Today we’re talking to Rich Caralli, the Cybersecurity Advisor at Axio. And we discuss how risk quantification is the missing link between business decision makers and cybersecurity professionals. Recognizing that cybersecurity and business resilience are two sides of the same coin, and why companies need to get back to basics with their security practices.

All of this, right here, right now, on the Modern CTO Podcast!

To learn more about Axio, check them out at https://axio.com

In case you missed it: check out our episode with David White, Axio’s Founder and President

About Rich Caralli:

Richard Caralli is a cybersecurity professional with nearly 40 years of experience in accounting, auditing, risk and resilience management, and process improvement.  He is currently helping organizations implement and institutionalize GRC programs as a member of the consulting team at Seiso LLC, a solution-focused cybersecurity firm based in Pittsburgh.  Prior to joining the Seiso team, Caralli held various senior level positions in information technology and cybersecurity in the oil and gas industry where he was responsible for developing and operating information and operational technology cybersecurity programs.  Prior to returning to industry, Caralli was the Technical Director of CERT’s Risk and Resilience Directorate at Carnegie Mellon’s Software Engineering Institute where he was the lead architect of the CERT® Resilience Management Model (CERT-RMM), a process improvement-focused maturity model for managing operational resilience, much of which has been incorporated into various models including the Cybersecurity Maturity Model Certification (CMMC). Caralli’s research agenda was influential in developing and delivering coursework in information security to graduate and executive education students at Carnegie Mellon’s Heinz College. Prior to joining CERT in 2001, Caralli led accounting and IT audit teams in the banking, manufacturing and oil and gas industries.

About Axio:

Cyber risk is one of the greatest challenges our generation. Despite the need, organizations still struggle to get actionable visibility to their cyber risk; prevention and detection technology has been the dominant focus thus far, but it’s not a silver bullet. Managing risk requires a holistic, continuous evaluation across technology, people, process, and financial controls.

Axio believes that every organization can have the means to solve their unique cyber risk challenges. We are a team of cyber risk, cybersecurity, and business leaders who created the Axio360 platform to deliver on that belief. Our innovative approach and insights give companies visibility to their cyber risk, and enable them to prioritize investments to protect their business and employees.