
Hosted by Kip Boyle · EN
Cyber risk made clear for busy leaders. Cyber threats move fast. Your business must move faster. In every episode, Kip Boyle—author of "Fire Doesn’t Innovate" and CISO at Cyber Risk Opportunities—joins cybersecurity attorney and CISSP Jake Bernstein to break down the latest cyber risk. You’ll hear plain-English explanations of what's going on and what you need to do about it. No jargon. No doom. Just clear steps you can use today to save money, win buy-in, and stay out of the headlines.

Your cybersecurity tools were built for people: a login, a single sign-on, an email address. But the AI agents now showing up inside your company don't work that way, and most of them slip right past your controls. So how do you find the "Shadow AI" already running in your business, and get a handle on it? Let's find out with our guest Nancy Wang, Chief Technology Officer at 1Password, who works at the front edge of how machines get access to systems. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile profile: https://www.linkedin.com/in/wangnancy/ 1Password: https://1password.com/

Would you know if the AI tools your team is buying are actually trustworthy to use? Who gets to decide what trustworthy AI even means? Let's find out with our guest Jim Reavis, CEO of the Cloud Security Alliance, the group that helped the world learn to trust the cloud and is now building the standards for trusting AI. Jim explains how AI is changing what attackers, defenders, and governments can do, and walks through the tools his team built so you can adopt AI without guessing. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Cloud Security Alliance: https://cloudsecurityalliance.org/

Anthropic, the company that built Claude, just accidentally published the full source code of their most important product. And it was their second data exposure in five days. What does this teach every organization buying AI tools right now? Kip Boyle shares the best takeaways from CRO's AI governance training and explains why the risk of AI isn't the AI itself. Your host is Kip Boyle, CISO with Cyber Risk Opportunities. Subscribe to Inflection Point -- https://cr-map.com/inflectionpoint/ SecureWorld AI Security PLUS course -- https://www.secureworld.io/events "Gears Don’t Guess: The Executive’s Practical Guide to Thriving in the Face of AI Hype and Risk" (forthcoming book, Fall 2026) AIR-MAP AI Risk Assessment -- https://air-map.io

In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let’s find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, who lived through that attack and came out the other side with hard-won lessons about executive decision-making under pressure. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/stephanie-warren-0746343/

What does the generative AI conversation actually sound like inside a boardroom? Is the board ready to govern it? And what do board members wish CISOs understood about how they make decisions? Let’s find out with our guest, Vanessa Pegueros, former CISO at Docusign and U.S. Bank, and current board member at LivePerson and BECU. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/vanessapegueros Website – https://vanessapegueros.com

Anthropic released Claude Mythos Preview. The headline is "AI can now find zero-days." Yes, but the real story is the gap between what AI finds and what organizations can fix. About 99 percent of Mythos findings are still unpatched. We cover what Mythos is in plain English, why the patching gap matters most, what duty of care means when your board knows these tools exist, where AIR-MAP fits, and why most advisors skip data sovereignty. Hosts: Kip Boyle, CISO, Cyber Risk Opportunities; Jake Bernstein, Partner, K&L Gates. Anthropic Claude Mythos Preview https://red.anthropic.com/2026/mythos-preview/ AISLE / Stanislav Fort, "AI Cybersecurity After Mythos: The Jagged Frontier" https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier AIR-MAP overview https://air-map.io/

A Stripe employee hid a message in his LinkedIn profile telling any AI that read it to include a flan recipe. A month later, an AI recruiter emailed him one. It's funny until you realize the same technique can exfiltrate data, generate phishing content, or hijack automated business processes. What is prompt injection, why does OWASP rank it as the number one risk to large language models, and what should you do about it? Let's find out. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. OWASP Top 10 for LLM Applications -- https://genai.owasp.org

What happens when a cybersecurity team designs controls without asking the business what they need? And what role exists specifically to prevent that? Let's find out with our guests Brian Shea and Maggie Amato, former Business Information Security Officers at Salesforce. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Brian Shea's LinkedIn profile -- https://www.linkedin.com/in/brianshea/ Maggie Amato's LinkedIn profile -- https://www.linkedin.com/in/maggie-amato-021624164/

Fire hasn't changed since the dawn of humanity, but our cyber adversaries evolve every single day. What happens when organizations spend $10 on AI transformation for every $1 on cybersecurity? In this special ROCon 2025 keynote replay, Kip shares two stories that changed how he thinks about risk: a "perfect" employee who became an insider threat in four weeks, and a $12M deepfake that defeated every technical control on the dashboard. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Get Kip's book, "Fire Doesn't Innovate" 2nd Edition -- https://a.co/d/0bYatohy

Privacy laws keep multiplying, regulations keep changing, and AI is making everything more complex. How do businesses build privacy compliance that actually sticks instead of just checking a box? Let's find out with our guest Jordan Fischer, Founder and Partner at Fischer Law and Cybersecurity Lecturer at UC Berkeley. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Jordan Fischer's website: https://jordanfischerlaw.com Shoshana Zuboff's book: https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism