Business of Security Podcast Series-logo

Business of Security Podcast Series

Technology Podcasts

This podcast focuses on many non-technical aspects of cyber risk, cyber security and information security at the intersection of technology and managing to business expectations. Guests include CIO's, CEO's and CISO's discussing the many facets of the information security industry, what matters, what needs to change and how to deal with modern-day challenges in this dynamic industry called cyber security.

This podcast focuses on many non-technical aspects of cyber risk, cyber security and information security at the intersection of technology and managing to business expectations. Guests include CIO's, CEO's and CISO's discussing the many facets of the information security industry, what matters, what needs to change and how to deal with modern-day challenges in this dynamic industry called cyber security.


United States


This podcast focuses on many non-technical aspects of cyber risk, cyber security and information security at the intersection of technology and managing to business expectations. Guests include CIO's, CEO's and CISO's discussing the many facets of the information security industry, what matters, what needs to change and how to deal with modern-day challenges in this dynamic industry called cyber security.




#28 - Culture of IoT Cyber Security - Drew Spaniel, ICIT and James Russell, Microchip Technology

In this episode we invite special guests Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure Technology ( and James Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip Technology ( In this episode we dive into the unique aspects of IoT Security and how the culture of security is so critical across engineering teams who previously designed and built systems that were not connected...


#27 - Benny Lakunishok, CEO, Zero Networks - Sine Wave of Prevention, Detection and Response

On this episode of the podcast Benny Lakunishok, Co-Founder of Zero Networks, join Malcolm Harkins and Chad Boeckmann to explore the industry's continuous adoption and adaption of prevention -> detection -> prevention technologies. The group dives into the maturity of machine learning and where the industry is overall as well as how adoption of new technologies is imperative to maintain adequate risk posture over time while serving the best interests of business. Guest: Benny Lakunishok,...


#26 - John Brennan, Partner, YL Ventures - Investing and Managing Risk During COVID

In this episode, Malcolm Harkins and Chad Boeckmann speak with John Brennan, Partner at YL Ventures. This episode provides a perspective of how venture capital firms are reacting to and supporting their cybersecurity portfolio companies during an unprecedented pandemic in our modern time. In this episode we discuss trends of security teams and John discusses advice their firm is providing to other cybersecurity startups. Further in the discussion Malcolm and John discuss the context of...


#25 - Michael Lines, CISO and Entrepreneur - Overloaded Security Leader?

Overloaded Security Leader? In this episode Michael Lines joins Chad Boeckmann and Malcolm Harkins in a discussion about tactically prioritizing security efforts and what it means to get real traction. This episode explores supplier risk versus third-party risk and how this relates to overall business objectives and outcomes. Further discussion evolves into the problematic challenge of a new CISO where results must be achieved now and how to set-up a "trading" system internally to curtail...


#24 - Jason Lish, Chief Security, Privacy, and Data Officer - Build or Buy Your Security Leader?

In this episode co-hosts Malcolm Harkins, Security and Trust Officer at Cymatic and Chad Boeckmann, CEO at TrustMAPP, speak with Jason Lish, Privacy, and Data Officer at Advisor Group about mentoring the next security leader and creating a back up for existing cyber security leadership. The discussion evolves into skill types, as well as organization maturity and fitting the right leader profile with the appropriate security program stage a company may be currently managing. Both Jason and...


#23 - Malcolm Harkins, Security & Trust Officer, Cymatic - Obtaining Value from Cybersecurity

The podcast is back with fresh new content. In this episode Chad Boeckmann talks cybersecurity value, business engagement and contemplating risk versus measuring risk with Malcolm Harkins. The security team of course must align to the business but just as important the business must align with security. So how do we accomplish this? What approach is best practice? Do you need to quantify all the risk? How do I design my control environment to meet all the demands of the business while...


#22 BONUS EPISODE- Adam Stone, Privacy Officer, Secure Digital Solutions - CCPA (California Consumer Privacy Act of 2018) and Business Impact

In this episode Chad Boeckmann interviews Adam Stone about the new California Consumer Privacy Act of 2018 (CCPA). The discussion leads off with the comparison of GDPR to CCPA some similarities and differences between the two. The latter half of the interview dives into a role-play of scoping a business for CCPA compliance. Adam guides our listeners through a qualification process to determine the scope and breadth of CCPA privacy compliance based on a series of qualifying questions and...


#21 - Kristin Judge, CEO, Cybercrime Support Network - Great Leadership in Cyber Security While Tackling Cybercrime

Kristin Judge brings a very interesting background in counseling, teaching, public service and leadership to drive cybersecurity awareness and learning to the masses. Ron Woerner and Kristin have a conversation about the qualities of a good leader and how this can translate into driving change and awareness across the cyber security landscape. Kristin stresses the importance of having a mentor and mentee relationship no matter the level of your current role. In the second half of the podcast...


#20 -Bob Zukis - CEO, Digital Directors Network - Governing Cyber Risk on Corporate Boards

Bob Zukis, CEO of Digital Directors Network and Professor at USC Marshall School of Business, took time out of his busy schedule to talk about cyber risk and board awareness with Chad Boeckmann on this episode. Bob discusses the results of a panel survey from the NACD (National Association of Corporate Directors) annual summit in Washington DC relative to cyber security and cyber risk. Bob talks about the urgency for Board's to address cyber risk as part of the regular agenda and warns if...


#19 - Joyce Brocaglia - CEO, Alta Associates - Building Diverse and Competitive Teams in Cyber Security

Ron Woerner connects with Joyce Brocaglia, CEO of Alta Associates and Founder of Executive Women's Forum. Joyce covers the importance of investing in one's own career and how to grow into a leadership CISO role to gain the proverbial "seat at the table" with the business. Further discussion leads to describing the importance and approach to building diverse and competitive teams in cyber security and privacy. Joyce takes us through the history of the Executive Women's Forum now on its'...


#18 - Bill Marden - Director of Privacy and Compliance, New York Public Library - Privacy and Treasures

If you have written off your local library you may be underestimating the true value it can deliver that "automatically" brings you privacy. Take a journey on this very special episode to uncover the treasures The New York Public Library holds and also specific privacy rules around the use of any library's resources. Bill Marden is our guest and he also is an excellent tour guide providing specific details of how The New York Public Library is an institution consisting of research,...


#17 - George Finney, CSO, Southern Methodist University - 9 Habits To Be Cyber Secure

Information security poverty line - Ron and George discuss the segment of teams who can succeed and those are are handicapped. Diving deeper George uncovers his current project for a book he is writing titled "9 Habits to Be Cyber Secure". Ron inquires with George about cultivating good habits for a community of professionals. As an industry we tend to focus on the technology and typically pay less attention to people and process. Looking at different aspects of improving cyber security such...


#16 - Allan Alford - CISO, Mitel Networks Corp - GDPR for Leaders

Are you ready? This is an action packed, information filled episode with Allan Alford the CISO for Mitel. Allan covers 4 key points to achieve GDPR "alignment" and takes us through the journey of accomplishing these four key phases as a CISO. Towards the latter half of the episode we dive into evolution of relationship between privacy and security while looking into the future role of the CISO. Don't miss this one! Allan is on LinkedIn: Twitter:...


#15 - Chris Hadnagy, CEO, Social-Engineer, LLC - Hacking the Human!

Chris Hadnagy joins Ron Woerner on this season 2 episode 6 titled Hacking the Human. A master of social engineering, Chris starts the episode with real-world scenarios that interesting and entertaining based on real-life social engineering exercises he has conducted. Further in the episode Chris shares valuable insight into understanding people and the value of becoming an active listener - specifically as a leader. Ron dives into the inevitable of being phished with Chris providing insights...


#14 - Ben Rothke, Senior Security Consultant, Nettitude - Securing Small-Medium Business

Ben Rothke joins Ron Woerner on this episode to discuss Ben's experience that lead to his book titled Computer Security: 20 Things Every Employee Should Know (McGraw-Hill). Ben addresses the question "what has changed in 20 years" and also reviews some best practices that are very relevant today. Focusing security on the data is where the conversation should start and build out cybersecurity capabilities from there. As cybersecurity is no longer an option, it is a cost of doing business,...


#13 - Adam Shostack, President, Shostack & Associates - Real Business Value with Threat Modeling

Adam Shostack is the author of the book titled Threat Modeling: Designing for Security (Wiley, 2014). He also is a co-author of The New School of Information Security (Addison-Wesley, 2008). Adam is a veteran in the cyber security industry having spent over eight years with Microsoft where he focused on threat model tools and techniques. In this episode Ron and Adam discuss the ROI of threat modeling as well as address the fear security practitioners sometimes have with the agile development...


#12 - Tanya Janca, Senior Cloud Advocate of Application Security at Microsoft - Defining DevSlop

What is DevSlop you ask? Tanya Janca take us through the landscape of DevSecOps (application security in a DevOps environment) and compares this to more traditional approaches to security and application development lifecycles. Tanya addresses the requirements for a success lifecycle process no matter the model and takes us through how to be successful with application security design principals. Tanya and Ron discuss training resources as well. Follow Tanya on Twitter at:...


#11 - Robert Baldi, Director of Cyber Security Audit, Equifax - Audit as a Security Partner and Line of Defense

Robert Baldi joins Ron Woerner on the Business of Security Podcast Series for a discussion about Cyber Security Audit and using the audit capability as a way to leverage change and enhance overall security performance. Robert discusses using a mathematical formula for risk and translating this back into the investments for a Board discussion. Collaboration between security, audit and risk teams is key to success of all three parties.


#10 - Introduction to Season 02 - Ron Woerner and Chad Boeckmann

Chad Boeckmann and Ron Woerner discuss the theme of Season 2 podcast, upcoming guests and also share some of their own experiences over many years in the cyber security industry. Topics include the important skills the industry still needs and where the emphasis should be for upcoming professionals. We also discuss the definition of "Security Ground-Hog Day. Tune in!


BONUS: Cyber Security in Healthcare and Spring NH-ISAC Recap

Aaron Pritz of Aaron Pritz & Associates ( sits down and talks with us about cyber security in healthcare and common threads from the May 2018 Spring Summit of NH-ISAC. This conversation evolves into data breach management, incident response readiness. This discussion goes into managing risk as an ongoing activity to maintain appropriate balance with business and technology.