InfoSec Insider

By URM Consulting

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things informati... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 83 episodes available.

InfoSec Insider episodes:

April 30, 2026Zero Trust Architecture in PCI DSS
In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS). Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss:
What ‘zero trust’ is
Whether organisations with zero trust still need segmentation, or whether identity is enough
How to prove least privilege when access is dynamic and granted on demand, and how to handle sampling for PCI DSS evidence when access changes continuously
The biggest zero trust implementation mistakes that cause PCI DSS challenges later
Which logs matter most to prove that zero trust is actually protecting the cardholder data environment (CDE)
And much more.
Ask Alastair and Tibor a question:   https://urmconsulting.com/podcasts/zero-trust-architecture-in-pci-dss
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts       
 Connect with us on LinkedIn
Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
29min
April 23, 2026The DSAR Reviewer’s Toolbox
In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, discuss context and redaction in handling data subject access requests (DSARs), and how reviewers can use these to fulfil requests in full compliance with the General Data Protection Regulation (GDPR). Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss:
Why redaction the part of DSAR handling that so often goes wrong for organisations
How reviewers can distinguish between personal data, mixed data, and information that should not be disclosed
The biggest challenges when handling DSARs involving unstructured datasets like email chains, chat logs, or call notes
Some of the common redaction mistakes organisations make, and lessons learned from real cases
The practical steps organisations can take to improve the quality and defensibility of their redactions.
Ask Rachael and Aimee a question: https://urmconsulting.com/podcasts/the-dsar-reviewers-toolbox
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    

Connect with us on LinkedIn

Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
43min
April 16, 2026Identity and Access Management
In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, share their insights on identity and access management (IAM), and the steps organisations can take to ensure their IAM is secure and resilient. Jack and George leverage their extensive experience supporting organisations’ strengthen their information security to discuss:
What IAM is, whether it just covers employees, and how it works
The components that may feature as part of effective IAM, such as multi-factor authentication (MFA), single sign-on (SSO), monitoring and auditing, etc.
Why it is important to enforce IAM best practices
The problems around IAM that may arise in the future as a result of developing trends and technologies.
Ask Jack and George a question

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.       
...more
22min
April 09, 2026Clause 6.3 of ISO 27001: The Importance of Planned ISMS Change Management
In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, provides key insights on achieving and maintaining conformance to Clause 6.3 (Planning of changes) of ISO 27001, the International Standard for Information Security Management Systems (ISMS’). Neil leverages over 20 years of real-world information security knowledge and experience to discuss:
What Clause 6.3 is and why planned ISMS change management is so important
The common mistakes organisations make when planning ISMS changes under Clause 6.3
The seven practical actions he recommends for effective implementation of Clause 6.3, which of these actions organisations most frequently overlook, and why
How to determine whether your existing change management processes are suitable for Clause 6.3 conformance.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-clause-6-3-the-importance-of-planned-isms-change-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
7min
April 02, 2026Cyber Security Expectations in the Medical Supply Chain
In this episode of InfoSec Insider – Talk Cyber, Stuart Moran and George Ryan, Consultants at URM, explore recent shifts in cyber security expectations and regulatory requirements faced by organisations in the medical supply chain, both in the UK and across the globe. Stuart and George leverage their extensive experience helping organisations in the medical sector enhance information and cyber security to discuss:
The NHS’ recent open letter to suppliers, which highlights tighter scrutiny and more direct engagement, and what this means for NHS suppliers
Which of the NHS’ new cyber security requirements for suppliers (MFA, continuous monitoring and immutable backups) will be most challenging to embed and why
The biggest gaps and understanding or readiness among suppliers implementing the Data Security and Protection Toolkit (DSPT), and the practical differences between Categories 2 and 3 of the DSPT
How shifts in standards such as ISO 13485 and the broader medical device regulatory landscape will influence suppliers’ design and manufacturing of their products, particularly around software and AI
How the FDA’s power to deny market access to medical devices with insufficient cyber security may impact UK suppliers operating internationally, and whether this hints at a broader, global trend towards stricter cyber controls.

Learn more about this topic:
https://www.urmconsulting.com/blog/iso-13485-and-beyond-key-updates-shaping-the-medical-device-regulatory-landscape 
https://www.urmconsulting.com/blog/nhs-cyber-security-open-letter-what-does-it-mean-for-suppliers

If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts        

Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
21min
March 26, 2026Unusual Questions About PCI DSS
In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, answer the niche and unusual questions they encounter around the Payment Card Industry Data Security Standard (PCI DSS). Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:  
The strangest misconceptions they have heard about PCI DSS and cardholder data security
What PCI DSS would look like if it were invented today, and what would be left out entirely
The simple PCI DSS controls that people routinely misunderstand
The most unusual systems or devices they have seen brought into scope
Whether something can be both technically compliant and completely insecure at the same time, and whether there is such a thing as ‘too compliant’
Finer technical details of the Standard, such as Kubernetes network policies, how to evidence a control that never triggers, corporate VPNs that impact segmentation, and more.
Ask Alastair and Tibor a question.
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts      
Connect with us on LinkedIn 

Brought to you by URM, the UK’s leading information and cyber security specialists.  
...more
21min
March 19, 2026Review of Enforcement Action by the ICO in 2025
In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides a break down and analysis of how the Information Commissioner’s Office (ICO’s) enforced UK data protection (DP) regulations in 2025, and how this compares to the action taken by the regulator in previous years.  Stuart leverages his 25+ years of specialisation in data protection law to discuss:  
The context of changes in ICO enforcement activities between 2024 and 2025
The main headline takeaways from his 2025 analysis, particularly in relation to the ICO’s fining activities
What the regulator itself has said recently about new ways in which it’ll tackle enforcement in 2026 and beyond
Ongoing DP stories to keep an eye on which might have an impact on the ICO, its fining posture and its ability to enforce any fines it imposes.
Learn more about this topic: https://www.urmconsulting.com/blog/analysis-of-enforcement-action-by-the-ico-in-2025-actions-way-down-security-data-breach-fines-way-up

If you enjoyed this episode of InfoSec Insider – Talk DP, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
15min
March 12, 2026Information Security Governance, Compliance and Asset Management
In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can achieve strong information security governance and asset management that facilitate conformance to ISO 27001, the International Standard for Information Security Management Systems (ISMS). Jack and George draw on their extensive experience supporting organisations’ ISO 27001 certifications to discuss:
How to transform high-level information security policies into day-to-day behaviour across teams, and who should own information security within organisations
Defining clear information security roles and responsibilities, and how to overcome the practical challenges of implementing segregation of duties
What best practice looks like when maintaining contact with authorities, special interest groups, and threat intelligence
The importance of integrating information security into project management
How to produce usable (rather than bureaucratic) documented operating procedures that reduce operational risk
Effective information handling and asset management, from inventorying assets and acceptable use through to classification and labelling of information.
Ask Jack and George a question:
https://www.urmconsulting.com/podcasts/information-security-governance-compliance-and-asset-management

If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts          

Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
42min
March 05, 2026The Core Functions of NIST CSF – Identify
In this episode of InfoSec Insider – Talk Cyber, Mark O’Kane, Consultant at URM, explains the second of the NIST Cybersecurity Framework’s (CSF’s) five core functions, the Identify function, sharing his insights on what organisations can do in practice to meet its requirements. Mark uses his extensive experience working in information security and risk management to discuss:
Where the Identify function sits within the overall NIST CSF
How your organisation can meet the requirements around identifying and managing assets
The practical steps provided by the CSF for organisations struggling to understand their cyber security risks
How to identify areas for improvement in your cyber security programme in line with the Identify function’s requirements.
Learn more about this topic: https://www.urmconsulting.com/blog/the-core-functions-of-nist-csf-identify
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider 
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
14min
February 26, 2026Preparing for a PCI DSS Assessment
In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their perspective on how organisations can most effectively and efficiently prepare for a Payment Card Industry Data Security Standard (PCI DSS) assessment. Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: 
Practical steps teams can take to ensure the assessment runs smoothly overall
What you should have ready before your PCI DSS assessment is even booked and how to determine if your scope definition is clear enough
What useable evidence looks like from a practical perspective, and whether to provide everything up front or respond as questions are asked
When self-assessment questionnaires (SAQs) vs. full assessed engagements are needed, and what to keep from an SAQ in case a full engagement is required in the future
What to do differently if this years’ assessment follows significant amounts of change
And more.
Ask Alastair and Tibor a question: https://urmconsulting.com/podcasts/preparing-for-a-pci-dss-assessment

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts      
Connect with us on LinkedIn  
Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
30min

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 83 episodes available.