Close this search box.

EP 144: SecureWorld

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

November 7, 2023

Have you heard of a regional cybersecurity conference in the US called SecureWorld? We really like it. So we invited Brad Graver, who’s the president of SecureWorld, to tell us what makes them different from all the other conferences we could go to. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.


Episode Transcript

Speaker 1: Welcome to the Cyber Risk Management Podcast. Our mission is to help executives thrive as cyber risk managers. Your hosts are Kip Boyle, Virtual Chief Information Security Officer at Cyber Risk Opportunities, and Jake Bernstein, partner at the law firm of K&L Gates. Visit them at and

Jake Bernstein: So Kip, what are we going to talk about today on episode 144 of the Cyber Risk Management Podcast?

Kip Boyle: I am really excited about the episode we're going to do today because we are going to talk about a regional cybersecurity conference, a confab, if you will, called SecureWorld, and we're going to do that with a guest. And I'm excited because Brad Graver's our guest, and he's not just somebody who's been to SecureWorld. He's the president of SecureWorld, and I can't think of a better person to have on our podcast to talk about SecureWorld. Now, having said that, Jake, you and I have a couple of very personal stories about the experiences we've had at SecureWorld. So we're going to get to those as we go along, but that's another reason why I think this episode is so cool. But let me welcome Brad to the podcast. Hey, Brad, welcome.

Brad Graver: Hello, Kip and Jake. Thanks for having me. I'm excited to be here and chat with you guys. Well, we-

Jake Bernstein: Awesome. This is great.

Kip Boyle: Yes.

Jake Bernstein: Kip, it's my turn. Actually, it's not. But, Brad-

Brad Graver: Not all at once. I can call out reporters by name too. So, Jake, go ahead. First question.

Jake Bernstein: Why don't you go ahead and introduce yourself for the audience? And tell us a bit about your background, your current role, and let's go from there.

Brad Graver: Yeah. No. Sounds good. Sounds good. So as Kip mentioned, currently I'm president of SecureWorld, have been involved with SecureWorld since 2012. Way back when, I had a full head of hair, so it was a different time in security in 2012 and a different place. But amazingly, a lot of the topics are still around, and I know we'll get to that down the road. But for those of you who don't know what SecureWorld is, we're essentially a media company. Conferences play a huge part in what we do, but we also do some reporting on the industry. We interview some great people, some practitioners, as well as thought leaders. And we have a very vibrant digital piece as well to educate and just be a resource for folks in the cyber community profession. Say that three times.

Jake Bernstein: Yeah, that works well.

Kip Boyle: What do you do for fun, Brad? Just tell us one thing.

Brad Graver: Oh, there's so many things. I like to have fun, Kip.

Kip Boyle: Okay, well pick one thing, man. I know one thing. If you don't mind, I could tell people.

Brad Graver: Sure, go right ahead, spill us... Well-

Kip Boyle: Who's your favorite artist? Who did you just go see at The Gorge and then two days before?

Brad Graver: I am a mega Dave Matthews Band fan, so I think I've seen them play around 30 times now since starting back in 1995. So yeah, you hop in my car, and it's set to Dave Matthews pretty much all day, all night, but I do like other forms of music. But I'm a big cyclist, and I like to cycle in the summer, Jake, and I like to ski in the winter when the seasons present themselves. So fingers crossed that were due for another big snow season out west again.

Jake Bernstein: Yeah, that's not looking so hot with the El Nino issue, but we'll see how that goes. I'm just having some trouble with my audio as well. It's just with that kind of day. There we go.

Kip Boyle: Oh, there your audio is much better now. I don't know what you did, but it sounds better.

Jake Bernstein: I was messing with something I shouldn't have messed with mid-recording, but such is life.

Kip Boyle: Okay, well then as long as we're talking about audio, how's mine? You said I was laggy before.

Jake Bernstein: No, you're fine now. We're all fine. Everything's fine.

Brad Graver: We're all fine.

Jake Bernstein: We're going to continue forward, and here's what I want to know. I know that I have a story, and I know Kip has a story. But before we get there, I'd like to know what exactly is SecureWorld all about? Not the history, just right now, today. It's 2023. What is SecureWorld for? Who is it for? What's it about?

Brad Graver: Great question. It's hard to pin that down in a box. Mainly, ideally we are for people involved in the cybersecurity profession. Now, when I say involved, that's a pretty big word because hopefully everybody is aware of cybersecurity in their organization, in their personal lives. However, our focus is to be a resource for those people that are employed by corporations, maybe have their own gig going as advisors, those types of things, to come together to be in a community where they can share ideas openly. They can learn about different trends that are going on, search for different products that are out there on the marketplace, either existing products or up and coming products, and really for all team members.

I mean, yes, we have a very large CISO and director contingent and track, but we're also wanting the entire team, or as many people as possible can come and take advantage of a SecureWorld conference. The more people that are aware of things going on outside their own walls, they're able to bring that back inside their walls and really affect change within their organization. So I can keep talking, but I'm going to stop. But essentially, hopefully, that gives you an idea of who we're for, what our mission is.

Jake Bernstein: I have so many questions that are, I'll just say, off script, so I'll hold them for now. Well, actually, I am curious. I'm going to ask one. We don't really know how this is going to go because this is what I do. I can't. Sometimes I can't inaudible-

Kip Boyle: Even if I object, I'll get sustained.

Jake Bernstein: Well, I know. Yeah.

Brad Graver: Attorneys.

Kip Boyle: Overruled. Whatever.

Jake Bernstein: It'll be overruled, yep. It'll be overruled because this is not a deposition yet.

Brad Graver: Yet. Yet.

Jake Bernstein: So I'm curious, how does SecureWorld differ from some of the mega shows that are in-

Kip Boyle: RSA.

Jake Bernstein: ... RSA, Black Hat?

Kip Boyle: DEF CON.

Jake Bernstein: Look, I'll be honest, I've never been to DEF CON; I've never been to RSA; I've never been to Black Hat, but I've been to SecureWorld every year that it has existed since... Oh, I don't remember. I think '14, maybe '13. So other than the missed pandemic years, I've gone every year. So what is different about SecureWorld in your words, in your mind?

Brad Graver: Yeah. No, great. Well, first I'm going to do a little correction on the date. We've actually been doing conferences since '01.

Jake Bernstein: Oh, yeah, you have. I just haven't been going.

Brad Graver: Oh, you haven't been going. Gotcha.

Jake Bernstein: Yes, yes. I haven't been. I wasn't-

Brad Graver: It's your first SecureWorld. Yeah, no problem.

Jake Bernstein: My first. Yeah, yeah. My first SecureWorld.

Brad Graver: No problem. Hey, listen, I've been to all those shows aforementioned, and they're great. They're a great place to go and learn more about the industry. What we do is bring that idea to you, so you're not having to hop on a plane and drop four figures, five figures to take your team to San Francisco. So we will come to a region, hopefully by where everybody who's listening, within driving distance and have some thought leaders from outside your area along with thought leaders that are in your area, so that you can make a connection at that conference. A real face-to-face human interaction that gives you somebody when you run into a little hitch at work, or maybe you're looking for your next gig, that you have a resource that you can lean on, resources that you can lean on, that you met at a SecureWorld conference.

So that's why we exist at the local regional level. Those places will always be there, but you're going to rub elbows with 40,000 other folks. This is somewhere where you can come and really bring a stack of business cards if you still have business cards, and really make those personal connections as well as professionally. I know a lot of folks who come to SecureWorld... Because We like to have fun, so we set up networking in a very fun professional way, but we like to let our hair down a little bit, if you still have it. So it's a model that I think allows people to be themselves while also making those personal connections with each other.

Jake Bernstein: If someone asked me what I thought, I would say, in one word, it's community. And this will kind of tie into my personal SecureWorld story, but the-

Kip Boyle: Can I say something first, Jake, about the community, which I think is really, really important about SecureWorld, which is it's hyperlocal?

Jake Bernstein: Hyperlocal.

Kip Boyle: When you go to RSA or any of these national conferences, if you're from Detroit, they may not talk about automobiles; they may not talk about automobile supply chains. Maybe you work in that, but when you go to the Detroit SecureWorld, they're going to talk about that.

Jake Bernstein: And just to be clear for the listeners, I'm not knocking any of these big shows. I just have never been there, and I was curious what the difference is. And you have and...

Kip Boyle: I've been to them before, and I think inaudible right.

Jake Bernstein: Yeah. Well, one of the things that stands out about SecureWorld, and I'm just totally skipping around, is the Seattle Advisory Council. And I think that that is another thing that really sets SecureWorld apart because it's that community-driven aspect. And that really was just a huge part of my personal journey into the cybersecurity world.

Brad Graver: And, Jake, you alluded to our Advisory Councils. Look, we don't pretend to know that we have all the answers in cybersecurity. I don't think anybody should pretend that, Kip. Right? So what we do is at each community level, we build a group of advisors and we really listen to those folks at each community tell us what their needs are. "Hey, we're having hiring issues, or we're having retention issues, or we don't know what's going on with AI and how it's going to affect us, or can you bring somebody in to talk about how I get cyber insurance from the board?" All these different topics. And then what we do is take all those topics and just run with it. Go find experts that we trust to educate and to be a resource not only for the Advisory Councils, but also for the teams of people that come, the associations we partner with at the local level, and really kind of bring it all together in a party, fun atmosphere.

Jake Bernstein: Yeah, no, that's right. Okay. Kip, is it time to give our stories, or are we moving, or is that later? I can't-

Kip Boyle: Nope. If you're ready, go.

Jake Bernstein: I am. And Brad, I don't know. I can't remember who I told this story to from SecureWorld. It may have been you, but you may have never heard this before, so we'll find out. So for me, SecureWorld was honestly the single event that changed the trajectory of my entire career. And that sounds like way maybe over the top-

Kip Boyle: Dramatic.

Jake Bernstein: ... but it really isn't, and here's the story in brief. Yes, dramatic. Before 2015, I was an assistant attorney general for the state of Washington, and our chief investigator at the time... I want to say this was the 2014 show. He got invited to be on the Advisory Council, and obviously that comes with a pass to the show. And he was not our computer security guy, and he was like, "Hey, does anyone else want to go?" And I said, "Yeah, I'll go. That sounds fun." I'd already been through computer forensics for attorneys because of the long story, but a lot of the state attorneys general prosecute computer crimes like child pornography. And so the National Association of Attorneys General has a training institute, where they bring attorneys, lawyers from all over the country who work at the state and teach them about computer forensics. So I'd already had this background, but going to SecureWorld that first time, being the only lawyer in the room, everyone was fascinated by my existence.

I was very different. I was totally different. I was not a cybersecurity guy at the time. And everything from the greeting, the community or the interest that I got from the Advisory Committee members to the former CIA spy, who at that time was the keynote speaker, was just absolutely enthralling. And I took that opportunity. By the time the 2015 show came around, I was out of the state, and I was in private practice and building a cybersecurity legal practice. And I really can't understate or overstate. I always get that wrong. I can't overstate. That's the phrase.

Kip Boyle: Overstate, yeah.

Jake Bernstein: How important what I learned and who I met at SecureWorld came to be. And now that I'm a much more established member, I like to bring new people, introduce folks, and just give back and continue to expand the community. So SecureWorld played an outsized role in my career, right time, right place, and I'm thankful for it.

Brad Graver: Oh, I really appreciate that. That's powerful, and your story's not unique. It's unique to you, but in every region we're at, there's a Jake Bernstein story that kind of mirrors that line.

Jake Bernstein: Now, wait, how many other lawyers are there in any of those?

Brad Graver: I was just going to say maybe not so much on the legal side, but as far as folks who have advanced their career, whether that's... And I'm not talking about changing companies. I'm talking about just within their own organization. I don't want to paint it as a career fair because certainly not. However, I can't overstate the importance of making a network of people that can advance your career. And you did that, and now you're paying it forward. I've seen you do it at Seattle, and just truly appreciate you and the role that you have doing that going forward for others.

Kip Boyle: I want to talk to that.

Jake Bernstein: That's great. And I think one of the things that's... Oh, one second, Kip. Then I'll let you inaudible.

Kip Boyle: A I still on a delay? Am I still on a delay? Okay, go ahead.

Jake Bernstein: Yeah, you're okay. This is what happens when you record from a hotel room. It's very appropriate though because at a SecureWorld outside of your home area, but we'll get to that. No, I was just going to say that I think one of the other things that I really appreciate about SecureWorld is the quality of the presentations and the talks, the way that the Advisory Council will step up and lead panel discussions, all that stuff. I never feel like everything is just a sales pitch, which again, it's not a knock. Every show this needs sponsors, but just the way that SecureWorld puts it together is just very high quality. And I always learn something every time. Okay, now I'm done serious.

Brad Graver: Kip, to you.

Kip Boyle: Oh, Jake, you lie like a rug, but I still like you, so you're not done. But listen, I wanted to comment on what Brad was saying about a career and how important it is to build a network. So on my other podcast, Your Cyber Path Podcast, we talk about this all the time. You can't just sit in front of or whatever your favorite job board is, and just launch wave after wave of resumes in there and think that that's going to give you what you want in the timeframe that you want. I mean, your odds are very, very low. You need to get out there, and you need to talk to people who already work in the industry. Ideally, you're talking to hiring managers.

I was just in Denver. At the end of the day, we went to the closing keynote. And after it was all over with, some people walked up to us, and we started talking. And there was this one young woman who was just laid off, and she's like, "Tell me about that." And I said, "Well, what do you want to do?" And she told me what she wanted to do, and I said, "Well, have you heard of this organization?" And she said, "Oh, yeah, that would be my dream job." And I said, "Well, I know who runs that organization. Would you like me to introduce you?" "Oh my gosh, that'd be so great." So I've done that, and I'm happy to do that. And what's the chance that she would've gotten that if she'd stayed home that day? Zero. There's my story.

Jake Bernstein: I had a good friend who said, you could apply the Pareto principle to almost everything in life, the 80/20 rule. And when it comes to shows like this, just be the 20% that shows up. That's all you got to do. That's all you got to do. 80% of the time, that's all you got to do is show up.

Brad Graver: Well. And hey, listen, I realize that for the majority of our audience, for me to ask them to shut down their laptop for a day, they're going to break out in hives. So I realized that we have to make it worth their while to shut down their laptop and get out of their comfort zone and show up for a conference. And based upon two stories that you two just shared, extrapolate that by interactions throughout the day, whether it's somebody you're sitting next to at lunch, somebody you're grabbing a coffee with, somebody you're playing a game with on the show floor. All those different interactions just build you up. And just to be honest, it gets you reinvigorated and-

Jake Bernstein: It does.

Brad Graver: ... learning new things.

Jake Bernstein: It's always exciting.

Brad Graver: Yeah. Well, I appreciate that.

Jake Bernstein: And here we are. We're recording this episode in September of 2023. There's a reason. No matter what you think about return to office versus work from home, there's a reason that we're seeing an increased level of return to office pressure from companies, whether it's a mandate or not. I know it's controversial. We're not here to debate the pros and the cons of return to work. Sorry, return to the office. I hate that phrase, return to work, as if we haven't been working. But there is something about in-person that you just cannot get. And I think it's even more important for all of the... I mean, there's at least two to three years of graduates and people early on in their careers who reach those milestones remotely. And it's probably most important for those folks to leave wherever they are working and go to shows like this, particularly SecureWorld because it's local.

Brad Graver: Yeah, no, I agree. And our data's backing that and such that our attendance levels this year are higher than they were in 2019 for each conference.

Jake Bernstein: I'm not surprised.

Brad Graver: People are realizing after three years of not being able to. This year, they're able to and willing to, not forced. And to be quite honest, it's a lot harder to get people if they are still working remote. It was pretty easy to get somebody to leave the office for a day to come to a conference. Now we're having to ask people to leave their house to go to a conference, which just adds a whole nother layer of complexity. So for us at SecureWorld, we've really had to up our game in what we offer. And I think for those people that haven't been to a SecureWorld Conference since 2019, I think you'll notice some changes that I'm not going to give away all of our secrets, but you'll have to come to a show to find out. But we've tried to make the engagement feel more natural throughout the day and not forced, like perhaps it might've been, prior to the pandemic.

Kip Boyle: So Jake, I think this would be a good time just to give a little bit of a backstory on my connection with SecureWorld.

Jake Bernstein: Yeah.

Kip Boyle: So in 2003, I got my first chief information security officer job in Seattle, and I was starting to connect with the broader CISO community. And real fast, I found out that they all liked hanging out at SecureWorld, and so I went along. And they invited me to become a member of the advisory committee, or Advisory Council, I think is the exact name, and so I did, and that's kind of how I got introduced to it. What I liked about it is that it gave me a safe place to talk to other CISOs about what my concerns were, and I could do that in a room without salespeople hanging around. And so that was great. We were always looking for an opportunity like that. And then I figured out that this was a great way for me to send the members of my team to go get some good training without putting them on an airplane. And it costs between... Well, back then it was like $1,500 to $3,000 just in travel expense to send somebody somewhere, plus it's disrupting their world. They have to be sleeping in hotels and so forth.

So very quickly I realized, "Okay, this is great." And then of course, when we were putting the agenda together as the Advisory Council, if we said, "Hey, we want a session on this," then the SecureWorld people would turn it around on us and say, "Okay, who's the best person that we should reach out to get them to teach that?" So it wasn't like they said, "Thanks for the idea. We'll see you later. You'll find out who it is when you show up." It was just really collaborative, so another aspect of the community. And so that's how I got involved, and my goodness, that's 20 years ago now. And I continue to enjoy giving back to the larger community by participating in the Advisory Council and helping to steer the agenda, and when I show up to do what I can to open up doors for people who quite frankly didn't even know the door existed.

Brad Graver: Yeah, no, very much so. And you guys both have mentioned, without mentioning it, so I'm going to say it, but the word trust. And I think that's extremely important in today's culture, especially with the rise of misinformation, or, "I can't tell if this is AI generated or original thought piece," to have a place where you can see the speaker, see that thought leader, ask that thought leader questions and trust that because we vetted them. Trust that that thought leader has their credentials and the expertise and know what they're talking about. It's unmatched in right now's environment, and trusting that you are going to help people find their way in our industry if they're just starting, as both you guys alluded to. So that's our theme, I guess, if you will, is the conferences are a place to come trust people.

Kip Boyle: I dig it. I dig it a lot.

Jake Bernstein: And that just pays dividends so many different ways over time. It really does help a lot.

Kip Boyle: So obviously, Jake and I are fanboys, right?

Jake Bernstein: Yeah. Obviously. How could I not be? I mean, there's few things that I must do every year that I really, really care about. SecureWorld is one of the few, aside from birthdays of my spouse and kids and myself and the holidays, SecureWorld is right up there, and inaudible.

Kip Boyle: Don't forget the annual DBIR episodes we do.

Jake Bernstein: Yeah, I do like that. I do like that. But that's just you and I Kip, and we do talk every other week at least. Whereas, SecureWorld is oftentimes the only place every year that I'll see certain people. But you know what? It's such that every year you come back, and it's like no time has passed. It's kind of a weird time warp. So anyway, clearly, Kip and I are big fans.

Kip Boyle: It's like Cheers, everybody knows your name.

Jake Bernstein: Yeah. Yes, yes it is. Yeah. And they do, and it's great to see people, and it's also great to meet new people. So let's maybe dig in a little bit. I know we have some time left here, and I'd like to know. For those who've never been, what would they expect? Just in a couple of minutes, what would you expect from a SecureWorld? How would you prepare if you've never been before?

Brad Graver: Well, one, as you mentioned, the first step is getting there. So getting there and with an open attitude of, "I'm going to introduce myself to three people," and having that kind of mindset. I think cybersecurity professionals get a bad rap, especially within their own organizations a lot of not being... They're the fun police. They're the no people. And that is certainly not true, especially at a SecureWorld Conference. The Advisory Council members, the speakers, the moderators, everybody is there for a purpose, and their purpose is to help others. So coming to a SecureWorld conference, come, be ready to have a good time, be ready to learn something new and be ready to take it back, whether it's your corporation or your own individual role in that corporation. You will come back with a hit list of things to accomplish and a list of people that can help you do those things and move that forward as well. So that's my elevator speech if we're riding up to the 11th floor somewhere.

Jake Bernstein: So, all right, just to make sure it's not so obvious, I will go ahead and introduce the last segment for today's episode on SecureWorld. So I like to take credit for this because I was instrumental in pushing Kip to reach out to SecureWorld and just kept poking and poking. And you did, and there's something. I feel like there's a thing that you've done. It's like a partnership. No, I'm kidding. If you've been to a SecureWorld at all, Kip's face is everywhere. I'm a little worried I'm going to have to bring him down a notch or two because he might become insufferable on this podcast with his newfound levels of fame. But why don't you guys tell us about what you've done? What has Cyber Risk Opportunities done with SecureWorld? Why are you doing it together, and why did you feel confident about working together? I'm a third party. I can say that.

Brad Graver: Okay, I'll go first. So my role is to always look for opportunities and other resources that we can bring to the SecureWorld community. And I've seen a need for a number of years to have a trusted advisor. People trust our brand, just like you two have gone on for the last 29 minutes about... Lovingly, and I appreciate that. People trust our brand, and so I am very careful. We are very careful about our speakers, our sponsors, that they represent us in the very best light that they can. A piece that was missing from our community, I believe, was having a resource that SecureWorld would recommend, where people could go for a trusted advisor.

Kip and I started talking about this last year, and we treat our community very concierge-like. And so I wanted somebody, an organization that also had that same belief that looks at each individual case and really listens to that person and that organization about what their needs are and not so much trying to fit them into their box. And CRO, Cyber Risk Opportunities, and Kip and his team, I think, do a great job with that. And we're excited to introduce them to our audience and, like I said, having a resource where our audience can go to someone who's extremely knowledgeable about the industry and really look for some answers and put in some plans in place to help them solve their issues of the day.

Jake Bernstein: All right, Kip. Why-

Kip Boyle: Yeah, Brad, I really appreciate that.

Brad Graver: Good. And I think-

Kip Boyle: I didn't know if Jake was going to prompt me.

Jake Bernstein: Well, no, my prompt to you is, "Okay." And for those who don't know, so SecureWorld, you guys run the show. You don't provide professional services; you don't sell hardware; you don't sell software; you guys do this. So even though it might be perfectly natural to go to see... I will say one thing. You have an incredible news, kind of curation department, so you are substantively out there regularly. I can understand why someone might be like, "Oh, I wonder if I can get services from SecureWorld." Well, you can't, and that's where CRO comes in. So Kip, tell us about this. What is going on, and what is your... It's one of those days. What's your specific role? What are you teaching? And I'm sure listeners are going to be familiar with it because I believe we talked about this before.

Kip Boyle: Yeah, we might've talked about it before. There was a couple of attractions for us over at Cyber Risk Opportunities to partner up with SecureWorld. Of course, I'm a fanboy, right? So that checks that box fast.

Jake Bernstein: Well, that's been well established.

Kip Boyle: And the other thing is when we go to market, we go as teachers. That's the big reason why this podcast exists is because we're trying to share what we know. I do that. Jake, I know you do that. We're sharing our experiences with other people because we want to lift everybody up, and we like to listen to what other people have to say about things that we don't know anything about. So the fact that that SecureWorld is so oriented towards education is another reason why it made a good fit for us. And they have a course, called PLUS. They offer different topics, but when you register for SecureWorld, you can register for what's called at the top tier. You get to attend the PLUS course.

And so when I was talking with Brad about a year ago, about, "Hey, how could we work together more closely?" One of the things he said was, "Well, we're looking for a new instructor for our NIST Cybersecurity Framework Implementation PLUS course. And I said, "Oh, well, that's exactly what we do. And half of all of our business serving customers is helping them get the most business value that they can from the NIST Cybersecurity framework." So I love the fact that I can go to the different cities that SecureWorld is active in, and I can share what I know, what we've learned at CRO about using the framework and that we can share that with the community, which I think is just fantastic.

Then after I teach my course, I can then go to the conference itself because my course is either the day before or the day after for a one-day show, or in the two-day shows like in Seattle, it's actually split up over the two days. But when I'm not teaching, I can join the Advisory Council in the city, and I can just listen to what they're struggling with to figure out how to serve them. And nobody ever has to buy anything from me, ever, from SecureWorld in order for this to make sense, so I'm happy to be a part of this. And if we can serve people and if we can make money doing it, all the better. But one thing that I want to tack on to what Brad said, which is we don't sell hardware, software. We don't make any money when we suggest a piece of hardware or a piece of software, so we really value our independence.

Most of the time when we work with customers, in fact, what we ask them is, are you taking full advantage of the tools you already have? Because guess what? Dirty secret in this industry, almost nobody takes full advantage of all the tools that they have licensed. They just don't. And so we love to turn backwards towards those tools and say, "Hey, turns out you have a problem with this. Guess what? You already own the solution. Let us help you figure out how to turn that on and get more value from something that you're already spending money on." So that's why we think this is a great fit, a great mashup for us to go to market with SecureWorld. And I'm in Denver this week. I just did the Denver show.

Tomorrow, I'm going to fly to Detroit, and I got four more shows this year that I'm going to do with SecureWorld. And the last one I'm going to do for the 2023 is the New York City SecureWorld. And one of the cool things about that is CRO is a remote-only company. We don't have an office. One of our remote team members actually lives in Queens, an outer borough from Manhattan. She's going to come into the city, and I'm going to meet her face to face for the first time later on when I go out to SecureWorld. And I just think that's just a fabulous example of community and the opportunity to continue to strengthen ties that we have with each other.

Jake Bernstein: Well, I think we've made it pretty clear why folks should attend SecureWorld. Brad, do you have anything that you'd like to add here before we close it up?

Brad Graver: Well, the one part, I know Kip alluded, not alluded, but said that they're vendor-agnostic, and so are we. However, I will say that the solution providers that come to the SecureWorld conferences, they add a lot of value.

Jake Bernstein: They do.

Brad Graver: They're not pushing their products that are educating you about what their platform or services can do for you based upon your own needs. I encourage people to challenge the people that are at the booth in terms of, "Give us some data." They do a great job of aggregating their data from so many of their clients, and we really can learn a lot from that data. And they're willing to share it, so ask questions and gain as much data as you can. But then, lastly, is I just want to thank you two for what you do in our industry providing, whether it's legal expertise or Kip with his advisory services. You guys are both going about it the correct way, and that's why I'm stoked to continue our partnership with each of you in providing a place where you can continue to make connections and then pay it forward for those that are just coming up into the industry. So thank you both for what you guys do.

Jake Bernstein: Thank you for that. No. One of my goals for the next five years is I'll volunteer to do a keynote one of these days.

Brad Graver: Hey, you heard it. It's recorded. That means inaudible.

Jake Bernstein: It is recorded. Now I have to do it. I've laid down my own gauntlet. But honestly, that's why I said it because I really do want to do it.

Kip Boyle: Stake in the sand.

Brad Graver: You can go to our website,, and pick a city, Jake.

Jake Bernstein: Oh, yeah, that's true.

Kip Boyle: Well, actually, Jake, what we want to do is record a future podcast episode at the Seattle SecureWorld Show.

Jake Bernstein: Oh, that'd be fun.

Brad Graver: You're welcome to.

Jake Bernstein: Yeah. There's lots of things we could do. All right, well, Kip-

Kip Boyle: You want to wrap it up?

Jake Bernstein: ... you can go ahead and wrap it up. I was going to do it, but I just can't. You have to do it. That's just how this works.

Kip Boyle: All right, that wraps up this episode of the Cyber Risk Management Podcast. We're so glad you were tuned in today. And what did we do? We talked about this really great regional cybersecurity conference called SecureWorld, and we did that with our guest, Brad Graver. He's the president of SecureWorld. He made many promises today. I want you to hold him to all of them. And in the meantime, we'll see you next time.

Jake Bernstein: See you next time.

Speaker 1: Thanks for joining us today on the Cyber Risk Management Podcast. If you need to overcome a cybersecurity hurdle that's keeping you from growing your business profitably, then please visit us at Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).


Jake Bernstein
K&L Gates LLC

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.