Joshua Copeland's cyber security moniker is "The Unpopular Opinion Guy", while most of us in security roles have been that person with an unpopular opinion at least a time or two, Copeland turned it into both a book and a bit of a movement through numerous posts on Linkedin about many of the challenges in our industry.

That said, this is not a mud slinging episode, Joshua had numerous, pragmatic examples of both the problem space and ways to address them. There are a lot of misconceptions about cyber security but there are also a wide array of real world impacts in our daily lives making this a very difficult area to master. Mr. Copeland has some of the unlock codes, making for another compelling episode.

"Legal and Regulatory" is a common receptor category in most enterprise risk matrices but with any luck most organizations have limited direct experience with cyber litigation matters. This episode jumps right into the deep end with one of Canada's preeminent cyber lawyers, Brent Arnold. Business law has evolved over hundreds of years, cybersecurity precedents began to appear on the legal landscape in the late 1980s and AI is the new kid on the block, barely out of diapers.

While this episode can not be considered legal advice the chance to listen in on the ideas and opinions of from someone on the frontlines of this emerging risk vector should not be missed.

Cyber crime is now a daily fact of life and a significant concern in both the private and public sectors but our response capabilities do not seem to be keeping up. This episode dives deep into one organization that is combatting this problem with a combination of academic research, industry expertise and hands-on training with the founder and CEO, Herbert Fensury.

While cyber security is a global problem, economics and politics dictate different solution requirements. The Canadian Cyber Assessment, Training and Experimentation (CATE) Centre is both cutting edge and focused on Canadian cyber resilience at both a regional and national level.

20 years after their paths first crossed, three Canadian security professionals regroup to discuss a new risk management strategy book based on hard won field experience. Patrick Hayes was a security strategist before organizations knew this was success differentiator. For decades he has been guiding organizations large and small, public, private and government on balancing business objectives with security. Mr. Haye's new book "Integrated Assurance: Unified Risk Strategy" is destined to become a reference for others tasked with supporting enterprise security and he has recently added a Substack series on the emerging threats of AI, again from the focus of an adversary intent on mission interruption.

Part 2 of this summer break episode takes a bit of a light hearted look at the cyber security industry predictions that become the norm in late December and early January. Eight or nine months later, how accurate where they? Take a listen, there are a couple surprises.

The conversation uncovers a few ongoing challenges with the cyber security industry, from the digital divide associated with aging to organizational shifts away from engineering principles.

A book by security pioneer Bruce Schneier is mentioned late in the show and Doug managed to mangle the title twice, but did read, and does recommend the book.

The summer show started with the light hearted goal of evaluating the top security predictions that fill the internet in late December each year. Forever unscripted, Tim and Doug wind up reflecting on the growing gap between physical and virtual information systems.

While it is easy to lament, from a cognitive perspective there is little hope, the BSides movement, alive and well in Western Canada, is helping address that. It is almost inevitable that security and risk conversations involving society veer into AI, but get back on track with ESRM.

Stay tuned for the predictions portion in part 2.

Enterprise Security Risk Management (ESRM) principles appear in almost every episode and this one is a bit more overt because it features two of the three people responsible for promoting ESRM in the early days of it's reintroduction through ASIS.

John Petruzzi is now the CEO of Unlimited Technology and leading them toward an expanded influence in the enterprise security industry, sharing insights for what works with fortune 250 organizations, government and even local school boards. As the title implies, resilience is the discipline most organizations need to improve upon, and Mr. Petruzzi's personal and professional opinions on this gap may surprise some.

The threat landscape is changing at a pace and breadth few could have predicted, those that navigate it well will prosper.

The Caffeinated Risk hosts navigate time zones and catch up with Dominic Bowen traveling between meetings to discuss risk management with an international expert on the subject. Mr. Bowen is a partner and Head of Strategic Advisory at 2Secure, one of Europe's leading risk management consulting firms, as well as the host of the International Risk Podcast.

Political tensions are higher than they have been for years and there is seldom a month that goes by without a technical disruption that affects numerous businesses and services due to the interconnected nature of our modern world.

Despite the serious topics covered, Dominic Bowen offers some practical solutions based on experience in the business world , the higher stakes of military service and humanitarian relief offering an unexpected, potentially positive outcome. I.E., accepting the tempo of constant crisis and becoming and effective manager of those risks can actually accelerate success.