E21: 4 Simple, Easy & Budget-Friendly Steps to Reduce Your

In this episode of the GRC & Cyber Security Podcast, Brent Deterding, CISO at Afni, joins Matthew Davies, VP of Product at SureCloud, to share his refreshingly practical approach to organisational risk. Brent breaks down the four steps he uses to significantly reduce cyber risk in a way that is simple, easy and inexpensive — a framework that any business, regardless of size or maturity, can adopt.

He explains how Afni prioritises efforts within its security programme, the role of frameworks like FAIR, and the thinking behind a risk-first, complexity-last mindset. Brent also reveals how he achieved a one-third reduction in cyber insurance costs, and the cultural, operational and technical changes that supported this outcome.

This conversation offers clarity for leaders overwhelmed by competing priorities, limited resources and increasing pressure to demonstrate measurable risk reduction. Brent’s insight is practical, honest and highly actionable — making this episode essential listening for CISOs, security managers, risk professionals and anyone responsible for reducing organisational exposure.

What You’ll Learn

Brent’s four-step framework for simple, inexpensive and high-impact risk reduction
How Afni prioritises security work using risk-based thinking and FAIR principles
The structure and maturity of Afni’s information security programme
How Brent achieved a significant reduction in cyber insurance costs
What’s working well today in Afni’s cyber strategy
Current areas of concern for CISOs in 2023 and how to address them
The skills that make a great information security professional
Brent’s “one wish” for solving a major security problem