The Risk Apogee
The Risk Apogee is a 1:1 interview series, sponsored by Apogee Global RMS, featuring candid conversations with risk leaders serving small and mid-sized businesses and public sector organizations. Each episode explores how practitioners translate risk theory into practical action, focusing on real incidents, lessons learned, and frameworks that drive resilience in resource-constrained environments
The Risk Apogee
How Geopolitical Risk, AI Adoption, and Compliance Gaps Converge in the Enterprise
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Organizations across the defense industrial base, healthcare, and critical infrastructure are treating compliance frameworks as the ceiling of their security investment rather than the floor, and doing so while geopolitical adversaries are already inside their supply chains.
Michael McLaughlin sits at the intersection of cybersecurity, law, and national security, and in this conversation he walks through how Iranian-aligned cyber actors are drawing private sector companies onto a battlefield they never expected to occupy, how North Korean IT workers are bypassing HR processes to gain admin-level access at Fortune 100 companies, and why the race to adopt AI is repeating every structural mistake cybersecurity has already made.
He also digs into why the CISO still lacks a real seat at the C-suite table, why insurance has become a crutch rather than a component of risk posture, and what actual resilience looks like when an incident lasts three weeks instead of three hours.
Things You Will Learn:
- Why treating regulatory frameworks as ceilings instead of floors leaves organizations exposed to motivated nation-state actors who operate well beyond any compliance baseline.
- How converged risks demand cross-functional security involvement that most CISOs still don't have the authority to execute.
- Why the rapid adoption of AI without applying secure-by-design principles and the CIA triad to models, training data, and infrastructure will reproduce cybersecurity's foundational failures at an exponential scale.
Tools & Frameworks Covered:
- Frameworks as Floors, Not Ceilings: The principle that CMMC, HIPAA, and similar regulatory baselines represent the minimum acceptable security posture, not the endpoint, and that organizations must build above them based on their specific threat landscape and attack surface.
- The CIA Triad Applied to AI: Extending confidentiality, integrity, and availability analysis to AI models: protecting prompt data from leakage, preventing training data poisoning and model drift, and ensuring model availability and redundancy beyond single-point infrastructure dependencies.
- Operational Resilience Beyond Incident Response: The military-derived concept that resilience means maintaining business operations during a sustained incident, not just detecting, responding, and recovering, but practicing pen-and-paper continuity and out-of-band communications for multi-week disruptions.
#EnterpriseRisk #CyberSecurity #GeopoliticalRisk #CISO #CyberResilience #BusinessContinuity #AIGovernance
🎙️ Thanks for tuning in to The Risk Apogee Podcast!
If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation.
✨ Connect with Apogee Global RMS for more leadership insights:
LinkedIn: https://www.linkedin.com/in/mkpalmore/
Instagram: https://www.instagram.com/apogee_rms/
X/Twitter: https://x.com/apogee_rms
💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business.
Let’s keep growing and leading boldly. Until next time!
Welcome back to the Risk Apogee, where we look at risk from its highest vantage point. Our guest today has spent his career at the intersection of cybersecurity, national security, and the law. As a naval intelligence officer, a cyber policy advisor, and now as a shareholder and co-leader of the cybersecurity and data privacy practice at Buchanan, Ingersoll, and Rooney. He's the co-author of Battlefield Cyber: How China and Russia Are Undermining Our Democracy and National Security, a book widely regarded as a central reading for anyone serious about the digital threat landscape. He's called for a new U.S. cyber force. He's reshaping how international law confronts cyber aggression. And he's sounding the alarm on how adversary influence is being embedded directly into the AI systems we're all coming to rely on. If you want to understand tomorrow's risk, not yesterday's, this is the conversation. Please welcome Michael McLaughlin. This is the risk apogee.
SPEAKER_03Welcome to the risk apogee, where we cut through the noise to get to the truth about risk. Cyber, physical, human. Every organization faces threats. What separates the ones that survive from the ones that don't is the decisions their leaders make under pressure. Each episode, we go inside the arena with the operators and strategists, shaping how organizations defend, adapt, and lead. This is the Risk Apogee.
SPEAKER_02Michael, welcome to the Risk Apogee. Thanks. Happy to be here. Appreciate you making time for the conversation. Of course. Michael, you operate in uh what I believe to be a super interesting intersection around the technology space, law, cybersecurity, you know, all things sort of business resilience and preparation. What are you seeing on the landscape right now that um uh that sort of gives you, at the very least, sort of an understanding as to how how folks are looking at the risk landscape when it comes to cybersecurity?
SPEAKER_01Yeah, I think the challenge that we run into is from a risk perspective, people aren't seeing the forest for the trees. Um, in a lot of cases, we are making investments into technology without recognizing the geopolitical drivers behind a lot of what's happening. Operation Epic Fury gives us a prime example of that. And so the ongoing strikes in in Iran and the way in which they're impacting the private sector from a cyber perspective. The Riesin uh attacks against Stryker, for instance, offers that that prime example. That's a private sector entity that that gets drawn into this cyber battlefield that is an unwilling participant in in the battle, but yet they are absolutely um a target. And there is something that an Iranian organization or a cyber entity uh aligned with the Islamic Revolutionary Guard Corps targeted for a very specific reason. Do you think that their executives woke up that morning thinking that they were on a battlefield? The answer, of course, is no. But that's the world we live in. And so recognizing that and recognizing that there are risks that are outside of your network is critically important, especially given the environment we live in today.
SPEAKER_02So um the risk space has come a long way in the past few decades. What do you think folks are getting right uh about how they look at it in terms of preparation? I know that there's the compliance angle, and then there's the what's right for our organization. Which are you seeing the get the better of folks?
SPEAKER_01Yeah, unfortunately, I'm seeing the compliance side win out in a lot of this, and and primarily because you have regulatory frameworks that are coming into play. And CMMC or the Cybersecurity Maturity Model Certification for Department of War contractors is a prime example of this, right? Where they are if it's a pay-to-play. And it's if you want to do business with the Department of War, you have to be in compliance with the 7012 clause of the DFARS. That's been in place since 2017. But now that framework itself is a barrier to entry for a lot of contractors. It is compliance and it does serve as a mechanism that a rising tide lifts all ships from a security perspective. But CMMC by itself is not going to stop a motivated nation-state actor. So when the Chinese, the Iranians, the Russians want to get into your system, CMMC and being compliant is not going to stop that. And so recognizing that there are individual companies that are going to be more targeted than others within the supply chain, given what the requirements of our adversaries are, is critically important as well. If you're simply relying on a framework to protect you against a nation state, you're going to be woefully unprepared.
SPEAKER_02How should companies think about adherence to these frameworks? As you just described, it's Yeah, we all know the risk formula. It's probability times impact, right? Uh, and I think oftentimes there's not enough time spent on the probability component of it, nor is there enough time spent on the impact of it because organizations don't get time to think strategically about what might harm them from a business operations standpoint. How are organizations, companies taking time back to ensure that they're thinking about that strategic level planning as opposed to the tyranny of the now? What are you saying in terms of company responses to that?
SPEAKER_01Yeah, I think it's we are seeing a lot more of the tyranny of the now versus the forward-looking. And I'll give you a couple of examples, but the the first part of your question with respect to regulatory frameworks and what are companies doing to comply with those, the contractual obligations that companies have are always going to come first because they want to make sure that they are in compliance with their contracts so that they don't lose out on those revenue streams. The challenge is a lot of these frameworks are being viewed by companies as ceilings rather than floors. And the intent of CMMC, for example, or the HIPAA security rule or any other framework that we look at, they're not meant to be ceilings. They're meant to be a baseline framework, a baseline of security that isn't added to given the specific attack vector or specific attack surface of that organization. The financial, uh, the financial sector has gotten this right largely. And they recognize that if people wanted to rob a bank, they're going to go to where the money is. And so they secure themselves appropriately and they are putting toward putting enough resources towards it or putting more resources towards it than others. Healthcare hasn't gotten there yet. Defense industrial base hasn't gotten there yet. Critical infrastructure has certainly not gotten there yet. And so having something that is going to be incentivizing to those organizations that's going to help them to rise above the framework itself is important. And a lot of those organizations aren't seeing it yet. Uh, to the second part of your question, which what are companies doing now or what should they be doing now? If you walk the floor at RSA, the biggest buzzword that you're hearing is AI. Every single company has AI somewhere in their literature, if not on a giant placard over their booth. When we say AI, what do we mean? Is it a bolt-on? Is it something that's that's created organically or developed organically by that company to solve a problem? Or is it simply a marketing ploy? I would argue the vast majority of these companies, it's if you're not saying AI, you're getting left behind. And so, in large regard, it's a it's a marketing ploy. But many of the companies that are developing AI are trying to do it as quickly as possible. You walk around the Pentagon, you're gonna see a picture of Secretary Heg Seth, like Uncle Sam, with his finger out saying, I want you to use AI. And the idea behind it is that the Department of War is pushing towards a mass adoption and rapid adoption of AI, which is great. The challenge that we run into is we're gonna be reliving this issue like it's Groundhog's Day, where we've got huge cybersecurity issues that we're trying to go back and fix. And you hear secure by design. Well, you can't have secure by design if the network is already up and running because it's already been designed. We have an opportunity to secure AI by design. We're just not there yet. And I think it's because we're doing this rapid adoption, but we're gonna run into the same issues. We're not securing the training data. We're not ensuring that the training data is quality, we're not ensuring that the models themselves have the confidentiality, integrity, and availability built into them from a perspective, from a legal perspective, from a security perspective. And so my concern is that a lot of companies that are utilizing AI or adopting AI technologies, whether it's a marketing ploy or whether they're actual tools, they're not taking that secure by design principles and the lessons learned the hard way from cybersecurity on board. And we're going to be reliving the same issues we're living right now, but at an exponential scale as AI comes to dominate the industry.
SPEAKER_02We've seen lots of terms. You mentioned the term secure by design. You know, if you've been around long enough, you live through the zero trust. I actually don't like calling it a phase because I do believe the principles of zero trust can be helpful to organizations, especially if they move towards the implementation. But as you noted, it's very difficult after the fact to shut the barn door, if you will. What should organizations be doing as they're thinking about innovating, growing? How do you ensure that the security team, the security apparatus is part of the growth of a company such that it builds upon what the company's building? It's there to enable business operations. How should companies be thinking about security in the long term?
SPEAKER_01So I think taking on board a lot of principles that we learned in the military, right? The training aspect of it and ensuring that you're bringing on board individuals, personnel that that truly understand the training aspect, but that's being incorporated into your general business operations, right? We would say operation security or opsec in the military to protect what the integrity of that mission is or the confidentiality of that mission. I use these terms specifically because they relate directly to cybersecurity, but there is an overlay. For companies that are adopting new technologies or that are bringing on security teams or trying to incorporate security into their regular business operations, they have to actually incorporate them into the business operations. They can't be shut into a corner saying secure the network without regard to what is the uptime that we need, without regard to what are the new tools that we're bringing on board. Here's a prime example. Uh DPRK over the past year, North Korea, over the past year, has executed a campaign where they are exporting their IT workers, and these IT workers are masquerading as Americans or otherwise. They're able to get jobs at Fortune 100, Fortune 10 companies that believe they are in New Jersey, that believe they're in Arizona because they're jumping through server farms in these areas. They're using deepfakes, fake resumes, fake, fake LinkedIn accounts. And as a result, you've got companies who are giving admin level privileges to North Korean IT workers who are operating out of China or Russia or Pyongyang. The challenge you run into is that's not a cybersecurity problem. That's an HR problem. How many applicants are actually being vetted by the CISO of a company? How many third-party recruiting firms do the CISOs of major organizations actually vet and ask them about what their recruiting policies are or processes are when dealing with IT personnel or people who are being given admin level privileges? Because I've asked this question to a lot of them, and very, very few, if any.
SPEAKER_02What um how can companies combat this? Uh you you actually bring up an interesting scenario. I mean, that's CISO is supposed to be an enabler of the technology necessary for business operations, but they're not going to be into once the technology's in place and they're monitoring it. What should they be doing to make sure and understand that the uh inherent gaps that evolve following the implementation are actually shut down and/or you identify potential risk to the organization the way that you just did?
SPEAKER_01A CISO has to have a seat at the table from a decision-making perspective. Right now, uh a CISO, if they are, I think the C in CISO is largely uh simply a moniker that's given uh out of deference as opposed to formative. Yeah, it it's pro forma. It doesn't actually mean chief, right? They're not actually a member of the C-suite. If you want security to be baked in, the CISO has to be a member of the C-suite and has to have just as much say in an organization as the CFO or as the COO and be able to have that direct access to the CEO to say, look, you we onboarded this technology. There are risks that have we have incurred as a result of that, or vulnerabilities that have come up because software is inherently vulnerable. You're gonna have issues. That's why we patch, that's why we upgrade. But for a CISO to be able to say to the CEO, this is an existential threat to the business. We need to shut this down for a period of time until we fix it. It's going to cost X. The CEO needs to be able to take that on board from the CEO or from the CISO without having to go through the CIO or the CTO or the CEO and be filtered. And then the CEO makes a decision from a business perspective. Is the risk worth it, knowing full well what could happen? And from a legal perspective, I see this all the time where the CISO will be clamoring for tools or clamoring that there are issues. And the CEO either never gets to the CEO or the CEO doesn't have it articulated appropriately to him or her. And they make a decision from a business perspective dealing with revenue as opposed to dealing with security. And then you have a breach of several million individuals or the personal information of several million individuals. That company is then faced with class action liability, regulatory liability, all because the CISO didn't actually have a seat at the table and the voice wasn't heard. You think we're any closer to seeing that being realized? I think the more we see liability or companies incur this type of liability, I think it's a discussion at the very least. And I think CEOs are taking on board more what we need them to be taking on board and that they're actually having these conversations. The challenge that I think you still have, and it comes down to one of training and understanding what the different roles are. How many CEOs participate in tabletop exercises? How many boards participate in tabletop exercises when you're actually getting to that executive level? Because if you're a publicly traded company, the SEC is telling you the board needs to be re needs to be informed of all cybersecurity incidents and the policies and procedures. So how many boards are actually having a tabletop or sitting in on the incident response team tabletop? And again, I would argue very, very few. And those that are, it's a high-level watered-down version of it. But they need to be able to take ownership so they understand what the process is and also understand the risks that they're incurring from a fiduciary perspective.
SPEAKER_02Talk a little bit about the value of uh, you know, both you and I have military backgrounds, and we know that we probably grew tired of exercises and sort of practicing engagements. But talk a little bit about the value of that and how it actually does prepare you for real life circumstance.
SPEAKER_01So I think when you talk about training and it comes down to and it's boring, or you talk about training and people have it and they're doing it as a pro forma or just trying to click through cybersecurity training while they're doing six other things at the same time, which is traditionally what we see cybersecurity become. You're not actually having people internalize it. The way you internalize training, if if you're at a squadron or if you're on a ship and or or you're a marine unit in the field, when you get training, it's very specific to your job. It deals directly with things that you are actually going to be facing in combat or facing from if you're on a ship, a fire on the vessel scenario. And how do you fight that? A man overboard drill. How do you deal with somebody who's actually going overboard? These are not out there, right? These are very concrete examples of things that will happen because they've happened before. When we do cybersecurity training, we do very basic training, and it always comes down to things that are generic or generized. People don't internalize them. And so for training, it needs to be very specific to that organization, but not just the organization. It needs to be specific to threats that are facing an industry. If you do a tabletop exercise right now that deals with a group aligned with Iran targeting critical infrastructure, you better believe that a water utility in western Pennsylvania is probably going to be taking that on board now.
SPEAKER_02Yeah, pretty relevant now.
SPEAKER_01Yeah. And so I think making it relevant is really important. But a lot of a lot of training that we do for cybersecurity just isn't relevant.
SPEAKER_02One of the criticism that um the cybersecurity industry gets, or I should say, business gets, or from an operational standpoint, is that oftentimes it's not until there's a close proximity incident, either in your industry vertical or at your organization, that you really begin to understand the value of preparation.
SPEAKER_01How do we get beyond that? Yeah, those danger close situations. I think even those companies that have had it happen and those executives that have had it happen and have the scars to show, many of them still opt for insurance. And they still opt, and insurance is great. I'm not I'm not decrying the insurance industry. It's part of a risk profile. It's exactly. But it's part of the risk profile. It's not the whole risk profile. And a lot of companies are are simply moving towards they're going to offset that risk by getting insurance rather than also investing directly in their security. And so I think understanding what your risk profile is and using insurance as part of that and as a tool as opposed to the sole uh risk deferral uh mechanism is really important. The other aspect of that is with respect to where companies can can try to offset their risk a little bit more. I think one of the challenges that we run into is the fact that you have executives who may have gone through this before at another company. And then they're surrounded by people who have not. And so even if they say, this is what we need to do, I've been through this before, in a lot of cases, it's gonna lose out to revenue generating processes. It's gonna lose out to business operations because that's the here and now. That's what we're seeing. For a lot of companies, though, if we were waiting for that Pearl Harbor moment in cyberspace, that 9-11 moment in cyberspace, it's simply not gonna happen because it should have already happened, right? Solar winds, change health. You have these these massive incidents that affect the software supply chain or that have impacted over 100 million Americans, yet we still don't see indust the same industry, the healthcare industry, software supply chain. We don't see major changes as a result of that, despite these watershed moments, what should have been watershed moments. So I don't think we're gonna see that.
SPEAKER_02It's almost as if we have to think differently about how we even categorize what we might call a watershed moment as you describe it, because as you indicate, all of us have lived through a significant number of incidents that you think are gonna jar, jar loose this aspect of the industry that's gonna have people turn to on how to really appropriately mitigate uh the risk associated with cyber incidents. And you still find, you know, the tyranny of the now. Let's handle, let's, let's get some tools in here that we think are gonna be game changers for us. Very few thinking about the strategic value of sort of planning and thinking about long-term cybersecurity skills development and operational capacity. It brings us to the topic of resilience, which is, I think it's the term of the day for cyber, but it's a real thing. It's this idea of moving away from tactical an incident's gonna happen. What are we gonna do about it to how quickly can we recover from something that happens? What have you seen on a landscape that maybe gives you either a positive or negative indication as to whether or not resilience is really being adopted in a way that it should be?
SPEAKER_01The best thing, the best thing I can point to is the way in which we respond to traditional ransomware, right? Back in 2017, ransomware was all about encryption. And now they've moved to the double extortion where it's both encryption and exfiltration. The reason why the actors have done that was because companies started using backups. And now backups are table stakes. If you don't backup your system, there's a really good argument that you're you're negligent. And if you're not operating and you're not able to deliver on your contract because you didn't have sufficient backups and your network was encrypted, you could be in breach of contract as a result of that. And just saying I got hit by ransomware is not sufficient in a lot of in a lot of cases. So companies have moved to that. That that's resilience. Having changing what you're doing as a result of the environment, that is a measure of resilience. And so I think there are aspects that we're moving to to get there. Resilience by definition, though, isn't simply security. And that's why I hate the term cybersecurity. Because when I think security, I think Paul Bar Malkop, somebody that's that's cruising through the mall, that's not actually doing anything to secure, but is maybe blowing a whistle and saying, hey, there's a problem here, as opposed to really engaging and stopping or helping the business to stay operational, which is resilience. Resilience is being able to fight through the problem, right? If you're if you're on a ship and you're taking incoming fire and there's a fire on the ship, resilience is being able to return fire while also fighting the fire on the ship to make sure it doesn't sink. That's resilience. Can your company do that? And rarely do we ever ask that question to say if we get hit with ransomware and we have an encryption event or if we have something that shuts down a significant business operation or software or a tool or a platform that directly contributes to our business operations? How do we go back to pen and paper and make sure that we're still driving revenue, that the business is still able to operate, even with potentially weeks of downtime? Do you ever practice that? Do you ever ask those questions? Because resilience isn't about stopping everything that comes through the door. It's about fighting through the issue and maintaining solvency.
SPEAKER_02Are you surprised at all about how few companies actually go through that exercise of how do we maintain operational capacity in the event of a serious security incident?
SPEAKER_01Am I surprised? I would love to say I'm surprised. The problem is most companies, when you deal with cybersecurity, they take the ostrich approach. They say, I'm going to bury my head in the sand and hope that it doesn't happen to me, or they simply are operating in a sense of denial that it won't happen to me. I've got insurance. And if it does, insurance will offset that. Without understanding that even if insurance offsets that, the business interruption, while it may be covered, there is a limit. And your business may not just flounder, your business may go under while you're trying to get it covered by insurance because all of your customers are leaving you. So that type of resilience and being able to maintain business operations, few companies really think through how do you really do that in a worst-case scenario or in a danger-close situation where you have an incident that's affecting your business operations? How do you go back to pen and paper? How do you communicate what's your backup, what's your out-of-band communications if your primary goes down, if your email system goes down? How are you still maintaining contact with your customers, with your manufacturing or whatever the case may be? Companies rarely do that. They focus on the incident, they focus on identifying what happened, getting it back online. And in the span of three hours, it's all said and done. What happens three weeks when the incident's still ongoing? And you're still recovering. That's a question that very few executives are asking.
SPEAKER_02So we're in a uh we're in an interesting time period. Artificial intelligence is overtaken, as you mentioned in a couple of your responses, the um it's overtaken the narrative for sure. I also believe that uh from a practicality standpoint that there are artificial intelligence solutions that are helping business enable operations, create more efficiencies. From that aspect, what are you optimistic about?
SPEAKER_01I I am actually very optimistic about the uptake of AI. Uh I I think AI is an enabler and it's something that is going to allow us to capture efficiencies and it's going to allow us to be more secure. And so you take it from a cybersecurity perspective. New technology is always going to advantage the aggressor. So criminals, nation states, proxies, and otherwise, if they're using AI or if they're identifying opportunities to use AI, they are going to adopt those before the defenders do. What I am optimistic about is that we have AI as very much part of the narrative when it comes to identifying these, but also being able to respond at machine speed. The challenge that I think we come into or that we are seeing is that when it comes to securing AI models, we're still woefully behind. And I think we are still running into the same issues that we have with cybersecurity, where we're not implementing those secure by design. We're simply racing to implement the newest technology as quickly as we can to solve a problem without taking a step back and saying, look, we've done this already and it has failed. So how do we make sure that we are we are treating AI as secure by design? For me, it comes down to the foundational level of the data itself. What is training your model? Do you have the provenance of that data? Do you understand what actually goes into your model? Is there potential for the model to be poisoned along the way because it was scraped from open source repositories that the Chinese intentionally poisoned? Are you seeing model drift as a result of iterations in your model or updated training data? And can you identify what the problem or the problematic data is in that aspect? That is something that we're not talking about yet. And we're not talking about AI through the lens of the CIA triad and looking at what's the confidentiality of your data of it being leaked if you're putting prompts out there and it's going to train models, the integrity of the data and trying to prevent poisoning or model drift, and then the availability of the models themselves. If you have a model that is hosted on an AWS data center in northern Virginia and there happens to be a power outage, what's the backup for that model? Or are you predicating all of your business operations on a model that could potentially go down and not be available? Because if we're not looking through AI in that lens and building in resilience and building in the secure by design principles, we're going to relive the same issues we have with cybersecurity over and over again. It's just going to be an exponential or have exponential impact and repercussions because of everything that we are adopting AI for.
SPEAKER_02So while there's a reason to have optimism, there's still quite a bit of work that needs to be done. Last question for you, Michael, from a creative standpoint, a book, movie, or song that's had a profound impact on you.
SPEAKER_01I mean, I've got to say the book that I wrote now. Um the uh book that had a profound impact on me. Oh man, there are a lot. I would actually say um Cyber War by um oh now the author's escaping me. It was one of the early ones. Actually, let me back up. Shoot, what's it called? You're killing me.
SPEAKER_02We'll make sure we put the name in the Chiron and it's who the author is.
SPEAKER_01Uh just go well, there's cyber book. Also, um, well, the one I want to use the Cliff Stoll book. Cuckoo's egg. Okay. So Cuckoo's Egg by Cliff Stoll is one of the foundational books, I think, from a cybersecurity perspective. Also one of the first books I read when I got into cybersecurity. Still part of the cybersecurity canon. It's great. It is a phenomenal book and is as applicable today as it was back then, but it talks through a nation state targeting a network, how do you identify it, and then how do you get the attribution all the way back? And I think it really does a good job of showing the frustration of a network defender jumping up and down, screaming, this is a problem, and no one actually responding until he was able to show the definitive evidence that wait, this was a nation state that was backed by Russia.
SPEAKER_02Right. Outstanding. Okay. Um, Michael, thanks for spending time with us on the Risk Apogee podcast. We appreciate it. No, my pleasure. Thanks for having me. Thank you.
SPEAKER_03Thanks for being here on the Risk Apogee. Every episode, we dig into what it actually takes to lead through risk. And that's the same work we do every day at Apogee Global RMS. Cybersecurity, physical security, organizational resilience, talent strategy, one integrated approach built around your people, not just your platforms. Are you ready to move from reactive to resilient? Visit apogeeglobalrms.io and sign up for a risk free consultation with our team of advisors.