Caffeinated Risk

Threat modeling expert and inventor of one of the world's first attack tree modeling products talks about how to integrate subject matter expertise into the risk equation, the answer may be surprising.
Bonus content not included in the original interview with Terry which dove deep into the history of attack trees, modern applications and exploring why there is no AI magic when it comes to identifying events that could end your organization. Well worth a listen if you missed it.

Factor Analysis of Information Risk (FAIR) and Enterprise Security Risk Management (ESRM) took different evolutionary paths yet share a lot more commonality than catchy 4 letter acronyms and mainstream adoption by notable organizations like NIST, The Open Group and ASIS international. Jack Freund personifies the term "risk management thought leader" with professional qualifications and public recognitions too long to list, but co-author of Measuring and Managing Information Risk can't go unmentioned since industry peers inducted this seminal title into the Cybersecurity Cannon.
With risk management discussions ranging from banking to defeating door locks, Dr. Freund was consistently insightful, humorous, and a delightful guest.

In addition to hybrid work and regular time in the office being the new normal, 2023 marks the year Caffeinated Risk's co-host Tim McCreight serves as the president of ASIS international. ASIS has long been a proponent of both physical and cyber security professionalism and one of the first organizations to explore and embrace Enterprise Security Risk Management (ESRM) as an integral element of security.
Scholarly articles on cyber-physical security convergence started appearing in the late 1990s, more than 25 years later the convergence buzz has ebbed and flowed but silo's remain. In this episode Tim shares his insights from the past 40 years, the benefits to a converged approach as well as some of the paths toward success.

Realtors have long advocated "location, location, location" as a path to investment success. Fast forwarding a few generations, location intelligence applied to risk management is paying dividends well beyond real-estate and Esri is a world leader in this fascinating application of geo-spatial information. Esri business solutions leader Alex Martonik shares examples of businesses making improvements to resilience and the bottom line by combining GIS, financial, technological and political data into risk calculations. Mr. Martonik also shares Esri's approach to "democratizing risk insights", helping solve the all to common problem of procuring buy-in.

A great discussion point that didn't make it to air from the original 2021. Not all data is of equal value to the organization and the viable shelf life is seldom tracked or even discussed.
This espresso shot takes a humorous look at a serious question about privacy considerations during the development cycle and check out the original full episode with privacy thought leader Michelle Finneran Dennedy.