Episodes
-
In episode 115 of Cybersecurity Where You Are, Sean Atkinson is joined by Carolyn Comer, Chief Human Resources Officer at the Center for Internet Security® (CIS®); Heidi Gonzalez, Sr. Employee Experience Specialist at CIS; and Jennifer Myers, Sr. Director of Learning and Development at CIS. With an in-person holiday open house and office party as their backdrop, they celebrate the continuous feedback that sustains and grows the employee culture at CIS.
Here are some highlights from our episode:
02:35. How the holiday open house and office party celebrate CIS employee culture04:11. How the workforce culture at CIS has changed over time07:57. What types of employee feedback CIS obtains after in-person events09:33. How in-person interactions guide a continuous learning program for CIS employees10:55. How events such as the holiday open house and office party continue to evolve16:48. Why CIS has been so successful in helping employees to navigate remote work20:04. The impact of an engaged Board of Directors on workplace culture21:40. Celebrations and upcoming plans for culture and learning at CISResources
Episode 83: Why Meeting in Person Matters to CIS EmployeesEpisode 58: Inside CIS's Award-Winning Workplace CultureCenter for Internet Security Named Among 2024 Best Companies to Work for in New YorkCenter for Internet Security Named Among 2024 Top WorkplacesIDEA AllianceCIS CaresEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 114 of Cybersecurity Where You Are, Tony Sager is joined by three past and current Board Chairs of the Center for Internet Security® (CIS®): Frank Reeder, CIS Director Emeritus and Founding Chair as well as Director of the National Cybersecurity Scholarship Foundation; John Gilligan, President and Chief Executive Officer of CIS; and Bobbie Stempfley, CIS Board Chair and Business Security Officer of the Infrastructure Solutions Group at Dell Technologies. Together, they reflect on 25 years of CIS building community in the cybersecurity space.
Here are some highlights from our episode:
07:04. Perception of the problem that led to the idea of CIS10:18. The value of building community outside of government17:31. A sustainable and powerful business model for CIS21:28. John's priorities during his transition from Board Chair to CEO34:38. What CIS will focus on next39:00. Parting thoughts for the futureResources
Episode 35: Remembering the Late Alan PallerEpisode 97: How Far We've Come preceding CIS's 25th BirthdayEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 76: The Role of Thought Leadership in CybersecurityEpisode 58: Inside CIS's Award-Winning Workplace CultureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
Episodes manquant?
-
In episode 113 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security® (CIS®); Adam Bobrow, Co-Founder and President of Veribo Analytics; and Sridevi Joshi, Co-Founder and CEO of Veribo Analytics. Together, they discuss how the Business Impact Analysis tool created by CIS and Veribo Analytics empowers individuals and organizations to use cyber risk prioritization as a basis for their ransomware defense strategy.
Here are some highlights from our episode:
04:35. Background on the impetus for the tool's development07:57. How our understanding of cybersecurity risk differs from other areas of risk12:21. Insight into Sridevi's learning process about cyber risk prioritization as a technologist18:23. How the development process of the Business Impact Analysis tool got underway21:05. What went into the process of translating the goal into tooling31:34. Reflections on the tool's reception and what's nextResources
CIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0CIS Controls Self Assessment Tool (CIS CSAT)SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies4.3 Establish a Bureau of Cyber StatisticsFAIR: A Framework for Revolutionizing Your Risk AnalysisReasonable CybersecurityHow to Measure Anything in CybersecurityEpisode 107: Continuous Improvement via Secure by DesignEpisode 105: Context in Cyber Risk QuantificationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 112 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Rob T. Lee, Chief of Research and Head of Faculty at SANS Institute. Together, they discuss how SANS Institute applies an operational or "do" model of leadership to gather expertise, build shared purpose, and foster action on evolving cybersecurity trends.
Here are some highlights from our episode:
05:47. How Rob ended up teaching at SANS Institute08:49. Rob's first experience meeting and working with the late Alan Paller12:07. How Rob's responsibility at SANS Institute has expanded20:02. Key cybersecurity trends on Rob's agenda as Chief of Research23:52. The need to refine our understanding of AI based on its different applications36:28. Guidance for the 47th U.S. Presidential AdministrationResources
Episode 35: Remembering the Late Alan PallerThe Cyber Security Hall of Fame Announces 2024 HonoreesEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 75: How GenAI Continues to Reshape CybersecurityCrowdStrike Falcon Outage Exploited for Social EngineeringWhy Whole-of-State Cybersecurity Is the Way ForwardFrom Both Sides: A Parental Guide to Protecting Your Child's Online ActivityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 111 of Cybersecurity Where You Are, Tony Sager is joined by Rick Howard, N2K Chief Security Officer and the Chief Analyst and Senior Fellow at The Cyberwire. Together, they discuss a first principle of cybersecurity proposed by Rick in his book, Cybersecurity First Principles: A Reboot of Strategy and Tactics.
Here are some highlights from our episode:
04:30. What drove the need to formulate a foundational cybersecurity assumption07:44. How other "first" principles of cybersecurity have failed14:13. The three elements of Rick's first principle of cybersecurity25:55. How to derive action and improvements from Rick's first principle40:34. Tips on getting started with a risk forecasting strategyResources
Episode 105: Context in Cyber Risk QuantificationFAIR: A Framework for Revolutionizing Your Risk AnalysisElection Security Spotlight – CIA TriadEpisode 44: A Zero Trust Framework Knows No EndExecutive Order on Improving the Nation’s CybersecurityCybersecurity CanonSuperforecasting: The Art and Science of PredictionHow to Measure Anything in Cybersecurity RiskIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 110 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Lee Noriega, Executive Director of the Cybersecurity Services Organization and Acting General Manager of Sales and Business Services at the Center for Internet Security® (CIS®); and Jerry Gitchel, founder of Leverage Unlimited and listener to Cybersecurity Where You Are. Together, they examine a question sent in by Jerry: if a corporate culture is lacking, can a security culture exist?
Here are some highlights from our episode:
01:33. What security culture is and how it differs from corporate culture05:30. What elements factor into a strategy to drive corporate culture09:30. The importance of a feedback loop for culture15:43. How to cultivate "institutional ownership" in an organization's workforce19:03. What goes into fostering security consciousness in support of security champions25:14. The challenges of engaging corporate culture to think about security culture29:13. Examples and takeaways for listenersResources
Why Employee Cybersecurity Awareness Training Is ImportantEpisode 107: Continuous Improvement via Secure by DesignSeth Godin | Why People Like Us Do ThisThe Cuckoo's Egg: Tracking a Spy Through the Maze of Computer EspionageIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 109 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®); and Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CIS. Together, they examine the scariest malware of 2024 and share some recommendations for how organizations can keep up with the changing cyber threat landscape.
Here are some highlights from our episode:
01:32. What makes certain malware strains "scarier" than others05:37. What trends shaped the cyber threat landscape in 202414:25. The most terrifying cyber threat actor sphere in 202419:41. How malware tactics and techniques from 2024 will continue to evolve25:04. How individuals and organizations can proactively defend themselves29:52. National strategies that are shaping malware defense and incident responseResources
Top 10 Malware Q3 2024Election Security Spotlight – What Is Misinformation?Salt Typhoon Hacks of Telecommunications Companies and Federal Response ImplicationsEpisode 107: Continuous Improvement via Secure by DesignIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 108 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Ed Skoudis, CEO of Counter Hack Challenges and President of SANS Technology Institute. Together, they discuss the evolution of gaming and competition in cybersecurity and how these activities help to make the industry stronger.
Here are some highlights from our episode:
02:04. What goes into creating a game environment that attracts all kinds of skill levels04:43. A multi-disciplinary approach to creating a game environment16:14. How gaming and competition help to spot people with talent and potential23:32. The challenges of keeping pace with new technology32:03. The biggest challenges of putting a game environment together36:47. How to keep track of characters, situations, and story elements of a gameResources
SANS Cyber RangesSANS Holiday Hack ChallengeEpisode 59: Probing the Modern Role of the PentestEpisode 95: AI Augmentation and Its Impact on Cyber DefenseLockBit 3.0 RaaS Gang Incorporates BlackMatter CapabilitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 107 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Steve Lipner, Executive Director of SAFECode. Together, they discuss how software development organizations can use principles of "secure by design" to get on a track of continuous improvement.
Here are some highlights from our episode:
01:38. Steve's background and thoughts on the emergence of secure by design14:04. Three guiding principles of secure software development16:13. The impact of security awareness from a developer's perspective22:22. How threat modeling helps to address security as a system problem25:37. The effect of modern software development methodologies like Agile and DevSecOps30:29. What CISA's activity around secure by design means for the industryResources
SAFECodeSecure Software Development Framework (SSDF)Embedded IoT Security: Helping Vendors in the Design ProcessEpisode 95: AI Augmentation and Its Impact on Cyber DefenseIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 106 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris Smith, Social Media Specialist at the Center for Internet Security® (CIS®).
Together, they use a donation scam about a natural disaster to advise how you can stay safe against this type of cyber threat.
Here are some highlights from our episode:
00:49. Why it's important to talk about donation scams and why they're so prevalent05:13. Recounting a real-world example of a donation scam10:43. Common tactics leveraged by online scammers13:27. Guidance for defending against a donation scam16:48. The rise of checks and balances to defend against crowdfunding scams20:59. How research can help you to verify before you donate29:11. What to do if you have fallen for a scamResources
Episode 27: Cyber ScamsOctober: Cybersecurity Awareness MonthIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 105 of Cybersecurity Where You Are, Sean Atkinson discusses the importance of context in maturing how you use cyber risk quantification to build cases for risk treatment strategies.
Here are some highlights from our episode:
01:56. The inspiration for an episode on cyber risk quantification02:38. How to situate risk quantification in your business processes08:56. Traps to avoid when quantifying cyber risks12:12. How the quantification process relates to controls implementation16:50. Why the right people and data can help you build something sustainable23:19. Three lenses for examining cyber risk26:50. Different means for communicating risk to stakeholdersResources
Quantitative Risk Analysis: Its Importance and ImplicationsFAIR: A Framework for Revolutionizing Your Risk AnalysisCIS Critical Security Controls®CIS Risk Assessment Method6 Truths of Cyber Risk QuantificationSociety of Information Risk AnalystsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 104 of Cybersecurity Where You Are, Sean Atkinson is joined by Kennidi Ortega, Information Security Analyst at the Center for Internet Security® (CIS®).
Together, they explore the experience of a first-year analyst and how they might make the most of getting started in a cybersecurity career.
Here are some highlights from our episode:
01:07. How Kennidi got started in cybersecurity and what led her to the field03:44. What the beginning of Sean's cybersecurity career looked like04:23. The biggest challenges a first-year analyst may face07:56. Helpful resources for getting started in the cybersecurity industry11:58. Which technical skills Kennidi sharpened the quickest in her role16:05. The most important business skills for planning a future in cybersecurity20:13. How an agile mindset in cybersecurity supports career growth23:00. Recommendations on career mapping for first-year analysts28:13. The value of mentorships in cybersecurityResources
Episode 103: Education vs. Experience in CybersecurityEpisode 54: How to Get Started in CybersecurityEpisode 15: Cybersecurity Success Takes Soft SkillsEpisode 45: The Importance of MentorshipTryHackMeSANS Cyber Security SummitsPancakesConTrace LabsBackdoors & BreachesRaices CyberCyberWarriorCyber.orgWomen in CyberSecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 103 of Cybersecurity Where You Are, Sean Atkinson examines education and experience as pathways for new professionals to enter the cybersecurity industry.
Here are some highlights from our episode:
01:42. What's motivating Sean to talk about this topic03:32. The value of cybersecurity degrees05:17. The pros and cons of degree programs in cybersecurity07:47. How a cybersecurity certification compares to a degree10:57. Considerations for pursuing a certification in cybersecurity14:00. Using certifications to learn new technology paradigms16:54. Why a breadth of practical experience is important22:49. Pathways for gaining experience in cybersecurityResources
Episode 75: How GenAI Continues to Reshape CybersecurityEpisode 59: Probing the Modern Role of the PentestOutliers: The Story of SuccessHack The BoxTryHackMeDavid BombalIppSecPortSwiggerJohn HammondIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 102 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by the following guests:
Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Lawrence Cruciana, President of Corporate Information Technologies (CorpInfoTech)Together, they discuss the "sporty" rigor underlying the process and value of achieving CIS Controls Accreditation.
Here are some highlights from our episode:
01:36. What is meant by CIS Controls Accreditation, as certified by CREST03:32. What motivated CorpInfoTech to pursue accreditation07:47. The importance of CIS Controls Accreditation to the cybersecurity ecosystem20:07. The business value of accreditation for recipientsResources
CIS Controls AccreditationCorpInfoTech Receives First CIS Controls AccreditationCorpInfoTechTop Hurdles for MSSPs and One Shining SolutionCIS Community Defense Model 2.0Episode 44: A Zero Trust Framework Knows No EndIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.
Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.
Here are some highlights from our episode:
01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments05:08. Why have organizations look at their Active Directory environments11:15. Common vulnerabilities and misconfigurations identified by Bloodhound21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy29:18. How Bloodhound is adapting to keep up with evolving Active Directory environmentsResources
Bloodhound Community EditionEpisode 62: Inside the 'Spidey Sense' of a PentesterWhat You Need to Know About Hybrid Cloud EnvironmentsVulnerability Management Policy Template for CIS Control 7CIS Benchmarks ListIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 100 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by David Bisson, Sr. Content Marketing Strategist at the Center for Internet Security® (CIS®).
Together, they celebrate the first 100 episodes of Cybersecurity Where You Are and discuss where the podcast might go in the future.
Here are some highlights from our episode:
01:14. How the podcast's approach and content have changed since the first episode04:19. What surprised the team about the "machinery" of putting on a cybersecurity podcast07:53. A look back at some of our favorite guests and types of podcast episodes27:20. How the podcast can continue to support the cybersecurity industry going forwardResources
Episode 1: Welcome to the BasicsEpisode 7: CIS Controls v8…It’s Not About the ListEpisode 9: Mitigating Risk: Information Security GovernanceEpisode 24: How Do I Start a Career in Cybersecurity?Episode 59: Probing the Modern Role of the PentestEpisode 96: Making Continuous Compliance Actionable for SMBsEpisode 97: How Far We've Come preceding CIS's 25th BirthdayIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 99 of Cybersecurity Where You Are, Sean Atkinson is joined by Marcus Sachs, SVP and Chief Engineer at the Center for Internet Security® (CIS®).
Together, they discuss how cyber-informed engineering builds resilience to the potential failure of a digital system into new and existing engineering products.
Here are some highlights from our episode:
03:51. What cyber-informed engineering is and how this paradigm has emerged11:39. What CIS is doing to emphasize cyber-informed engineering among U.S. State, Local, Tribal, and Territorial (SLTT) government organizations16:25. Why resilience requires everyone to be "cyber-informed"20:50. The need for boards of directors and C-Suite leaders to understand cybersecurity risk25:30. What preparations help to lay the foundation for cyber-informed engineeringResources
Cyber-Informed EngineeringNational Cyber-Informed Engineering StrategyCyber-Informed Engineering Implementation GuideEpisode 75: How GenAI Continues to Reshape CybersecuritySmart Cities Need Smarter SecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 98 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.
Together, they embrace transparency as a vehicle for the cybersecurity industry to better defend against insider threats.
Here are some highlights from our episode:
01:28. How KnowBe4 detected an insider threat from North Korea09:09. How the Center for Internet Security® (CIS®) responded to news of this incident21:02. The role of technical controls in detecting these types of threats23:56. Common signs you can use to detect fake employees in your hiring process29:22. How cybersecurity companies can use this incident to improve their defensesResources
How a North Korean Fake IT Worker Tried to Infiltrate UsNorth Korean Fake IT Worker FAQEpisode 77: Data's Value to Decision-Making in CybersecurityDefense-in-Depth: A Necessary Approach to Cloud SecurityeBook: A CISO’s Guide to Bolstering Cybersecurity PostureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 97 of Cybersecurity Where You Are, Tony Sager is joined by the following guests:
Dr. Ramon Barquin, Board Member at the Center for Internet Security® (CIS®) and President and Chief Executive Officer at Barquin InternationalFranklin Reeder, Director Emeritus and Founding Chair of CIS as well as Director of the National Cybersecurity Scholarship FoundationClint Kreitner, Founding President/CEO and Former Board Member at CISTogether, they look back at how much CIS has accomplished as an organization in the leadup to its 25th birthday.
Here are some highlights from our episode:
06:04. What brought everyone to CIS's founding meeting at the Cosmos Club16:08. The first steps to operationalizing the takeaways of the Cosmos Club meeting25:40. How CIS's business model came to be34:24. The events that brought the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) into CIS42:42. Tracing the past forward to where we are nowResources
20 Years of Creating Confidence in the Connected WorldEpisode 35: Remembering the Late Alan PallerReasonable Cybersecurity GuideEpisode 79: Advancing Common Good in Cybersecurity – Part 1MS-ISAC: 20 Years as Your Trusted Cyber Defense CommunityDr. Ramon BarquinFranklin ReederIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 96 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Tarah Wheeler, CEO of Red Queen Dynamics.
Together, they discuss ongoing efforts to translate continuous compliance into something actionable for small- to medium-sized businesses (SMBs).
Here are some highlights from our episode:
03:11. The philosophy behind a business model focused on continuous compliance for SMBs17:44. How the Fog of More complicates security and compliance for the "cyber-underserved"30:56. How the industry can navigate the multiple-framework issue and streamline complianceResources
Follow Tarah on LinkedInEpisode 95: AI Augmentation and Its Impact on Cyber DefenseImplementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1Build a Robust Continuous Audit Program in 10 StepsHow Prioritized Security Controls Break Through the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
- Montre plus