Simplifying Cyber

Hosted by Aaron Pritz, Cody Rivers

Business TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

Jun 2026

Language

EN-US

About the show

This show features an interactive discussion, expert hosts, and guests focused on solving cyber security and privacy challenges in innovative and creative ways. Our goal is for our audience to learn and discover real, tangible, usable ideas that don't require a huge budget to accomplish. Shows like “How It’s Made” have become popular because they explain complicated or largely unknown things in easy terms. This show brings the human element to cyber security and privacy.

Listen to episodes

54 recent

June 15, 2026Episode 1822 min

The Vulnerability Playbook

Send us Fan MailA vulnerability backlog can look like a crisis, but sometimes the real crisis is that you’re staring at the wrong picture. We’re joined by Dave Sims, most recently Staff VP at Elevance Health and a longtime technology leader, to talk through vulnerability risk management in plain terms and why “more findings” doesn’t automatically mean “more security.” We get specific about the difference between vulnerability management and patch management, and how confusion between the two creates low-trust handoffs, endless ticket churn, and slow remediation.We also dig into the messy reality of asset inventory. CMDB data goes stale, cloud resources appear and disappear, and scanners can produce a better “what’s out there” view without telling you why it matters. Dave explains how metadata tagging and business context turn raw vulnerability data into risk-based prioritization: knowing who owns a system, what it does, why the business depends on it, and which weaknesses truly expose critical services. Along the way, he shares a story of cutting through years of miscommunication with a single no-blame conversation that unlocked progress fast.If you’re a CISO, security leader, architect, or practitioner trying to make VRM work at enterprise scale, this is a practical framework: outside-in black box assessment, inside-out discipline, and a people-first approach that values training, process, and continuous improvement over shiny tools. Subscribe, share this with a teammate who owns patching or VRM, and leave a review if it helps. What’s the biggest thing keeping your vulnerability program from being truly risk-based?🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

June 8, 2026Episode 1723 min

Spot That Vish!

Send us Fan MailA phone call from “IT security” used to be easier to dismiss when it sounded robotic or scripted. That’s not the world we’re in anymore. We built a voice agent fast, with no coding, and it can place outbound calls, sound convincingly human, and guide a conversation toward the exact kinds of details attackers love to collect. The scary part is not that social engineering exists, it’s that the hard-to-scale parts just became cheap, quick, and repeatable. We play a live vishing simulation on the show and then break it down like defenders: what the agent asked for, which answers were more sensitive than they felt in the moment, and how a simple URL prompt can turn a friendly call into a real compromise path. We also talk about why this threatens more than corporate users, especially older adults and anyone who trusts the “helpful support” pattern that scammers exploit. Then we get practical. We connect voice phishing back to the fundamentals of social engineering detection and lay out realistic steps: hang up and call back through the main line, verify through a second channel, and design business processes that assume the caller could be a bot. We also discuss how to run targeted vishing tests for roles like accounts payable, HR, and executive support, then use the data to focus training where it actually reduces risk. If you found this useful, subscribe for more plain-English cyber conversations, share this with someone who still trusts every inbound “IT” call, and leave a review with the best vishing defense your team uses. What’s the one verification rule you wish everyone followed?🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

May 19, 2026Episode 1844 min

The Evolution of Human Risk

Send us Fan MailYou can’t just “train harder” to mitigate human risk. We sit down with Ashley Rose, CEO and co-founder of Living Security, to unpack why classic security awareness training (SAT) often produces neat dashboards with flimsy outcomes, and what it takes to build a security culture that people actually engage with. Ashley shares her non-traditional path into cybersecurity, how marketing principles map nicely to behavior change, and why the security team has to become approachable if we want employees to ask questions, report issues, and stop working around controls. We trace Living Security’s early days running security escape rooms, then zoom out to the bigger shift: human risk management (HRM) as a true risk management function. That means moving beyond completion rates and phishing simulations to quantify likelihood and impact using real signals across behavior, threat, and identity. We get specific about what that looks like in practice: endpoint compliance, MFA adoption, password hygiene, dark web credential exposure, privilege levels, and blast radius. The payoff is prioritization and focus, including the uncomfortable reality that a small percentage of users can drive a majority of measurable risk. We also dig into the hard parts that make or break programs: integrating data in messy enterprises, avoiding noisy alert floods, and operationalizing outcomes through automation and adaptive controls. One of the most practical takeaways is simple but sharp: make the secure path the easiest one to follow. When people repeat risky actions, it often signals friction and broken business processes, not “bad users.” We close by looking ahead to a hybrid workforce where humans and AI agents share access, shifting the workforce attack surface again. If you’re a CISO, security leader, or practitioner trying to prove ROI, reduce phishing and insider risk, and modernize security awareness into measurable human risk management, hit play. Subscribe, share with a teammate, and leave a review, then tell us: what’s the most broken workflow in your organization that security should fix first?🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

May 6, 2026Episode 1643 min

From NIL Dollars to Data: New High Stakes in College Sports

Send us Fan MailWhat happens when college athletes suddenly become brands… and targets?In this episode of Simplifying Cyber, we sit down with sports law expert Matt Banker to unpack the fast-moving world of NIL (Name, Image, and Likeness) and the cybersecurity risks hiding beneath the surface.From hacked athlete data and fake endorsement deals to deepfakes, shady agents, and social engineering scams, we explore how money in college sports is creating a whole new attack surface. 💸We also dig into: Real-world cases of data breaches in college athletics How third-party tools and “shadow tech” are quietly increasing risk The role of parents, athletes, and schools in preventing fraud Why NIL deals are as much about contracts and compliance as they are about cyber awareness Whether you’re in cybersecurity, college athletics, or just curious how AI and money are reshaping sports, this episode connects the dots in a way you won’t hear anywhere else.🎧 Listen now and learn how to stay one step ahead—on and off the field.🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

April 28, 2026Episode 1528 min

Cyber Insurance, Unfiltered

Send us Fan MailThe fastest way to turn a cyber incident into a business disaster isn’t ransomware, it’s confusion. We sit down with Violet Sullivan, AVP and Cyber Solutions Team Lead at Crum & Forster, who has worked across cyber law, breach notification, digital forensics and incident response, and now cyber insurance. That vantage point lets her translate what each group needs when pressure is high and everyone is speaking a different language.We get practical about the moments that create real-world chaos: overlapping roles like “breach coach,” acronyms that make leaders freeze, and the dangerous assumption that someone else already handled comms or law enforcement outreach. Violet breaks down a cleaner way to run the response by focusing on function: legal help, technical help, and operational help. We also talk about why crisis communications deserves a seat at the table early, how PR teams organize messaging by audience, and how to avoid the cleanup phase that happens when people speak too soon.Then we zoom out to the contract that quietly shapes the whole response: cyber insurance. Violet explains why insurance is not “admitting defeat,” but a risk transfer mechanism that can fund response vendors and influence decisions when you cannot afford mistakes. We also tackle emerging AI risks, including more believable social engineering and the legal concern that sharing privileged legal advice with AI tools may put attorney-client privilege at risk.If you want clearer incident response planning, better tabletop exercises, and fewer “who has the ball?” moments, hit play. Subscribe, share this with your security or legal team, and leave a review with the one part of your response plan you want to simplify next.🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

April 16, 2026Episode 1543 min

Shame, Spinach, and the Human Side of Cybercrime

Send us Fan MailWhen a romance fraud expert, bestselling author, and professional scam-troll meets two cybersecurity pros obsessed with deepfakes and social engineering, you get one of the most eye‑opening – and strangely funny – episodes we’ve ever recorded. In this episode of Simplifying Cyber, British author Becky Holmes (aka “Death to Spinach” and author of Keanu Reeves Is Not In Love With You) joins Aaron Pritz and Cody Rivers to unpack the murky world of online romance fraud, celebrity imposters, and how emerging AI and deepfake tech are supercharging social engineering. We cover: How Becky accidentally fell into the world of romance scams during lockdown by trolling “handsome soldiers” in her DMs Why smart, successful, emotionally stable people still fall for romance fraud — and why the “it could never be me” mindset is so dangerous The brutal impact of victim blaming and victim shaming in romance scams, and how media narratives make reporting even harder What really happens behind celebrity scams (including fake Keanu Reeves, “meet and greet” offers, and wild opening lines from fraudsters) How scammers use emotional hot states, urgency, fear, and love to bypass even strong rational defensesWhy shame is one of the most powerful tools in a scammer’s arsenal — in both personal and corporate cyber attacks The parallels between romance fraud and corporate phishing, smishing, and business email compromise (BEC) How security teams often “tech-splain” and bury the message in jargon normal people will never read Why user awareness, empathy, and culture are just as critical as firewalls and MFA Then it gets real. Aaron and Cody put Becky in the middle of a live deepfake and AI demo using publicly available tools — starting with a fake kidnapping video, escalating into nightmare spinach scenarios (she really hates spinach), and ending in her “dream” deepfake wedding. Along the way, they show how shockingly easy it is to: Deepfake a real person from a single photo Clone a voice with just a few seconds of audioCreate emotionally manipulative video pleas that could fool friends, parents, or grandparents. 🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

March 24, 2026Episode 1627 min

From Audit to the CISO Seat

Send us Fan MailA contract clause can change your entire security roadmap overnight, and in healthcare the stakes are higher than most industries want to admit. We sit down with Brian Waltz, longtime healthcare technology leader and former CISO at Cardinal Health, to unpack how cyber risk becomes business risk the moment patient care, diagnostics, or critical operations get disrupted.We start with Brian’s path from audit to executive security leadership and why an auditor’s skepticism can be a superpower when it’s paired with empathy and clear communication. From there, we dig into governance, risk, and compliance as more than a rearview mirror. Brian shares how he gets leaders to define what a “bad day” looks like, then ties technical threats to financial impact, operational impact, and regulatory exposure so decisions don’t stall in jargon.Subscribe for more, share this with a security leader or business partner, and leave a review with your biggest takeaway.🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

March 9, 2026Episode 1426 min

Vibe Coding vs. the CISO

Send us Fan MailWhat happens when a cybersecurity CEO spends 10 hours vibe coding a fully functional SaaS app…using company IP?He crashes a meeting to find out.In this special edition of Simplifying Cyber, Reveal Risk CEO Aaron Pritz gatecrashes a scheduled session with Chris Adickes, Todd Wilkinson, and Michael Milroy to demo a third-party risk management platform he built using AI tools like Claude Code.The twist? He did it the same way many executives and employees are doing it right now — fast, iterative, and dangerously close to sensitive data.The team dives into the real question companies are facing:How do you enable innovation without undermining your cybersecurity posture?They unpack:Why blocking AI tools outright doesn’t work (remember Dropbox?)The identity and credential risks most teams aren’t thinking aboutWhat “reasonable controls” actually look like in the age of vibe codingWhy security teams need to support experimentation — not just police itAnd how life (and AI) will “find a way” whether you’re ready or notIf your CEO is experimenting with AI… or your finance team just connected a database to a chatbot… this episode is your playbook for getting ahead of the freight train.Innovation is fun. FOMO is real. Risk is optional — if you’re intentional.Listen in and learn how to keep vibe coding from becoming breach coding.🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

March 2, 2026Episode 1330 min

Cybersecurity as Patient Care with Nick Sturgeon

Send us Fan MailThis week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Nick Sturgeon — CISO at Community Health Network, Speedway Town Councilor, and current Ph.D. candidate at Purdue University — for a conversation about the challenges of securing systems that no longer stay within four walls. When healthcare happens almost everywhere, how do you keep patients, caregivers, and data secure? Nick shares how his IT background landed him a role in law enforcement, he walks through some of the unique challenges cybersecurity practitioners face in healthcare today, then touches on what politics taught him about understanding people's motivations in the workplace. 🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

December 17, 2025Episode 1244 min

AI & Cybersecurity: Balancing Risk & Innovation

Send us Fan MailThis week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Jax Scott — combat veteran, podcast host (Two Cyber Chicks), and VP of Cybersecurity at Pearson — for a conversation that’s equal parts leadership, risk reality, and “why is everyone still confused about BISOs?”Jax shares her unconventional path into cybersecurity (perfume sales → special operations → NATO cyber strategy → Mandiant → Capital One → consulting → Pearson), then breaks down what BISOs/CISOs do when done right:The “single point of contact” that connects business teams to security outcomesWhy risk management is the glueWhy the best security leaders aren’t always the most technical (and how technical instincts can backfire)Then we go headfirst into the AI debate:Where automation helps most in compliance (evidence collection, mapping, reducing manual slog)Where humans stay essential (judgment calls, accountability, trust-building)The uncomfortable truth: if we outsource all thinking to AI, we may literally get worse at thinkingWe wrap with practical guidance on:Handling volatile regulatory changes (like DR/IR requirements) with flexible plans + frequent testingThe reality of CMMC: why it’s not “new,” why enforcement matters, and why last-minute scrambles burn everyone outHow to lead teams through chaos with transparency, empathy, and real talkAnd finally: Jax drops a fun fact that honestly explains a lot about her calm energy.Listen now wherever you get your podcasts.Key topics coveredWhat a BISO/VISO is (and how to explain it to non-security leaders)Critical thinking + EQ as security superpowersAI in compliance/GRC: automate the boring, keep the human judgmentIR/DR planning for shifting rules and requirementsCMMC realities for the defense industrial baseLeadership during change fatigue🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Business podcasts

SowGrow Marketing Council

sgmc

BusinessMarketing

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting