PRIME MEMBER EXCLUSIVE | 3 Months Free Trial

Auto-renews at INR 199/mo after 3 months. Cancel anytime. Offer ends 15 July, 2026.
The Cybersecurity Readiness Podcast Series cover art

The Cybersecurity Readiness Podcast Series

The Cybersecurity Readiness Podcast Series

Written by: Dr. Dave Chatterjee
Listen for free

The Cybersecurity Readiness Podcast Series provides a reflective, thought-provoking, and jargon-free discussion on how to enhance the state of cybersecurity at an individual, organizational, and national level. As of September 2, 2024, the podcast series has produced over 70 episodes, been downloaded over 10K times, and has listeners in 105 countries. The podcast episodes are used in classrooms and for corporate training and serve as insight sources in research and publications. Host Dr. Dave Chatterjee converses with subject matter experts, business and technology leaders, trainers and educators, and members of user communities. He has been studying cybersecurity for over a decade. He has delivered talks, conducted webinars, consulted with companies, and served on a cybersecurity SWAT team with Chief Information Security Officers (CISOs). Dr. Chatterjee is a Visiting Professor at Duke University and has served as a tenured professor at The Terry College of Business at the University of Georgia. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Copyright 2026 Dr. Dave Chatterjee Careers Economics Leadership Management Management & Leadership Personal Success
Episodes
  • Episode 107 -- Compliant but Exposed: Rethinking GRC for Real Security
    Jun 24 2026
    In Episode 107 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Richa Kaul, Founder and Chief Executive Officer of Complyance and a former public sector technology policy leader, to address one of the most consequential misunderstandings in enterprise security governance: the assumption that compliance equals security.Opening with two recent and high-profile incidents — the May 2025 ransomware attack on Marks & Spencer, which halted online operations for weeks and generated estimated losses exceeding £300 million, and a concurrent third-party support provider compromise that exposed customer data across multiple platforms including Discord — Dr. Chatterjee establishes the episode’s central premise: organizations that invest heavily in GRC platforms, generate dashboards full of green indicators, and maintain formal compliance certifications can still be catastrophically breached. The gap between compliance and security is not theoretical. It is structural and where attackers operate.Kaul explains the root cause with precision. Traditional GRC tools were built to centralize data and automate workflow notifications — functions that reduce administrative burden but do not reduce risk. The result is a compliance theater dynamic in which organizations check boxes, pass periodic audits, and receive certifications that say little about their actual security posture. The Complyance platform is built on a different philosophy: compliance with standards should be a byproduct of genuinely good security practices, not the objective in its own right.The episode explores the architecture of intelligent GRC: continuous monitoring across all integrated sources of truth, agentic AI that automates evidence collection and remediation guidance, tiered third-party risk programs that apply scrutiny proportional to vendor criticality, and risk quantification frameworks that translate security signals into board-level governance decisions. Kaul is equally precise about what GRC platforms cannot do: they cannot substitute for operational security teams, and no platform — however sophisticated — can protect an organization whose leadership has not committed to genuine risk reduction as the governing objective.Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation reframes GRC from a compliance function into a governance discipline. The episode’s central message is neither technical nor vendor-specific: the organizations that will withstand the next breach are not those with the most compliance certifications — they are those that have claimed ownership of the problem, built the continuous processes to address it, and institutionalized the discipline to keep those processes operating after the audit is over.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-107-compliant-but-exposed-rethinking-grc-for-real-security/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.
    Show More Show Less
    41 mins
  • Episode 106 -- The Invisible Attack Surface: Zero Trust for SAP and ERP Environments
    Jun 10 2026
    In Episode 106 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Holger Hügel, Chief Technology Officer of SecurityBridge and a global authority on SAP cybersecurity with over 26 years of experience — to address a governance blind spot that exists inside the security perimeters of even the most mature enterprise organizations: the SAP environment.Opening with the August 2024 ransomware attack on Stoli Group USA — where attackers went straight for the company's SAP enterprise resource planning (ERP) system, disrupting financial operations and contributing directly to a bankruptcy filing within three months — Dr. Chatterjee frames the episode's central challenge: organizations can have zero trust architecture, network segmentation, and identity governance fully deployed across their IT landscape, and still be critically exposed, because most CISOs have never formally claimed accountability for SAP security, and most SAP teams do not think of themselves as part of the security function.Hügel explains the structural gap at the heart of this problem. SAP systems are simultaneously the most business-critical and the least security-governed assets in most large organizations. The C-suite depends on them for financial operations, payroll, procurement, and supply chain continuity, yet SAP teams and security teams speak different languages, operate under different budgets, and rarely collaborate. SAP departments typically define "security" as managing user authorizations and privileges — a narrow interpretation that leaves configuration drift, patch backlogs, and monitoring gaps entirely unaddressed.Analyzed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) framework, the conversation translates SAP cybersecurity from a technical niche into a governance imperative. The Medtronic case study demonstrates what good looks like: a CISO who crossed the organizational divide, sponsored SAP hardening from the cybersecurity budget, built a continuous patch management process, and created the governance structure that allowed the team to respond to an out-of-band vulnerability within hours rather than weeks.The episode's central message is neither technical nor abstract: the organizations that will survive the next ERP-targeted ransomware attack are not those with the most sophisticated tools — they are the ones that have claimed ownership of the problem, built the processes to address it continuously, and created the cross-functional governance structures that SAP and cybersecurity teams cannot build on their own.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-106-the-invisible-attack-surface-zero-trust-for-sap-and-erp-environments/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.
    Show More Show Less
    50 mins
  • Episode 105 -- The Invisible Layer: Governing Routing Security as a Supply Chain Risk
    May 21 2026
    In Episode 105 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Andrei Robachevsky — Technical Director of the Internet Integrity Program at the Global Cyber Alliance, founding contributor to MANRS (Mutually Agreed Norms for Routing Security), former CTO of RIPE NCC, and former Senior Director of Technology Programs at the Internet Society — to examine a cybersecurity risk that almost no enterprise security team is governing: the internet routing layer.Opening with the June 2024 Cloudflare 1.1.1.1 BGP hijack incident — where two Brazilian network operators’ routing mistakes propagated to over 300 networks across 70 countries, silently rerouting traffic for several hours without triggering a single enterprise security alert — Dr. Chatterjee frames the episode’s central challenge: organizations with excellent perimeter controls, clean firewalls, and healthy identity systems can still have their user traffic redirected to unintended destinations by failures occurring on networks they have never heard of, in countries they have no operations in, governed by routing norms they have never been asked to consider.Drawing on the February 2026 MANRS Report, Robachevsky explains that the Border Gateway Protocol (BGP) — the foundational routing system across nearly 80,000 autonomous networks — has no built-in authentication. Routing incidents occur 200 to 300 times per month, most of which are invisible to enterprise security teams, manifesting as unexplained outages or performance degradation rather than as identifiable threats. The implications range from SLA breaches and erosion of customer trust to man-in-the-middle exposure of silently rerouted traffic.Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear and actionable message: routing security is not a network engineering problem — it is a supply chain governance problem. The tools already exist. RPKI exists. MANRS exists. MANRS+ is nearly here. The gap is entirely on the governance side, and it is closeable. The organizations that will not find themselves in the next routing incident are the ones that start with a map of their connectivity supply chain and a single question to every provider: Are you MANRS+ certified?To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-105-the-invisible-layer-governing-routing-security-as-a-supply-chain-risk/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.
    Show More Show Less
    34 mins
adbl_web_anon_alc_button_suppression_t1
No reviews yet