Beta
Logo of the podcast Cybersecurity Where You Are

Cybersecurity Where You Are (Center for Internet Security)

david.bisson@cisecurity.org
Show detailsEpisodes (100)Links (373)RSS Check (58%)Related content (68)

Explore every episode of Cybersecurity Where You Are

Dive into the complete episode list for Cybersecurity Where You Are. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 100

Pub. DateTitleDuration
29 Mar 2022Episode 27: Cyber Scams00:50:04

In this episode of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Stacey Wright, former CIS employee and current Vice President of Cyber Resiliency Services at the Cybercrime Support Network. The discussion focuses on the common cyber scams malicious actors have been using for decades and offer advice for dealing with them.

Resources

22 May 2024Episode 85: Reenergizing Collective Action at RSAC 202400:50:51

In episode 85 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are live from Booth 4319 at RSA Conference (RSAC) 2024. Together, they discuss how events like RSAC 2024 reenergize collective action in the cybersecurity industry. They begin by noting how resources such as the CIS Community Defense Model (CDM) bring more data and transparency to security recommendations for the cybersecurity industry. They then look back on some of Tony's presentations at prior years of RSAC before looking at the interest surrounding supply chain security, zero trust, and artificial intelligence (AI). To address these developments, organizations must create a foundation for defense and scale rapid improvements, needs which Tony and Sean see as opportunities for collective action in the industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

29 Sep 2023Episode 65: Making Cyber Risk Analysis Practical with QRA00:39:12

In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the challenges of getting started. Their conversation then gets into how the CIS Board of Directors, specifically the Risk Committee, is using different methods of QRA to achieve CIS's business goals and objectives.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

07 Oct 2022Episode 40 See Yourself in Cyber to Be Cyber Smart00:41:15

In episode 40 of Cybersecurity Where You Are, co-host Tony Sager is joined by Murray Kenyon, Vice Cybersecurity Partnerships Executive at U.S. Bank. Together, they discuss the human dimension of cybersecurity, that is, bringing people with different talents together to understand common problems and help both organizations and individuals make informed choices. This is the philosophy behind Cybersecurity Awareness Month, an initiative which Kenyon helps organize as a Board member of the National Cybersecurity Alliance. The purpose of this year's theme, "See Yourself in Cyber," is not to make users into cybersecurity experts, as Sager and Kenyon point out. It's to create resources and lines of communication for sharing basic steps that everyone can take to better protect themselves online.

Resources

10 Sep 2021Episode 15: Cybersecurity Success Takes Soft Skills00:55:59

Episode Highlights:

  • Why soft skills are important
  • Top soft skills
  • Building a company culture

Resources:

In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager discuss soft skills and how they pertain to the the cybersecurity industry. Whether it is an an employee wanting to expand their career or an employer seeking a new hire, soft skills are just as important as technical knowledge.

15 May 2024Episode 84: Why We Need to Define Reasonable Cybersecurity00:40:08

In episode 84 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss the notion of reasonable cybersecurity. They begin by providing some background about reasonableness in cybersecurity and identifying the problem we need to solve — namely, the lack of a definition of reasonableness around which organizations can build their cybersecurity program. They then discuss how a definition for reasonable cybersecurity needs to include security best practices that are doable. They conclude by exploring how CIS's work around this topic may influence its content development going forward.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

16 Dec 2022Episode 45: The Importance of Mentorship00:42:48

In episode 45 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Valecia Stocchetti who is a Sr. Cybersecurity Engineer on the CIS Critical Security Controls team here at CIS. Valecia and Sean discuss how their mentorship took shape and how it worked as a partnership from the very beginning. Together with Tony, they go over mentorship vs. career counseling and note that a vetting process can help you spot the difference. They conclude by exploring why it's important to pay it forward whether you're a mentor or mentee.

Resources:

18 Aug 2023Episode 62: Inside the 'Spidey Sense' of a Pentester00:49:19

In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

12 Mar 2021Episode 3: Third-party Risk Management – Beyond the Questionnaire00:43:58

Resources:

Can a risk assessment questionnaire be the catalyst for true change to the entire vendor cybersecurity ecosystem? Cybersecurity Where You Are podcast host Sean Atkinson welcomes guest Ryan Spelman, former CIS employee, and now Managing Director at Duff & Phelps on their CYBERCLARITY360 team. Together, Sean and Ryan discuss tactics companies can use to better understand their cyber-risk posture and how stronger relationships between companies and their third parties impact the industry as a whole.

Better use of the third-party risk assessment questionnaire

The go-to “third-party risk assessment questionnaire” being used as a one-and-done exercise is an all too common practice. While completing these questionnaires meets certain regulatory requirements, truly managing risk is about acting on the data collected - not just collecting it.

There is a misconception that the questionnaire is for general information collection and that the same questions can apply to all vendors. Some questions, such as those about overseas relations or services, may be applicable to all vendors. But to more accurately assess a third party’s risk it is important to customize the questions to match the vendor's use case and scope.

This episode shares how an organization can start drafting these inquiries.

Once the questionnaire is crafted, completed, and returned, a plan should also be in place for how to address the issues that arise from the submitted answers.

Beyond the questionnaire – communication is key

The issue of third-party management rests in the hands of both the company and the vendor. Clear, accurate, and truthful communication between both parties makes both entities ultimately stronger.

Building a stronger security ecosystem

This is an “area where the common good can happen,” says Ryan. If a company can make the third party’s security posture better, then everyone else who uses this third party is made better. It ultimately makes a measurable difference in the entire vendor ecosystem.

The Atkinson 9

In the vein of another famous interviewer, Sean asked Ryan his “Atkinson 9,” a quick Q&A about security. Listen now to find out what our guest said!

28 Oct 2022Episode 42: Advocacy for the Underserved00:54:28

In episode 42 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mat Everman, Information Security Operations Manager at the Center for Internet Security (CIS). Together, they discuss the topic of advocating for the underserved. Both agree that there's no silver bullet that a person or business can use to minimize all cyber risk. In the absence of a cure-all solution, however, there are opportunities for improving the security maturity of the underserved more broadly. This process begins with a discussion of where the underserved are. It then focuses on security measures that they can use to establish a baseline and create a foundation for an ever-evolving security journey.

Resources

08 Apr 2022Episode 28: The Convergence of Cybersecurity and Public Policy00:52:46

In episode 28 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Brian Ray, Director of the Center for Cybersecurity and Privacy Protection, and Leon and Gloria Professor of Law at the Cleveland-Marshall College of Law at Cleveland State University. Together, the three discuss the convergence of cybersecurity and public policy with an emphasis on the concept of 'reasonable' security measures affording a data breach safe harbor for businesses.  

14 Apr 2023Episode 53: Fostering a Neurodiverse Cybersecurity Industry00:39:26

In episode 53 of Cybersecurity Where You Are, co-host Tony Sager is joined by Ron Gula, President and Co-Founder of Gula Tech Foundation. Together, they acknowledge Autism and Neurodiversity Awareness Month by discussing the need to create more opportunities in cybersecurity for neurodiverse individuals. They point out that there's no one way for all employers and supervisors to support employees with different abilities. It's up to the employers and supervisors to decide where those efforts fit into their culture and what each victory looks like.

Attending RSA Conference 2023? Make sure you visit the main conference hall at 12:00 P.M. PT on Wednesday, April 26. At that time and place, Gula Tech Foundation will announce the four winners of its Spring 2023 grant campaign, "Expanding Opportunities in Cyber for the Neurodivergent." As part of the ceremony, you'll have a chance to speak with the winners about engaging neurodiverse individuals in your organization.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

25 Feb 2022Episode 25: Building an Internal Incident Response Team00:47:19

In this episode of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Lou Smith, a Senior Information Security Intrusion Analyst at the Center for Internet Security. Smith has a background in Digital Forensics and previously worked for New York State's Cyber Command Center. The two discuss building digital forensics and incident response capabilities in-house. Tune in to learn about the skills you need and the tactics you can use to successfully implement an incident response plan at your organization.

Resources

19 Aug 2022Episode 37: Collaboration at the 15th Annual MS-ISAC Meeting00:23:17

In episode 37 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Carlos Kizzee, SVP of CIS Stakeholder Engagement Operations at the Multi-State Information Sharing and Analysis Center (MS-ISAC). Together, they discuss how the 15th Annual ISAC Meeting – held recently in Baltimore – gives an opportunity for representatives of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations to network, share best practices, and learn from one another's experiences. Tony then takes us to the ISAC Meeting, connects with a couple of attendees on the floor, and explores what the event means to them.

Resources

23 Apr 2021Episode 6: 2020 Elections Year in Review00:37:51

Resources:

In this edition of Cybersecurity Where You Are, host and CISO at the Center for Internet Security (CIS), Sean Atkinson welcomes guests Geoff Hale and Lew Robinson. Hale leads the Election Security Initiative at the Cybersecurity and Infrastructure Security Agency (CISA), while Robinson serves as CIS Vice President of Election Operations. Both agencies and both men, respectively, played a big role in the success of the 2020 General Election, which has been deemed the most secure election in American history.

Highlights:

  • Elections...A Critical Infrastructure
  • Strong Partnerships Make for Strong Collaborative Efforts
  • Technical and physical controls that contributed to the 2020 General Election being the most secure election in history
  • Steps taken to enhance communications and provide threat intelligence to state and local entities
  • Collaborative process to provide stakeholder input to influence the approach to election security
  • Strategies and techniques used to manage mis- and disinformation
  • Efforts made to assist state and local election offices with best practice guidance
  • Lessons learned from the 2020 General Election

Remember to subscribe to get the latest cybersecurity news and updates to Start Secure and Stay Secure.

09 Jun 2023Episode 57: Celebrating the 20th Anniversary of the MS-ISAC!01:24:10

In episode 57 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests: William Pelgrin, Founder and Former Chair of the MS-ISAC; Thomas Duffy, Former Senior VP Of Operations and Services at the MS-ISAC; and Karen Sorady, VP of MS-ISAC Stakeholder Engagement Division. Together, they celebrate the 20th anniversary of the Multi-State Information Sharing and Analysis Center (MS-ISAC). They look back on the past two decades and reminisce on pivotal moments in the MS-ISAC's history, including when it became a division of the Center for Internet Security (CIS). After discussing how much it's grown in that time, they turn their eyes to the future and explore the MS-ISAC's plans to continue to serve its membership.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

27 Jun 2022Episode 33" The Shift-Left of IoT Security to Vendors00:37:44

In episode 33 of Cybersecurity Where You Are, co-host Sean Atkinson and Ben Carter, IoT Specialist for CIS’s Chief Technology Officer, discuss the need to secure IoT devices at the vendor level. This is impossible without taking a high-level view and ensuring that all protocols used by IoT devices and vendors are taken into account. Only by ensuring security by design can organizations in healthcare, manufacturing, government, and other sectors accomplish security at scale for IoT management – all while preserving interoperability between their connected devices.

Resources

30 Jul 2021Episode 12: Cybersecurity and Government: Less Wizardry, More Policy00:39:30

This week’s Cybersecurity Where You Are podcast highlights:

  • The problem regulating cybersecurity
  • Cybersecurity is currently the "Wild West"
  • What makes cybersecurity different than other industries
  • What roles different levels of government are taking
  • Dispelling the mystery behind cybersecurity

Episode Resources

It can appear that cybersecurity practices are being built on the creative wizardry of technical experts rather than referential universal policy that everyone can abide by. In this edition of Cybersecurity Where You Are, host and Senior Vice President and Chief Evangelist Tony Sager for CIS welcomes guest Brian de Vallance, Alliance Outreach Coordinator for CIS. Together, they discuss the role government and technology experts play in the building of universal cybersecurity best practices and policy.

05 Mar 2021Episode 2: Trends: Then, Now, and Into the Future00:34:38

Resources

2020 was considered “the year like no other”. The industry saw a mass convergence of social issues with cyber issues due to the pandemic, the elections, and the SolarWinds supply chain issue. Cybersecurity resilience was tested and it was crucial that the industry adapt quickly.

With the onset of the COVID-19 pandemic in March of 2020 many organizations went fully remote, including CIS. CIS had to be agile and the cybersecurity industry had to adapt to new challenges with a growing remote workforce.

The Trends

Risk management strategies such as ways to identify gaps, how to best implement the CIS Controls, data management, and privacy requirements were the foundations for crisis management.

Ransomware is here to stay as a top cyber threat. It moved from the lone hacker to a capitalist business structure where the software just needs to be purchased and used as opposed to needing to build it yourself.

Zero Trust: Sean uses the analogy of “the castle and the moat”. Today the drawbridge is always open and things are going in and out without the ability to monitor it all. Zero Trust is setting the new tone for security practices.

What the Future (May) Hold

Small Businesses need support: The weight of responsibility to small businesses to accommodate the assessment evaluations for risk management is a huge burden.

A Diminishing Cyber Workforce: There is a growing concern about the shortage of cybersecurity professionals.

The Role of Government: With the change in government, like we have in 2021, there is a change in the way government thinks about priorities.

21 Aug 2024Episode 97: How Far We've Come preceding CIS's 25th Birthday00:51:00

In episode 97 of Cybersecurity Where You Are, Tony Sager is joined by the following guests:

  • Dr. Ramon Barquin, Board Member at the Center for Internet Security® (CIS®) and President and Chief Executive Officer at Barquin International
  • Franklin Reeder, Director Emeritus and Founding Chair of CIS as well as Director of the National Cybersecurity Scholarship Foundation
  • Clint Kreitner, Founding President/CEO and Former Board Member at CIS

Together, they look back at how much CIS has accomplished as an organization in the leadup to its 25th birthday.

Here are some highlights from our episode:

  • 06:04. What brought everyone to CIS's founding meeting at the Cosmos Club
  • 16:08. The first steps to operationalizing the takeaways of the Cosmos Club meeting
  • 25:40. How CIS's business model came to be
  • 34:24. The events that brought the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) into CIS
  • 42:42. Tracing the past forward to where we are now

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

07 Aug 2024Episode 95: AI Augmentation and Its Impact on Cyber Defense00:34:59

In episode 95 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®).

Together, they discuss AI augmentation in terms of how cyber defenders are using generative artificial intelligence to enhance their capabilities.

Here are some highlights from our episode:

  • 01:16. How artificial intelligence has changed the landscape for cybersecurity defenders
  • 03:49. How AI is starting to augment threat detection
  • 10:12. What security researchers are exploring around AI and cyber defense
  • 20:54. Key challenges and limitations for AI-based cyber defense
  • 30:54. Future trends and innovations for cybersecurity defenders' use of AI

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

21 Jul 2023Episode 60: Guiding Vendors to IoT Security by Design00:39:46

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

03 Feb 2023Episode 48: 3 Trends to Watch in the Cybersecurity Industry00:26:38

In episode 48 of Cybersecurity Where You Are, co-host Sean Atkinson introduces three trends within the cybersecurity industry that we'll discuss in upcoming episodes. He first touches on how new developments in artificial intelligence, particularly ChatGPT, might affect cybersecurity processes like incident response. Next, Sean reflects on what widespread layoffs in big tech mean for cybersecurity, especially when set against an ongoing cybersecurity skills gap. Finally, he provides an overview of the legislation and preparations for securing a post-quantum world.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

10 Apr 2024Episode 81: Exploring IAM for Identity Management Day 202400:31:03

In episode 81 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Daniel McIntyre, Identity and Access Management (IAM) Manager at the Center for Internet Security® (CIS®). Together, they acknowledge Identity Management Day 2024 with a discussion of IAM. They begin by looking at how IAM as a concept has changed over the years. They then explore current challenges in the modern environment and strategies for IAM to keep up with emerging threats. After emphasizing the importance of training in an effective IAM program, they conclude their conversation by sharing best practices for getting started in IAM and cybersecurity more broadly.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

21 Oct 2022Episode 41: A Blueprint for Ransomware Defense00:43:09

In episode 41 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Valecia Stocchetti, Sr. Cybersecurity Engineer of the CIS Critical Security Controls (CIS Controls); Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology; and Davis Hake, Co-Founder and Vice President of Policy at Resilience Insurance. Together, they discuss their collaboration as members of the Ransomware Task Force to create the "Blueprint for Ransomware Defense." After situating this effort within the evolving ransomware landscape, they explain how organizations can best use the Blueprint as an internal and external resource to minimize their ransomware risk. They also offer insight into how the Blueprint stands apart from other anti-ransomware guides that are currently available.

Resources

19 Jan 2024Episode 74: The Nexus of Cybersecurity & Privacy Legislation00:47:24

In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing how the privacy laws passed by U.S. states over the past several years all include a cybersecurity element – namely, the effort to implement "reasonable" cybersecurity around protecting consumers' data. They then look to the future and consider how the laws will lead to regulations and, in turn, enforcement actions that will help raise our understanding of consumer privacy rights and how they can be defended.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

31 Mar 2023Episode 52: Back in the Buzz of RSA Conference00:45:04

In episode 52 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss RSA Conference 2023. Together, they point out that the annual conference is more than just a trade show. They use that lens to identify some tips and tricks that attendees can use to get the most out of their time there. Additionally, they discuss what themes and activities you can expect to see at RSA Conference 2023. Their conversation ends with a teaser of Sean's talk at the event.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

06 Jan 2023Episode 47: How Security and Compliance Support Each Other00:51:48

In episode 47 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Sawyer Miller, Senior Manager of Cyber Risk at risk3sixty LLC. Together, they discuss security and compliance. Their discussion explores various ways that security and compliance can align even though they are different business considerations. (Spoiler alert: risk and balance are key.) Sean and Sawyer also touch on how evolving technologies and threats are changing our understanding of security and compliance. They conclude with some recommendations on how your business and security leaders can begin to navigate these developments.

Resources

15 Nov 2021Episode 19: For Data Compliance, Automation is Key00:41:25

Resources:

In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Thordis Stella Thorsteins, Senior Data Scientist at Panaseer. Panaseer provides a controls monitoring platform and has played a valuable role in the development of the CIS Critical Security Controls, as well as the implementation of the CIS Controls Assessment Specification. Together, Tony and Thordis discuss the role that data collection and automation play in cybersecurity.

13 Dec 2021Episode 20: The State of Election Cybersecurity00:41:24

Resources:

In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Kathy Boockvar, Vice President of Election Operations and Support and Marci Andino, Director of the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC. Together, they discuss the state of election security for state and local governments.

19 May 2022Episode 31: To Achieve ICS Security Today, Look to Yesterday00:47:18

In episode 31 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Karen Sorady, VP for Multi-State Information Sharing and Analysis Center (MS-ISAC) Member Engagement at the Center for Internet Security (CIS). Their discussion focuses on industrial control system (ICS) security, some of the threats they're susceptible to, and what goes into making a good operational technology (OT) security program. Looking back over the past 20 years, the security community has learned some valuable lessons on the information technology (IT) side of things. But we won't be able to apply those lessons to OT and ICS without communication and collaboration. This isn't just about fostering conversations between OT and IT teams. It's also a call to action for organizations to work with public-private partnerships and communities like the MS-ISAC so that they don't have to go it alone.

05 Jun 2024Episode 87: Marking 11 Years as a Verizon DBIR Contributor00:38:41

In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:

  • Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
  • Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)
  • Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CIS

Together, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.

Here are some highlights from our episode:

  • 02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR
  • 07.27. The two types of data that Verizon uses as input for its report
  • 13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement
  • 24:48. A glimpse at what goes into producing the DBIR
  • 28.33. The importance of leadership in guiding team dynamics and fun
  • 32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR team

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

31 Jul 2024Episode 94: Community Defense at the ISAC Annual Meeting00:37:06

In episode 94 of Cybersecurity Where You Are, Tony Sager is joined by the following guests from the Center for Internet Security® (CIS®):

  • Carlos Kizzee, SVP of Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans
  • Karen Sorady, VP of MS-ISAC Strategy & Plans
  • Greta Noble, Director of Community Engagement

Together, they discuss how the ISAC Annual Meeting supports the 24x7x365 community defense efforts of the MS-ISAC and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®).

Here are some highlights from our episode:

  • 02:30. Background information on ISACs in general and the role of the MS-ISAC
  • 04:17. Why it's an annual meeting and not a conference
  • 06:40. What made the 2024 ISAC Annual Meeting the largest of its kind so far
  • 08:43. How the human dimension drives our yearly meeting
  • 15:44. The role of the MS- and EI-ISACs in CIS's broader strategy
  • 19:42. How our yearly meeting improves what CIS does
  • 29:57. What's next for the ISAC Annual Meeting

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

01 Sep 2021Episode 14: The Top 5 Cybersecurity Tips for the Family00:51:22

Resources:

In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson counts down the top five ways families can be cyber smart. CIS Content Marketing Manager, Danielle Koonce, stops by to talk about what she does as a parent to keep her child safe from cyber-attackers.

28 Apr 2023Episode 54: How to Get Started in Cybersecurity00:42:10

In episode 54 of Cybersecurity Where You Are, co-host Sean Atkinson addresses how to get started in cybersecurity. He begins by looking at the different types of hard skills and soft skills that form the foundation of any cybersecurity career. Next, he draws upon his expertise to offer advice around certifications, learning a programming language, using a training provider, and building a portfolio. He also shares key insights into how you can make cybersecurity a rewarding career choice for years to come.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

30 Dec 2022Episode 46: Integration as a Theme for 202300:54:33

In episode 46 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss their cybersecurity predictions for 2023 along with those from a few other CIS experts. "Integration" is the word of the day for their conversation. Sean and Tony feel that this concept will shape how we measure the progress of cybersecurity in a number of areas, from managing vendor risk management in the open-source landscape to promoting meaningful discussions about security.

Resources

10 Jul 2024Episode 91: What You Need to Know about CIS Controls v8.100:33:07

In episode 91 of Cybersecurity Where You Are, Sean Atkinson is joined by Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®).

Together, they discuss what you need to know about the release of CIS Controls v8.1.

Here are some highlights from our episode:

  • 01:17. What you can expect to see in version 8.1 of the Controls
  • 06:19. How CIS Controls v8.1 helps you to integrate other governance structures
  • 09:23. How version 8.0 and version 8.1 of the Controls differ
  • 14:19. What goes into creating a new version of the Controls
  • 21:06. Which resources you can use to guide your implementation plan
  • 26:39. A sneak peek into the development of version 9.0

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

08 Dec 2023Episode 71: Advancing K-12 Cybersecurity Through Community00:51:12

In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of Integrated Technology Services for the San Diego County Office of Education.

Together, they discuss how our publication, "K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year," facilitates better decision-making around K-12 cybersecurity. They begin by considering some common cybersecurity challenges for K-12 organizations, most notably a lack of funding and skilled personnel. From there, they reflect on how entities in this sector have grown their cybersecurity maturity despite those obstacles over the past few years. Their conversation ends with guidance for getting started with a K-12 cybersecurity program.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

24 Jul 2024Episode 93: Keeping Societal Confidence in a Connected World00:29:27

In episode 93 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined once again by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®).

Together, they discuss a whole-of-society approach to help make the U.S. public resilient against multidimensional threats in our connected world.

Here are some highlights from our episode:

  • 01:52. What the U.S. public needs to consider in order to strengthen its resilience
  • 06:04. How a national framework addresses the need for organizations to build resilience and intercommunication in the face of increasingly sophisticated threats
  • 11:41. Identifying who key partners are in a complex, hybrid world
  • 16:49. How people are responding to the national framework and where they are seeing value
  • 21:50. Clarifying hopes for the national framework going forward

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

09 Nov 2023Episode 69: How the NCSR Assessment Sows SLTT Cyber Maturity00:35:13

In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned by SLTTs through participating in the NCSR, the steps to getting involved with the program, as well as the resources from CIS and the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISACs) that a participant can use to strengthen their cyber maturity.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

12 Apr 2021Episode 5: The Tools of Cyber Defense...an Ongoing, Repetitive Process00:57:05

Part 2 of a 2-part series

Resources:

In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson continue their conversation on cyber defense as a risk-based process. They discuss the actions and resources that help build and implement “defensive machinery” that support an organization’s current cyber defense plan and help it mature.

Highlights:

  • A CISO’s First 90 days
  • The Importance of a Strong Foundation
  • Knowing Your Lineage
  • Mapping to Regulatory Frameworks
  • Tools: From Spreadsheets to CIS CSAT
  • Sharing with the Group

Remember to subscribe to get the latest cybersecurity news and updates to Start Secure and Stay Secure.

08 Jul 2022Episode 34: A Survey of Hacking in Hollywood00:46:00

In episode 34 of Cybersecurity Where You Are, co-host Sean Atkinson and Chris Elgee, a senior security analyst and Core NetWars Tournament design lead for Counter Hack, look back at how Hollywood has portrayed hacking over the years. They cover long-standing crowd favorites like Hackers, Sneakers, and Mr. Robot along with some lesser-known gems. The overarching trend? Viewers are getting more computer-literate, so the way in which Hollywood portrays hacking is evolving in a way that not only satisfies audiences but also raises their awareness of cybersecurity.

Resources

06 May 2022Episode 30: Solving Cybersecurity at Scale with Nonprofits00:46:33

In episode 30 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of the Global Cyber Alliance. Their discussion focuses on the role that nonprofits play in solving cybersecurity problems at scale. In today's mutually dependent technology landscape, nonprofits' resources and expertise remove the need for enterprises to solve cybersecurity issues on their own. This is especially true given initiatives like Nonprofit Cyber, a "collective effort of equals" for which Philip and Tony are Executive Committee Co-chairs.

Resources

16 Feb 2024Episode 76: The Role of Thought Leadership in Cybersecurity00:45:36

In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice on how individuals, especially senior leaders, can get started with thought leadership.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

26 Mar 2021Episode 4: Dynamics of Cyber Defense...an Ongoing, Repetitive Process00:41:25

Episode Resources:

Part 1 of a 2-part series

Technology is ever-changing AND ever-evolving, creating an uncertainty amongst cybersecurity professionals – the defenders – in their pursuit of an effective cyber defense strategy. The uncertainty of the defender can justifiably be attributed to the uncertainty of the attacker. In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson introduce cyber defense as a risk-based process to reduce the overall probability and impact that a cyber-attack will have on an organization.

Cyber defense never ends

Cyber defense refers to the ability to prevent cyber-attacks from infecting a computer system or device; it involves anticipating adversarial cyber actions and countering intrusions. There’s no “one-size-fits-all” when it comes to cyber defense protocol or strategy. However, a good cyber defense strategy should aim to protect, prevent, detect, respond to, and recover from external and internal attacks. As technology expands, the complexity of cyber-attacks also evolves, forcing cyber defense initiatives and defenders of such, to do whatever they can to keep up.

OODA loop process

The OODA (Observe, Orient, Decide, Act) loop is a repetitive four-step decision-making process that focuses on gathering information, putting that information into context, making the most appropriate decision while also understanding that changes can be made as more data becomes available, and then taking action. The OODA loop is especially applicable to cybersecurity and cyber defense where agility and repetition (by the defender) potentially overcomes that of the attacker.

Fog of More

While cyber defense is an abstract model, cybersecurity defenders have to actually do concrete things. It initially comes down to having a plan in place and asking the right questions: What data do we have? Where is it? What do we do with it?

Asking the right questions (for clarity) eliminates the Fog of More (coined by Tony Sager, of all people) – the overload of defensive support (i.e., more options, more tools, more knowledge, more advice, and more requirements, but not always more security).

An effective cyber defense program requires defenders to gather information and data, put that data into context, make decisions, take action, and then REPEAT, REPEAT, REPEAT.

23 Aug 2021Episode 13: What's Important to You in Cybersecurity? A Host Q&A01:00:25

Resources:

  • CIS Twitter
  • CIS LinkedIn
  • CIS Critical Security Controls
  • Related podcast: RC Manager at Frame.io, Mosi Platt answers the Atkinson 9

In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager share part of themselves in this intimate episode. Taking a guest-free moment of asking them the 'Atkison 9', hosts turn the questions on themselves. Listen to them discuss their favorite CIS Critical Security Controls, the biggest waste of time in cybersecurity, and how they want to be remembered in the industry.

12 May 2023Episode 55: Live at RSA Conference 202300:38:32

In episode 55 of Cybersecurity Where You Are, co-host Sean Atkinson speaks with experts in attendance at RSA Conference 2023. He asks nearly a dozen different attendees to share their impressions of the event. They explain how someone can get the most out of being at RSA and what made this year's conference stand out compared to previous years. (Spoiler alert: "AI" as a buzzword was everywhere.) They also discuss just some of the different topics you can learn about at RSA, such as the opportunity for partnerships between red teams and blue teams as well as the cybersecurity impact of AI on the music industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

02 Dec 2022Episode 44: A Zero Trust Framework Knows No End00:59:29

In episode 44 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Scott Hall, Security Architect at the Center for Internet Security (CIS). Together, they identify resources and buy-in as some of the key elements for implementing a zero trust framework. So begins a journey that evolves with your organization's changing business processes and functions. To be successful, it's important to accept that you'll always be tweaking things to fit your needs. It's also invaluable to take a business-centered approach. This includes maintaining an inventory of what you have so that your zero trust journey can drive, not inhibit, business growth.

Resources

27 Mar 2024Episode 79: Advancing Common Good in Cybersecurity – Part 100:29:38

In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to internet technology. Both agree that common good efforts must include more than just money to produce meaningful change in the cybersecurity industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

28 Jun 2021Episode 10: Hospitals in Need of Cybersecurity STAT!00:41:48

This week’s Cybersecurity Where You Are podcast highlights:

  • Why the medical industry is so appealing to attackers
  • The challenges of protecting medical facilities
  • How a defense-in-depth strategy plays a role in a hospital’s cybersecurity plan
  • Malicious Domain Blocking and Reporting (MDBR) for hospitals

Episode Resources

In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guests John Riggi and Ed Mattison. Riggi is the Senior Advisor for Cybersecurity for the American Hospital Association (AHA) and Mattison is the Executive Vice President of Operations and Security Services at CIS. Together they discuss how hospitals and other medical facilities can protect themselves against cyber-attacks.

28 Dec 2021Episode 21: Year In Review; A List of our Favorite Episodes00:53:17

In this edition of Cybersecurity Where You Are, CIS CISO, Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager are joined by two members of the CIS podcast production team, Jason Forget, VP of Communications, and Chad Rogers, Digital Media Program Manager. Together they discuss this past year in cybersecurity, creating this podcast, and their favorite episodes.

26 May 2023Episode 56: Cybersecurity Risks and Rewards of LLMs00:50:39

In episode 56 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Dr. Paulo Shakarian, Associate Professor at the School of Computing, Informatics, and Decision Systems Engineering (CIDSE) at Arizona State University. Together, they discuss the cybersecurity implications of large language models (LLMs) like ChatGPT-3. They first look back on how deep learning has enabled machine learning (ML) and artificial intelligence (AI) to reach new levels of accuracy. Next, they discuss how ChatGPT-3 and other new AI models, which are designed to mimic human language, may have inaccuracies. This possibility opens up new vulnerabilities, such as the ability to scale information operations, along with new challenges from a cybersecurity perspective. They conclude by sharing their thoughts about the future of the AI and LLM space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

22 Nov 2023Episode 70: How the Media Molds Public Perception of Infosec00:46:20

In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the language that the media uses to report on cybersecurity affects its ability to build trust with the public. Their conversation ends by reviewing tips for how members of the public can find trustworthy media channels in the infosec space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

27 Oct 2023Episode 68: Designing Cyber Defense as a Partnership Effort00:46:27

In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires partnership activity. They observe that cybersecurity companies like CIS and CrowdStrike must continue to work together, and they highlight the importance of working with customers directly to identify new angles, new challenges, and new ways of providing help.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

23 Jun 2023Episode 58: Inside CIS's Award-Winning Workplace Culture00:34:54

In episode 58 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by more than a dozen Center for Internet Security (CIS) employees during the company's 2023 Full Staff Meeting at the Sagamore Resort. Together, they discuss the collaborative nature of CIS's award-winning workplace culture. Using the Full Staff Meeting as a lens, each employee reflects on the importance of an annual in-person meeting for all employees. Their responses highlight how colleagues, teams, and business units alike focus on building relationships. Doing so empowers CIS to engage with partners, members, and the cybersecurity community writ large as a cohesive whole.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

06 Oct 2023Episode 66: How RABET-V Verifies Non-Voting Election Tech00:42:06

In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic testing approach for these technologies. From there, they explain how RABET-V differs from traditional testing methodologies by verifying non-voting election systems using a three-pronged approach. They conclude by sharing their ongoing work to improve RABET-V.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

14 May 2021Episode 7: CIS Controls v8...It’s Not About the List00:56:41

Resources:

In this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Randy Marchany and Phyllis Lee. Marchany is the Chief Information Security Officer (CISO) at Virginia Tech, and Lee serves as Senior Director of the CIS Controls. The connection between the two guests is the CIS Controls – a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.

Highlights:

  • History of the CIS Controls
  • Guiding principles for CIS Controls v8
  • CIS Controls ecosystem
  • Practical implications for the Controls and real-world applications
  • CIS Controls life cycle

Remember to subscribe to get the latest cybersecurity news and updates to Start Secure and Stay Secure.

01 May 2024Episode 83: Why Meeting in Person Matters to CIS Employees00:29:46

In episode 83 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by nearly 20 employees at the Center for Internet Security® (CIS®). Together, they discuss the value of meeting in person to CIS workplace culture. With the company's 2024 Annual Full Staff Meeting in Orlando, FL, as their backdrop, they explore how personal relationships create a foundation for building effective teams, more agile workflows, and a sustainable sense of engagement and motivation at CIS. Along the way, they reflect on how much the company has changed since before the pandemic.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

03 Apr 2024Episode 80: Advancing Common Good in Cybersecurity – Part 200:29:00

In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber. Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation by looking to the future of Common Good Cyber and explaining how you can get involved. 

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

15 Mar 2023Episode 51: Making a Roadmap for Your Cybersecurity Journey01:01:23

In episode 51 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss the strategic importance of using a roadmap to navigate your cybersecurity journey. Together, they point out that this journey is like many others. You need to know how to get packing, plan your route, hit the road, and take a snapshot of how far you've come and where you're going next. Sean and Tony identify some important considerations to keep in mind for each leg of your trip, and they note that the Center for Internet Security shares your journey and supports you along it.

One of the ways it does this is through CIS SecureSuite. Members gain access to benefits, tools, and resources that help them, their clients, and their customers navigate the different stages of their respective cybersecurity journeys. Now through April 30, you can save up to 20% on a new CIS SecureSuite Membership using promo code CYBER2023. 

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

28 May 2021Episode 8: CIS Controls v8...First Impressions00:52:55

Resources:

Highlights:

  • Everything has to be measurable
  • Everything has to be achievable
  • CIS Controls v8 must have a peaceful coexistence with cybersecurity frameworks
  • The Controls need to be backed by data and able to defend against real-world threats

First Impressions Matter

The CIS Controls team and volunteers pretty much rewrote every word of v8 in an effort to modernize and consolidate the document. CIS Controls v8 is a lot more focused and less redundant than previous versions. Find out what people are saying about this new Version!

Feedback: Request, Manage, Gather, & Use for the Greater Good

Organizations big and small rely on the CIS Controls to defend against the most prevalent cyber-attacks against systems and networks. And, they count on the Controls team to do the best job they can for the greater good of the cybersecurity community.

01 Sep 2023Episode 63: Building Capability and Integration with SBOMs00:37:37

In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

28 Feb 2024Episode 77: How to Use Data to Make Cybersecurity Decisions00:49:54

In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection is the enemy of the good" as its paradigm. When we understand the data with which we can work, we can frame the information in a way to strengthen the cybersecurity posture of our respective organizations.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

22 Dec 2023Episode 72: Cybersecurity in Education as a Balancing Act01:07:30

In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those recordings to reflect on IT operational challenges and the need to balance different interests in education organizations, including K-12 schools and higher education institutions. They also highlight commonalities that present not only opportunities for collaboration in the education sector but also instances where CIS can help advance cybersecurity in education through the content it produces.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

27 Sep 2021Episode 16: Cybersecurity: Think INSIDE the Box00:40:01

Resources:

In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes back Kathleen Moriarty, Chief Technology Officer for CIS. Together they discuss the role service providers play in the future of cybersecurity.

16 Sep 2022Episode 39: Cybersecurity at Scale00:44:40

In episode 39 of Cybersecurity Where You Are, CIS's Chief Information Security Officer Sean Atkinson discusses the importance of scaling in relation to cybersecurity. A business needs to be able to manage growth without risking security, while also managing security without hindering growth. Atkinson offers guidance on how to go about this and highlights the benefits organizations will see when scaling their cybersecurity strategy.

Resources

21 Jan 2022Episode 22: CIS Behind the Veil: Log4j00:55:42

Resources:

  • Information on Log4j
  • CIS Critical Security Controls
  • Essential Cyber Hygiene 

In early January, the cybersecurity world was introduced to a new foe when researchers discovered a vulnerability in the code of a software library called Log4j. In the latest episode of Cybersecurity Where You Are, CIS CISO, Sean Atkinson, and CIS Chief Evangelist, Tony Sager, were joined by two colleagues who walked them through the steps CIS took to address the Log4j vulnerability.

13 Oct 2021Episode 17: Cybersecurity Awareness Month: It's All About the Big Picture00:48:32

Resources

Discussed in this podcast:

  • Cybersecurity Awareness Month
  • Psychology of cybersecurity
  • Evolution of common cyber threats
  • "Big picture" resources

In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Philippe Langlois of the Verizon Business Group and co-author of the Verizon Data Breach Investigations Report (DBIR). In celebration of Cybersecurity Awareness Month, the duo discuss the DBIR and version 2.0 of the CIS Critical Security Controls (CIS Controls) Community Defense Model (CDM). Both reports pull data from a community of experts and many different resources to provide a more holistic picture of cybersecurity.

02 Sep 2022Episode 38: How the Cyber Threat Landscape Is Changing00:33:16

In episode 38 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Theodore "TJ" Sayers, Manager of the Cyber Threat Intelligence (CTI) team at the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC), and Aaron Zaleski, Sr. Cyber Incident Response Team Analyst at the MS-ISAC. Together, they discuss how the cyber threat landscape is changing. Some cyber threat actors (CTAs) are now writing their payloads in different programming languages, for instance, while others are employing new types of delivery vectors. Their conversation wraps up by identifying steps that organizations can take to defend themselves against these and other developments going forward.

Resources

27 Jan 2021Episode 1: Welcome to the Basics00:56:55

Co-hosts Sean Atkinson and Tony Sager welcome you to the CIS podcast Cybersecurity Where you Are.

This episode gives you an overview of what the Center for Internet Security is, how the co-hosts grew with the industry, and the importance of basic cyber hygiene.

The Center for Internet Security is a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards to proactively safeguard against emerging threats.

CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.

Meet co-host Tony Sager - Tony has over 43 years of experience in the industry most of which was with the National Security Agency (NSA). With a background as a mathematician, he worked at the NSA in the Communications Security Interim Program focusing on the security of U.S. systems. He worked mostly on cryptography and confidentiality in the interest of the country’s defense. He then moved to Computer Science when computers began to move from large systems in buildings to at home workstations (do you remember the Apple2+?). Tony witnessed the transition of cybersecurity from mathematics to information and communications and found himself in great company helping to develop CIS over the passed 20 years.

Meet co-host Sean Atkinson – Sean lived in England for about 20 years before moving back to the U.S. His background was not actually in computer science but carried an MBA in Business but with a concentration in Technology Management. He credit the book “A Business Data Networks and Telecommunications” by Raymond Panko for getting him into Network and Technology Specialization. He then worked as a IT Auditor and in 2004 found himself working on Section 404 projects. He then worked in State Government moving his way up to security Manager implementing PeopleSoft when adding security to the software lifecycle was in its infancy. He then moved to the Dept of Defense and now has worked with CIS as CISO to frame best practices and implementation.

Basic Cyber Hygiene - We know cybersecurity is an issue for any business, but where do you start? By looking at your data, networks, and systems from a risk perspective you can then implement means to protect it. There are foundational best practices that everyone can do and should do. Tony and Sean will touch on the CIS Controls – the prioritized set of actions to protect your organization and data from known cyberattack vectors – and what actions to take first.

15 Sep 2023Episode 64: Defining Your Data Management Standards00:26:10

In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

24 Apr 2024Episode 82: How CIS Leadership Values Team Building Events00:22:54

In episode 82 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Gilligan, President and CEO at the Center for Internet Security® (CIS®); and Gina Chapman, Chief Operating Officer at CIS. Together, they discuss the importance of in-person team building events. They use the pandemic as a frame to understand how events such as the 2024 Annual Full Staff Meeting preserve and cultivate CIS's workplace culture. They also look to other ongoing initiatives at the company, such as CIS Cares and the IDEA Alliance, as efforts to sustain employee engagement both in person and virtually.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

03 Jul 2024Episode 90: Migrating to the Cloud with Control Continuity00:31:05

In episode 90 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests:

  • Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
  • Mia LaVada, Product Manager of CIS Benchmarks and Cloud at CIS
  • Don Freeley, VP of IT Services at CIS

Together, they discuss how you can use CIS resources to ensure control continuity when migrating to the cloud.

Here are some highlights from our episode:

  • 01:35. The biggest drivers for why organizations are moving to the cloud
  • 02:42. Foundational factors to consider as part of your cloud migration
  • 07:24. Resources from CIS designed to help you in your transition to the cloud
  • 11:00. Common challenges of migrating to the cloud
  • 14:37. The importance of three CIS Controls to your cloud security program
  • 18:35. The value of partnerships and community in driving cloud security improvements
  • 19:32. How you can use the CIS Foundations Benchmarks to get started in the cloud
  • 23:06. Inside the human and process side of moving to the cloud

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

17 Feb 2023Episode 49: Artificial Intelligence and Cybersecurity00:48:46

In episode 49 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson discuss artificial intelligence (AI) and cybersecurity. The two review the relationship, specifically how AI and cybersecurity meet, enhance each other, and ways AI could be a detriment.

Resources:

02 Feb 2024Episode 75: How GenAI Continues to Reshape Cybersecurity00:51:30

In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting the verification challenge of GenAI.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

26 Jun 2024Episode 89: How Threat Actors Are Using GenAI as an Enabler00:31:17

In episode 89 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by the following guests:

  • Rian Davis, Elections Cyber Threat Intelligence Intern at the Center for Internet Security® (CIS®)
  • Timothy Davis, Sr. Elections Cyber Threat Intelligence Analyst at CIS

Together, they discuss how cyber threat actors (CTAs) are using generative artificial intelligence (GenAI) as an enabler of their attacks.

Here are some highlights from our episode:

  • 01:04. Why it's important to raise awareness of how CTAs are using GenAI
  • 01:59. How the CIS Cyber Threat Intelligence (CTI) team is seeing generative AI in CTAs' attack methodology
  • 03:50. The types of attacks that are using this technology and how the frequency of those attacks is changing
  • 05:46. Some notable attacks that have used GenAI in their methodology
  • 16:10. The ways in which CTAs are incorporating generative AI into social engineering
  • 24:17. What defenders can do in response to CTAs' use of GenAI

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

11 Jun 2021Episode 9: Mitigating Risk: Information Security Governance00:56:49

Resources:

Highlights:

  • The importance of information security governance
  • Security vs. compliance
  • Data – determining what you need and where to find it
  • Understanding risk from a decision-basis
  • Critical elements to fulfill business requirements
  • Producing value in a compliance program
  • Applying agility for continuous improvement

Good compliance = good security

Security is the practice of implementing effective technical controls to protect an organization’s digital assets. Compliance, on the other hand, is the application of that practice to meet regulatory or contractual requirements. Unfortunately, more often than not, organizations focus on compliance once a year when it’s time to certify that their “security is good.” The process of being compliant and secure should be a continuous process.

11 Feb 2022Episode 24: How Do I Start a Career in Cybersecurity?00:51:02

Resources

In episode 24 of Cybersecurity Where You Are, co-host Tony Sager poses the question that many people interested in the industry ask: How do I start a career in cybersecurity?

To offer some insight, co-host Sean Atkinson joins cybersecurity professionals Linnie Meehan and Thomas Sager. Together, the three share their personal experiences, offer advice to those interested in a cybersecurity career, and remind listeners that persistence is key. 

31 Jan 2022Episode 23: Cybersecurity Predictions for 202200:48:41

In Episode 23 of Cybersecurity Where You Are, hosts Tony Sager and Sean Atkinson are joined by our Vice President of Operations and Security Services, Josh Moulin. Together, the three share their thoughts on some of the topics that were discussed in our recent blog post, 2022 Cybersecurity Predictions to Watch Out For.

Resources

13 Oct 2023Episode 67: Seizing the Moment after a Cybersecurity Audit00:40:50

In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might consider responding to certain audit findings within your organization. Throughout the entire episode, they cite the importance of using business context to determine your priorities and a way for achieving them.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

28 Aug 2024Episode 98: Transparency as a Tool to Combat Insider Threats00:35:50

In episode 98 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.

Together, they embrace transparency as a vehicle for the cybersecurity industry to better defend against insider threats.

Here are some highlights from our episode:

  • 01:28. How KnowBe4 detected an insider threat from North Korea
  • 09:09. How the Center for Internet Security® (CIS®) responded to news of this incident
  • 21:02. The role of technical controls in detecting these types of threats
  • 23:56. Common signs you can use to detect fake employees in your hiring process
  • 29:22. How cybersecurity companies can use this incident to improve their defenses

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

04 Aug 2023Episode 61: Overcoming Pre-Audit Scaries Through Governance00:48:14

In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

17 Jul 2024Episode 92: A Framework to Counter Evolving Cyber Threats00:33:19

In episode 92 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®).

Together, they discuss "Enhancing Safety in the Connected World — A National Framework for Action," a multi-year project to help law enforcement and security professionals better contextualize and respond to evolving cyber threats.

Here are some highlights from our episode:

  • 02:01. Why the current threat environment necessitates a framework that accounts for "cyber physical," "cyber safety," and other considerations
  • 08:48. How entities at the federal level and local law enforcement approach evolving cyber threats differently
  • 16:34. The different types of threats that characterize the evolving cyber threat environment
  • 22:05. How the Federalist Papers inform the Framework's "whole-of-society" approach

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

05 Jan 2024Episode 73: A YIR for Our 2023 Cybersecurity Predictions00:55:21

In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, "Our Experts' Top Cybersecurity Predictions for 2023." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the Center for Internet Security® (CIS®) contributed their thoughts.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

18 Sep 2024Episode 101: Visualizing Attack Paths in Active Directory00:34:14

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.

Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.

Here are some highlights from our episode:

  • 01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments
  • 05:08. Why have organizations look at their Active Directory environments
  • 11:15. Common vulnerabilities and misconfigurations identified by Bloodhound
  • 21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy
  • 29:18. How Bloodhound is adapting to keep up with evolving Active Directory environments

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

19 Jun 2024Episode 88: The Evolution of the Role of a CISO00:30:02

In episode 88 of Cybersecurity Where You Are, co-host Sean Atkinson discusses the evolving role of a chief information security officer (CISO).

Here are some highlights from our episode:

  • 02:47. Why communication is a core competency for CISOs
  • 08:35. How to take a balanced approach when evaluating an organization's implementation of artificial intelligence (AI) and machine learning (ML)
  • 11:47. The role a CISO plays in integrating privacy requirements into the organization
  • 15:35. Thoughts on how you can start preparing for or moving into a CISO position
  • 19:12. A future outlook of the CISO role
  • 26:40. Average longevity of CISOs in their roles and how this affects a security posture

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

05 Aug 2022Episode 36: Strong Elections are Cyber STRONG00:41:10

In episode 36 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Marci Andino, Sr. Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), and Trevor Timmons, EI-ISAC Executive Committee Chair and Chief Information Officer at Colorado Department of State. Together, they discuss Cyber STRONG, a campaign launched by the EI-ISAC that encourages election officials to take decisive and deliberate steps towards improving their cybersecurity posture. Cyber STRONG provides officials with actionable guidance that they can use to further protect the security and integrity of their elections.

Resources

15 Jul 2022Episode 35: Remembering the Late Alan Paller00:40:39

In episode 35 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Bobbie Stempfley, Board Chair at the Center for Internet Security (CIS). Together, they remember the late Alan Paller, a CIS co-founder and former Board member. Each of them recalls when they first met Alan, and exchange stories of how his passion for bringing people together and solving big challenges helped change their lives, drive CIS's mission, and reshape the cybersecurity industry.

Resources

29 May 2024Episode 86 Evangelizing CIS's Message at RSAC 202400:34:07

In episode 86 of Cybersecurity Where You Are, co-host Sean Atkinson is live once again from Booth 4319 at RSA Conference (RSAC) 2024. 

00:57. Sean chats with Mat Everman, Information Security Operations Manager, about his talk, "Shades of Purple: Getting Started and Making Purple Teaming Possible." They discuss some of the questions Mat received following his talk and how they can put purple teaming into practice at the Center for Internet Security® (CIS®).

Sean asks passersby what they're looking to get out of RSAC 2024 and what stood out to them at the conference.

  • 13:56. José Mena, Founder of Digital Twin Networks
  • 20:34. Jonathan Kern, CEO of Castile Defense
  • 25:42. Ken Klestinec, Regional Sales Manager at Akamai

Finally, Sean talks to fellow team members about CIS's objective for RSAC 2024.

  • 18:10. Aaron Perkins, Director of Communications
  • 23:25. Nick Rust, Director of Reseller & Channel Partners
  • 27:04. Jeff Sparks, CIS Services Sr. Account Executive
  • 28:08. Mia LaVada, Product Manager of CIS Benchmarks and Cloud
  • 30:01. Mishal Makshood, Sr. Cloud Security Account Executive

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

18 Nov 2022Episode 43: Giving Back Through CIS CARES00:24:59

In episode 43 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Amanda Flynn, Manager of Admin Services and Board Relations at the Center for Internet Security (CIS), and Elijah Cedeno, Sr. Account Management Specialist at CIS. Together, they discuss the work of CIS CARES, a CIS program that gives back to the community every year through campaigns focused on community, animals, resource conservation, and education. Their conversation looks back at the evolution of CIS CARES over the past 11 years, explores the program's focus for Q4 2022, and teases what's to come next year and beyond.

Resources

03 Mar 2023Episode 50: The Best of Cybersecurity Where You Are00:47:17

In episode 50 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Randy Rose, Sr. Director of Security Operations & Intel for the MS-ISAC, and Kathleen Moriarty, Chief Technology Officer at CIS. Together, they celebrate Cybersecurity Where You Are reaching Episode 50. To mark this milestone, they look back on some of their favorite moments in the podcast's history. They also share how those moments tie back not only to the maturation of the podcast but also to CIS's ethos as a "platform for activism." (Thanks, Tony.)

Thank you to all our listeners for helping us reach Episode 50. We couldn't have done it without you. More laughter and learning to come!

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

03 Jun 2022Episode 32: What You Need to Know Ahead of RSA 202200:40:15

In episode 32 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss RSA 2022 — which is always a highlight of our conference calendar. Tony gives a preview of three sessions in which he'll present on cybersecurity nonprofits, incentivizing the adoption of cybersecurity best practices, and securing the supply chain. He also provides tips and best practices that can help RSA newbies, individual teams, and general attendees make the most of the conference.

Resources

13 Mar 2024Episode 78: Conductors of Risk Building Harmony in Ambiguity00:34:58

In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize practices and controls that help enhance coverage and efficacy of things that need to be done. Together, the three discuss the hurdles of harmonizing teams to determine acceptable risk in the cybersecurity ecosystem.

Resources:

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

07 Jul 2023Episode 59: Probing the Modern Role of the Pentest00:55:20

In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests excel when they prioritize education using a process of feedback. During the course of the conversation, Sean and Ed draw upon their years of collaboration to explain what this process can look like. They conclude by providing advice on how less mature organizations can get value from a penetration test.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

28 Apr 2022Episode 29: Conceptualizing Reasonableness for Risk Analysis00:51:49

In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on "reasonableness" as it relates to cybersecurity risk management. This topic isn't just about proving to regulators, litigators, and others that security controls were in place prior to an incident. It also considers how to implement safeguards without overburdening users and executives.

Resources

29 Oct 2021Episode 18: Top 5 Scariest Malware00:50:20

Resources:

In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Randy Rose, CIS Sr. Director of Cyber Threat Intelligence. In the spirit of Halloween, they list the top five3 (and some honorable mentions) malware of all time – so far!

14 Aug 2024Episode 96: Making Continuous Compliance Actionable for SMBs00:43:09

In episode 96 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Tarah Wheeler, CEO of Red Queen Dynamics.

Together, they discuss ongoing efforts to translate continuous compliance into something actionable for small- to medium-sized businesses (SMBs).

Here are some highlights from our episode:

  • 03:11. The philosophy behind a business model focused on continuous compliance for SMBs
  • 17:44. How the Fog of More complicates security and compliance for the "cyber-underserved"
  • 30:56. How the industry can navigate the multiple-framework issue and streamline compliance

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

16 Jul 2021Episode 11: Remote Attestation Helps Zero Trust00:31:48

This week’s Cybersecurity Where You Are podcast highlights:

  • Automated attestation processes
  • Vendor attestation capabilities
  • Root of trust via Trusted Platform Module (TPM)
  • Method of verification for zero trust

Episode Resources

In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guest Kathleen Moriarty, Chief Technology Officer (CTO) at CIS. Together, the duo discuss attestation in terms of hardware and software, and the process of performing a posture assessment.

04 Sep 2024Episode 99: How Cyber-Informed Engineering Builds Resilience00:34:23

In episode 99 of Cybersecurity Where You Are, Sean Atkinson is joined by Marcus Sachs, SVP and Chief Engineer at the Center for Internet Security® (CIS®).

Together, they discuss how cyber-informed engineering builds resilience to the potential failure of a digital system into new and existing engineering products.

Here are some highlights from our episode:

  • 03:51. What cyber-informed engineering is and how this paradigm has emerged
  • 11:39. What CIS is doing to emphasize cyber-informed engineering among U.S. State, Local, Tribal, and Territorial (SLTT) government organizations
  • 16:25. Why resilience requires everyone to be "cyber-informed"
  • 20:50. The need for boards of directors and C-Suite leaders to understand cybersecurity risk
  • 25:30. What preparations help to lay the foundation for cyber-informed engineering

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

11 Mar 2022Episode 26: Automating the Secure Configuration Management Process00:40:34

Resources

In episode 26 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian Hajost, Chief Operating Officer at SteelCloud. They discuss some of the common issues around secure configuration management, the struggles that organizations face, and ways to overcome those challenges. 

Enhance your understanding of Cybersecurity Where You Are with My Podcast Data

At My Podcast Data, we strive to provide in-depth, data-driven insights into the world of podcasts. Whether you're an avid listener, a podcast creator, or a researcher, the detailed statistics and analyses we offer can help you better understand the performance and trends of Cybersecurity Where You Are. From episode frequency and shared links to RSS feed health, our goal is to empower you with the knowledge you need to stay informed and make the most of your podcasting experience. Explore more shows and discover the data that drives the podcast industry.
© My Podcast Data
About usPrivacy Policy