"Legal and Regulatory" is a common receptor category in most enterprise risk matrices but with any luck most organizations have limited direct experience with cyber litigation matters. This episode jumps right into the deep end with one of Canada's preeminent cyber lawyers, Brent Arnold. Business law has evolved over hundreds of years, cybersecurity precedents began to appear on the legal landscape in the late 1980s and AI is the new kid on the block, barely out of diapers.

While this episode can not be considered legal advice the chance to listen in on the ideas and opinions of from someone on the frontlines of this emerging risk vector should not be missed.

Cyber crime is now a daily fact of life and a significant concern in both the private and public sectors but our response capabilities do not seem to be keeping up. This episode dives deep into one organization that is combatting this problem with a combination of academic research, industry expertise and hands-on training with the founder and CEO, Herbert Fensury.

While cyber security is a global problem, economics and politics dictate different solution requirements. The Canadian Cyber Assessment, Training and Experimentation (CATE) Centre is both cutting edge and focused on Canadian cyber resilience at both a regional and national level.

20 years after their paths first crossed, three Canadian security professionals regroup to discuss a new risk management strategy book based on hard won field experience. Patrick Hayes was a security strategist before organizations knew this was success differentiator. For decades he has been guiding organizations large and small, public, private and government on balancing business objectives with security. Mr. Haye's new book "Integrated Assurance: Unified Risk Strategy" is destined to become a reference for others tasked with supporting enterprise security and he has recently added a Substack series on the emerging threats of AI, again from the focus of an adversary intent on mission interruption.

Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late December and early January. Eight or nine months later, how accurate where they? Take a listen, there are a couple surprises.

The conversation uncovers a few ongoing challenges with the cyber security industry, from the digital divide associated with aging to organizational shifts away from engineering principles.

A book by security pioneer Bruce Schneier is mentioned late in the show and Doug managed to mangle the title twice, but did read, and does recommend the book.

The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Forever unscripted, Tim and Doug wind up reflecting on the growing gap between physical and virtual information systems.

While it is easy to lament, from a cognitive perspective there is little hope, the BSides movement, alive and well in Western Canada, is helping address that. It is almost inevitable that security and risk conversations involving society veer into AI, but get back on track with ESRM.

Stay tuned for the predictions portion in part 2.

Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the three people responsible for promoting ESRM in the early days of it's reintroduction through ASIS.

John Petruzzi is now the CEO of Unlimited Technology and leading them toward an expanded influence in the enterprise security industry, sharing insights for what works with fortune 250 organizations, government and even local school boards. As the title implies, resilience is the discipline most organizations need to improve upon, and Mr. Petruzzi's personal and professional opinions on this gap may surprise some.

The threat landscape is changing at a pace and breadth few could have predicted, those that navigate it well will prosper.

The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partner and Head of Strategic Advisory at 2Secure, one of Europe's leading risk management consulting firms, as well as the host of the International Risk Podcast.

Political tensions are higher than they have been for years and there is seldom a month that goes by without a technical disruption that affects numerous businesses and services due to the interconnected nature of our modern world.

Despite the serious topics covered, Dominic Bowen offers some practical solutions based on experience in the business world , the higher stakes of military service and humanitarian relief offering an unexpected, potentially positive outcome. I.E., accepting the tempo of constant crisis and becoming and effective manager of those risks can actually accelerate success.

A while back we were fortunate enough to spend time with Jack Freund, coauthor and thought leader responsible for bring the FAIR methodology and practice into the main stream. A bonus from that original recording is now an espresso shot discussing how to fast track an assessment when the threat vectors are numerous.

While the metaphor Jack used is somewhat unexpected it's both memorable and an excellent approach to dealing with an entire class of attacks in a single assessment. A pro tip from one of the original practitioners of the FAIR methodology well worth a listen.