What if your risk register could answer: "What's our probable loss, and what's the cheapest way to reduce it?" In this video, TBDCyber Senior Consultant, Alexandra Reibel walks through how risk quantification works in practice, including modeling frequency and impact as ranges, running simulations, and tying results directly to budget and control decisions. No vibes. Just data.

🚨 Big news! TBDCyber is dropping something huge… and it’s 🔥 We’re thrilled to officially announce Cyber Smokehouse , a brand-new podcast from TBDCyber where we grill the minds, dig into the experience, and serve up the stories of leaders shaping the cybersecurity world. 🎙️ Hosted by Ernie Anderson and Graeme Payne , Cyber Smokehouse isn’t your typical cybersecurity show, it’s a place where real conversations, no-fluff insights, and the lived experience of today’s c

Setting up a Microsoft 365 (M365) tenant is often straightforward, thanks to the quick-start wizards. While ease and convenience are great, they don't always translate into strong security. When we created TBDCyber, we set up our M365 tenant in a matter of minutes. We had immediate access to all the productivity applications we needed, from Outlook to Teams. We had all the ease and convenience we needed to start operating our business, but the next question was: Are we doing

In today’s boardrooms, cybersecurity leaders are being asked questions they were never trained to answer with confidence: How much risk are we carrying? What is the financial impact of a breach? Are we investing in the right controls? Too often, cyber risk is still communicated using subjective ratings like “high,” “medium,” or “low.” While useful at a technical level, these labels fail to support executive decision-making, budget prioritization, and risk ownership at the ent

In today’s interconnected business environment, organizations rely on hundreds, sometimes thousands, of third parties to deliver critical services. Each of these relationships introduces potential risk: data breaches, operational disruption, regulatory violations, and reputational damage. According to SecurityScorecard’s 2025 Global Third-Party Breach Report, approximately 35% of breaches in 2024 involved a third party. Why Third-Party Risk Management Matters A well-structure

🚨 Why do most organizations only focus on Vulnerability Management after a major incident? In this short video, TBDCyber's Jeff Caranna highlights a hard truth: too often, the trigger for revamping a Vulnerability Management (VM) program is a security breach or significant incident. Post-incident reviews frequently reveal the cause—an unpatched or known vulnerability that could have been addressed earlier. At TBDCyber, we believe VM shouldn’t be an afterthought. It’s a core

🧩 How prepared is your organization for the unexpected? Tabletop exercises aren’t just checkbox activities. They’re a powerful tool for identifying gaps, clarifying roles, and building confidence across teams before a real incident hits. In this short clip, TBDCyber's own Darrell Switzer shares why tabletop exercises are essential to any mature cybersecurity or business continuity program, and how they help turn chaos into coordinated response. 🎥 Watch the video to hear Dar

🚨 CISOs are facing more pressure than ever. Are we setting them up for success, or for burnout? In this short video (just under a minute!), TBDCyber Senior Partner, Graeme Payne, shares key insights into the biggest challenges CISOs are grappling with today—from evolving threats to boardroom expectations. With cybersecurity risks increasing and regulatory scrutiny tightening, CISOs need more than just technology—they need the right strategy, support, and execution to succeed

🔐 What is cybersecurity risk management, and why does it matter? In a world where threats evolve daily, cybersecurity risk management helps organizations prioritize what really matters: protecting the systems, data, and operations that drive the business. In this quick video, TBDCyber's senior partner, Graeme Payne, breaks down what cybersecurity risk management means and how it drives security. 🎥 Tune in to hear. At TBDCyber, we help organizations build security programs t

🔑 Admin Accounts Deserve Extra Protection In this short clip, TBDCyber's Microsoft trusted advisor, Chris Goosen, explains why organizations should consider enabling Entra ID P2 licensing—especially for administrator accounts. 💬 Key takeaway: Instead of always-on admin privileges, Entra ID P2 allows just-in-time access through Privileged Access Management (PAM). That means: ✔️ Admin accounts start with zero privileges by default ✔️ Elevated access is granted only when need

In today’s cyber landscape, threats aren’t a matter of if or when—they are impacting organizations right now. From ransomware attacks and data breaches to insider threats, every business is a potential target. The stakes are high: according to IBM’s 2024 Cost of a Data Breach Report, the average global cost of a breach reached $4.9 million, with most incidents taking more than 200 days to detect and contain. Why Incident Response Matters A well-structured Incident Response (I

What actually makes a data security program effective? It’s not just about inventories or visibility dashboards—it’s about reducing real-world risk. In this quick video, Zach Luze from TBDCyber breaks down the core outcomes every data security initiative should drive: ✅ Minimizing inappropriate access ✅ Detecting and preventing data loss ✅ Rendering data useless to attackers If your current strategy doesn’t support these goals in tactical, measurable ways, it might be time to

OT Security: Safeguarding Critical Infrastructure in a Connected World As IT and OT systems continue to converge, new cybersecurity challenges emerge. Traditional OT environments weren’t built with security in mind, making them vulnerable as they integrate with IT networks. Protecting critical infrastructure is non-negotiable. Watch TBDCyber's Bahaa Kutub, CISSP speak on the fundamentals of OT cybersecurity and how organizations can fortify their environments.

The Future of Third-Party Risk Management: AI & Automation Third-party risk programs are evolving—fast. AI is no longer just a buzzword; it’s reshaping how organizations manage vendor risks. In this video, Joe Mendygral, Senior Director at TBDCyber, breaks down the latest trends in AI-driven automation for third-party risk management. ✅ More vendors, less manual work – AI-driven platforms now analyze surveys, policies, and compliance reports automatically. ✅ Risk scoring & re

In this short video, Justin Barnett breaks down three essential steps to help organizations build a strong foundation for their Insider Risk Management (IRM) program: 1️⃣ Identify Key Use Cases Start with your existing policies—acceptable use, data classification, and user conduct. These guide your priorities for addressing insider threats like data leaks, IP theft, and misuse of resources. 2️⃣ Establish Stakeholders IRM isn’t just a security function. HR, Legal, and GRC play

Is your cybersecurity program actually protecting what matters most? In this short video, TBDCyber's Alexandra Reibel explains why a risk-focused cybersecurity program is the smartest, most effective approach for today’s threat landscape. Too many organizations fall into the trap of chasing the latest threats or checking compliance boxes — but that’s not where true resilience comes from. ⛔ A threat-focused approach keeps you in constant reaction mode. ⛔ A compliance-focused p