EPISODE 100
 

Celebrating our One Hundredth Episode!

EP 100: Celebrating our One Hundredth Episode!

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

March 1, 2022

When we first started this podcast, we weren’t thinking about 50 episodes, let alone 100. How did we make it this far? What’s next? Let’s find out with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Join us for our next CLE at noon Pacific time on Wednesday, March 30th where we’ll explore the impact of the Pandora Papers on the legal industry and the practical, cybersecurity lessons for attorneys and their clients.

https://www.eventbrite.com/e/anatomy-of-a-hack-pandora-papers-tickets-255528421387

Tags:

Episode Transcript

Kip Boyle: Hi, this is Kip, and I'm interrupting the start of the show with a brief announcement for the attorneys in our audience. Once every quarter throughout the year, Jake and I offer a free online continuing legal education session. Our next CLE will be at noon Pacific time on Wednesday, March 30th. This time we're going to explore the impact of the Pandora Papers on the legal industry and the practical cybersecurity lessons for attorneys everywhere. So join us online for a one hour cutting edge CLE on March 30th, 2022 at noon Pacific time. So Jake and I can share what we've learned by analyzing the Pandora Papers, a massive collection of over 11 million confidential leaked documents about offshore wealth that were stolen from law firms, and then recently published.

In addition to one CLE credit, you'll also receive actionable advice that you can use right away. So sign up now on eventbrite.com by using the link in this episode show notes. We hope to see you there. And now let's listen to the next episode of the Cyber Risk Management Podcast.

Speaker 2: Welcome to the Cyber Risk Management Podcast. Our mission is to help executives thrive as cyber risk managers. Your hosts are Kip Boyle, virtual Chief Information Security Officer at Cyber Risk Opportunities, and Jake Bernstein, partner at the law firm of K&L Gates. Visit them at cr-map.com and klgates.com.

Jake Bernstein: Kip, what are we going to talk about today in episode 100?

Kip Boyle: My God. Have we really made it?

Jake Bernstein: I think that we're going to celebrate because episode 100, I cannot believe that we've made it this far, and let's recap. This is going to be a self-indulgent episode, but hopefully by now, if you've listened to us for this long, I think you'll be okay with our little self-indulgent episode.

Kip Boyle: It's not going to be all about us.

Jake Bernstein: No, it won't. It's going to be substantively valuable still, because that's what we do here on the Cyber Risk Management Podcast. But honestly, who would've thought that four years ago when we talked about this, that we would be recording episode 100, having consistently released every other Wednesday. See that to me is what makes it impressive. Yeah, you can get to 100, right? But getting to 100 with a consistent release schedule is something to celebrate.

Kip Boyle: Oh yeah, absolutely. And that was one of the first things that we learned. Right? We'll unpack that a little bit later. What does it take to be successful as a podcaster? We'll share a couple of, certainly more than a couple of things that we've learned as we go through the episode today. I thought would be a great thing to think back, to remember how it all started. What do you remember Jake about us just in the very beginning?

Jake Bernstein: Well, what I remember is you said, hey, we should do a podcast. And then I remember having a relatively good wave of enthusiasm, along with a nonstop torrent of questions. I didn't have any answers, so I think I said, sure, why not? But I definitely remember thinking and I think I probably said, I'm not quite sure. I think I do have some concerns about how much time that will take, plus, what if we can't keep up with a publication schedule? We don't want to make our listeners mad at us. And then we started. At some point later on, we also talked about foundation episodes, but I think we can talk about that for a little bit.

Let's quickly just let people know what we're going to talk about on this episode 100. We are going to give you a little bit of a behind the scenes look at the history and how we started this podcast and what we learned. We're going to take you through the top five episodes by download count. And then Kip and I are going to do a round robin, which we have not shared with each other of our personal top three favorite episodes. There may be some overlap. There may not, we don't know. It's going to be interesting, but let's go ahead. Kip, why don't you tell us what you remember about those initial conversations back in the day.

Kip Boyle: I clearly remember saying something to you like, hey, we should do a podcast. Why did I even suggest that to you? Well, I liked listening to podcasts and I thought it would be fun to have my own podcast, right? And to have somebody to help me figure out how to do it. Because it's a challenge, there's a lot of tools. There's a lot of technology. It's a very technical thing, sound and all that stuff. What type of microphone do you need? How do you do the recordings? There's a lot of tooling and technique and all that. I thought, well, that'd be actually pretty fun.

I remembered that we both were like, I wonder if anyone's going to listen. I was like, I don't know. We should probably think about who we're making this for. We did think about it, right? We thought about, who are we currently helping in our respective practices? Your law practice, my consulting practice. I remember thinking, well, why don't we just talk about the kinds of things that we talk about with our current clients, and who knows, maybe we'll get some new clients or maybe at least people will just send us messages every now and share with us what they think about those topics.

Because I think it's always good to hear how other people out there, other practitioners, right? What they're actually running into. Didn't that also happen? Didn't I say, let's start a podcast about the same time that we got a big joint client project going? I think we were about to work together for the first time in a big way. Right?

Jake Bernstein: Yeah. I honestly can't, I'd have to go back and look at the email timeline to figure out exactly what came first, the podcast idea or the shared client.

Kip Boyle: It was about the same time, I think.

Jake Bernstein: Yeah. I think it was about the same time. One thing that I remember thinking to myself at least, and maybe we talked about it was, even if nobody listens, we can do this for ourselves. What does that mean? Well, putting together a podcast is a form of forced CPE or for a lawyer, CLE preparation. It turns out that, one, I can actually use the podcast for my CISSP credit, which I do. Every year it counts for X number, I forget exact how many it is. But even without any of that credit system issue thing going on, it's been really valuable because it has really, I don't know about you, but I've learned a lot from just preparing for and doing the podcast.

There's things that I probably wouldn't have read or talked about, but for the podcast. And so when we get down to the favorite episodes, you'll see one of my themes is, which episodes did I learn a lot from? Because that ultimately, then you can't lose, right? When you're doing a podcast, if you're doing it for yourself and then, hey, people are listening, that's awesome. And then eventually that transitions where you're doing it for yourself and then it becomes, okay, well, people are listening. So now I'm motivated to do it for the audience. But it really it's both I think, is where I look at it.

Speaking of that, I don't remember, I feel like we did worry at one point about having enough topics, but I think it's funny how that worked out. We really, every so often we have to do a little episode brainstorming session, where we just get a bunch of topics down, but really that has not been the problem at all.

Kip Boyle: No. No it hasn't. Which is great.

Jake Bernstein: It is great. But the funny thing is, is that, do you remember that, I think it took us six months to get the first episode out the door?

Kip Boyle: Yeah, it did. I was going back into my file archives and email archives. Right? Because we did some prep for episode 100 and we decided we wanted to do a retrospective. I went and did a little bit of digital archeology. Our first script was finished on October 9th, 2017. That's when we finished it. I have no idea when we started writing it, but that's when we finished it. And then we started making our first recordings in November of 2017. But yeah, it wasn't until June of 2018 that we actually dropped our first episode through iTunes or the iTunes Store where they were doing podcasts, that people could subscribe to.

And this is back, before podcasts, podcasts were becoming a thing, but they hadn't become Joe Rogan popular. Right? And so this was early days and just publishing a podcast, I remember it took us four weeks to figure out, how exactly do you submit a podcast to iTunes? It was like an undocumented crosstalk not easy thing. crosstalk. Yeah. Well, my gosh, it's way easier now.

Jake Bernstein: That might have even been pre the Apple Podcasts app. I think it was.

Kip Boyle: Well, I can't remember for sure, but I just remember it was non-trivial. It was non-trivial. I had many conversations with so-called experts and it was nontrivial, but we did it. Why did it take us six months? Well, it wasn't just because we couldn't figure out how to submit it to Apple Podcasts, but there was a lot of, I remember there was crosstalk.

Jake Bernstein: 2012. Real time follow up as they say. 2012 is when the podcast was released. But it was definitely not a big deal or as big a deal back then, or even in 2017.

Kip Boyle: Right. But I remember what we struggled with, why it took us six months to release, was there was a lot of technological things. We had to buy a cardioid microphone in the beginning, right? I didn't even know what a cardioid microphone was, but found out we needed one of those. And had to figure out, well, how are we going to record this stuff? Are we going to reuse Zoom or Zencastr? I can't even remember all the different platforms that we tried. We also had to figure out how to organize ourselves. We knew we wanted to be more or less than a 30 minute range, but how do we do that? Because you and I are prone to just going off on wild tangents.

It's like, okay, how do we talk about something in a coherent way without going crazy and driving the audience nuts because we can't stay on topic and where do we upload the audio files? Because it turns out Apple does not host your audio files. You got to find some other place to do that. You need cover art. And then we also realized that we wanted to build up a reserve of episodes because, well, we didn't want to have some a client crisis or something to come along and having a scramble at the last minute to make an episode to publish tomorrow morning. I don't like that

Jake Bernstein: No, I wouldn't want to do that. That would be-

Kip Boyle: No, it's awful.

Jake Bernstein: If you're in the podcast business and that's your job, then yeah, that might be of necessity, but that was not how we wanted to do things at all.

Kip Boyle: We wanted to have evergreen topics, right? That people could go back and listen to months or maybe even years after we published them and they'd still be useful. Right? So we chose not to do a news of the day type podcast, which would become like day old bread very quickly. And then post-production too, right? We had to figure that out.

Jake Bernstein: We did. We did. I have some podcast guilt from some of the early episodes where I recorded using the MacBook pro microphone at one point, which I feel so bad of about. I've recorded using AirPods, that's not quite as bad. We've gone on several, both of us have gone through several different mics and different techniques over time. There's a lot of blogs and information out there about that. So we're not going to belabor the details there.

But I think, one of the things that we should talk about is the importance of how to publish consistently, which really was the idea of having episodes, quote, in the can. I don't know if that's the standard phrase or I feel it might be. But that's what we've always said. It's, how many episodes do we have in the can? There is no can, I'm not really sure why we say that, but we say it.

Kip Boyle: It's a digital can.

Jake Bernstein: It's a digital can. At one point we got, I think our high point of episodes in the can was six. We did get ahead of ourselves. Actually turns out that's too far in advance, because what happens is, is you record an episode, you get excited about it. And then you realize at one point that, this thing's not going to publish for like three months. And that's a little bit too much. On the other hand, when we got down to one or two, because I was moving homes and joining a new firm, that was a little scary, because then it was like, oh man, we might actually risk needing to do one of those record and publish within a day type of thing.

Kip Boyle: Yeah. And our post recording pipeline is not that complicated, but we do have an audio engineer. Hey Andrew, just shout out for Andrew who makes sure-

Jake Bernstein: Thank you very much, Andrew. It's just great work.

Kip Boyle: ... who makes us sound good. And he doesn't have to do much, right? I know he does a few things to remove some of the obvious rough edges off of, when our levels aren't right or whatever. Andrew, I have no idea how you do your job. I have not a clue. But we told Andrew-

Jake Bernstein: He engineers the audio, Kip. Come on. It's obvious. Right? He just engineers the audio.

Kip Boyle: He presses-

Jake Bernstein: He's an audio engineer.

Kip Boyle: He's got one big green button. He presses it, goes and gets some coffee, he comes back.

Jake Bernstein: I could probably do that if it was just one big green button.

Kip Boyle: But we told him, don't go crazy. Don't remove every, ah, don't try to kill every pregnant pause, live radio please, is what we wanted to do. I think in four years, in 100 episodes, what has there been? Something like, I can remember one episode where we were in the middle of it. We had a guest, and the guest's internet dropped out and we just-

Jake Bernstein: That was recent.

Kip Boyle: Yeah, it was. It was very recent. We had to do editing, because we couldn't restart the episode. We were already like two thirds of the way through or something like that. We didn't want to restart the episode. But that was probably the only time where we were recording this fabulous episode and it just completely went off the rails.

Jake Bernstein: One thing that I do want to quickly mention is, a housekeeping thing is, and I also want to apologize to the audience. Historically, even though our episodes, the file names had an episode number in them, we haven't really exposed those. You can't search by episode number. We can't really even reference episode number. One, starting with this episode 100, we're going to be including an episode number in the title for all of them. We may, no promises, even go back and add in episode numbers. It's just too difficult to reference things.

And, you know what, since one of our goals was to make these evergreen episodes, it's actually difficult to reference an evergreen episode if you have to be like, that one that was about this, sometime in 2018, is just not exactly an efficient way of doing it. Even though we could find an exact date, it's just way easier to reference by episode numbers. Dear audience, we will be doing that going forward, and maybe if we can retroactively.

Kip Boyle: Well, and we probably will do it retroactively. And let me tell you why, because there's one other thing that we're doing. I already actually kicked the ball, so to speak on this. We're going to build a podcast website. We're going to build a website dedicated to this podcast. Because right now it's hosted on the cyberriskopportunities.com website. If you go to there and you hit forward slash podcast, you can see the episodes there. But it's bare bones and we really need to do better. And so I just got a web expert to start the process of building us our very own podcast website.

And part of the design will include episode numbers, so that it's fast and easy for people to find the episodes that they want. And we're going to transcript everything too, by the way.

Jake Bernstein: That'll be nice. I'm going to go out and limb here, and I'm going to put myself in a box and say this now in hopes of making it come true. We have a vision. We want this to be a community that people can interact with. And even though Kip and I have our own super secret Slack channel that we will sometimes use, I'm hoping to be able to create a discourse powered, non-public forum, but obviously it's accessible, but without an account you won't be able to read things. I don't know, Kip, I think our audience pretty much by definition would like to be able to potentially interact with each other, not to mention with us.

I think that, crosstalk. Add that to the list of things that we want to do. I think 2022, I will promise, if and if I have to figure out how to stand up a discourse server myself, that it will happen in 2022. It may not happen until December 2022, but it will happen in 2022.

Kip Boyle: Okay. Well, here's an invitation, if you're listening to this episode and you'd like to get onto some kind of a discord server with us or Slack channel, I don't know, anything like that, just where you can chat with other people who listen to this show, me and Jake-

Jake Bernstein: Discord? I was thinking discourse, like an old school, more like an online old school forum, but discord server might actually be an even better idea. Let's say this, if you've got ideas or if you'd be interested in volunteering to moderate either a discourse or a discord forum or server, let us know. It should be fairly easy to contact us. So yeah, please do.

Kip Boyle: Yeah. Yeah. That would be great. Let us know if you have any appetite for this, and then we'll get busy on it. Okay. Let's see, I'm trying to think if there's anything else that we want to share about how we got to this point. One more thing. Let's talk about guests. It took us a long time to actually get to the point where we felt confident enough to have a guest. I think it was about a year from the time we started publishing. So that means 18 months from the time that we first started, we first made the commitment to do the podcast.

And so I want to call out our first guest. It was Melissa Van Buhler, her episode was published June 11th, 2019. And that was actually episode 29. Melissa was an excellent guest. We already knew Melissa.

Jake Bernstein: It was safe.

Kip Boyle: It was safe. That's right. Melissa was a very safe guest. We've had other guests that we didn't know all that well, but they had maybe published a report or something, and we felt our audience should know about that. And they've been amazing too. We have not had even one guest that was dodgy or difficult to work with.

Jake Bernstein: Special shout out to Melissa, really helped us get a process together for realizing, you mean we can't just schedule someone on a calendar and then magically have them record a podcast with us?

Kip Boyle: That's right.

Jake Bernstein: That turns out not to work very well. So now we have a fairly complicated process for that. But let's go ahead and take a look at some of our stats. I know you have a stat you want to talk about, and then let's get into some of the episodes.

Kip Boyle: Yeah. Okay. Before I release the statistic here, I want to say that we don't live and die by our numbers. We have statistics, we do track that stuff, but we don't obsessively look at it. It's never really been a part of who we are to judge ourselves based on how many listeners we have or so forth. Right? That has never really been a big topic of conversation. What we've really done is just focused on making sure that the audio quality is great, that the audio quality is great and that the audio quality is great. And content. Right?

Jake Bernstein: And that we have good content. Yes.

Kip Boyle: You put those two things together and it turns out that's a lot of what makes a podcast successful, plus consistent delivery. Right? Those are the key ingredients. Well, I'm happy to share with you that something's working. Okay? Because I went over to Listen Notes, which is a free website that you can subscribe to it and get crazy and really dig in. But if you go to listennotes.com and you just put in your favorite podcast, whatever it is, they'll tell you where they put that podcast in their overall tracking.

They're tracking something like 2.7 million podcasts that are out there. And I'm happy to say that our little show is in the top 5% of all 2.7 million podcasts that they track, which is stunning.

Jake Bernstein: That is amazing. As you know, probably in fairness, we actually don't know the facts here, but I would say that, we could at least guess that of those 2.7 million podcasts that are tracked, we really have no idea how many survived even five episodes, let alone 100. Nonetheless, even if the top 5% is only the serious podcasts, we're still competing with something like 135,000 other podcasts that our audience could be listening to. I like to think that among our audience, people enjoy listening to us. What else did you see in the stats? How about downloads?

Kip Boyle: It's a big number. The total downloads is not the same as total listeners. All right. I'll tell you that. But it does tell you how many people either subscribed. And so an episode is automatically downloading when it releases or they're physically pulling up a web browser or something and they're clicking a button and they're saying, I want to download this next episode. Okay. The end of 2021, it was 105,909 downloads. That's a crazy big number.

Jake Bernstein: That is a big number. That's a lot of people downloading something that, obviously as much as I enjoy it, we both know this is a niche podcast.

Kip Boyle: Definitely. We're not Joe Rogan.

Jake Bernstein: No, we're not Joe Rogan. That's for sure. That's really great. Okay. What were the top five episodes by download count? I think this is interesting.

Kip Boyle: Okay. This is like top five. We'll do it not backwards, we'll just do it by like, what was the number one most downloaded episode? And we'll go from there. I do also want to say before we do the top five, that we actually compare are really well to very well known podcasts when you measure us a little differently, besides total downloads and top 5% on Listen Notes. For example, if you look at the average number of episodes consumed by an average listener, we beat out NPR podcasts and we compare very well with a lot of other podcasts that have enormous audiences.

That's a really important statistic, because it tells you a lot about audience engagement. In other words, we don't have an audience as big as Joe Rogan or as any of the NPR podcasts, but we do have a high level of engagement, which I think is great. And we'll talk a little bit more about that in a moment. Okay. Number one most downloaded episode, and that was number 39. It was called, The Major Cyber Risk of Private Equity Firms. And what we did there is we talked about an investment that a couple of private equity firms made in a company called, Colorado Timberline, which ultimately was hacked to death by cyber criminals.
It's well documented on the internet. If you want to just search Colorado Timberline ransomware into your favorite search engine, you'll be able to access it. Of course, you should listen to our episode from November 12th, 2019, because we summarized it all for you. But 2,619 downloads so far. That's number one.

Jake Bernstein: Number two was episode 44, that aired on January 7th, 2020, which unless I mistake, no, it's exactly two years ago, from recording of this episode. That would be, Cybersecurity for entrepreneurs (and their employees).

Kip Boyle: Employees. Yeah. With just over 2000 downloads. By the way, it's interesting, in an episode that came out two years ago or three years ago is still getting downloaded in and listened to, which I think is fantastic. That says something about crosstalk. Yeah. Right. Our goal was to provide evergreen content, not only as a service to listeners, but also because if I'm talking to a prospective customer, or if I'm working on something new with an existing customer, and there is a podcast episode available, I like to share that with them, so that they can listen to what we have already had to say on their own time. And they don't have to pay me to summarize it for them. Right? Because a lot of times, we end up charging by the hour. I think you often charge by the hour. I do a lot.

And to have me regurgitate a podcast episode on the clock is not the best use of anyone's time. Anyway, so it's working out for everybody I hope. The third most downloaded episodes is number 41. That one's called Security Outsourcing: Vendor Selection and Management, at just over 1800 downloads at the time that I pulled these stats. That episode was published November 26th, 2019. And the reason why we did that episode, the big reason why we did that is because I had just finished recording my, not an episode, but an entire online video course for LinkedIn Learning on that topic. I wanted to share what I had put together with the audience. The entire course is not all in there, but there's a lot of goodness.

Jake Bernstein: For sure. And then, I want to say, we're the top, this is the number four. This would be episode 48 on March 3rd, 2020 with 1,574 downloads, The effects of cyberattacks on corporate reputation and consumer confidence. That was an interesting one for sure.

Kip Boyle: Yeah, because corporate reputation is, a lot of our customers don't even realize it. I think intuitively they realize it, but it's not necessarily something that's front of mind, that they're actively thinking about. But your reputation is an enormous asset. It's a digital asset. It's ethereal, right? It doesn't appear on the balance sheet. You might have something called Goodwill in your corporate financial statements. But what I find is that when we do cyber risk work, I have to remind people a lot. Hey, don't forget your reputation is a high value asset.

And in fact, depending on what business you're in, if you lose your reputation, you will lose your business. Right? We wanted to talk about the effect of cyber attacks on what I think is any organization's most important asset.

Jake Bernstein: Absolutely. And then, let's see the last one here. You want to tell us what was number five Kip?

Kip Boyle: Yup. The fifth one was episode number 46, Experiences with Law Enforcement on Cyber Crime Cases, 1500 downloads. Just a little bit more than that. We released that on February 4th, 2020. If anybody spent tallying the downloads here, I think there's something noteworthy. Right Jake?

Jake Bernstein: Well, yeah. Actually it gets more interesting as we go. The difference between the fifth one, which we just told you is 1,511 and the sixth ranked was only seven downloads. On average, particularly once you get past the top, really the top, by the time you get to the top four, the top three are the outliers a little bit where they have several hundred as difference. But on average, there are only 12 downloads difference between each episode, which means that, again, it's consistent with that other statistic, the idea is that you guys, if you're a listener, you stick with us and you listen to most of our episodes. Thank you.

We really appreciate that. Since you're here and you enjoy listening to us, that's really one of the reasons why we want to get the website up, find some way to interact a bit more, things like that.

Kip Boyle: Yeah. Yeah, definitely. When I looked at the bar chart of all of the downloads, I looked at it and I went, okay, that's the long tail everybody's been talking about.

Jake Bernstein: Yeah, for sure.

Kip Boyle: Oh man. Anyway, we are really grateful. Just take a moment. Right? And thank you. Those of you are in our audience, whether you've been with us from the beginning, or if you've just recently joined us, we can see in the statistics, right? That you're supporting us. We really appreciate that. Okay. That's kind of, what you guys are saying, you are interested in. Let's turn the tables a little bit and have a little bit of fun. Jake and I are going to compare our hand chosen top three episodes based only on personal preference. I thought, which one did I like?

I also thought things of like, what kind of an impact might it have had on the listeners? Did I like the topic itself, however green, is it really? Those are some of the things that I thought of. What did you think about when you were picking your top three, Jake?

Jake Bernstein: I went and I tried to figure out which ones were most memorable for whatever reason, but I ultimately ended up going with ones that I learned a lot with, that I thought were really interesting for the audience and that I just had fun recording.

Kip Boyle: Yeah. All right. We're going to round Robin. I'll give my top, Jake will give his top. We'll just go back and forth. We have no idea which ones, I don't know which ones Jake chose. He doesn't know which ones I chose. So any reactions that you get from us is live.

Jake Bernstein: It will be. One thing we both want to start with, we decided that we did want to have a special mention. We agreed not to choose any of our Verizon DBIR deconstruction episodes, because many of them are two parters. And then it gets, is that one or two episodes? How does that work? But that is by far our mutually favorite top recurring episode. And so you should think that, at least for the hosts, those DBIR episodes are amongst our favorites.

Kip Boyle: Why is that? Well, it's because we love the DBIR.

Jake Bernstein: We love the DBIR.

Kip Boyle: We've had some people who are intimately involved in the creation of the DBIR as guests our show. We'll probably ask them to come back in the future. If you're listening to us and you've helped make the DBIR possible. Thank you. We use it in our work.

Jake Bernstein: Yup. We do. All right, Kip, let's do this round robin. You reveal your top one and I'll reveal my top one, and then we'll do number two and then number three.

Kip Boyle: Okay. And when I tell you what my top one is, I'll also tell you why.

Jake Bernstein: Yes.

Kip Boyle: My top, this is my number one favorite episode. It's episode number 31. It was published July 9th, 2019. And it's called, Protecting your accounts payable function from cyberattack. We had a guest, Debra Richarson. What she told us was how finance professionals protect their company from common financial cyber fraud, like business email compromise. Now, the reason why I chose this is because in my work, first of all, you have to know if you don't know this, people in the audience, our audience members. I work mostly with CFOs and VPs of IT in small, medium size businesses.

Companies would say, between 50 employees and 500 employees. They have to get super practical and they have to have ruthless prioritization because they have limited resources to deal with all of the cyber risk that's coming at them. What I loved about Debra when she was our guest, is she shared many practical, low cost mitigations that will save thousands or millions of dollars for companies that implement them. I think did a fantastic job of proving the point that you don't have to spend a ton of money on blinky light boxes in order to get real cyber risk reduction.

Debra is not even a cybersecurity professional. She's a finance professional who knows a lot about cybersecurity. She blew me away. That's my favorite episode.

Jake Bernstein: That was a good one. Okay. I'm going to start off by cheating.

Kip Boyle: As you do.

Jake Bernstein: As I might do. Yeah. My top episode is actually, it is a two-parter, there's really no way to split them up. We really had no choice when we recorded it.

Kip Boyle: It was recent crosstalk.

Jake Bernstein: They were recent. It was, unfortunately, and this is one of the reasons we're going to be including episode titles. I don't have the episode numbers. What I have are the dates. It was September 14th and October 1st, 2021. It was, How to Really Make Sure that Cybersecurity is Everyone’s Job, parts one and two. I think, this was probably to date my favorite substantive episode to both prepare for and record, because this was about creating a cyber secure culture. We based it off some behavioral science papers and then a Verizon white paper. That was the second part, was talking about the white paper. The first part was the behavioral science paper.

I just found that so fascinating, learning about how sociologists and these types of scientists look at the culture of an organization. Kip, actually this fits, this works really well, because Kip just talked about how we have all these low cost remediations and you don't have to spend a ton of money to do that, like on blinking lights. Here's another set of episodes that really is probably one of the most effective forms of defense against cyber attack, is creating a cyber secure culture. It can cost money. It will, and it will be-

Kip Boyle: It's not going to cost as much as an enterprise blinky light tool. I'll tell you that.

Jake Bernstein: But it's not going to cost as much as an enterprise blinky light tool. It will probably be better in the long run than any blinky light box that is not magical.

Kip Boyle: Exactly. By the way, I've got the editorial calendar here, Jake, and I'll tell you and the audience that those were episodes 88 and 89. In the future, when we actually go and renumber all these, everybody will be able to reference it in that way. Okay. Let's keep going here. My number two top episode of all time, was episode 50. That was our listener survey. We actually released a survey at the end of 2019, I think it was, and then we analyzed it. And then on March 31st, 2020, we shared what we learned from our listeners. It was a big deal for me because was the first time that I felt we really heard from you who you were, what you were interested in.

I was tickled because it took 50 episodes to get to the point where we could actually have a good interaction with folks. So, yup. That was my second, most favorite one.

Jake Bernstein: That's good. I have to confess Kip, that I had a list of five and I'm picking them, I'm making the final decision in real time, which I think is the best way. For me, my second favorite episode here was February 16th, 2021. Now you can start to look up the episode number, Negotiating the Data Security Addendum. Look, it's so much of what I do, that recording was, in some ways it was an easy episode to prepare for, but the reason I like it, is that there's so much value that can be gleaned from that episode. In it we really talk about, what should you be thinking about? Whether you're the seller, in other words, a provider of cybersecurity services or any services really, any type of data service or the buyer.
There's something in there for all sides. I just think it's a great resource episode for listeners. And so that's my number two. Kip tell us, what episode was that?

Kip Boyle: I've got it right here, looking at the editorial calendar. You're right. That was published on February 16th, 2021. It was episode number 73. This is really interesting. I'm detecting a theme here. We're not actually choosing the episodes that are very technically intensive. Are we?

Jake Bernstein: Well, we haven't yet.

Kip Boyle: No. Okay. I just gleaned an insight into one of Jake's future episodes.

Jake Bernstein: It depends what you think is technical. From my perspective as a lawyer, Negotiating the Data Security Addendum is a highly technical episode. It really depends.

Kip Boyle: Okay. Right. You're right. Of course I was thinking technical as in-

Jake Bernstein: That you were.

Kip Boyle: ... configuring your firewall, but all right. That's cool. My third favorite episode, and by the way, I'll tell you, I had nine finalists. I went through all hundred and I whittled it down to nine. And then I had to make hard choices about which six were not going to get mentioned. Here's my number three most favorite episode. It was number 87. We just published it in August 31st, 2021. It's called, Cybersecurity for Small Companies. That episode is meaningful to me personally, because I, in preparing for it I had a lot of epiphanies. I have been working with SMBs for years, years, and when I was a full-time CSO, I was working at a medium sized insurance company.

I've worked in large enterprises and I still help large enterprises, but SMBs are interesting. There's a lot more nuance. You have to deal with a lot of other political realities, resource realities. I've been struggling to come up with a basic approach that I could use, that would be efficient and would really generate a lot of value. I finally figured it out. And then preparing for this episode required me to pull it all together and really sweat it out so that I could actually talk about what we'd figured out. And so during that episode, we talked about this thing that we've invented called a CR-MAP. It's a Cyber Risk Management Action Plan. I built a whole website about it.

And so it's out there, cr-map.com. Cr-map.com. And as somebody who's trying to serve small, medium size businesses, this episode really put the cherry on top of this idea that there are practical, low cost mitigations that will save these organizations thousands or millions of dollars to prevent bad things from happening or to contain bad things fast. Which we know from reading the DBIR, if you can stop bad things from happening or contain them quickly, you are going to save a ton of money. Anyway, that's my number three. What about you?

Jake Bernstein: Okay. My number three, I may quickly mention my two honorable mentions at the end just for fun and to further cheat, because that's what I like doing here. I actually, I do have a third pick that is a clear winner for me. That would be, that must have been something about February 2021, February 2nd, 2021, The Failure of the Cybersecurity Market. I loved this episode because, what we did is, we discussed a study put out by a company or an organization called debatesecurity.com. It was titled, The Cybersecurity Technology Efficacy fiasco. And it was, Is Cybersecurity The New “Market for Lemons”?

I have this whole marked up PDF that I apparently I must have read on an iPad because I've got a bunch of handwritten digital notes in it. I love looking back at some of this stuff. This to me, in fact, I'm probably going to go back and re-look at this, because it is, it was something that's been bothering me for quite a while at the time that we recorded this. Was just this feeling that, gosh, there's so many of these companies that offer some blinky light or SaaS product that's going to save everybody. Here's the problem, back when we went to physical industry events like SecureWorld.

I used to make a game and I'm sure I will someday again, of going through and seeing, which companies are still around? There's definitely some that are safe and secure, but man, I'll tell you, there are a lot of companies that only make it one or two years in a row and then they're gone. Why is that? I wondered. What is the deal with this? What is going on? I think this article, this study, and then the episode really goes into useful detail about that. It was never meant to be an episode about making fun of failed cyber security companies. That's not it at all. What it's really about is understanding the difficulty of cyber security.

It's not necessarily amenable to a quick and easy fix. And when you are marketed a tool, and it sounds anything like a quick and easy fix, that is when Kip and I will start to make fun of magic blinky light boxes. It just doesn't pan out and you can spend a lot of money for nothing. I think it's a really important episode. I believe there's even a law review article about snake oil, cybersecurity products. And so that's my third pick. Kip, which episode was that? I'm guessing it was 72.

Kip Boyle: It was 72. Now that you know that your previous pick was 73.

Jake Bernstein: I do.

Kip Boyle: That's really interesting. Back to back episodes made it into your top list. That's great.

Jake Bernstein: And that was just random, because when I was looking at them I was not paying attention to the publication date or the episode number.

Kip Boyle: Well, it makes it easy on our listeners. They can listed to 72 and just right into 73.

Jake Bernstein: Yeah, totally. Do you any-

Kip Boyle: Honorables?

Jake Bernstein: Yeah. Do you have any honorables? I don't remember, I have January 8th and no year, but I just love the title of Contractual Firewalls. Thought that was a great episode title. And that's really all I wanted to say about that. And then the other one was December 8th, 2020, Role of General Counsel in Cyber Risk Management. I think that one's just useful for obvious reasons.

Kip Boyle: That one is episode 68, for anybody who's keeping score out there. That was December 8th, 2020. And then the other one was Contractual Firewalls. Yeah.

Jake Bernstein: crosstalk early.

Kip Boyle: Managed to squeak the word firewall into an episode title. That was a very early episode. That was number 14.

Jake Bernstein: Wow.

Kip Boyle: Yeah. I think that's the earliest episode from either of our list. So there you go.

Jake Bernstein: That would've been January 8th, 2019 then.

Kip Boyle: Let's see, 2019. That's right.

Jake Bernstein: Interesting.

Kip Boyle: One of my runners up I'll tell you, was episode six, and that came out on September 4th, 2018. That was called, Cyber Risk Management and Attorney Client Privilege. We threw you a bone.

Jake Bernstein: Yeah. That was a good one. And you know what, what's funny about that is that issue is not decided. It's still complicated.

Kip Boyle: Oh yeah. I know. We just saw this huge article the other day, I forwarded to you that I'd seen. There's still so much going on around privileged work product and how companies need to contract with outside firms. It's like a little bubbling soup.

Jake Bernstein: It's interesting though of our legitimate top three, you had one from the last three years and mine were all within the last year. Interesting.

Kip Boyle: Okay. I'll tell you why that happened. Okay, look, these episodes are all my favorite. Right? They're my babies. I love them. I love every one of them.

Jake Bernstein: Yeah, me too.

Kip Boyle: And so I was like, okay, how am I going to do this? Right? How am I going to zero in on top three? I went, all right, I'm going to take 2018, 2019, I'm going to go by year. Okay?

Jake Bernstein: Got it. Okay.

Kip Boyle: So I just went to each year and I picked them out. And then after I got to my final nine, I was like, all right, I'm going to just pick one from each year, that's how I got there. But I'm happy with my top three. I really am happy with what I've come up with it.

Jake Bernstein: No, they're good. I think one of the things that I, we have good episodes. I think we have over time gotten better at this podcast. That's probably natural. But I will tell you this, this is making me really excited for the next 100 episodes. I look forward to doing that and hopefully all do it with us.

Kip Boyle: Oh, yeah. There's just, I still have plenty of gas in my tank for doing this. I do not feel burnt out in the least.

Jake Bernstein: No, not at all.

Kip Boyle: I agree with you, more excited. I think, if there's anybody in the audience who's thinking about starting a podcast, or if you've got one and maybe you're struggling with it. I think one of the reasons why I don't feel burnt out is because we only release every other week. I don't feel the pressure of a new episode all the time. I think the fact that we have three episodes in the can, gives me the mental freedom to really choose topics that I like when it's my turn to prepare an episode. And so, I think those are important reasons why I'm not feeling burnt out. I think crosstalk for what it's worth.

All right everybody, that's it. We love our listeners. Thank you so much. That wraps up this episode number 100 of the Cyber Risk Management Podcast. We celebrated today. We were a little self-indulgent, but I hope it was helpful for you to think about how we got to this point and the fact that there's still a lot of good material in our back catalog. If you haven't listened to it, right? Go take a look. Thank you so much for being here. We'll see you next time.

Jake Bernstein: See you next time.

Speaker 2: Thanks for joining us today on the Cyber Risk Management Podcast. If you need to overcome a cyber security hurdle that's keeping you from growing your business profitably, then please visit us at cr-map.com. Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).

YOUR CO-HOST:

Jake Bernstein

  Newman DuWors LLP

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.