I’m new to blogging for the Center for Cybersecurity Policy and Law (CCPL), so let me briefly introduce myself. I’m Jen - hi! I’ve been on the board of CCPL since it launched, and I work extensively with governments, security experts, industry leaders and nonprofits around the world to try to reduce cyber risk for all digital citizens. In my opinion, we can only do that by bringing those groups together in collaboration. 

This is the philosophy behind CCPL, and it's why my co-host, Alex Botting, and I are launching a new podcast, Distilling Cyber Policy. The goal is to help security professionals keep up to date with the cyber policy developments that will likely impact them over time. My dream is that we may even inspire and inform some of you enough to get involved with shaping policy for better security outcomes.

So that’s the rationale behind Distilling Cyber Policy - the podcast where we <cough> separate the facts from the hype and boil out the wonky jargon so listeners can keep up with the latest developments impacting the future of security <cough>. I will never apologize for my love of dad jokes and bad puns. You may as well accept that now before listening to the pod, because I’m not sure Alex is much better than me. As I was saying, that’s the background, now let’s get to the specifics and introduce Episode S01 E01: EU Cyber Resilience Act with MEP Bart Groothuis.

As our says-what-it-does-on-the-tin title suggests, this episode features an interview with the incredibly charming and engaging Bart Groothuis, who is a Member of the European Parliament (MEP) and rapporteur for cybersecurity. Prior to joining the European Parliament in February 2020, Bart was head of cybersecurity for the Dutch Ministry of Defence and he is more than familiar with the issues. He joins us in the episode to help explain the EU Cyber Resilience Act (CRA)

I don’t think I’m overstating it to say that the CRA is likely to be the most impactful piece of cybersecurity legislation to move this year, not just in the EU, but around the world. Just as the General Data Protection Regulation (GDPR) created impact far beyond the borders of the EU, so too will the CRA, with the potential to impact all technology manufacturers and lots and lots of technology vendors. If you fit into either category, you should give the episode a listen, or at least go read up on the CRA. We’ll also blog about it more through the legislative process, so watch this space.

The episode also includes some other goodies. Every episode will run about 30-35 mins – this one runs long because we added a bit more explanation of format – and will include three sections: the News Funnel, where we break down a couple of policy-related news stories; the Big Interview, where we chat with a policy expert about a specific cyber policy proposal or initiative; and Mystery Trivia Master (of Doom), where we welcome surprise volunteers from the policy and security communities to come on and ask Alex and me cyber policy trivia questions. 

The last part promises to be an excellent opportunity for me to embarrass myself horribly as my memory is terrible. 

Special thanks to Tod Beardsley who continues in his enduring role as my personal cybersecurity wiseman as our first Mystery Trivia Master (of Doom). He did excellent work with his poser, but I’ll keep the details to myself for those that want to test their own knowledge. 

If you would like to get involved or submit cyber policy trivia for the podcast quiz, please reach out to info@centerforcybersecuritypolicy.org or find us on LinkedIn or Twitter.

You can find this and all upcoming episodes on:

Jen Ellis

Read Next

CISA Proposes Sweeping Cyber Incident Reporting for U.S. Companies

The federal government is one step closer to requiring approximately 315,000 businesses to report cyber incidents and ransomware payments. 

Event Recap: Spring Into Privacy with the NIST Privacy Engineering Program

The NIST Privacy Framework is getting a little "Spring Cleaning." Officials from NIST's Privacy Engineering Program updated participants on updated to the Privacy Framework and other projects at an event last week.

Multiple Organizations Request 30-day Extension on CIRCIA Comments

The Cybersecurity Coalition, U.S. Chamber of Commerce, and 23 other organizations have requested a 30-day extension to the comment period for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) from CISA.