Cyber Risk Management Podcast

Episodet

• EP 211: What Sea-Tac’s Ransomware Revealed 02.06.2026 47min

  In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let’s find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, who lived through that attack and came out the other side with hard-won lessons about executive decision-making under pressure. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/stephanie-warren-0746343/
• EP 210: How Boards of Directors Are Thinking About Generative AI 19.05.2026 46min

  What does the generative AI conversation actually sound like inside a boardroom? Is the board ready to govern it? And what do board members wish CISOs understood about how they make decisions? Let’s find out with our guest, Vanessa Pegueros, former CISO at Docusign and U.S. Bank, and current board member at LivePerson and BECU. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/vanessapegueros Website – https://vanessapegueros.com
• EP 209: Mythos: When AI Finds More Than We Can Fix 05.05.2026 52min

  Anthropic released Claude Mythos Preview. The headline is "AI can now find zero-days." Yes, but the real story is the gap between what AI finds and what organizations can fix. About 99 percent of Mythos findings are still unpatched. We cover what Mythos is in plain English, why the patching gap matters most, what duty of care means when your board knows these tools exist, where AIR-MAP fits, and why most advisors skip data sovereignty. Hosts: Kip Boyle, CISO, Cyber Risk Opportunities; Jake Bernstein, Partner, K&L Gates.   Anthropic Claude Mythos Preview https://red.anthropic.com/2026/mythos-preview/   AISLE / Stanislav Fort, "AI Cybersecurity After Mythos: The Jagged Frontier" https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier   AIR-MAP overview https://air-map.io/
• EP 208: Flan Recipes and Prompt Injection 21.04.2026 52min

  A Stripe employee hid a message in his LinkedIn profile telling any AI that read it to include a flan recipe. A month later, an AI recruiter emailed him one. It's funny until you realize the same technique can exfiltrate data, generate phishing content, or hijack automated business processes. What is prompt injection, why does OWASP rank it as the number one risk to large language models, and what should you do about it? Let's find out. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   OWASP Top 10 for LLM Applications -- https://genai.owasp.org
• EP 207: Defend the Business from Cybersecurity 07.04.2026 45min

  What happens when a cybersecurity team designs controls without asking the business what they need? And what role exists specifically to prevent that? Let's find out with our guests Brian Shea and Maggie Amato, former Business Information Security Officers at Salesforce. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Brian Shea's LinkedIn profile -- https://www.linkedin.com/in/brianshea/ Maggie Amato's LinkedIn profile -- https://www.linkedin.com/in/maggie-amato-021624164/
• EP 206: Fire Doesn't Innovate. AI Does. Are You Ready? 24.03.2026 31min

  Fire hasn't changed since the dawn of humanity, but our cyber adversaries evolve every single day. What happens when organizations spend $10 on AI transformation for every $1 on cybersecurity? In this special ROCon 2025 keynote replay, Kip shares two stories that changed how he thinks about risk: a "perfect" employee who became an insider threat in four weeks, and a $12M deepfake that defeated every technical control on the dashboard. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Get Kip's book, "Fire Doesn't Innovate" 2nd Edition -- https://a.co/d/0bYatohy
• EP 205: Making Privacy Compliance Sustainable 10.03.2026 42min

  Privacy laws keep multiplying, regulations keep changing, and AI is making everything more complex. How do businesses build privacy compliance that actually sticks instead of just checking a box? Let's find out with our guest Jordan Fischer, Founder and Partner at Fischer Law and Cybersecurity Lecturer at UC Berkeley. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Jordan Fischer's website: https://jordanfischerlaw.com   Shoshana Zuboff's book: https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism
• EP 204: Carpets and Diamonds 24.02.2026 50min

  Most cybersecurity people talk at CFOs instead of with them. What if there were a simple test to know when a CFO wants to learn about cyber risk versus when they just need someone to trust? Let's find out with our guest James Wheeler, a highly experienced CFO who now runs kept.pro, providing fractional accounting teams to businesses across the country. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn: https://www.linkedin.com/in/jamesdavidwheeler/   "Fire Doesn't Innovate" by Kip Boyle: https://a.co/d/0bYatohy
• EP 203: Cyber Risk Quantification 10.02.2026 48min

  Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.  LinkedIn profile -- https://www.linkedin.com/in/scott-stransky-92659095/ Top 12 Report -- https://www.marsh.com/en/services/cyber-risk/insights/cybersecurity-signals.html                          Marsh Cyber Risk Intelligence Center -- https://www.corporate.marsh.com/solutions/cyber-resilience/cyber-risk-intelligence-center.html  
• EP 202: Why Fortune 500s Still Run on Windows 2003 27.01.2026 38min

  Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/chuvakin/   Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/
• EP 201: AI Powered Espionage 13.01.2026 44min

  AI-driven attacks aren't coming; they're here. A Chinese state-sponsored group just ran cyber espionage operations that were 80 to 90 percent autonomous. What does this means for defenders? Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Here's Anthropic's report -- https://www.anthropic.com/news/disrupting-AI-espionage  
• EP200: Future of Cyber Defense 30.12.2025 45min

  AI can supercharge your security team. But it can also supercharge attackers. So how do you stay ahead in an AI-powered threat landscape? Let's find out in our special 200th episode! Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Kip's keynote address -- https://youtu.be/DNRNbT0IaKM "Fire Doesn’t Innovate: Thriving in the Face of Evolving Cyber Risks" In this ROCon 2025 keynote, Kip Boyle challenges audiences to rethink how they approach modern threats in the age of AI. Using the metaphor of fire — a static risk that hasn’t changed for millennia — Kip explores how cyber adversaries are innovating daily while many organizations remain trapped in outdated mindsets. He closes with a compelling call to action: adapt like firefighters did with fire — or risk being left behind.
• EP 199: AI Phishing at SecureWorld Seattle 16.12.2025 19min

  How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
• EP 198: Breaches within Breaches (Contract Obligations post security incident) 02.12.2025 42min

  What happens when a HIPAA Business Associate Agreement gets tested in court after a ransomware attack? And what can we learn from it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   "New HIPAA Security Rule" episode: https://cr-map.com/podcast/178
• EP 197: Operational Cyber Resilience 18.11.2025 43min

  What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   "Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes:   https://cr-map.com/podcast/161 https://cr-map.com/podcast/162/
• EP 196: Rogue AI Agents: What's Identity Got To Do With It? 04.11.2025 33min

  AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go rogue? Let's find out with our guest Matthew Hansen, Regional Chief Security Officer for the Americas with Okta. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   NIST AI RMF episodes:   https://cr-map.com/podcast/153/ https://cr-map.com/podcast/154/
• EP 195: Board Cyber Reporting: The Right Questions, The Right Data 21.10.2025 49min

  Boards are getting the wrong cybersecurity information. But, what do boards really need to know? And how do we fix this problem? Let's find out with our guest Dr. Keri Pearlson, MIT Sloan School of Management. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   HBR Article -- https://hbr.org/2023/10/a-tool-to-help-boards-measure-cyber-resilience   LinkedIn -- https://www.linkedin.com/in/kpearlson/   Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta
• EP 194: Why Are We Sitting Ducks for Phishing Attacks? 07.10.2025 40min

  Our brains in "autopilot mode" make us sitting ducks for phishing attacks. Why? And what we can do about it? Let's find out with our guest Lisa Petrocchi-Merriman, Executive Coach with "WorksWell Labs Coaching & Training". Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Email -- lisamerriman@workswell.info   LinkedIn -- https://www.linkedin.com/in/lisa-merriman/   Register for "Oktane on the Road in Seattle" -- https://regionalevents.okta.com/seattle-oor-exec-panel-okta
• EP 193: Secure AI Transformation 23.09.2025 41min

  Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their digital assets along the way? Let's find out with our guest Jenny Moshea, former CIO for Sellen Construction. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/jmoshea/   Free Guide -- https://getjennergy.com/   Website -- https://www.kinetiqshift.com/
• EP 192: How I Use AI (And You Can Too) 09.09.2025 31min

  How can generative AI transform your cybersecurity work without replacing your expertise? And why should you start experimenting now? Let's explore with our host Kip Boyle, CISO with Cyber Risk Opportunities, as he shares nearly three years of hands-on AI experience and practical strategies for staying ahead of the curve.   “Delegate Smarter with People and AI: Lead More, Do Less.” https://maven.com/kipboyle/people-ai?promoCode=KIP50