Speaker 1: Welcome to the Cyber Risk Management podcast. Our mission is to help you thrive as a cyber risk manager. On today's episode, your virtual chief information security officer is Kip Boyle and your virtual cybersecurity council is Jake Bernstein. Visit them at cyberriskopportunities.com and focallaw.com.

Kip Boyle: So, Jake, what are we going to talk about today?

Jake Bernstein: Well Kip, since today is our 50th episode, we're going to talk about the results of our first annual listener survey.

Kip Boyle: Oh, that's great. Well, congratulations are in order, you have officially put up with me for 50 episodes since we-

Jake Bernstein: And vice versa.

Kip Boyle: Yeah. Well, and since we publish every other week, that's a lot longer of a time than listeners may realize.

Jake Bernstein: Well, and what listeners don't know is that we actually rebooted the podcast. So we have been doing this even longer than it seems.

Kip Boyle: Yeah. Yeah. So when was our first show? Did you look it up?

Jake Bernstein: Well, our first episode dropped on June 7th, 2018.

Kip Boyle: Oh man. That's coming up. Right. So almost two years of actual episodes being released. So you guys in our audience have been listening to us now for almost two years, but Jake and I record episodes well in advance of the drop date. Typically, this one we didn't, but typically we do. And so Jake and I have been doing this for well over two years now. So Jake, thank you very much.

Jake Bernstein: And you're welcome and thank you very much. I think both of us were kind of wondering, what's this going to be like, is anyone going to care? And does anyone want to listen to us banter about cyber risk management? And it turns out, yes, people do want to hear it.

Kip Boyle: Some people do, some people do.

Jake Bernstein: Enough to make it worth continuing to do. I know for me, my motivation for doing this in part was I just enjoy podcasts quite a bit. And I thought, okay, it's like reading books. Like I love to read books. Wouldn't it be great if I had a book one day. And so, part of this was like, I'd love to be a podcast producer. Right. It would be fun. And maybe we'd get some great feedback from people and maybe we'd get smarter. And by the way, in case anybody's wondering, we did celebrate our 50th episode by having a really excellent lunch. So Jake and I went to a Taiwanese restaurant in the Seattle area, Din Tai Fung and that was great. So thanks Jake.

Thanks Kip. Yeah. And thanks listeners for sticking with us for so many episodes. It's been great.

Kip Boyle: It's been great. Right, we're going to keep going. And that's why we did the listener survey because we thought, all right, well, we've sort of been winging it these first 49 episodes guessing at what people are going to want to hear us say. And so we did the survey. Thank you everybody for participating. We really appreciate it. Okay. Here's the big reveal, Jake, what did our listeners tell us?

Jake Bernstein: Well, some things that we knew and some things we didn't know. And so I bet you want to hear about the surprising stuff, right?

Kip Boyle: Oh yeah. Tell me what was surprising. What jumped out at you?

Jake Bernstein: Almost a quarter of our audience are not in the United States. I had no idea.

Kip Boyle: I didn't expect that either, in part because we don't have any customers or clients outside of the country that we live in, the US. And it just didn't even really occur to me that anything that ... because we're talking in such a US-centric way about US laws. I mean, we talk about GDPR, but really only from the perspective of how it's affecting American businesses and organizations and so welcome members of our audience that don't live in our country.

Jake Bernstein: So the rest of the rest of the world, right?

Kip Boyle: Yeah. The rest of the world. And so that was such a pleasant surprise. And I guess we're going to have to start talking about meters and leaders in the future. I don't know.

Jake Bernstein: Well, and I think even more specifically, we'll try to keep in mind that, "Hey, the audience here is global. So let's take a global approach." And that means looking at not just GDPR from the perspective of American companies, but also the evolution of GDPR, what it actually ends up meaning in terms of data security and privacy, to some extent. We're not a privacy podcast and we're not going to become one.

Kip Boyle: Yeah. Nobody asked us to do that, just to be clear.

Jake Bernstein: Yeah. Nobody asked us to start talking about privacy all the time, but obviously cybersecurity is an integral part of privacy. So it may come up from time to time and yeah, I think it's really interesting to note that we have so many listeners outside of the US.

Kip Boyle: Mm-hmm (affirmative). So we're going to bear that in mind as we select topics in the future. And as we discuss whatever topic we have, we're going to try to inject a more global approach.

Jake Bernstein: Absolutely.

Kip Boyle: So yeah, so you guys can let us know how well we do when we do our next listener survey in 2021, but what else Jake surprised you?

Jake Bernstein: So, turns out that our audience actually includes some large companies, which you know, quite honestly was not our target market when we launched this podcast. It hasn't been our target market for the work that we do together. And so that's also really interesting.

Kip Boyle: Yeah. I mean, so listeners, you probably know that Jake and I really specialize in serving what we call middle market companies. And the way we define a middle market organization is, annual revenues between say a hundred million US dollars to a billion US dollars here in the United States. And we do have customers all over our country. So when we started the podcast, we thought, well, let's just talk to those folks. Let's produce a podcast that would be interesting to the people that we typically serve. Yeah. Imagine our surprise and pleasure when we realized that actually some of the stuff we say is interesting to those who work at very large companies and international ones.

Jake Bernstein: Yeah, very much so. Well next we learned that most, every respondent works in one of the technology industries, such as internet or telecommunications, but finance and advertising also showed up. And even though our audience appears to skew technical in terms of industry, the job title isn't necessarily super technical at all times. So in case you're wondering, we had a mix of "individual" contributors, a chief information officer, two company owners, which I thought was great, an attorney, which is not me and a consulting senior manager. So, I think the impact on our show knowing this, is really largely to keep doing what we're doing, but to keep in mind that people are interested in cyber risk management. And we don't need to get more technical, is kind of how I think about this.

Kip Boyle: Yeah. I don't believe anybody in the audience is asking us to break out our TCP/IP protocol analyser to start talking about packet capture and protocol analysis. And thank God for that because I don't do that anymore.

Jake Bernstein: And I've never done it. Not on that level, other than maybe playing around with it at home. But yeah, no, I think that's right. In fact, in fact, to really bring this point home, it turns out that survey respondents want us to talk more about risk management frameworks, case studies and I think, not sure what this says about us, but more guests.

Kip Boyle: Well, I like having guests too, even though I like being on an episode with just the two of us, I think guests make it really, really fun. And I want to say something to the audience about guests. Guests are really hard is what we've learned. The logistics of adding a third person to this conversation, to any one episode, is a lot of heavy lifting and we've done it a few times as you all know. So, I speak from that experience. Having said that we have some help now. So we made the decision after having a few guests on the show that there was such so much extra work that we said, we need some help. And so there's a wonderful person at Jake's law firm that has offered to help us act as a guest coordinator. And she's been doing an excellent job at that. So I'm here to say, we are going to have more guests.

Jake Bernstein: Yes. We'll have more guests. And you know, what, if you want to hear about risk management frameworks, then we will bring the frameworks.

Kip Boyle: There sure are plenty of them. I mean, we are not lacking in this world for risk management frameworks. So yeah, but we'll talk more about that. And listeners, if you have a specific suggestion for us or an idea, if there's a particular guest that you'd like us to reach out to, there's no need to wait for us to release an annual survey. You can send us a message anytime you like, and you can either send it to me or you can send it to Jake. My email address is kip@cyberriskopportunities.com. Give them yours, Jake.

Jake Bernstein: I am at Jake, J-A-K-E@focallaw.com. That's F-O-C-A-L-L-A-W.com.

Kip Boyle: And we're happy to hear from you. So drop us a note and give us some suggestions. I think that's the one thing about podcasting that I wish it was a little more real time. I wish there was more interaction with our audience. I wish we knew more about what they were thinking and how they were reacting as we go along, instead of having to do a once a year survey. But there you go, ladies and gentlemen, you're invited to reach out to us at any time.

Jake Bernstein: Agreed, for sure. Anything else you want to talk about on our relatively short episode about the survey, what we're going to do in the future?

Kip Boyle: So that's one of the ways that we're going to celebrate with you, our dear audiences. We're not going to make this a very long episode, but I want to close with something else that I really enjoyed about the survey is, nobody asked us to make any major changes. Nobody said the format was wrong. The length was wrong. You know, get rid of Kip and Jake and bring on two people who really know what they're doing, nothing like that. So we are not planning to make any major changes. So if you were thinking, "Oh man, I'm not going to fill out that survey, but I know everybody else is going to give it to them with both barrels." I think you missed your chance. So-

Jake Bernstein: Yes.

Kip Boyle: ... It's going to be more of what we're doing with a few tweaks, right. Which we talked about, but this is pretty much what you're going to get ladies and gentlemen.

Jake Bernstein: It is, so ...

Kip Boyle: So to celebrate, we're going to close the episode now and give you just a short one this time around, and we really appreciate you guys being along for the ride. I can't believe we've made it to our 50th episode. I'm looking forward to the 100th episode. So-

Jake Bernstein: Absolutely.

Kip Boyle: ... See you next time.

Jake Bernstein: See you next time.

Speaker 1: Thanks for joining us today on the Cyber Risk Management podcast. Remember that cyber risk management is a team sport, so include your senior decision makers, legal department, HR, and IT for full effectiveness. So, if you want to manage cyber as the dynamic business risk it has become, we can help. Find out more by visiting us at cyberriskopportunities.com and focallaw.com. Thanks for tuning in. See you next time.