Host Jeff Edwards sitsdown with Chuck Brooks—adjunct professor at Georgetown andpresident of Brooks Consulting—to cut through the noise on SMB cybersecurity.From AI-supercharged phishing and IoT sprawl to zero trust, CMMC/NIST, and why MFAisthe #1 first step, Chuck translates complex threats into clear actions anysmall or midsize business can take today.
You’ll learn
Resources: Free guides at SafeHouseInitiative.org (notracking, no fees)
Guest: Chuck Brooks • Host: JeffEdwards
🎬 Production Team:
Alan Gin – Executive Producer
Jen Carpenter – Editor & Post ProductionSupervisor
Keith Fukuhara – Production Manager &Technical Director
Dorian Naveh – Marketing & Social MediaManager
#️⃣ Hashtags:
#CyberSecurity #SMB #SmallBusiness #AI#Phishing #MFA #ZeroTrust #CMMC #NIST #IoT #OTSecurity #RiskManagement#BusinessContinuity #IncidentResponse #SafeHousePodcast
Why do only ~4% of small and midsize businesses carry a standalone cyber policy? Host Jeff Edwards digs in with returning guest Eric Cernak (Hanover Insurance Group) to separate myth from reality and lay out practical next steps for SMBs, brokers, and MSPs.
In this episode:
Who should listen: SMB owners, CISOs at resource-constrained orgs, MSPs, brokers/agents, and anyone shaping cyber risk decisions.
Resources: Free guides & checklists at SafeHouseInitiative.org (no logins, tracking, or fees)
Hosts & Guest: Jeff Edwards • with Eric Cernak
#️⃣ Hashtags:
#CyberInsurance #SMB #SmallBusinessSecurity #BusinessContinuity #Ransomware #RiskManagement #InsuranceBrokers #MSP #SupplyChainRisk #GenerativeAI #DataBreach #SafeHousePodcast
And that's a wrap on our Cyber Insurance Summer Series! 🎬 In this must-watch conclusion, series co-host Tawana Johnson joins Jeff Edwards to distill the biggest lessons, surprising insights, and actionable advice from our expert guests.
If you're a small to mid-size business owner trying to navigate the complexities of cyber insurance, this episode ties everything together. Tawana walks us through the entire lifecycle—from quantifying risk and applying for a policy to handling a claim and dealing with potential litigation. Find out the key themes that every single expert agreed on and the concrete steps you can take today to protect your business.
-------------
Key Takeaways from the Series
Throughout the series, our experts consistently highlighted several crucial themes:
🔑 Know Your Data: Understanding what data you have and where it's stored is the foundation of your entire security and insurance strategy.
🤝 A Good Broker is Essential: An educated broker is your guide through the application, risk quantification, and claims process.
⏰ Timely Notification is Critical: Report incidents to your broker and insurance carrier immediately to ensure coverage.
⚖️ An Emerging Area of Law: There isn't much case law for cyber claims, making settlements common and expert guidance vital.
🎯 "It's Not If, But When": Every organization, regardless of size, is a target.
-------------
Top 4 Action Items You Can Do Today
Want to improve your cybersecurity posture right now? Our guests recommend focusing on these four things:
Know Your Data: Identify and classify all the data you handle.
Enable Multi-Factor Authentication (MFA): Enforce it for every user on every application.
Maintain Good Backups: Ensure you are backing up frequently and that your backups are secure. This is your best defense against paying a ransom.
Have an Incident Response Plan: Create a plan and have a team in place before an incident occurs. Important: Keep a printed copy offline!
-------------
About The Safe House
The Safe House podcast is brought to you by The Safe House Initiative. We're dedicated to providing insights and practical advice to help organizations become more secure and resilient.
Connect with us:
📧 Email: info@safehouseinitiative.org
💻 Website: https://safehouseinitiative.org
Thanks for joining us! Remember to be safe, be resilient, and be kind.
#CyberInsurance #SmallBusiness #Cybersecurity #RiskManagement #DataBreach #IncidentResponse
In this episode of the Safe House Initiative, hosts Jeff Edwards and Tawana Johnson are joined by Ted Brown, a partner at Lavin Rindner Duffield. Ted provides an expert legal perspective on cyber claims, discussing how they are far more complex than traditional insurance claims due to a multitude of moving pieces. He highlights common coverage disputes, such as late reporting and application issues, and stresses that cyber insurance is meant to bring a business back to where it was, not to "make them better." Ted advises that the single most important step for any business is to work with their insurer and legal counsel as soon as an incident occurs, as this can prevent massive headaches and ensure a smooth recovery.
#CyberClaims #LegalPerspective #InsuranceLaw #CyberResilience #SMBs #IncidentResponse #RiskManagement #LegalCounsel #SafeHouseInitiative
In this episode of the Safe House Initiative, host Jeff Edwards and Tawana speak with Jane Warring, a partner at Zel Law, who specializes in handling business interruption (BI) claims. She shares her expertise on the complexities of these claims for small and midsize businesses, emphasizing the importance of documentation and proving causation.Jane also reveals how the cyber insurance market is shifting to favor buyers, offering more competitive and broader policies. Don't get caught unprepared. Learn why your business needs to have the right team in place, including forensic accountants, and how a prompt claim submission can make all the difference in your recovery.#CyberInsurance #BusinessInterruption #Cybersecurity #SMB #LegalAdvice #RiskManagement #ZelLaw
In this episode of the Safe House Initiative, host Jeff Edwards and Tawana Johnson speak with Chris Wood, a partner at Lewis Brisbois law firm, on the complexities of data breach litigation. He reveals that class action lawsuits have surged sixfold and are now targeting small and midsize businesses, not just large corporations. The litigation process often begins with regulatory breach disclosures, with plaintiffs' attorneys focusing on claims of negligence and breach of contract.Wood emphasizes that businesses can mitigate risk by implementing strong cybersecurity policies, conducting penetration tests, and adhering to standards like NIST and ISO. He also stresses that cyber insurance is essential for covering the high costs of legal defense and settlements.#DataBreach #Cybersecurity #CyberLiability #LegalRisk #ClassAction #SMBs #CyberInsurance #NIST #Compliance #LewisBrisbois
In this podcast episode, we feature cyber claims examiner Toni Sukhan as she outlines the critical steps businesses must take when facing a cyber incident. Sukhan, with over 20 years of experience, stresses the immediate need to notify an insurance carrier to ensure coverage and proper handling. She details a multi-disciplinary process involving breach counsel, forensic IT experts, and forensic accountants, explaining how this team manages incidents from initial notification to investigation and recovery. Sukhan also highlights the careful and highly-regulated decision-making process involved in ransom payments, which are treated as a last resort and require thorough assessment, legal compliance, and expert negotiation to mitigate risk and ensure a safe recovery of data.The episode particularly emphasizes the vulnerability of small to medium-sized businesses, which are disproportionately targeted by cybercriminals. According to Sukhan, the most crucial preventive measure for these businesses is maintaining viable and frequent data backups. She likens the cyber claims process to emergency room triage—stabilizing the situation, restoring systems, and then reconciling losses. This structured approach, combined with the expert management of ransom negotiations, underscores the complexity of modern cyber claims and the necessity of proactive preparation and a clear incident response plan.#CyberClaims #Ransomware #Cybersecurity #DataBreach #SmallBusinessSecurity #Insurance #IncidentResponse
Brandy Vargas, Senior Manager of Cyber Solutions at Crum & Forster, offers crucial insights for small to midsize businesses (SMBs) on cyber insurance. She emphasizes that these policies are not like traditional insurance and require proactive engagement. Brandy stresses the importance of thoroughly understanding your policy's nuances, like sublimits and exclusions, to avoid being caught off guard. She also highlights the immense value of the free resources often included with policies, such as phishing simulations and incident response templates, which can dramatically improve an SMB's cyber defenses at little to no cost.The episode also focuses on proper incident response. Brandy warns against the common mistake of reacting to a cyber event by acting alone, as it can jeopardize legal protections and insurance coverage. She strongly advises that SMBs immediately engage their insurer's emergency response teams to ensure the incident is managed correctly and privileged communications are preserved. Her core message is that SMBs must build strong relationships with their brokers and carriers to access expert support, prevent recurring attacks, and ultimately strengthen their cyber resilience.#CyberInsurance #SMBs #RiskManagement #Cybersecurity #IncidentResponse #SmallBusinessTips #CrumAndForster #CyberResilience #BusinessSecurity
In this episode of the Safe House Initiative, we're joined by Heather Mongeau, VP and Director of Cyber Product Solutions at Allied World Insurance Company. Heather takes us deep into the world of cyber underwriting and its critical role.
She clarifies that cyber insurance is more than just financial aid post-incident; it's about proactive risk management, including services like penetration testing and vulnerability assessments. Heather stresses the vital importance of accurately completing cyber insurance applications, especially for SMBs, and highlights how essential Multi-Factor Authentication (MFA) and other strong security controls are for securing coverage.
Key insights you'll gain:
Heather emphasizes that cyber insurance is an evolving field, urging businesses to partner closely with brokers and carriers to find tailored coverage. Don't face cyber threats alone – leverage these resources to strengthen your security posture.
What's one security control your business uses that you think is absolutely crucial for cyber insurance? Let us know in the comments!
#CyberInsurance #Underwriting #Cybersecurity #RiskManagement #SMBs #MFA #IncidentResponse #CyberAttacks #BusinessSecurity #AlliedWorld
In this episode of the Safe House Cyber Insurance Summer Series, we dive deep with Ryan Mercer, VP of Cyber at McGriff brokerage. With over a decade of experience, Ryan pulls back the curtain on the evolving world of cyber insurance.
He explains why many small to medium-sized businesses (SMBs) still aren't getting cyber coverage, shedding light on challenges like broker education and the increasingly detailed application process.
Here's what you'll learn:
✅ The crucial role of brokers: How they're becoming consultative advisors, guiding clients on cybersecurity best practices (like MFA and EDR) to help them get better insurance terms.
✅ Why prompt incident notification is key: Why you must immediately tell your broker and insurer if a cyber incident occurs for smooth claims and recovery.
✅ The truth about cyber insurance: It's not a magic shield that prevents attacks. It primarily helps with the aftermath—think legal fees and recovery services—but it doesn't protect your reputation or guarantee business continuity.
✅ A dynamic market: Understand how this relatively young market is rapidly changing, with new tools like automated underwriting emerging.
This conversation bridges the gap between insurance and effective cybersecurity, highlighting how well-informed brokers are essential partners in navigating today's complex cyber risk landscape.
What's your biggest takeaway about cyber insurance? Share your thoughts in the comments below!
#cyberinsurance #SMBsecurity #Cybersecurity #RiskManagement #BrokerAdvice #MFA
In this episode, Jeff Edwards and Tawana Johnson from the Safe House Initiative podcast are joined by Steven Schwartz, Chief Insurance Officer at Safe Security, to kick off their cyber insurance summer series. Steven emphasizes that cyber risk quantification (CRQ) is essential for making informed decisions about cyber insurance.He explains that CRQ translates technical cybersecurity metrics into business-relevant financial terms, moving beyond inaccurate methods like basing limits on revenue. Every organization has a unique risk profile, making a data-driven approach crucial for balancing risk mitigation, transfer, and acceptance.Steven highlights the FAIR Institute's methodology as the global standard for CRQ, stressing the need to understand asset values and the business context, including often-overlooked business interruption risks. For practical CRQ, he suggests starting with basic metrics like sensitive data volume and revenue, using public breach cost data to estimate potential losses.The conversation also covers common overlooked risks, such as third-party vendor vulnerabilities and social engineering, with the human element remaining the weakest link, now amplified by AI tool usage. Steven then introduces emerging security warranties as alternatives to traditional insurance, offering faster payouts embedded within cybersecurity products. He also discusses how insurtech MGAs are simplifying cyber insurance for SMBs, providing quick, affordable policies and incident response services.Steven concludes by advising security leaders to quantify cyber risk in financial terms to better communicate with executives and boards, enabling smarter decisions and stronger cybersecurity.Key Takeaways:- Cyber Risk Quantification (CRQ) is vital for understanding your actual risk and making informed cyber insurance decisions.- Traditional methods of setting insurance limits are often flawed; every organization's risk profile is unique.- The human element remains a significant vulnerability, exacerbated by new technologies like AI.- Emerging security warranties and insurtech MGAs are changing the landscape of cyber risk financing.- Translating cyber risk into financial terms is key for effective communication and strategic cybersecurity.#CyberInsurance #CyberRisk #Cybersecurity #RiskManagement #CRQ #SafeSecurity #Podcast #TechTalk #DataSecurity #BusinessInterruption #FAIRMethodology #Cybercrime #Insurtech #SMBsecurity #RiskQuantification #StevenSchwarz #SafeHouseInitiative
The Safe House Initiative podcast, hosted by Jeff Edwards and co-hosted by Tawana Johnson, delves into cyber insurance for small to mid-sized businesses. This series builds on previous discussions about incident response flaws, now focusing on the lifecycle of cyber insurance from risk assessment to claims and litigation.Tawana Johnson, a former litigator and current cyber breach coach at Lewis Brisbois, shares her expertise in handling cyber incidents like ransomware attacks, emphasizing cyber insurance's role in mitigating damage. A key point is the alarmingly low adoption rate (around 4%) of standalone cyber insurance policies among SMBs, attributed to a lack of understanding or perceived complexity.Tawana explains her role as a breach coach: supporting clients in crisis, ensuring attorney-client privilege during investigations, and coordinating with insurance carriers, forensic teams, and vendors to navigate legal obligations and recovery.The upcoming series will cover risk quantification, the role of brokers, underwriting, the claims process, class-action litigation, coverage disputes, and business interruption claims. Tawana highlights the evolving nature of cyber insurance, with carriers now using threat intelligence and penetration testing. She stresses the vital importance of standalone cyber insurance, as standard property and casualty policies often fall short in cyber coverage.Overall, the episode introduces the complexities of cyber insurance, addressing long-term risks beyond immediate incident response. The goal is to raise awareness, boost adoption, and offer practical guidance for SMBs to better protect themselves from cyber threats.Highlights:🔹 Low Adoption: Only ~4% of SMBs have standalone cyber insurance.🔹Breach Coach Expertise: Tawana Johnson offers unique insights from her legal and breach coaching background.🔹Privilege & Coordination: Breach coaches are key to maintaining attorney-client privilege and managing incident response.🔹Risk Quantification: Essential first step before purchasing insurance.🔹Educated Brokers: Crucial for proper cyber insurance advice.🔹Comprehensive Series: Covers claims, litigation, and disputes.🔹Standalone Policies: Provide critical, specialized cyber protections.Key Insights:🔹Awareness Gap: Low adoption indicates a lack of understanding and accessibility of cyber insurance.🔹Breach Coach Role: Provides crucial legal and emotional support, ensuring privileged communication.🔹Evolving Market: Requires greater due diligence due to sophisticated underwriting (e.g., pen testing).🔹Broker's Pivotal Role: Knowledgeable brokers are essential for appropriate policy selection.🔹Incident Response Coordination: Multi-stakeholder collaboration, often led by a breach coach, is vital.🔹Litigation Risk: Increasing class action lawsuits and coverage disputes necessitate preparedness.🔹Standalone Benefits: Offer unique services (breach coaches, negotiation support) beyond financial coverage.This episode aims to empower businesses with knowledge and strategies for managing and mitigating cyber risks in the digital world.#CyberInsurance #SMBsecurity #Ransomware #Cybersecurity #BusinessProtection
In this episode of the Safe House Initiative, host Jeff Edwards welcomes Craig Bowman, Vice President at Trellix and the visionary founder of The Redwood Project. Their conversation dives deep into the urgent need for a federal cyber enterprise that seamlessly integrates public and private sector efforts to fortify national cybersecurity.Craig shares his unique journey, from his early days in business and computers to pivotal roles within the Department of Defense, Adobe, Verizon, VMware, and now Trellix. His extensive background in both offensive and defensive cyber operations has shaped his profound understanding of the industry's collaborative needs.Discover the origin story of The Redwood Project, born from the recognized gap in government-private sector cyber collaboration, particularly post-Snowden. Craig unveils the project's five key workstreams, designed to bridge this divide: expanding the Special Government Employee Program, creating proactive disruption strategies, fostering voluntary partnerships through "Operation Dynamo," introducing vital legal protections, and bolstering cybersecurity for smaller companies.The discussion also explores navigating legislative challenges, the current administration's approach to deregulation and AI in cybersecurity, and the critical role of Information Sharing and Analysis Centers (ISACs). Craig emphasizes empowering small and medium businesses, advocating for democratized access to cybersecurity resources through grants and incentives.This episode offers invaluable insights into creating a more resilient cybersecurity landscape for the United States, highlighting the power of collaboration and strategic foresight.Key Takeaways:🔹 The essential role of a unified federal cyber enterprise.🔹 Challenges and strategies for enhancing public-private cybersecurity collaboration.🔹 The Redwood Project's five key initiatives for national cyber security.🔹 The impact of legislative changes and the current administration's focus on AI.🔹 How to empower small and medium businesses in national security efforts.Tune in now to understand how leaders like Craig Bowman are shaping the future of cybersecurity collaboration and protecting our digital infrastructure!Don't forget to like, subscribe, and follow the Safe House Initiative for more critical discussions on national security and cyber defense!#SafeHouseInitiative #Cybersecurity #NationalSecurity #RedwoodProject #CraigBowman #Trellix #PublicPrivatePartnership #CyberDefense #CyberThreats #Podcast #JeffEdwards
In this episode of the Safehouse Initiative, host Jeff Edwards sits down with Darren Hartvigsen, a former technical services agent and cyber program manager for the Air Force Office of Special Investigations (OSI). Now a leader in the commercial cybersecurity sector, Darren shares his incredible career journey, offering invaluable insights into the evolving world of cybercrime and defense.
From traditional surveillance in the late 90s to pioneering cybercrime investigations, Darren reveals how the digitization of everything transformed his roles. Discover the pivotal shift from reactive incident response to proactive threat pursuit, and how government cyber operations have increasingly converged with commercial cyber intelligence.
Darren sheds light on his move from military and government into the private sector, driven by the expanding monetization of cyber threats like ransomware and extortion. Learn why cyber threat intelligence and active countermeasures gained prominence around 2019-2020, reshaping the landscape for everyone involved.
The conversation delves into the inevitable integration of government and commercial cybersecurity efforts, highlighting how even core government functions like the Common Vulnerabilities and Exposures (CVE) process are now influenced by commercial entities. Darren envisions a hybrid cyber ecosystem where seasoned government professionals leverage their expertise in commercial roles to fill critical gaps.
For anyone considering a transition from government service to the private sector, Darren offers essential advice: seek mentorship, embrace optimism, and project confidence. He emphasizes the crucial role of networking and believing in your value to thrive in a new environment.
Darren Hartmixson's story is a practical and hopeful roadmap for cyber professionals navigating career transitions, reflecting the broader trends of collaboration, evolution, and resilience in cybersecurity.
Key Highlights:
✅ Darren's career evolution from traditional surveillance to cybercrime investigation with Air Force OSI.
✅ The strategic shift from reactive incident response to proactive threat pursuit in cyber operations.
✅ Why the expanding monetization of cyber threats fueled his transition from government to commercial cybersecurity.
✅ The increasing integration and hybridization of government and commercial cybersecurity sectors.
✅ Critical advice for career transition: mentorship, optimism, confidence, and networking.
Tune in now to gain a deeper understanding of the future of cybersecurity and how expertise from both government and commercial sectors is shaping our digital defense.
Follow the Safehouse Initiative for more in-depth discussions with leading experts in national security and cyber defense!
#SafehouseInitiative #Cybersecurity #CareerTransition #GovernmentToCommercial #CyberThreatIntelligence
What does it take to defend national infrastructure in a rapidly evolving threat landscape? In this episode of the SafeHouse podcast, host Jeff Edwards sits down with Luke Tenery, Partner at StoneTurn and former cybersecurity leader at Kroll, to unpack the human and technical layers of building a federal threat pursuit model.With experience rooted in digital forensics, incident response, and working alongside former federal agents, Luke shares how blending public-private talent is reshaping how agencies and vendors approach threat defense. From cyber leadership and culture to the future of enterprise-wide visibility, this episode takes you inside the evolution of cyber strategy at the national level.💡 Why public-private collaboration is vital for modern threat pursuit🔍 How the government is aligning with commercial best practices🔐 The role of mission clarity and culture in building cyber resilience#Cybersecurity #FederalIT #ThreatPursuit #DigitalTrust #RiskManagement🎧 Watch now and learn how federal cybersecurity is becoming more proactive, agile, and integrated than ever.
System Backup operations are often viewed as separate from the Cybersecurity policies and procedures. But listen to W. Curtis Preston, known in the industry as "Mr. Backup” & host of "The Backup Wrap-up" podcast, discuss with Jeff Edwards, Co-Chairman of the SafeHouse Initiative, the importance of Backup as part of your cybersecurity and operational resilience plan.
Jeff Crume, IBM Distinguished Engineer, CTO IBM Security Americas, and Cybersecurity Architect joins Jeff Edwards, Co-Chair of the SafeHouse Initiative as they discusses how AI is disrupting Cybersecurity and what to expect in the future.
AI: Friend or Foe in Business? Unpacking the Human ElementAre companies truly ready for the AI revolution? In this episode of the SafeHouse podcast, host Jeff Edwards sits down with Alastair Patterson, CEO and co-founder of Harmonic Security and a veteran of the cybersecurity world. From his early days in the UK to navigating Silicon Valley and the wake-up call of ChatGPT, Alistair shares his unique perspective on how AI is transforming industries at an unprecedented pace.We dive deep into the corporate tug-of-war: the drive to innovate with AI versus the need for strict security in regulated sectors. Alistair reveals the hidden risks of "Shadow AI" – employees using tools without company knowledge – and why simply blocking AI isn't the answer. Learn why clear policies, visibility, and leveraging frameworks like NIST are crucial for navigating the human nature of AI adoption responsibly.#AI #Cybersecurity #DataSecurity #RiskManagement #BusinessInnovationWatch the full episode to understand how to embrace AI's power while protecting your organization!
Join us in this enlightening episode of Beyond Cyber Security, as Jeff Edwards welcomes AJ Dharma Wardana, a seasoned portfolio manager at Envelop Risk, to dive deep into the intricate world of risk management. In today’s fast-paced digital landscape, understanding the expansiveness of risk is more crucial than ever. AJ shares her extensive journey from engineering to actuarial science, revealing her insights into the critical importance of a holistic approach to risk management that transcends traditional cyber insurance.
In this podcast, we explore key themes such as:
The Evolution of Risk Management: AJ discusses how the perception of risk has transformed, especially with the rise of cyber threats that can disrupt businesses of all sizes. She emphasizes that risk management is not just about purchasing a policy, but encompasses a diverse array of strategies, including proactive employee training and technological preparedness.
The Role of AI in Cyber Risk: With advancements in artificial intelligence, AJ elucidates how companies can utilize AI not only to fend off threats but also to better understand risk landscapes. She underlines the importance of leveraging AI tools for real-time threat detection and risk assessment, as well as working in tandem with human expertise.
Understanding Tail Risk: Tail risks, those low-probability but high-impact events, are a focal point of AJ’s discussion. She clarifies what tail risk means in the context of cyber incidents and how organizations can prepare for unpredictable events that could have catastrophic effects.
Advice for Small Businesses: AJ offers crucial advice for small to medium-sized businesses, stressing that they must not overlook cyber threats simply because of their size. She provides actionable strategies for building a comprehensive risk management framework, tailored to the unique challenges they face.
This episode is a treasure trove of insights for business owners and anyone interested in mastering the complexities of risk management beyond the cyber realm. Whether you’re a seasoned professional or new to the discussion, AJ’s expertise will help you navigate these challenges with confidence. Tune in to understand how you can fortify your approach to risk management in an age where threats are ever-evolving.
For more detailed insights, be sure to listen to the full episode, and remember: risk management is about preparing for the unknown and safeguarding your future.
#RiskManagement #CyberSecurity #CyberInsurance #TailRisk #BusinessContinuity #SmallBusinessSafety #CyberThreats #DataProtection #DigitalTransformation
Current cyber defenses are often fragmented, leaving U.S. businesses vulnerable to increasingly sophisticated attacks. Discover the transformative concept of a Federal Cyber Enterprise in this episode of The Safehouse Podcast, hosted by Jeff Edwards with guest Alex Green of the Redwood Project. They discuss how unifying government agency efforts and fostering genuine collaboration with the private sector – overcoming operational silos and improving vital intelligence sharing – can create a much stronger shield against escalating cyber threats. Tune in to understand this bold vision for national cybersecurity. Subscribe to The Safehouse Initiative wherever you get your podcasts and never miss an episode.#redwoodproject #smb #publicprivatepartnership #phishing#ai #ISAC #CriticalInfrastructure #healthcare #banking #finance #cisa #safeharbor
