Emma Mackenzie made a deliberate switch into cyber security, and went straight into governance and risk. Since then she's moved across into a cyber defence role, and that experience of working both sides of the house gives her a perspective most people in the industry don't have.

Emma works in financial services, specialising in governance, risk, resilience and regulatory alignment.

In this episode she gets practical about the tensions that exist between security teams and the business, why patch management is harder than it sounds, and how to translate cyber risk into language that actually lands in the boardroom.

We cover:

• Why silos between GRC and SOC exist in almost every organisation, and what that costs you
• The patch management reality in financial services: why "just patch it" isn't always an option
• How to frame cyber risk in financial terms so leadership actually acts on it
• DORA, the UK Cyber Security Resilience Bill, and whether regulation is moving in the right direction
• What good recovery planning actually looks like and the questions most tabletop exercises never ask
• Why getting stakeholders involved early is the most underrated project management move in security
• Emma's advice on personal resilience in a field with serious burnout problems

If you're working in GRC, a SOC, or anywhere in between, this one's worth your time.