#riskmanagement

In today’s world data is the new gold, and protecting it has become imperative for businesses worldwide. On this week's episode of Corruption, Crime and Compliance, Michael Volkov navigates the cybersecurity landscape, unpacking the key threats haunting businesses and the elements of a robust cybersecurity compliance program. He underscores the importance of proactively managing these digital threats, to ensure your business remains protected. 

You’ll hear him discuss:

• The growing partnership between compliance and cybersecurity is a rapidly emerging issue in compliance, affecting companies and their risk management strategies. Cyber threats are not only external but also internal, resulting from employee behavior and cybersecurity hygiene.
• Chief Information Security Officers (CISOs) are increasingly collaborating with Chief Compliance Officers (CCOs), leveraging the latter's expertise in governance, risk management, and training. This collaboration enables better education and training for employees on cybersecurity risks and the importance of good cybersecurity hygiene.
• Approximately 50% of cyber or data breaches are the result of internal actors, either intentionally or through negligence. Thus, CCOs can play a crucial role in designing controls, conducting training, and monitoring employee behavior to mitigate such risks.
• Major cybersecurity risks today include ransomware, cloud security, work from home security, phishing schemes, supply chain security, and identity and access management (IAM). 
• The rise of cyber threats: The digital landscape is rife with cybersecurity threats, including insider threats, DoS and DDoS attacks, AI and machine learning attacks, and cyber espionage.
• Organizations need to be vigilant against disgruntled employees with access privileges who could intentionally or unintentionally harm systems. This emphasizes the need for robust access controls, regular monitoring, and comprehensive employee training.
• While AI and machine learning can enhance cyber defenses, they can also be weaponized by cybercriminals to automate and scale their attacks. 
• A robust cybersecurity compliance program is necessary to protect a company's IT infrastructure and includes:
• Application Security: Familiarity with cloud security policies and the implementation of multifactor controls and administration privileges can help strengthen application security.
• Information Security: Companies must adhere to strict security standards and employ encryption among other strategies to protect data from possible breaches.
• Disaster Recovery Planning: This requires implementing backup and recovery systems, incident response drills, and endpoint protections.
• Network Security: Most companies use firewalls to monitor traffic for cyber threats and attacks. Companies must also secure their wireless networks and ensure that remote connections are encrypted.
• End User Security: Since hackers often gain unauthorized access through endpoints, companies must ensure that devices are updated with security programs and antivirus applications.
• Operational Security: This involves identifying any potential vulnerabilities that could be exploited by a hacker.
• Given the prevalence of phishing attacks and insider threats, cyber training for employees is of paramount importance for an organization's cybersecurity.

KEY QUOTE:

“In the end, cybersecurity fails when there's a lack of adequate controls and security readiness, and companies have to make smart strategic decisions when developing their controls and cybersecurity protections; and always focus on the human element, common mistakes, effectiveness of controls and vulnerabilities to hacker strategies to exploit any weaknesses.” - Michael Volkov

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

In this follow-up episode, we are honored to continue our spirited discussion with (Dr. Aaron Estes – Ironwood Cyber CEO “Chief Epic Officer”) on with us to talk all about his company Ironwood Cyber, and some of the cool things they’re doing over there.

Ever since we met the Ironwood Cyber team based out of Ft. Worth Texas, we knew we had a solid professional passion and connection and we shared MANY similar interests. The Ironwood Cyber team is a strong group of Engineers originally founded by not one, but TWO Lockheed Martin Fellows respected for their incredible skillsets. Aaron Estes and Ethan Puchaty.

Lockheed Martin Fellowship represents less than 1% of the best technical Engineers the company has to offer and their backgrounds are quite impressive having worked for a company engineering some of the best technology the US Department of Defense has to offer.

After leaving Lockheed Martin to start their own Cybersecurity firm (Ironwood Cyber), the company has continued its tradition of developing amazing technology with such out of the box concepts that their endpoint protection solutions boast 3 patents. Focusing on side-channel analysis, they’re quickly becoming a major player in the world of cybersecurity.

This is part two of a two-part podcast episode, where we spend more time talking about their first electronic SWAG badge created in 2022 for DEFCON 30. We’ll be looking at some teasers and talking to Aaron about what fun and interesting things they’re doing for DEFCON 31. There may even be a few hints about the 2023 badge in the second part of this awesome conversation. I guess you’ll just have to wait and see!! The biggest hint of all….THERE IS!

Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MPCS, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.

DOWNLOADS:

Find out More about IRONWOOD CYBER:

https://ironwoodcyber.com/

CYBER RX:

https://ironwoodcyber.com/ironwood-cyber-rx

FIRETHORN:

https://ironwoodcyber.com/firethorn

Ironwood on Twitter:

https://twitter.com/IronwoodCyber

BLACKHAT USA CONFERENCE:

https://www.blackhat.com/us-23/

DEFCON HACKER CONFERENCE:

https://defcon.org/

The Official DC Documentary:

https://www.youtube.com/watch?v=3ctQOmjQyYg

In this episode, we are honored to have one of these amazing gentlemen (Dr. Aaron Estes – Ironwood Cyber CEO “Chief Epic Officer”) on with us to talk all about his company Ironwood Cyber, and some of the cool things they’re doing over there.

Ever since we met the Ironwood Cyber team based out of Ft. Worth Texas, we knew we had a solid professional passion and connection and we shared MANY similar interests. The Ironwood Cyber team is a strong group of Engineers originally founded by not one, but TWO Lockheed Martin Fellows respected for their incredible skillsets. Aaron Estes and Ethan Puchaty.

Lockheed Martin Fellowship represents less than 1% of the best technical Engineers the company has to offer and their backgrounds are quite impressive having worked for a company engineering some of the best technology the US Department of Defense has to offer.

After leaving Lockheed Martin to start their own Cybersecurity firm (Ironwood Cyber), the company has continued its tradition of developing amazing technology with such out of the box concepts that their endpoint protection solutions boast 3 patents. Focusing on side-channel analysis, they’re quickly becoming a major player in the world of cybersecurity.

The conversation flowed so well, in fact, that we ended up breaking this awesome episode into two parts. The first focusing on the Ironwood origin story, and their technology and the team.

Then, in about a week, we’ll be dropping part two, where we spend more time talking about their first electronic SWAG badge created in 2022 for DEFCON 30. We’ll be looking at some teasers and talking to Aaron about what fun and interesting things they’re doing for DEFCON 31. There may even be a few hints about the 2023 badge in the second part of this awesome conversation. I guess you’ll just have to wait and see!!

Jason Popillion is a CISSP and serves as a Director of Automotive Aftermarket of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MPCS, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.

DOWNLOADS:

Find out More about IRONWOOD CYBER:

https://ironwoodcyber.com/

CYBER RX:

https://ironwoodcyber.com/ironwood-cyber-rx

FIRETHORN:

https://ironwoodcyber.com/firethorn

Ironwood on Twitter:

https://twitter.com/IronwoodCyber

BLACKHAT USA CONFERENCE:

https://www.blackhat.com/us-23/

DEFCON HACKER CONFERENCE:

https://defcon.org/

The Official DC Documentary:

https://www.youtube.com/watch?v=3ctQOmjQyYg

In this episode, they talked about Risky Business and Life in IT.

3:09 – Ken ended up in the crazy world of technology because he was a full-time firefighter for about twelve years and he started selling t-shirts and realized he needed a website. He taught himself how to code, and build a website, and decided that technology and business were what he wanted to do. He has been involved in a bunch of startups and taken a company public and has been involved with software for 25 years.

8:15 – Brian asks Ken “what drives kind of creativity for you today and what are your working on right now?”
Ken is working on a project with Cybrance, a company that provides a platform for cyber compliance in risk management. The platform includes enterprise GRC, third-party risk management, cyber incidental response management, and more modules. Cybrance sees a need in the marketplace for software and the know-how to put something out there that has a real possibility of gaining significant market share.

11:06 – Brian said that the most important details in this text are that the human factor, insecurities, is the biggest challenge in delivering policy, following up on compliance, and reviewing status. There are a lot of moving pieces in infrastructure that are being recorded and measured, so it is important to ensure that they are being reviewed appropriately and not missing things that can get chaotic.

12:41 – Ken and his team are looking to reduce the number of tools used in the security landscape by offering different capabilities. They are also aware of how the three sixty partners and supplier and vendor ecosystem is expanding, with a thirty percent year of growth. They need to consider not only their suppliers, but also their partners, networks, and security posture. This can lead to an infinite loop of enrolling everything up without tools and things that make it easy to collect.

16:42 – Ken believes that when starting a business, you should be opportunistic and fluid in terms of who you take on as a client. You know the target demographic, twenty to hundred million in revenue, ten to twenty people on the IT staff, with one or two people focusing on security.

20:11 – Brian explains that when they think about their contacts, they think about the people they work with and law enforcement. They have to engage bodies like CIS to help with forensics, and the more data they can collect and organize, the easier it is to communicate those things to insurance companies. The more they can document, the more they can quickly give to them and share with them.

Here's my chat with Kevin Lester, Group Executive Infrastructure Development for APA Group. Kevin is responsible for very complex and large infrastructure programs in both gas and wind turbines as well as dealing with multiple smaller projects
In our discussion, Kevin shares insights into the critical role risk management plays in successfully achieving project goals.
Enjoy!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Kim Miller, Ball State University’s director of risk management, insurance, and safety – and co-chair of URMIA’s 2020 annual conference – talks with host Jenny Whittington about the unique opportunities presented by taking the conference virtual this year. As she gives an overview of the upcoming September conference, she shares what URMIA values guided the intentional transition, what has surprised her, and how this event is more accessible than ever before.

Show Notes {URMIA member login required}

Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org

Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!

Thanks for listening to URMIA Matters!

In this episode I speak to Christian about his specialty area of risk management - slips! Christian runs founded and runs his UK based business - Slip Safety. Our discussion touches on how to motivate teams to reduce this risk, some common techniques and approaches and Christian's framework, known as CHIMES, for addressing this hazard. I hope you enjoy the program!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

In this episode, I chat with Brett Palmer - not only a very experienced risk professional but also my business partner in ABM Risk Partnership. Brett talks about how he got into risk, the journey he has had through various risk related roles and some of the challenges for risk management in this day and age.

Hope you enjoy the episode!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

In this short episode I talk about my new book which should be available for general sale in the next couple of weeks. The book is called 'The Uncertainty Effect - An Introduction to Risk Management' and in this podcast I go through the aim of the book, the target audience and an overview of the content.
For those keen to get a copy ASAP, please pre-order the book at my website www.proximityriskassurance.com.au to make sure you are among the first to get a copy.
Thanks always for listening (and soon hopefully, reading!).
Cheers, Anthony

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Recently I was asked by a client to provide their risk team with my thoughts on the future of risk management. Regular listeners will know that I have written and spoken on this in the past. In this episode, I reflect on the messages that I gave this risk team on where I thought risk management was heading. I also let you know of some upcoming news! I hope you enjoy! 

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

At last! The reading of the second part of the white paper written by Dr Paul Guignard and myself titled 'The Future of Risk, the Rise of AI and the Role of Human Capability'. Following on from the discussion in part 1 about the turbulent risk environment, in this part you will hear about the role of capability - at individual, team and organisational level - in ensuring the success of organisations in uncertain times. You'll also hear about the important part the risk function and risk professionals must play in stepping up to a leading role in guiding the organisation through myriad opportunities and threats. 

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

In this episode, I talk to Connuil McEvedy, Managing Partner, Risk as a Service, DXC Technologies. We have a fascinating discussion on Connuil's journey through various risk roles and the somewhat different approach he and DXC are taking to assisting organisations on their own risk management journey. I won't spoil the ending - please listen in and enjoy!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Today I talk about my business, Proximity Risk & Assurance - why I created it, our focus areas and how businesses can get value from their risk management efforts.
As always, I welcome your thoughts and thanks for the suggestions I've received so far on potential guest and subject matter. Please keep the ideas coming!
I hope you enjoy this episode.
All the best,
Anthony

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!

Contact ABM Risk Partnership to optimise your risk management approach:

• email us: info@abmrisk.com.au
• Tweet us at @4RiskCme
• Visit our LinkedIn page https://www.linkedin.com/company/18394064/admin/

Thanks for listening to the show and please keep your guest suggestions coming!