Breaches & Brews

We sat down with two NCUA Regional Information Security Officers to ask them point blank: what are you finding in exams, what do you want credit unions to fix, and what does "good" actually look like?Charles has been with the NCUA for 27 years. Murray left the agency, worked at a credit union, and came back. Between them, they've examined institutions from $50 million to $13 billion in assets. They don't hold back.In this episode, they walk through the most common deficiencies from 2025 exams (access controls, MFA gaps, vendor incident response), explain why expressing cyber risk in dollar terms is the single most important thing you can do for your board, and share what they're actually looking for on AI governance right now - even though the NCUA itself is still catching up.If you're prepping for an exam, presenting to your board, or trying to figure out what to do about AI, this is the episode.Resources we mentioned: 📘 How to Measure Anything in Cybersecurity Risk - Douglas Hubbard & Richard Seiersen 📊 Free Cyber Risk Assessment - rivialsecurity.com/cyber-risk-assessment 📄 AI Risk Management Whitepaper - rivialsecurity.com/resources 📋 AI Governance Assessment (NIST AI RMF) - rivialsecurity.com/resources 👥 Private Community for CU & Bank Leaders - rivialsecurity.com/community🔗 rivialsecurity.com 📅 Book time with our team: rivialsecurity.com/contact-us#NCUA #CreditUnion #CyberRisk #CreditUnionPodcast #AIGovernance #RiskManagement #BoardReporting

In this insightful panel discussion, host Taylor Wells is joined by cybersecurity and IT leaders Will Reed and Kevin, representing billion-dollar credit unions from across the country. Together, they explore the pressing challenges and opportunities facing the financial sector, from the realities of AI adoption and evolving threat landscapes to the practicalities of building security teams, communicating cyber risk to boards, and staying audit-ready year-round. The conversation offers candid perspectives on managing digital transformation, preparing for NCUA exams, balancing member experience with security, and fostering a risk-aware culture—making this episode a must-listen for credit union professionals seeking actionable insights in an era of rapid technological change.

In this insightful episode, Lucas Hathaway, CRO @ Rivial Security takes listeners through the essential steps of maturing a third-party risk management program, with a special focus on cybersecurity reviews and vendor due diligence. Discover why regulators like the NCUA and FDIC are zeroing in on third-party risks and learn proven strategies for onboarding, classifying, and assessing vendors. Lucas Hathaway, CRO @ Rivial Security shares valuable stories from the field (including lessons learned from recent breaches), explains how to utilize questionnaires and SOC reports effectively, and offers practical tips for ongoing monitoring, incident response, and complementary user entity control (CUEC) testing. With actionable frameworks, relatable anecdotes, and free resources, this episode is a must-listen for financial institutions, security leaders, and anyone navigating the complexities of third-party vendor management.

Join Jonathan Taylor, Shirley Sandwith, and guest Keaton Tanzer, Sales Manager at Rivial Security, as they broadcast from the CU Intersect 2026 conference in vibrant New Orleans. In this episode, we dive deep into the evolving world of data security and compliance for credit unions, from navigating regulatory scrutiny and examiner trends to adopting flexible frameworks for organizations of all sizes.  Keaton shares practical strategies on cyber risk assessment, the importance of customizing compliance processes, and how to effectively communicate security initiatives to board members. Plus, discover how smaller credit unions can stay ahead without being overwhelmed and why fostering real conversations at the board level is critical for successful governance.  Packed with actionable insights, this discussion is a must-listen for anyone in the credit union or financial institution space looking to innovate securely and keep their organization audit-ready.  Featured Topics:- Recent regulatory shifts and examiner expectations  - Cyber risk assessment tailored for every credit union  - Best practices for board reporting and quantitative analysis  - How to prepare for audits and leverage industry partnerships  - Resources and support for credit unions of all sizesTune in for expert advice, industry stories, and a fresh perspective on cyber risk and compliance!

In this episode, hosts Taylor Wells and Lucas Hathaway, CRO @ Rivial Security are joined by Randy, founder and CEO of Rivial Security, to dive into the complexities of reporting cybersecurity to boards of directors—especially in banks and credit unions. The team discusses the importance of tailoring reports to non-technical board members, balancing regulatory and audit requirements with actionable insights, and fostering board engagement through meaningful metrics (including the shift toward quantitative, dollar-based cyber risk reporting).Listeners will hear practical advice on the length and frequency of board reports, how to train and guide boards to ask the right questions, and strategies for transitioning organizations from vague, high-medium-low risk reports to data-driven conversations about business impact and ROI. The episode answers real audience questions and shares insights from hundreds of board meetings, revealing common pitfalls and proven techniques for building trust, securing resources, and moving cybersecurity conversations beyond technical jargon into true resilience planning.Perfect for CISOs, risk leaders, and anyone responsible for cybersecurity board reporting, this episode delivers actionable takeaways, relatable stories, and expert guidance to help you elevate your next board presentation.

In this insightful panel episode, host Keaton Tanzer & Lucas Hathaway at Rivial Security are joined by Darrin Moorer, Senior VP and Information Security Officer at NBKC Bank, and Mike Sloan, Associate VP and ISO at the University of Kentucky Federal Credit Union, for a practical, forward-looking discussion on information security and compliance in financial institutions.Together, they unpack the most surprising and common regulator findings from 2025, discuss smooth exam experiences, and highlight the importance of continuous compliance. The conversation moves to strategies for staying "exam ready" in 2026, emphasizing documentation, ongoing evidence collection, and establishing cross-departmental ownership of risk.AI emerges as both a tool and a threat, prompting conversations around acceptable use policies, risk frameworks, custom training, and incident responses for AI-related scenarios. The panel explores how financial institutions are cautiously rolling out AI, tracking usage, and planning governance committees, while also diving into the complexities surrounding vendor and fourth-party risk assessments.The episode wraps up with budget season advice for 2026, prioritizing measurable risk reduction, the maturation and optimization of security programs, and board-level communication strategies that translate technical achievements into business impact.This episode offers actionable insights, practical tips, and real-world examples for security leaders, managers, and board members in the banking and credit union space as they navigate evolving expectations, technologies, and threats.

Join our insightful webinar as we dive into the latest updates of NIST CSF 2.0. Gain a comprehensive understanding of its governance frameworks and discover key takeaways crucial for financial institutions. Topics we’ll cover include:Cybersecurity Defense Matrix: Explore strategic cybersecurity defense approaches, encompassing both proactive measures (Left of Boom) and reactive responses (Right of Boom).Changes to NIST CSF 2.0: Understand the revisions, additions, and enhancements, and learn how to leverage them to fortify your organization's cybersecurity posture.Introduction of Governance: Gain a foundational understanding of the governance framework and learn about the key components to effectively align cybersecurity strategies with business objectives.

Tailored for security leaders, our on-demand webinar covers key topics that include:Top Priorities In Maintaining Compliance: Addressing compliance challenges in the ever-evolving cybersecurity landscapeEvolving With AI: How industry leaders are leveraging AI to enhance their security measures.Adapting To New Risk Factors: How to adapt cybersecurity strategies to counter new risks.Best Practices For Cybersecurity: New Strategies to protect your critical systems and data.Learn how your peers are tackling current cybersecurity challenges today!

Ensure your credit union is compliant & secure in 2024. Hear from a panel of NCUA auditors about infosec & cybersecurity best practices for your credit union. 

Mike Messick joins our latest episode to share his career experience as an ISP analysis for the state of Alaska and then move on to start his own company (Deep Forest Security) as an Incident Responder. Mike and his team of security professionals help organizations large and small to both prevent and resolve crippling cybersecurity events.

Elizabeth Osborne, COO of Great Lakes Credit Union joins #breachesandbrews to highlight how AI will bring her members value in 2024. An investment that will certainly pay off over the holidays when there tends to be a spike in call center traffic.

Kevin Dinino, crisis communication professional and founder of KCD PR joins #breachesandbrews to discuss how he would handle and mitigate a data breach given his years of experience. 

Jack Smith from PureIT Credit Unions joins our latest episode to talk about his Credit Union journey and where he thinks ideal investment areas are to improve the member experience.  

Becky Reed, Co-founder of PureIT Credit Union services joins our latest episode of #Breaches&Brews to explain how she continually brought success to her branch by aligning technology and member experiences together. 

(This is a recording from a live event from October 2023) To view the webinar recording, click here and passcode is:. 3#MrRQe-Your Board knows they need to invest in cybersecurity.But do they know the specific return on investment of your security program?Bank & credit union security leaders find themselves in a growing predicament where they must demonstrate the effectiveness of their security efforts in a cost-efficient manner.Join Rivial Data Security experts for this hands-on workshop as we take you through a deep dive into how we quantify risk and show the effectiveness of your security program.Takeaways from this event:- Learn how to prioritize security investments based on their potential impact to your business.- See a live risk assessment using Cyber Risk Quantification- Learn how to set a risk tolerance, scope information systems, and more- Get all of your cybersecurity ROI questions answered

(This is recording from a live event from August 2023) As financial institutions continue to embrace digital transformation, it has become harder to safeguard sensitive data and financial assets from cyber threats.This panel brings together security leaders from leading banks & credit unions, offering valuable insights and strategies for fortifying your organizations against evolving cyber challenges.Topics covered:- Proactive Measures: From advanced threat detection to incident response planning, equip your team with the knowledge to stay ahead of potential threats.- Data Protection and Compliance: Learn how security leaders ensure adherence to industry regulations while safeguarding sensitive member information.- Risk Management: Delve into risk management practices tailored to banks & credit unions.- Automating Security: Uncover the potential of automation in cybersecurity.- Extended Q&A: Come with your security, compliance, or cybersecurity questions.Whether you are a cybersecurity professional, a bank or credit union executive, or an industry enthusiast, this event promises to have helpful insights for you.

(recording from a recent webinar hosted by Rivial Data Security) Discover how to simplify your FedLine Assessment process in our upcoming webinar.Join us to learn practical strategies and time-saving tips for streamlining your annual assessment.We will provide insights on organizing documentation, navigating compliance requirements, and leveraging tools for a more efficient assessment.Key topics covered in the webinar:-Overview of the FedLine assessment process-Common challenges and pitfalls to avoid-Strategies to simplify documentation and compliance requirements-Tools and resources for a streamlined assessment-Tips for efficient preparation and execution-Commons questions answeredDon't miss this opportunity to optimize your FedLine Assessment experience

Keaton Tanzer talks to Brian Winchester, IT Auditor at Financial Center Credit Union.  This is a fantastic discussion, much about user training, molded by Brian's background of being born into an IT family and also his military training. Keaton and Brian throw out the idea of the role of the Human Resources department in User Training and what we need to do to create a human firewall.Get in Touch:[email protected] Rivial Webinars:https://www.rivialsecurity.com/webinars

Keaton Tanzer kicks off season 2 of Breaches & Brews with a dynamite guest, Julio Tirado, Director of Internal Audit at Spirit Bank. If you manage any aspect of security at a financial institution, you simply can't miss this episode. Keaton and Julio dish out the future of AI in security, specific resources to up-skill your security game, and exactly how to jujitsu cybersecurity.  There is so much valuable information shared here, you just can't miss this!Get in Touch:[email protected] Rivial Webinars:https://www.rivialsecurity.com/webinarsSANS OUCH! Newsletterhttps://www.sans.org/newsletters/ouch/

Keaton Tanzer & Randy Lindberg welcome superstar Lisa Cochran, CIO at VyStar Credit Union and uncover her path from programmer to CIO.  They get to the bottom of the connection between Garth Brooks and Chris Gains and also explore how local institutions can partner with fintechs for a win-win scenario. Lisa also shares her experience of being a woman in the IT space and how we can all build confidence by doing a superman or superwoman power pose!Get in Touch:[email protected] Rivial Webinars:https://www.rivialsecurity.com/webinars

Keaton Tanzer welcomes Hunter Morren, VP / ISO, at The National Bank of Andrews to Breaches & Brews. Hunter shares how he's helping his bank compete with fintechs with technology and the personal touch. Keaton and Hunter also discuss how the oil business affects financial institutions in Texas, and don't miss our favorite part... Hunter's best advice for IT Audits!!!Get in Touch:[email protected] Rivial Webinars:https://www.rivialsecurity.com/webinars

Keaton Tanzer welcomes AVP of IT at Signal Financial Federal Credit Union, Nico Stein.  Keaton and Nico discuss what it's like to manage a small IT shop at a credit union, the importance of mentoring, preventing IT burnout, and how to use Nerf guns to settle workplace disputes.Get in Touch:[email protected]

Keaton welcomes guest Bryan Buck, SVP & Chief Technology Officer at SouthStar Bank. This conversation is PACKED with amazing insights into running an IT and security team at a community bank. Find out how Bryan managed through covid and what the lasting effects and ramifications are. And don't miss our favorite part about how we can ALL work together, a collective defense, against cybersecurity threats.  Get in Touch:[email protected]

Keaton Tanzer welcomes Dr. Zach Milstead to Breaches & Brews.  Dr. Zach is not only the CISO at Guaranty Bank & Trust, but an actual philosopher.  Keaton and Zach breakdown the psychology behind user training strategies and successful phishing tactics. And you'll hear Dr. Zach's philosophy on which skills are essential for the future of our cybersecurity frontlines and the people that lead them.Get in Touch:[email protected]

Keaton and Randy host special guest Heather Feliciano from Lassen County Federal Credit Union. Learn what it took for Heather to soar from a teller to the COO of a major credit union and what she learned along the way.  We discuss the importance of choosing great vendors, developing professional relationships, developing a gold star incidence response plan and how to get a concealed gun carry permit in Florida.  So grab your favorite brew and don't miss it!Get in Touch:[email protected]

Join Randy and Keaton, and the Senior VP Enterprise Risk Management at Logix Federal Credit Union for a worldly view on the topic of risk management. Our guest, Daniel Tschopp, gives us his recommendation for the best Hefeweizen beer, the secret for keeping credit unions relevant, and what IT security professionals need to be prepared for in the future. Get in Touch:[email protected] Listen to the Matching Webinar:Cybersecurity 101: How to Assess IT Risk like  a Pro

Keaton and Randy interview Angel Hernandez, CEO at California Agribusiness Credit Union. Phenomenal insight from a guy who started reading Truth & Lending disclosures at the age of 14 about managing a local financial institution. And find out whether or not you should drink the Kool-Aid in Keaton's Mount Rushmore of overused office clichés!Get in Touch:[email protected] for the Matching Webinar:Secrets to an Easier IT Audit

Keaton and Robb talk to Chris Christianson, Information Security Consultant and SANS Instructor, about the best tools being used in the industry. The guys talk proof-of-concept, the importance of buy-in, how to work within a crunched budget, testing frequency, and how to get vendors to buy your dog treats!Get in Touch:[email protected] the Matching Webinar:The Best Low-Cost Security Tools

Robb Nielsen and Keaton Tanzer of Rivial Data Security interview their CEO, Randy Lindberg.  You'll learn about best practices for presenting cybersecurity to your Board of Directors, what brew was in the back of Keaton's fridge this week, and which read Randy thinks is most interesting... NIST or Harry Potter.Get in Touch:[email protected] the  Webinar:Reporting To Your Board