Cyber risk quantification is becoming one of the most important skills for CISOs and security leaders. In this episode, Debra Baker interviews Chris “CPat” Patterson (Risk Wrangler), a veteran cybersecurity and GRC leader with over 15 years in the industry.Chris shares practical insights into cyber risk quantification, FAIR methodology, cyber risk cadence planning, and how executives should evaluate cybersecurity investments. He explains how organizations can move beyond simple red-yellow-green risk scoring and instead quantify risk in financial terms that executives understand.We also discuss:• How the Cyber Resource Cadence Framework helps CISOs plan security programs• Why risk quantification beats heat maps and ordinal scoring• The difference between FAIR, bow tie models, and other risk methodologies• How organizations should determine their true cyber risk appetite• The importance of resilience, backups, and incident recovery• Why AI will transform GRC and risk management• How post-quantum cryptography may impact cybersecurity in the futureChris also shares lessons from major cyber incidents like SolarWinds and ransomware attacks, including how CISOs can protect themselves when communicating risk to executives and boards.If you’re a CISO, cybersecurity leader, GRC professional, or security practitioner, this conversation will help you better understand how to translate cybersecurity risk into business impact and financial decisions.

Interview with the Aspiring CIO & CISO Book Author: Career Insights and Cybersecurity ChallengesIn this engaging episode, Debra interviews an accomplished author who has written several books aimed at aspiring CIOs and CISOs. The conversation covers the author's journey in writing his books, the inspiration behind them, and his career transition into retirement. They discuss the challenges and rewards of the CISO role, the evolution of cybersecurity, and the future impact of AI on the industry. The author shares valuable insights on mentoring, public speaking, and balancing career with personal life. Don't miss this in-depth discussion filled with practical advice and fascinating stories from the world of cybersecurity.

00:00 Conversations with a CIO/CISO - Interview with David Gee

00:30 Introduction

00:46 Writing the First Book

03:10 The Second Book Journey

05:11 Working with Publishers

08:49 The Third Book

10:30 Retirement and Career Transition

11:38 Consulting and Advisory Work

12:48 Mentoring and Giving Back1

7:19 Evolution of the CISO Role

18:31 AI and Cybersecurity Challenges

22:43 Favorite Stories from the Book

26:49 Wrap Up

In this high-alert episode of CISO Guide to Cyber Resilience, hosts Debra Baker and Isabella Otero break down two massive supply chain cybersecurity threats shaking the industry:

1️⃣ A GitHub Action compromise that leaked CI/CD secrets from over 23,000 repositories, exposing AWS keys, GitHub PATs, and more.

2️⃣ A browser extension hijack that infected over 3.2 million users, turning trusted Chrome and Firefox extensions into tools for data theft and ad injection.

💥 You’ll learn:

• What went wrong with the tj-actions/changed-files GitHub Action (CVE-2025-30066)

• Immediate mitigation steps for DevSecOps teams

• The 16 compromised extensions you must remove now

• Browser hygiene best practices to avoid future attacks

🔐 Whether you're a developer, security leader, or just trying to stay safe online, this episode delivers urgent, actionable insights to help you protect your workflows and personal data.