Sign up to save your podcasts
Or
Share Cyber is a business problem that needs a business partner
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber is a business problem that needs a business partner
Most organisations believe they have a handle on their cyber risk. They have green KPIs, patching reports, and a CISO in post. What many of them do not have is a clear view of what is actually critical to their business, and that gap is where the real exposure lives.
Matthew Treagus has been helping people use technology to do interesting things since the eighties, starting with a maths teacher who lent him a computer and a curiosity that never quite went away. Over the decades, he has co-founded a digital agency, been a Partner in a management consultancy and led transformation efforts at a diverse range of businesses. He was CIO and Chief of Staff at Oxford Biomedica - a life sciences business. He now works as a fractional tech exec for a number of organisations. He was a contributor to the NCSC/DSIT Cyber Governance Code of Practice.His approach is grounded in empathy, commercial thinking, and a persistent belief that security works best when it is designed in rather than bolted on.
In this episode of the Cult Products Podcast from Yaya, host Phill Keaney-Bolland sits down with Matthew to explore why the language of risk is so often misused, how the CISO role needs to mirror a business-partnering function, and what happens when organisations treat their most critical machines as a footnote in a quarterly report. They also get into agentic AI, technical debt, supply chain thinking, and why becoming consciously incompetent is actually a step in the right direction.
What You'll Learn:
Episode Resources:
Matthew Treagus on LinkedIn
Phill Keaney-Bolland on LinkedIn
Yaya's Website
Cult Products Podcast is handcrafted by our friends over at: fame.so
Matthew Treagus has been helping people use technology to do interesting things since the eighties, starting with a maths teacher who lent him a computer and a curiosity that never quite went away. Over the decades, he has co-founded a digital agency, been a Partner in a management consultancy and led transformation efforts at a diverse range of businesses. He was CIO and Chief of Staff at Oxford Biomedica - a life sciences business. He now works as a fractional tech exec for a number of organisations. He was a contributor to the NCSC/DSIT Cyber Governance Code of Practice.His approach is grounded in empathy, commercial thinking, and a persistent belief that security works best when it is designed in rather than bolted on.
In this episode of the Cult Products Podcast from Yaya, host Phill Keaney-Bolland sits down with Matthew to explore why the language of risk is so often misused, how the CISO role needs to mirror a business-partnering function, and what happens when organisations treat their most critical machines as a footnote in a quarterly report. They also get into agentic AI, technical debt, supply chain thinking, and why becoming consciously incompetent is actually a step in the right direction.
What You'll Learn:
- Why "risk-driven" is often used as an excuse to ignore risk rather than address it
- How the CISO is a business partnering role not a policing one -and why that framing matters
- Why secure-by-design thinking removes cost and friction rather than adding it
- What the 94% patching story reveals about how organisations misread their own data
- How information hygiene problems become significantly more visible once AI tools are deployed
- Why organisations often focus on the wrong systems when asked what is critical to their business
- How the Cyber Governance Code of Practice reframes security as a board-level discipline
- What it means to move from unconsciously incompetent to consciously competent as an organisation
- Why the minimum viable corporation exercise is worth doing even if it feels uncomfortable
Episode Resources:
Matthew Treagus on LinkedIn
Phill Keaney-Bolland on LinkedIn
Yaya's Website
Cult Products Podcast is handcrafted by our friends over at: fame.so
View all episodes
By YayaMost organisations believe they have a handle on their cyber risk. They have green KPIs, patching reports, and a CISO in post. What many of them do not have is a clear view of what is actually critical to their business, and that gap is where the real exposure lives.
Matthew Treagus has been helping people use technology to do interesting things since the eighties, starting with a maths teacher who lent him a computer and a curiosity that never quite went away. Over the decades, he has co-founded a digital agency, been a Partner in a management consultancy and led transformation efforts at a diverse range of businesses. He was CIO and Chief of Staff at Oxford Biomedica - a life sciences business. He now works as a fractional tech exec for a number of organisations. He was a contributor to the NCSC/DSIT Cyber Governance Code of Practice.His approach is grounded in empathy, commercial thinking, and a persistent belief that security works best when it is designed in rather than bolted on.
In this episode of the Cult Products Podcast from Yaya, host Phill Keaney-Bolland sits down with Matthew to explore why the language of risk is so often misused, how the CISO role needs to mirror a business-partnering function, and what happens when organisations treat their most critical machines as a footnote in a quarterly report. They also get into agentic AI, technical debt, supply chain thinking, and why becoming consciously incompetent is actually a step in the right direction.
What You'll Learn:
Episode Resources:
Matthew Treagus on LinkedIn
Phill Keaney-Bolland on LinkedIn
Yaya's Website
Cult Products Podcast is handcrafted by our friends over at: fame.so
Matthew Treagus has been helping people use technology to do interesting things since the eighties, starting with a maths teacher who lent him a computer and a curiosity that never quite went away. Over the decades, he has co-founded a digital agency, been a Partner in a management consultancy and led transformation efforts at a diverse range of businesses. He was CIO and Chief of Staff at Oxford Biomedica - a life sciences business. He now works as a fractional tech exec for a number of organisations. He was a contributor to the NCSC/DSIT Cyber Governance Code of Practice.His approach is grounded in empathy, commercial thinking, and a persistent belief that security works best when it is designed in rather than bolted on.
In this episode of the Cult Products Podcast from Yaya, host Phill Keaney-Bolland sits down with Matthew to explore why the language of risk is so often misused, how the CISO role needs to mirror a business-partnering function, and what happens when organisations treat their most critical machines as a footnote in a quarterly report. They also get into agentic AI, technical debt, supply chain thinking, and why becoming consciously incompetent is actually a step in the right direction.
What You'll Learn:
- Why "risk-driven" is often used as an excuse to ignore risk rather than address it
- How the CISO is a business partnering role not a policing one -and why that framing matters
- Why secure-by-design thinking removes cost and friction rather than adding it
- What the 94% patching story reveals about how organisations misread their own data
- How information hygiene problems become significantly more visible once AI tools are deployed
- Why organisations often focus on the wrong systems when asked what is critical to their business
- How the Cyber Governance Code of Practice reframes security as a board-level discipline
- What it means to move from unconsciously incompetent to consciously competent as an organisation
- Why the minimum viable corporation exercise is worth doing even if it feels uncomfortable
Episode Resources:
Matthew Treagus on LinkedIn
Phill Keaney-Bolland on LinkedIn
Yaya's Website
Cult Products Podcast is handcrafted by our friends over at: fame.so