InfoSec Insider

By URM Consulting

The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things informati... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 89 episodes available.

InfoSec Insider episodes:

June 11, 2026Real-World Data Protection Questions
In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, answer key, real-world questions around data protection and how organisations can stay compliant. Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss:
When data is genuinely anonymous, and how easy it is to lose that status
Whether things like voice, handwriting, CCTV, emojis, avatars and internal gossip really count as personal data
How employee use of smart glassed and always-on devices can affect organisations and why it matters
Why redaction still goes wrong so often
Why consent remains one of the single most understood aspects of data protection.
Ask Rachael and Aimee a question: https://www.urmconsulting.com/podcasts/real-world-data-protection-questions
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider       
You can find more episodes of InfoSec Insider here:     https://urmconsulting.com/podcasts       
Connect with us on LinkedIn

Brought to you by URM, the UK’s leading information and cyber security specialists.    
...more
43min
June 04, 2026Business Approaches to Risk Management
In this episode of InfoSec Insider, Wayne Armstrong and Chris Heighes, both Senior Consultants at URM, offer key advice on effective approaches to cyber and information security risk management from a business perspective. Chris and Wayne draw upon their combined 45 years of experience in information security and risk management to discuss:
What good, risk-based decision-making actually looks like in practice, and where it most commonly breaks down
The most concerning information security risks of today that do not get enough attention at the board or executive level
How organisations can move away from checklist-driven compliance and towards meaningful cyber risk management that supports business objectives
How organisations should rethink ownership and accountability for information security risk in light of growing dependence on cloud services and third-party providers
The capability or mindset they believe information security leaders must develop now to remain effective risk advisers in the coming years.
Ask Wayne and Chris a question:  https://urmconsulting.com/podcasts/business-approaches-to-risk-management
          
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts           
Brought to you by URM, the UK’s leading information and cyber security specialists.       
...more
36min
May 28, 2026PCI DSS and Severless Architecture
In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, explore the use of severless architecture and Payment Card Industry Data Security Standard (PCI DSS) compliance. Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:   
What ‘severless’ actually means in a PCI DSS context, and how this differs from how it is usually described by cloud providers
What QSAs look for when deciding whether a severless system falls within PCI scope
How the balance of responsibilities shifts when an organisation moves from traditional cloud services to severless, and where this causes the most confusion during assessments
The parts of a severless setup that tend to bring cardholder data into scope unexpectedly and how to ensure you understand the way information moves through your systems
How to handle PCI requirements for logs, monitoring and keeping evidence when the systems they rely on disappear almost instantly
Maintaining compliant access control and control over changes to your systems in a severless context
How to check for weaknesses in severless systems, the risks tied to the external code and libraries that are often used inside serverless functions
And more.
Ask Alastair and Tibor a question:  https://www.urmconsulting.com/podcasts/pci-dss-and-severless-architecture
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts      
 Connect with us on LinkedIn 
 Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
25min
May 21, 2026GDPR Compliance and BYOD
In this episode of InfoSec Insider – Talk DP, Aimee Brown and Rachael Salter, both Consultants at URM, break down the data protection compliance issues that arise from the use of bring your own device (BYOD) within organisations, and how these can be overcome. Aimee and Racheal draw on over 20 years’ combined data protection experience to discuss:
Why BYOD has become so common, and why it still catches organisations out
Where legal and regulatory risks arise with BYOD
How BYOD increases data subject access request (DSAR), breach, and dispute risk
What a proportionate, people-aware approach to BYOD looks like
How regulators and insurers are likely to view BYOD going forward.
Ask Rachael and Aimee a question:
https://www.urmconsulting.com/podcasts/gdpr-compliance-and-byod

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider       

You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts       

Connect with us on LinkedIn 

Brought to you by URM, the UK’s leading information and cyber security specialists.    
...more
31min
May 14, 2026AI Supplier Management
In this episode of InfoSec Insider, Jack Woods and George Ryan, both Consultants at URM, share their insights on how organisations can effectively manage AI suppliers and navigate the emerging risks associated with artificial intelligence in the supply chain.
Jack and George draw on their experience supporting organisations with AI governance and supplier risk management to discuss:
What AI supplier management is and how it differs from traditional supplier management, including the impact of rapidly evolving AI models and changing service structures
The key risks associated with AI suppliers, such as data leakage, unauthorised model training, hallucinations, bias, and compliance challenges
The growing issue of shadow AI, and how a lack of visibility over employee use of AI tools can introduce significant security and governance risks
How organisations can adapt due diligence processes to assess AI suppliers, including evaluating data handling practices, model governance, human oversight, and security maturity
Contractual and governance considerations, such as restricting data use, ensuring transparency on model updates, and defining audit and incident response expectations
The importance of understanding extended AI supply chains, including dependencies on underlying models and fourth-party providers
Why AI supplier management must be treated as an ongoing activity, with continuous monitoring, internal communication, and reassessment of risk as technologies evolve
Ask Jack and George a question:
https://www.urmconsulting.com/podcasts/aI-supplier-management

If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts          

Brought to you by URM, the UK’s leading information and cyber security specialists.       
...more
22min
May 07, 2026Understanding Relevant Risks
In this episode of InfoSec Insider, Wayne Armstrong, Senior Information Security Consultant and Consultant Manager at URM, breaks down the fundamentals of effective information security risk assessment and treatment. Wayne draws upon over 30 years of experience in IT, information security and risk management to discuss:
What ‘risk’ actually is
How to define a risk and the three component parts that are needed for a risk to exist
How to assign value to a risk
How to prioritise risks and determine which can be set aside, as well as how these priorities differ between organisations depending on context
The risk treatment options available, and the need to revisit your risk assessment.
Learn more about this topic: https://www.urmconsulting.com/blog/information-security-risk-assessment-and-treatment-understanding-relevant-risks
If you enjoyed this episode of InfoSec Insider – Talk Cyber, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider      
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    

Brought to you by URM, the UK’s leading information and cyber security specialists.     
...more
16min
April 30, 2026Zero Trust Architecture in PCI DSS
In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS). Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss:
What ‘zero trust’ is
Whether organisations with zero trust still need segmentation, or whether identity is enough
How to prove least privilege when access is dynamic and granted on demand, and how to handle sampling for PCI DSS evidence when access changes continuously
The biggest zero trust implementation mistakes that cause PCI DSS challenges later
Which logs matter most to prove that zero trust is actually protecting the cardholder data environment (CDE)
And much more.
Ask Alastair and Tibor a question:   https://urmconsulting.com/podcasts/zero-trust-architecture-in-pci-dss
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        
You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts       
 Connect with us on LinkedIn
Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
29min
April 23, 2026The DSAR Reviewer’s Toolbox
In this episode of InfoSec Insider – Talk DP, Rachael Salter and Aimee Brown, both Consultants at URM, discuss context and redaction in handling data subject access requests (DSARs), and how reviewers can use these to fulfil requests in full compliance with the General Data Protection Regulation (GDPR). Aimee and Rachel leverage 20 years’ combined experience in data protection to discuss:
Why redaction the part of DSAR handling that so often goes wrong for organisations
How reviewers can distinguish between personal data, mixed data, and information that should not be disclosed
The biggest challenges when handling DSARs involving unstructured datasets like email chains, chat logs, or call notes
Some of the common redaction mistakes organisations make, and lessons learned from real cases
The practical steps organisations can take to improve the quality and defensibility of their redactions.
Ask Rachael and Aimee a question: https://urmconsulting.com/podcasts/the-dsar-reviewers-toolbox
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider   

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    

Connect with us on LinkedIn

Brought to you by URM, the UK’s leading information and cyber security specialists.   
...more
43min
April 16, 2026Identity and Access Management
In this episode of InfoSec Insider, George Ryan and Jack Woods, both Consultants at URM, share their insights on identity and access management (IAM), and the steps organisations can take to ensure their IAM is secure and resilient. Jack and George leverage their extensive experience supporting organisations’ strengthen their information security to discuss:
What IAM is, whether it just covers employees, and how it works
The components that may feature as part of effective IAM, such as multi-factor authentication (MFA), single sign-on (SSO), monitoring and auditing, etc.
Why it is important to enforce IAM best practices
The problems around IAM that may arise in the future as a result of developing trends and technologies.
Ask Jack and George a question

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider          
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.       
...more
22min
April 09, 2026Clause 6.3 of ISO 27001: The Importance of Planned ISMS Change Management
In this episode of InfoSec Insider, Neil Jones, Senior Consultant at URM, provides key insights on achieving and maintaining conformance to Clause 6.3 (Planning of changes) of ISO 27001, the International Standard for Information Security Management Systems (ISMS’). Neil leverages over 20 years of real-world information security knowledge and experience to discuss:
What Clause 6.3 is and why planned ISMS change management is so important
The common mistakes organisations make when planning ISMS changes under Clause 6.3
The seven practical actions he recommends for effective implementation of Clause 6.3, which of these actions organisations most frequently overlook, and why
How to determine whether your existing change management processes are suitable for Clause 6.3 conformance.
Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-clause-6-3-the-importance-of-planned-isms-change-management
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider  
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Brought to you by URM, the UK’s leading information and cyber security specialists.
...more
7min

FAQs about InfoSec Insider:

How many episodes does InfoSec Insider have?

The podcast currently has 89 episodes available.