM Storage Costs: Effective Logging Strategies

Send us Fan MailOptimizing SIEM Storage Costs: Effective Logging StrategiesIs storage really as cheap as people think? This episode delves into the true cost of storage in the context of Security Information and Event Management (SIEM) systems. We explore traditional logging practices and their impact on storage, especially with the rise of cloud computing and hybrid environments. The key focus is on identifying critical applications and underlying architectures to optimize logging processes, thus controlling operational costs without compromising security. Learn about the importance of strategic log triage and maintaining an efficient security posture in a complex IT landscape.00:00 Introduction: Is Storage Really Cheap?00:20 Understanding SIEM and Log Management01:08 Strategies for Managing Operational Costs01:46 Critical vs. Less Critical Systems02:30 The Importance of a Triage Process03:06 Conclusion: Balancing Cost and Security

June 2, 2025Episode 997 min

One Insight from 1978 Could Change Your Cybersecurity Strategy

Send us Fan MailThe Importance of Managerial Controls in Cybersecurity: Insights from 1978In this episode of Doctor's Advice, Dr. B discusses the critical idea presented by Steward Madnick in 1978, emphasizing that computer security can't rely solely on technical measures. Dr. B explains how operational computer security requires managerial controls, such as policies, standards, and procedures. The conversation highlights the importance of prioritizing the protection of systems that align with corporate objectives and customer service rather than randomly patching vulnerabilities. Dr. B urges examining internal processes and adapting strategies to focus on mission-based cybersecurity, especially in today's environment where deploying numerous systems and services through cloud computing has become remarkably easy.00:00 Introduction to Computer Security00:32 Madnick's 1978 Insight on Managerial Controls01:27 The Importance of Prioritizing Vulnerabilities03:28 Mission-Based Cybersecurity03:37 Challenges in Modern Cybersecurity04:29 The Need for Strategic Cybersecurity04:53 Criticality of Production Systems05:33 Reflecting on 1978 Principles in 202506:23 Final Thoughts and Call to Action07:25 Conclusion and Subscription ReminderDr. B.

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Technology podcasts

SowGrow Marketing Council

sgmc

BusinessMarketing

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting