
Hosted by Wil Klu · EN

Ransomware response gets a lot harder when panic, money, law enforcement, insurance, and attackers all collide.Wil hosts Kurtis Minder, author of Cyber Recon, longtime cyber operator, former CEO, and ransomware negotiator, for a grounded conversation on cyber espionage, dark web intelligence, ransomware negotiation, and personal cyber hygiene. Kurtis explains what human-led threat intelligence looks like, why negotiation is partly psychology, and how victims can make better decisions under pressure. This episode is for cyber leaders, business executives, founders, and anyone who wants to understand how cyber risk works in the real world.Key takeaways:• Learn how cyber espionage supports threat intelligence• Understand what happens during ransomware negotiation• See why response requires calm leadership, not just technical skill• Explore how attackers use supply chains and personal data• Improve your thinking around cyber hygiene and riskFind Kurtis: www.kurtisminder.comhttps://www.cyberreconbook.com/https://www.linkedin.com/in/kurtisminder/Follow The Keyboard Samurai for more conversations on cyber, tech, business, and leadership. Leave a review and share this episode with someone responsible for cyber risk or business resilience.

AI agents need governance before they get access to your business.In this episode of The Keyboard Samurai, host Wil Klu talks with Christophe Foulon about agentic AI governance, AI identity management, data governance, and the business risks created when AI agents can act inside real systems. Christophe brings 20+ years in tech and IT, with experience across Microsoft 365, Purview, cloud modernization, regulated industries, and hybrid environments.Key takeaways:• Start AI governance with intent, access, and ownership• Treat AI agents as non-human identities with real risk• Threat model agents before they touch sensitive systems• Use clearer context to reduce token spend and bad outputs• Build the business case for specialized AI tools• Connect AI productivity to security, compliance, and business outcomesFollow The Keyboard Samurai for more conversations on cyber, AI, leadership, and the business side of technology.Find Christophe on Linkedin: https://www.linkedin.com/in/christophefoulon/

AI adoption is no longer just an innovation project. It’s a business, security, and workforce transformation problem all at once.In this episode, Wil Klu sits down with Matt Sharp, CSO at Xactly and co-author of The CISO Evolution, to talk about how companies should approach AI adoption when the rules are still being written. They cover AI governance, cybersecurity risk, design partnerships, learning curves, small language models, token costs, and the growing pressure to turn AI experiments into real business outcomes.Key takeaways:• Why AI adoption requires agility, not fixed best practices• How CISOs can help secure fast-moving AI bets• Why teams need hands-on AI learning, even without production use• How token costs and prompt quality may change workforce value• Why private equity and investors are pushing AI toward measurable outcomes• How design partnerships can help security teams keep paceFollow The Keyboard Samurai for more conversations on cyber, AI, leadership, and the business side of technology.Find Matt: https://www.linkedin.com/in/ciso-mba/https://www.cisoevolution.com/His book: https://www.amazon.com/CISO-Evolution...Co authored with Rock Lambros who was also on KBS: https://open.spotify.com/episode/1hC2q4dwvLqfJ65SHqqWdr?si=3GtedE4sRy6BCXteD2Bf-A

Threat actors don’t always "break in" anymore. They log in with real credentials.Wil hosts Randall Jackson, CISO at Income Research and Management, for a clear conversation on modern cyber attacks, identity compromise, AI-powered phishing, MFA fatigue, vulnerability prioritization, and the real pressure CISOs face. Randall brings 30+ years in IT and cyber, with experience across MSPs, MSSPs, and financial services. This episode is for business leaders, CISOs, IT leaders, and anyone trying to understand how cybersecurity works in the real world now.Topics covered:• Why identity compromise changed the attack model• How AI makes phishing cleaner and harder to spot• Why once-a-year security training is not enough• How FIDO keys, MFA, PAM, and zero trust reduce risk• How CISOs prioritize vulnerabilities through business context• When outsourcing, managed security, or fractional CISO help makes senseFollow The Keyboard Samurai for more practical conversations on cyber, tech, leadership, and business risk.Find Randall: https://www.linkedin.com/in/randall-jackson-41ciso/

Cyber insurance is not a checkbox. It is risk transfer, and the details matter.Host Wil Klu talks with Will Brooks of U.Kon, formerly FifthWall, about how cyber insurance really works, why many businesses are underinsured, and how leaders should connect cybersecurity risk to financial impact. This episode is for business owners, CFOs, CISOs, CIOs, MSPs, and advisors who need to understand cyber policies without getting buried in insurance jargon.Key takeaways:• Why cyber insurance got more serious after COVID and ransomware growth• How to think about policy limits based on actual business loss• Why CISOs often understand the risk, but CFOs need the dollars• What MSPs and consultants can say without trying to sell insurance• Why add-on cyber coverage may not be enough• How comprehensive cyber insurance covers more than one type of incidentFollow The Keyboard Samurai for more plain-English conversations on cybersecurity, business risk, and technology leadership.Find Will: https://www.linkedin.com/in/wi1bo/

Manufacturing cybersecurity is not about buying every tool. It is about knowing what can hurt the business, what matters first, and how to fund the right work.In this episode of The Keyboard Samurai, host Wil Klu talks with Craig Duckworth, Director at Barry-Wehmiller Design Group, continuing conversation from from @industrialcybersecurityinsider podcast about OT cybersecurity, industrial risk, cyber insurance, business impact analysis, and security budgeting. Craig brings real-world industrial cybersecurity experience from systems integration, risk mitigation, and manufacturing environments where old assets, new connectivity, and limited budgets collide. This conversation is for manufacturing leaders, CIOs, CISOs, IT teams, OT teams, and executives who need a clearer way to protect production.Key topics covered:→ Turning OT cyber risk into business impact→ Prioritizing security spend when budget is limited→ Protecting legacy manufacturing systems→ Explaining cyber risk to leadership and boards→ Understanding cyber insurance limits→ Building a practical security roadmap→ Knowing when to use outside partnersFollow The Keyboard Samurai for more conversations on cyber, technology, leadership, and the business side of security.Wil: https://www.linkedin.com/in/wilklu/viLogics: https://www.linkedin.com/company/vilogicswww.vilogics.comCraig: https://www.linkedin.com/in/craigaduckworth/BW Design Group: https://www.linkedin.com/company/barry-wehmiller-design-group/http://www.bwdesigngroup.com/

Cars are collecting business data, and most security programs are pretending they are still just transportation.Wil Klu hosts Merry Marwig, VP of Global Communications and Advocacy at Privacy4Cars, to unpack why corporate cars, rentals, fleet vehicles, and personal vehicles used for work need to be treated like endpoints. They talk through the data stored in modern vehicles, why infotainment systems create real privacy and security risk, and how CISOs can build vehicle data deletion into policies, vendor contracts, and lifecycle processes.In this episode:• Why cars are overlooked endpoints in cybersecurity programs• What sensitive data can remain inside infotainment systems• How fleet vehicles can expose corporate and employee data• Why NIST 800-88 and certificates of deletion matter• What CISOs should require from automotive vendors• How vehicle privacy affects companies and consumersFollow The Keyboard Samurai for more plain-English conversations on cyber risk, leadership, and the business side of technology.Find Merry: https://www.linkedin.com/in/marwig/

Cybersecurity gets messy when teams buy tools before they understand the business.In this solo episode of The Keyboard Samurai, host Wil Klu breaks down how to build a cybersecurity program that fits the business instead of drowning it in tools, compliance checkboxes, and noise. Wil walks through the real sequence: business mission, risk appetite, compliance baseline, asset visibility, business impact analysis, risk assessment, frameworks, budget, roadmap, and execution. This is for executives, CISOs, CIOs, IT leaders, and security teams who need a practical way to build or mature a cybersecurity program.Key takeaways:• Build cyber around the business mission• Treat compliance as the baseline, not the goal• Identify assets, data, owners, and critical processes• Use business impact to prioritize cyber risk• Turn gaps into a funded cybersecurity roadmap• Build programs for resilience, monitoring, vulnerability management, and recoveryFollow The Keyboard Samurai for more practical conversations on cybersecurity, business, and leadership.

Building control systems are no longer invisible infrastructure. They’re business risk, safety risk, and operational resilience risk.Wil Klu hosts Fred Gordy, SVP of Secure Connected Solutions at KMC, to unpack what leaders need to understand about BCS, ICS, OT cybersecurity, and secure buildings. Fred shares lessons from decades working with system integrators, asset owners, consultants, and manufacturers. This episode is for CISOs, CIOs, facility leaders, building owners, and executives who need to understand how cyber risk shows up in the physical world.Key takeaways:• Know what you have, how it’s connected, and who has access• Understand how BCS differs from ICS and traditional IT• Reframe building security around operational resilience• Learn why downtime, safety, and public perception change the risk conversation• Hear real-world examples from commercial buildings, hospitals, and facilitiesFollow The Keyboard Samurai for more conversations on cyber, tech, leadership, and business risk.Find Fred on Linkedin: https://www.linkedin.com/in/fredgordy/

Cybersecurity is easier to grow in when you stop trying to do it alone.Host Wil Klu talks with Ken Fishkin, a 20-year consultant, Loewenstein Sandler cybersecurity professional, and president of the ISC2 New Jersey Chapter, about how community changes careers. They dig into cyber meetups, mentorship, internships, public speaking, career transition, and why local security communities can create real opportunities for students, practitioners, CISOs, vendors, and people trying to break into cybersecurity.Key takeaways:• Why cybersecurity community is more than networking• How virtual events helped people connect during COVID• How mentorship and internships help people enter cyber• Why career changers need relationships, not just resumes• How volunteering builds speaking, leadership, and event skills• What makes SECON a practitioner-driven cyber conferenceFollow The Keyboard Samurai for more conversations on cybersecurity, leadership, career growth, and the business side of cyber.Find Ken : https://www.linkedin.com/in/kfishkin/