In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Christopher Hetner, Senior Cyber Risk Advisor serving the boardroom community and former senior cybersecurity advisor to the Chair of the U.S. Securities and Exchange Commission.

The conversation opens by tackling a deceptively simple question: what do we even call this space anymore? Information security, IT security, cybersecurity, cyber risk, digital risk, digital resilience — are these distinct disciplines with meaningful nuance, or different labels for the same underlying reality? Christopher and Michael unpack how language shapes expectations, accountability, and how risk is understood across the enterprise.

From there, they dive into Michael’s widely discussed essay, “The CISO Is Dead: A Eulogy and a Resurrection,”exploring why the title provoked resistance while the substance resonated. The discussion reframes the modern CISO not as a narrow security operator, but as a steward of digital risk and resilience in a world where every function, product, and decision carries a digital footprint.

They explore the dangers of cybersecurity leaders operating in isolation, the limits of traditional security-centric models, and why cyber risk can no longer live on its own island. The conversation then turns to the boardroom, what directors tend to understand about cyber and digital risk, where gaps remain, and how risk leaders can engage boards more effectively by shifting from technical reporting to strategic navigation.

Rather than treating cyber risk as a technical problem to be delegated, this episode makes the case for digital risk and resilience as a bridge-level responsibility, one that requires shared ownership, clearer language, and leadership capable of steering the enterprise through an increasingly interconnected and uncertain risk universe.

In this episode of Risk Is Our Business, Captain Michael Rasmussen opens a subspace channel with Bradley Jewett, Chief Financial Officer at LeadVenture and a seasoned operating executive who helped shape enterprise risk management inside Microsoft and BMC Software.

The discussion begins by contrasting bad risk management (periodic, siloed, and designed to check a box) with good risk management that actively informs how organizations make decisions. From there, Brad introduces the philosophy he championed at Microsoft: the Rhythm of Risk.

Rather than positioning risk as a separate function, Brad describes an approach where risk management keeps pace with the enterprise itself. Strategic planning cycles, annual operating plans, mergers and acquisitions, audit planning, SEC reporting, investor communications, and product roadmaps all become natural moments for risk to surface and influence outcomes. Risk moves in time with the business, strategic and operational, top-down and bottom-up.

Recorded over a live video link, the conversation also explores how this mindset was received by leadership, what it took to set expectations that risk should shape daily decisions, and why aligning risk to the organization’s cadence is far more effective than standalone frameworks or annual exercises.

The episode offers a practical, experience-led perspective on what it means to keep risk on the bridge, not as a warning light, but as a steady navigational rhythm guiding the enterprise through uncertainty at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams into a cross-continental conversation with Karsten Findeis, Head of Risk Management at Nordex Group, and Dr. Ayman Nagi, Corporate Risk Manager, for a deep look at how risk maturity evolves inside a global renewable-energy manufacturer.

They discuss how Nordex has transformed its risk mindset over the past decade, shifting from a compliance-driven obligation to a strategic discipline that captures both risks and opportunities. By treating risk as the effect of uncertainty on objectives, the team explains how they’ve moved beyond the old hazard-and-harm framing to a more balanced, value-creating approach that resonates across the business.

Karsten and Ayman share how Nordex built trust with the organization, how the perception of risk has shifted from burden to business partner, and why logging opportunities alongside risks reflects a more advanced, enterprise-wide understanding of uncertainty. They also dig into IDW PS 340, how its requirements have sharpened their processes, and how implementing the right technology elevated data quality, reporting, and decision-making across the fleet.

They also chart where risk management at Nordex is headed in the coming years, from enhanced digital twins to deeper integration with strategic planning and operational execution. For organizations navigating uncertain markets, the Nordex journey offers a blueprint for turning risk into propulsion rather than drag.