WHY YOU SHOULD LISTEN

Krishan Thakker, a seasoned executive legal advisor, delivers the uncomfortable truths that consultants won't tell you and vendors can't sell you:

• Language Translation: How to speak executive language when technical severity doesn't resonate
• Reverse Engineering Risk: Starting with worst-case scenarios (including criminal liability) to drive urgency
• Responsibility vs. Accountability: Why these aren't the same concept and how HR must map the distinction
• The Growth Trap: How the urge to scale fast creates predictable cycles of reactive security spending

Stop asking your technologists to "figure it out." Start asking your legal team if you have litigation hold protocols that can activate within hours. Ask your compliance officer if responsibilities and accountabilities are clearly mapped across functions.

Because when Krishan Thakker gets the call, these questions have already been answered n depositions, regulatory inquiries, and shareholder lawsuits.

Mentioned in this episode:

Podcast Outro Bumper

Drawing from decades of experience as a CISO across public and private sectors, Steve explains why traditional compliance checklists and siloed toolsets aren’t enough. Together, they explore the cultural and operational shifts needed to move from reactive security to proactive, risk-informed governance.

“Everyone has reports and dashboards, but most can’t explain

how a breach would truly impact operations,” he said. “You need more

than a SOC report or a compliance checklist. You need a business-driven

risk view.”

Listen to Learn:

• Why running security with spreadsheets and slide decks needs to stop
• How to bridge the boardroom-to-basement communication gap
• The role of business impact analysis in building resilience
• Why SMBs should think in terms of risk avoidance, transfer, or acceptance
• What to demand from cloud providers - even when budgets are tight

Whether you’re leading security for a fast-growing startup or a nonprofit, this conversation will deliver real-world strategies to shift your organization from cyber risk firefighting to sustainable, data-driven cyber risk governance.

Mentioned in this episode:

Podcast Outro Bumper

The hosts, Stanley Lee and Sean Mahoney, explore the complexities of cybersecurity, emphasizing the importance of understanding cyber risks that extend beyond traditional IT frameworks.

They highlight the critical role of employee awareness and the need for organizations to adapt their security measures in response to evolving threats.

Mentioned in this episode:

Podcast Outro Bumper

Drawing on real-world examples of crippling ransomware attacks, they break down the immense financial and operational costs of extended downtime, from lost revenue and unexpected expenses to damaged brand reputation and customer churn. Bernard Mendoza shares the stark reality of budgeting for unpredictable recovery costs, while Sean Mahoney recounts a personal survival story highlighting the chaos and expense of manual recovery efforts.

Steve Piggott introduces the power of automated DR, explaining how platforms like Continuity Patrol can drastically reduce recovery times from days or weeks to minutes. Learn how automation frees up valuable IT resources for strategic work and provides the confidence needed for rapid, effective recovery. The discussion also covers how automated DR supports regulatory compliance and instills confidence in investors and boards.

Tune in to understand why investing in automated disaster recovery is a proactive, strategic move that can protect your bottom line, your brand, and your competitive edge in today's volatile cyber landscape.

Mentioned in this episode:

Podcast Outro Bumper

John worked with the NIST Post Quantum Encryption Standards Committee, after having previously led Change Healthcare's Identity and Access Management (before the breach).

They delve into the current state of quantum technology, its potential applications in various industries, and the challenges that lie ahead. From cybersecurity advancements to the future integration of quantum computing in everyday business operations, this conversation provides a comprehensive overview of how quantum computing is set to revolutionize the tech landscape.

The topic was chosen following the recent NIST release of the long-awaited post-quantum encryption standards.

Key Takeaways:

1. Basics of Quantum Computing: Quantum computers use qubits that can represent both 0 and 1 simultaneously, enabling complex calculations beyond classical computers.
2. Current and Future Applications: Quantum computing promises advancements in cybersecurity, medication development, and electric car batteries, with broader integration expected in 5-10 years.
3. Challenges and Preparations: High power requirements and sub-zero temperatures are major hurdles. Businesses should start preparing by mapping encryption strategies and training teams.

Mentioned in this episode:

Podcast Outro Bumper

The guys explore why small businesses are more susceptible to cyberattacks than larger corporations. They talk about the perception among cybercriminals that small businesses have weaker defenses and are easier targets. Additionally, they discuss the potential unfairness of the current system, where large corporations face lighter consequences (like fines) for data breaches despite causing significant financial losses.

Learn WHY:

• Small businesses are more vulnerable to cyberattacks than large corporations
• SMBs are perceived as easier targets
• Big guys get away with just a fine

Sean Mahoney, VP Netswitch, Inc.

Will Lassalle, vCISO JLS, Tech

Learn more about Security And Risk Assessments from Netswitch, Inc.

Mentioned in this episode:

Podcast Outro Bumper

We then delve into the evolving cyber regulatory landscape in Latin America, highlighting the region's efforts to catch up with global data privacy laws and cyber regulations.

We emphasize the pressing need for businesses to enhance their cyber hygiene and mitigate the risks associated with breaches and ransomware attacks, particularly for those working with US or European companies that must adhere to their stringent requirements.

Host: Sean Mahoney, VP Netswitch, Inc.

Guest: Will Lassalle, Founder Simplix.io

• Latin companies increasingly targeted as entry points to larger partners/suppliers
• Conducting thorough business impact analysis (BIA) is critical first step
• Develop strategies/plans to maintain core functions during disruptions
• Regularly test and update resilience plans as operations change
• Pre-establish agreements with external support services for faster response
• Use multi-language documentation for organizational understanding
• Customize resilience plans to each business's unique risks/impacts/priorities
• Investing in resilience enables innovation, efficiency, competitiveness

We share the secrets of how to invest in cyber resilience to enable innovation, improve efficiency and become a stronger competitive company.

Mentioned in this episode:

Podcast Outro Bumper

They explore how seemingly innocent actions can pose significant risks in the digital landscape. The conversation also touches on the role of AI and machine learning in shaping modern threats, the importance of continuous cybersecurity education, and the challenges of maintaining security in a rapidly advancing technological environment.

Mentioned in this episode:

Podcast Outro Bumper

Tamara shares her unique journey from the technical side of cybersecurity to the Governance, Risk Management, and Compliance (GRC) side. She discusses her early career in a Security Operations Center (SOC), where she developed a passion for insider threat analysis. This led her to transition into the GRC field, where she found her skills and experience were highly applicable.

The conversation covers the importance of acceptable use policies, the need for continuous education and awareness in cybersecurity, and the role of GRC in managing cyber risk.

This episode provides valuable insights for anyone interested in the intersection of technical cybersecurity and GRC.

Tune in to learn more about the evolving landscape of cybersecurity and the crucial role of GRC in protecting organizations. Don’t miss out on this enlightening discussion!

Mentioned in this episode:

Podcast Outro Bumper

Mentioned in this episode:

Podcast Outro Bumper

The rise of cybercrime poses an increasing challenge for all levels of education. Criminals are constantly adapting their tactics to target faculty, staff, students, and alumni. With the surge in payloadless malware, business email compromise, and various email-based attacks, safeguarding your institution from these threats is now of paramount significance.

Cyber Insurance may be the last line of defense for many organizations, but in education, it may be the first line due to the limited resources of educational institutions.

Listen to Sean Mahoney and Stanley Li talk with Jake Charen, (Risk Architect at Lakeside

Insurance) about the risks in educational organizations, how to cost-effectively mitigate those risks and learn ways to reduce your ever-increasing cyber liability premiums.

Mentioned in this episode:

Podcast Outro Bumper

While the incident primarily affected a global telecommunications company, the lessons derived from this breach can be invaluable for small and medium-sized enterprises (SMEs) as they strive to become secure supply chain partners.

By understanding and implementing key lessons, SMEs can strengthen their security measures, safeguard sensitive information, and foster trust among their partners and customers.

Will Lassalle and Sean Mahoney share some important insights and offer valuable solutions for executives to look into and see how they may fit into their organizations.

Mentioned in this episode:

Podcast Outro Bumper

But what can you do to mitigate and transfer them?

Listen to this episode for a Founder-to-Founder conversation as they share their perspectives on cyber risk & protecting their small businesses.

You'll learn about different types of cyber risks, how to assess and protect against them, and some tips for preparing for cyber liability insurance to prevent a cyber incident from destroying your business.

Michael McCarron, Founder & CEO of Lakeside Insurance, and Stanley Li, Founder & CEO of Netswitch Technology Management share their perspectives on the topic.

Michael McCarron and Lakeside's talented risk advisors partner with clients, as trusted risk advisors, they look to help:

✔Manage Risk

✔Mitigate Risk

✔Reduce Total Cost of Risk

To drive mutually profitable growth.

Mentioned in this episode:

Podcast Outro Bumper

Join Hosts Sean Mahoney and Stanley Li and their guest Jake Charen, Senior Rick Architect of Lakeside Insurance to learn:

• What is cyber liability insurance?
• Why should executives consider having a cyber liability?  Is it worth the investment?
• After the Travelers and ICS suit, what is the trend in the insurance industry regarding coverage?
• How you can reduce your risk of a data breach without cyber liability insurance?

www.netswitch.net

Pam Hamingson, Director of Compliance with Fortrex joins Sean Mahoney to talk about Third Party Risk Management [TPRM] and the growing level of risk your supply chain brings. The increasing number of regulations expect you to know about your vendors and their security practices.

• How do you know what data security your vendors do?
• What should you do to remain in compliance when they are not?
• When regulations change, how fast can you update GRC?
• If your vendors are a cyber risk to you, what can you do?

Risk monitoring solutions that are implemented and maintained by regulatory experts and cyber professionals can help you be assured of your compliance and that you have a secure supply chain.

Mentioned in this episode:

Podcast Outro Bumper

Tara Trantham is CEO & Founder of TJ44 Consulting, they are compliance, risk management, and creditors rights services experts and with Tara’s background as an attorney and General Counsel in the Financial Service sector, you have that important perspective as well when it comes to dealing with compliance in a regulated industry.

Sponsored by Netswitch Technology Management - netswitch.net

Disasters, like ransomware, wildfires, or pandemics often can’t be predicted but will impact your business and affect your employees and customers. Proper planning can ensure your business is back up and running so it lasts.

In this episode, Sean Mahoney talks with Rob Zegarra, Instructor at Disaster Recovery Institute, talk about simple and inexpensive steps you can take to lessen the effects of your next unforeseen disaster.

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

On the call Sean, Stanley and Mary ask the question: 'Now you've started the path to improve your security and lower your risk, how do you measure success and ROI of your cybersecurity solutions?'

Sponsored by Netswitch Technology Management - netswitch.net

Mr. Doyle has been a Senior Security Architect and is regularly being “sold” on the latest and greatest cybersecurity tools with ever-increasing capabilities, but is there a value to them?

Sponsored by Netswitch Technology Management - netswitch.net

There are several other aspects to cyber security and compliance that companies of all sizes need to be aware of and consider as part of their overall strategy.

PART 2/2

Sponsored by Netswitch Technology Management - netswitch.net

There are several other aspects to cyber security and compliance that companies of all sizes need to be aware of and consider as part of their overall strategy.

(PART 1)

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

Sponsored by Netswitch Technology Management - netswitch.net

-- Why automation is essential for cybersecurity readiness.

-- Why being able to fix problems autonomously is critical.

-- The lessons Don's learned from his 25-year background into investigating high-tech crimes.

-- Why automation is NOT about replacing employees.

Sponsored by Netswitch Technology Management - netswitch.net

-- What are MTTD and MTTR and why are they so vital?

--Why the R in MTTR should be Resolve not Respond

--Case Study of the global hotel group with a 91% reduction in MTTD

--The #1 cause of all security incidents

--The open-source alternatives to expensive proprietary solutions

Sponsored by Netswitch Technology Management - netswitch.net

-- Why is dynamic machine learning & AI automation so important to security?

-- How to cope with the dynamic threat model.

-- Why CyberRisk governance is driving the monitoring and reaction to security events.

-- How effective security automation software can be made affordable for SMBs.

-- Why Chandra's thousands of clients have not had ONE incident of ransomware being paid out.

Sponsored by Netswitch Technology Management - netswitch.net

-- What is a Business Email Compromise (BEC)?

-- The bad & ugly, the bad & fortunate and the right way to handle one.

-- The Four steps to take if you think you're a victim of BEC

-- Why the supply chain is critical

-- what is phishing email simulation

-- Plus, Stanley's big confession!

Sponsored by Netswitch Technology Management - netswitch.net

-- How to make the business case for CMMC compliance

-- How to get IT tech and compliance controls in alignment

-- Why compliance is a cross-organizational issue, not just a technology one

-- How to prepare for vendor selection

-- Why you should never use your MSP to do your compliance gap analysis

Sponsored by Netswitch Technology Management - netswitch.net

-- How do we get management, risk and tech to collaborate?

-- How do you monitor cloud infrastructure and work with multiple third parties?

-- How do you integrate different toolsets to monitor the cyber kill chain?

-- Why its essential to use behavioral tools like SIEMs and where do you start?

-- What exactly is a supply chain attack?

-- How 'Are you SOC-2 compliant?' has become the new #1 vendor interview question.

Sponsored by Netswitch Technology Management - netswitch.net

-- Why Gartner says only 3-5% of vulnerabilities are actually exploitable.

-- Why automated pentesting tools are needed to help identify vulnerabilities that have the highest priority.

-- If a high-risk vulnerability is discovered, how best-of-breed automation tools will take action to nullify risk but not take down your live network.

Sponsored by Netswitch Technology Management - netswitch.net

-- What exactly was stolen from FireEye and what does it mean for small business owners?

-- Why the FBI has very unusually commented on an ongoing case.

-- How simulated testing is on the forefront of cybersecurity.

-- What are the typical costs of a cyber protection service?

Sponsored by Netswitch Technology Management - netswitch.net

-- What does cyber insurance mean

-- Why do you need it?

-- Why is it different from every other insurance industry?

-- What are the 7 different types of cyber insurance?

-- How expensive is cyber insurance?

Sponsored by Netswitch Technology Management - netswitch.net

-- What exactly is Ryuk ransomware?

-- Which types of organizations are being targeted?

-- What is the typical value of a Ryuk ransomware demand?

-- What are the simple, low-cost ways organizations can protect themselves from Ryuk?

Sponsored by Netswitch Technology Management - netswitch.net

-- What exactly is RegTech and SupTech?

-- How to bring visibility of both inside a single dashboard.

-- How today's world has multiple regulatory compliance standards, not just 1 or 2.

-- Why 'managing by spreadsheet' is no longer an option in this complex world.

-- A real-world story of the challenges facing one IT Integration architect manager. 

-- Why communication with auditors can cause more issues than doing the compliance work itself.

Sponsored by Netswitch Technology Management - netswitch.net

-- Why Governance Risk and Compliance (GRC) is driving the agenda for security controls, policies and procedures for small and mid-size businesses.

-- How automation can be used to manage and mitigate enterprise risk.

-- Why managed service providers are evolving to combine support for network administration, security and risk management.

Sponsored by Netswitch Technology Management - netswitch.net

Why the OFAC (Office of Foreign Assets Control) is watching.

The rumour about why Garmin didn't engage with their ransomware attackers directly.

The importance of ESG - Environmental and Social Governance

Canadian Internet Registration Authority report says 90% of people will avoid companies that have been breached. 

The ethical dilemma - should hospitals pay ransomware?

The 3 things small and mid size businesses need to have in place to protect themselves from a Ransomware attack.

Ransomware used to be a 'last thought' from hackers after breaking into a network. Now its the primary source of 'easy money' for them.

The Hiscox report said 350 firms (16%) reported paying ransoms off the back of a malware or ransomware attack. Why the real numbers are much higher.

How researchers figured out how to put ransomware on a coffee maker.

There is good news.. why tools and open-source resources have never been more cost-effective to protect infrastructure from attackers.

The #1 cheapest way to protect yourself from hackers.

Sponsored by Netswitch Technology Management - netswitch.net

Topics include:

- What is MDR and what is an MSSP?

- How does the MDR model differ from an MSSP?

- Why would I use MDR?

- Can MSSPs provide MDR?

- What types of organizations typically use MDR?

- Can I replace my MSSP with MDR?

- Would I ever use MDR and an MSSP?

Sponsored by Netswitch Technology Management - netswitch.net

-The #1 problem involving products, vendors, compliance and security.

-The 2 top questions CEOs are asking right now about risk.

-What Covid-19 means for global security budgets.

-Who's becoming the real driver of technology decisions today.

-Why risk is a business problem, not an IT one.

-Why the roles of CIOs and CFOs are broadening to include risk.

-The first question risk managers always ask (hint - its not about tech).

Sponsored by Netswitch Technology Management - netswitch.net

Episode highlights:

- 15 years ago, when manual vulnerability scanning and assessments were the only options.

- Why manual plus automated testing combined is essential to get the highest quality results from pen tests.

- The new CVE 2020 1472 vulnerability Microsoft recently announced that won't be patched until 2021, and what this means for your testing schedule.

- Why insecure configurations created by your IT admins could be increasing your risk more than you realise.

- How the increasing number of regulatory and certification requirements have changed the testing landscape.

- Why companies now have to demonstrate they're consistently pro-active in testing their networks.

- Why the increase in remote working has only amplified these issues.

- Why penetration testing as a service is much more affordable than annual tests of years gone by.

- Which types of companies are particularly increasing their testing frequency.

- Why vulnerability assessments alone will not protect you from Ransomware attacks.

- What data penetration tests can identify that vulnerability assessments are unable to.

- How to effectively manage security risk if you're a small business with a limited budget.

- How an international hotel group client has increased their vulnerability assessment frequency from annually to monthly.

- Why they jumped at the chance to deploy Penetration Testing as a Service.

- How the old way of manual penetration testing could take over a month.

- Why the new combination of automation and manual effort can now perform the testing and deliver a report with remediation in just one business week.

- Why this means more time can be spent on remediation efforts and less on the testing itself.

- Why consistency is the key to effectively managing your cyber risk in an increasingly insecure world.

Sponsored by Netswitch Technology Management - netswitch.net

• How do I know a pen test is effective?  
• How do we set the goals of the pen test? Will you make recommendations to the business?
• How can we trust your automated tool? 
• Do I need a black box test for PCI-DSS or HIPAA compliance?
• When you send the post pen test report to us, what are supposed to do with it? 
• How long should it take to do the remediation work?
• Do we have to remedy the vulns or do you?
• How do we know the vulns found in the pen test are corrected properly?
• My vendor (or customer) wants to see the pen test results as part of their supply chain review. Should I share it with them?

Sponsored by Netswitch Technology Management - netswitch.net