EPISODE · May 13, 2026 · 53 MIN
Two NCUA Cybersecurity Examiners Tell Us What They're Looking For in 2026
from Breaches & Brews · host Rivial Data Security
We sat down with two NCUA Regional Information Security Officers to ask them point blank: what are you finding in exams, what do you want credit unions to fix, and what does "good" actually look like?Charles has been with the NCUA for 27 years. Murray left the agency, worked at a credit union, and came back. Between them, they've examined institutions from $50 million to $13 billion in assets. They don't hold back.In this episode, they walk through the most common deficiencies from 2025 exams (access controls, MFA gaps, vendor incident response), explain why expressing cyber risk in dollar terms is the single most important thing you can do for your board, and share what they're actually looking for on AI governance right now - even though the NCUA itself is still catching up.If you're prepping for an exam, presenting to your board, or trying to figure out what to do about AI, this is the episode.Resources we mentioned: 📘 How to Measure Anything in Cybersecurity Risk - Douglas Hubbard & Richard Seiersen 📊 Free Cyber Risk Assessment - rivialsecurity.com/cyber-risk-assessment 📄 AI Risk Management Whitepaper - rivialsecurity.com/resources 📋 AI Governance Assessment (NIST AI RMF) - rivialsecurity.com/resources 👥 Private Community for CU & Bank Leaders - rivialsecurity.com/community🔗 rivialsecurity.com 📅 Book time with our team: rivialsecurity.com/contact-us#NCUA #CreditUnion #CyberRisk #CreditUnionPodcast #AIGovernance #RiskManagement #BoardReporting
What this episode covers
We sat down with two NCUA Regional Information Security Officers to ask them point blank: what are you finding in exams, what do you want credit unions to fix, and what does "good" actually look like? Charles has been with the NCUA for 27 years. Murray left the agency, worked at a credit union, and came back. Between them, they've examined institutions from $50 million to $13 billion in assets. They don't hold back. In this episode, they walk through the most common deficiencies from 2025 exa...
NOW PLAYING
Two NCUA Cybersecurity Examiners Tell Us What They're Looking For in 2026
No transcript for this episode yet