Filtrar por género
Welcome to “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all whether we are surfing the web at home, managing a company, supporting clients, or running a state or local government. Join Sean Atkinson and Tony Sager of CIS every other Wednesday as they discuss trends and threats, identify ways to implement controls and infrastructure, explore best practices, and interview experts in the industry. Together, we’ll clarify these complex issues and create confidence in the connected world.
- 83 - Episode 83: Why Meeting in Person Matters to CIS Employees
In episode 83 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by nearly 20 employees at the Center for Internet Security® (CIS®). Together, they discuss the value of meeting in person to CIS workplace culture. With the company's 2024 Annual Full Staff Meeting in Orlando, FL, as their backdrop, they explore how personal relationships create a foundation for building effective teams, more agile workflows, and a sustainable sense of engagement and motivation at CIS. Along the way, they reflect on how much the company has changed since before the pandemic.
Wed, 01 May 2024 - 29min - 82 - Episode 82: How CIS Leadership Values Team Building Events
In episode 82 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Gilligan, President and CEO at the Center for Internet Security® (CIS®); and Gina Chapman, Chief Operating Officer at CIS. Together, they discuss the importance of in-person team building events. They use the pandemic as a frame to understand how events such as the 2024 Annual Full Staff Meeting preserve and cultivate CIS's workplace culture. They also look to other ongoing initiatives at the company, such as CIS Cares and the IDEA Alliance, as efforts to improve employee engagement both in person and virtually.
Wed, 24 Apr 2024 - 22min - 81 - Episode 81: Exploring IAM for Identity Management Day 2024
In episode 81 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Daniel McIntyre, Identity and Access Management (IAM) Manager at the Center for Internet Security® (CIS®). Together, they acknowledge Identity Management Day 2024 with a discussion of IAM. They begin by looking at how IAM as a concept has changed over the years. They then explore current challenges in the modern environment and strategies for IAM to keep up with emerging threats. After emphasizing the importance of training in an effective IAM program, they conclude their conversation by sharing best practices for getting started in IAM and cybersecurity more broadly.
Wed, 10 Apr 2024 - 31min - 80 - Episode 80: Advancing Common Good in Cybersecurity – Part 2
In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber. Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation by looking to the future of Common Good Cyber and explaining how you can get involved.
Wed, 03 Apr 2024 - 29min - 79 - Episode 79: Advancing Common Good in Cybersecurity – Part 1
In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to internet technology. Both agree that common good efforts must include more than just money to produce meaningful change in the cybersecurity industry.
Wed, 27 Mar 2024 - 29min - 78 - Episode 78: Conductors of Risk Building Harmony in Ambiguity
In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize practices and controls that help enhance coverage and efficacy of things that need to be done. Together, the three discuss the hurdles of harmonizing teams to determine acceptable risk in the cybersecurity ecosystem.
Wed, 13 Mar 2024 - 34min - 77 - Episode 77: How to Use Data to Make Cybersecurity Decisions
In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection is the enemy of the good" as its paradigm. When we understand the data with which we can work, we can frame the information in a way to strengthen the cybersecurity posture of our respective organizations.
Wed, 28 Feb 2024 - 49min - 76 - Episode 76: The Role of Thought Leadership in Cybersecurity
In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice on how individuals, especially senior leaders, can get started with thought leadership.
Fri, 16 Feb 2024 - 45min - 75 - Episode 75: How GenAI Continues to Reshape Cybersecurity
In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting the verification challenge of GenAI.
Fri, 02 Feb 2024 - 51min - 74 - Episode 74: The Nexus of Cybersecurity & Privacy Legislation
In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing how the privacy laws passed by U.S. states over the past several years all include a cybersecurity element – namely, the effort to implement "reasonable" cybersecurity around protecting consumers' data. They then look to the future and consider how the laws will lead to regulations and, in turn, enforcement actions that will help raise our understanding of consumer privacy rights and how they can be defended.
Fri, 19 Jan 2024 - 47min - 73 - Episode 73: A YIR for Our 2023 Cybersecurity Predictions
In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, "Our Experts' Top Cybersecurity Predictions for 2023." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the Center for Internet Security® (CIS®) contributed their thoughts.
Fri, 05 Jan 2024 - 55min - 72 - Episode 72: Cybersecurity in Education as a Balancing Act
In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those recordings to reflect on IT operational challenges and the need to balance different interests in education organizations, including K-12 schools and higher education institutions. They also highlight commonalities that present not only opportunities for collaboration in the education sector but also instances where CIS can help advance cybersecurity in education through the content it produces.
Fri, 22 Dec 2023 - 67min - 71 - Episode 71: Advancing K-12 Cybersecurity Through Community
In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of Integrated Technology Services for the San Diego County Office of Education. Together, they discuss how our publication, "K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year," facilitates better decision-making around K-12 cybersecurity. They begin by considering some common cybersecurity challenges for K-12 organizations, most notably a lack of funding and skilled personnel. From there, they reflect on how entities in this sector have grown their cybersecurity maturity despite those obstacles over the past few years. Their conversation ends with guidance for getting started with a K-12 cybersecurity program.
Fri, 08 Dec 2023 - 51min - 70 - Episode 70: How the Media Molds Public Perception of Infosec
In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the language that the media uses to report on cybersecurity affects its ability to build trust with the public. Their conversation ends by reviewing tips for how members of the public can find trustworthy media channels in the infosec space.
Wed, 22 Nov 2023 - 46min - 69 - Episode 69: How the NCSR Assessment Sows SLTT Cyber Maturity
In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned by SLTTs through participating in the NCSR, the steps to getting involved with the program, as well as the resources from CIS and the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISACs) that a participant can use to strengthen their cyber maturity.
Thu, 09 Nov 2023 - 35min - 68 - Episode 68: Designing Cyber Defense as a Partnership Effort
In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires partnership activity. They observe that cybersecurity companies like CIS and CrowdStrike must continue to work together, and they highlight the importance of working with customers directly to identify new angles, new challenges, and new ways of providing help.
Fri, 27 Oct 2023 - 46min - 67 - Episode 67: Seizing the Moment after a Cybersecurity Audit
In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might consider responding to certain audit findings within your organization. Throughout the entire episode, they cite the importance of using business context to determine your priorities and a way for achieving them.
Fri, 13 Oct 2023 - 40min - 66 - Episode 66: How RABET-V Verifies Non-Voting Election Tech
In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic testing approach for these technologies. From there, they explain how RABET-V differs from traditional testing methodologies by verifying non-voting election systems using a three-pronged approach. They conclude by sharing their ongoing work to improve RABET-V.
Fri, 06 Oct 2023 - 42min - 65 - Episode 65: Making Cyber Risk Analysis Practical with QRA
In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the challenges of getting started. Their conversation then gets into how the CIS Board of Directors, specifically the Risk Committee, is using different methods of QRA to achieve CIS's business goals and objectives.
Fri, 29 Sep 2023 - 39min - 64 - Episode 64: Defining Your Data Management Standards
In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.
Fri, 15 Sep 2023 - 26min - 63 - Episode 63: Building Capability and Integration with SBOMs
In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.
Fri, 01 Sep 2023 - 37min - 62 - Episode 62: Inside the 'Spidey Sense' of a Pentester
In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.
Fri, 18 Aug 2023 - 49min - 61 - Episode 61: Overcoming Pre-Audit Scaries Through Governance
In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.
Fri, 04 Aug 2023 - 48min - 60 - Episode 60: Guiding Vendors to IoT Security by Design
In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.
Fri, 21 Jul 2023 - 39min - 59 - Episode 59: Probing the Modern Role of the Pentest
In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests excel when they prioritize education using a process of feedback. During the course of the conversation, Sean and Ed draw upon their years of collaboration to explain what this process can look like. They conclude by providing advice on how less mature organizations can get value from a penetration test.
Fri, 07 Jul 2023 - 55min - 58 - Episode 58: Inside CIS's Award-Winning Workplace Culture
In episode 58 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by more than a dozen Center for Internet Security (CIS) employees during the company's 2023 Full Staff Meeting at the Sagamore Resort. Together, they discuss the collaborative nature of CIS's award-winning workplace culture. Using the Full Staff Meeting as a lens, each employee reflects on the importance of an annual in-person meeting for all employees. Their responses highlight how colleagues, teams, and business units alike focus on building relationships. Doing so empowers CIS to engage with partners, members, and the cybersecurity community writ large as a cohesive whole.
Fri, 23 Jun 2023 - 34min - 57 - Episode 57: Celebrating the 20th Anniversary of the MS-ISAC!
In episode 57 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests: William Pelgrin, Founder and Former Chair of the MS-ISAC; Thomas Duffy, Former Senior VP Of Operations and Services at the MS-ISAC; and Karen Sorady, VP of MS-ISAC Stakeholder Engagement Division. Together, they celebrate the 20th anniversary of the Multi-State Information Sharing and Analysis Center (MS-ISAC). They look back on the past two decades and reminisce on pivotal moments in the MS-ISAC's history, including when it became a division of the Center for Internet Security (CIS). After discussing how much it's grown in that time, they turn their eyes to the future and explore the MS-ISAC's plans to continue to serve its membership.
Fri, 09 Jun 2023 - 84min - 56 - Episode 56: Cybersecurity Risks and Rewards of LLMs
In episode 56 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Dr. Paulo Shakarian, Associate Professor at the School of Computing, Informatics, and Decision Systems Engineering (CIDSE) at Arizona State University. Together, they discuss the cybersecurity implications of large language models (LLMs) like ChatGPT-3. They first look back on how deep learning has enabled machine learning (ML) and artificial intelligence (AI) to reach new levels of accuracy. Next, they discuss how ChatGPT-3 and other new AI models, which are designed to mimic human language, may have inaccuracies. This possibility opens up new vulnerabilities, such as the ability to scale information operations, along with new challenges from a cybersecurity perspective. They conclude by sharing their thoughts about the future of the AI and LLM space.
Fri, 26 May 2023 - 50min - 55 - Episode 55: Live at RSA Conference 2023
In episode 55 of Cybersecurity Where You Are, co-host Sean Atkinson speaks with experts in attendance at RSA Conference 2023. He asks nearly a dozen different attendees to share their impressions of the event. They explain how someone can get the most out of being at RSA and what made this year's conference stand out compared to previous years. (Spoiler alert: "AI" as a buzzword was everywhere.) They also discuss just some of the different topics you can learn about at RSA, such as the opportunity for partnerships between red teams and blue teams as well as the cybersecurity impact of AI on the music industry.
Fri, 12 May 2023 - 38min - 54 - Episode 54: How to Get Started in Cybersecurity
In episode 54 of Cybersecurity Where You Are, co-host Sean Atkinson addresses how to get started in cybersecurity. He begins by looking at the different types of hard skills and soft skills that form the foundation of any cybersecurity career. Next, he draws upon his expertise to offer advice around certifications, learning a programming language, using a training provider, and building a portfolio. He also shares key insights into how you can make cybersecurity a rewarding career choice for years to come.
Fri, 28 Apr 2023 - 42min - 53 - Episode 53: Fostering a Neurodiverse Cybersecurity Industry
In episode 53 of Cybersecurity Where You Are, co-host Tony Sager is joined by Ron Gula, President and Co-Founder of Gula Tech Foundation. Together, they acknowledge Autism and Neurodiversity Awareness Month by discussing the need to create more opportunities in cybersecurity for neurodiverse individuals. They point out that there's no one way for all employers and supervisors to support employees with different abilities. It's up to the employers and supervisors to decide where those efforts fit into their culture and what each victory looks like.
Fri, 14 Apr 2023 - 39min - 52 - Episode 52: Back in the Buzz of RSA Conference
In episode 52 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss RSA Conference 2023. Together, they point out that the annual conference is more than just a trade show. They use that lens to identify some tips and tricks that attendees can use to get the most out of their time there. Additionally, they discuss what themes and activities you can expect to see at RSA Conference 2023. Their conversation ends with a teaser of Sean's talk at the event.
Fri, 31 Mar 2023 - 45min - 51 - Episode 51: Making a Roadmap for Your Cybersecurity Journey
In episode 51 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss the strategic importance of using a roadmap to navigate your cybersecurity journey. Together, they point out that this journey is like many others. You need to know how to get packing, plan your route, hit the road, and take a snapshot of how far you've come and where you're going next. Sean and Tony identify some important considerations to keep in mind for each leg of your trip, and they note that the Center for Internet Security shares your journey and supports you along it.
Wed, 15 Mar 2023 - 61min - 50 - Episode 50: The Best of Cybersecurity Where You Are
In episode 50 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Randy Rose, Sr. Director of Security Operations & Intel for the MS-ISAC, and Kathleen Moriarty, Chief Technology Officer at CIS. Together, they celebrate Cybersecurity Where You Are reaching Episode 50. To mark this milestone, they look back on some of their favorite moments in the podcast's history. They also share how those moments tie back not only to the maturation of the podcast but also to CIS's ethos as a "platform for activism." (Thanks, Tony.)
Fri, 03 Mar 2023 - 47min - 49 - Episode 49: Artificial Intelligence and Cybersecurity
In episode 49 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson discuss artificial intelligence (AI) and cybersecurity. The two review the relationship, specifically how AI and cybersecurity meet, enhance each other, and ways AI could be a detriment. Resources: Episode 48: 3 Trends to Watch in the Cybersecurity Industry LinkedIn Poll: What topic are you interested in learning more about?
Fri, 17 Feb 2023 - 48min - 48 - Episode 48: 3 Trends to Watch in the Cybersecurity Industry
In episode 48 of Cybersecurity Where You Are, co-host Sean Atkinson introduces three trends within the cybersecurity industry that we'll discuss in upcoming episodes. He first touches on how new developments in artificial intelligence, particularly ChatGPT, might affect cybersecurity processes like incident response. Next, Sean reflects on what widespread layoffs in big tech mean for cybersecurity, especially when set against an ongoing cybersecurity skills gap. Finally, he provides an overview of the legislation and preparations for securing a post-quantum world.
Fri, 03 Feb 2023 - 26min - 47 - Episode 47: How Security and Compliance Support Each Other
In episode 47 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Sawyer Miller, Senior Manager of Cyber Risk at risk3sixty LLC. Together, they discuss security and compliance. Their discussion explores various ways that security and compliance can align even though they are different business considerations. (Spoiler alert: risk and balance are key.) Sean and Sawyer also touch on how evolving technologies and threats are changing our understanding of security and compliance. They conclude with some recommendations on how your business and security leaders can begin to navigate these developments.
Fri, 06 Jan 2023 - 51min - 46 - Episode 46: Integration as a Theme for 2023
In episode 46 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss their cybersecurity predictions for 2023 along with those from a few other CIS experts. "Integration" is the word of the day for their conversation. Sean and Tony feel that this concept will shape how we measure the progress of cybersecurity in a number of areas, from managing vendor risk management in the open-source landscape to promoting meaningful discussions about security.
Fri, 30 Dec 2022 - 54min - 45 - Episode 45: The Importance of Mentorship
In episode 45 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Valecia Stocchetti who is a Sr. Cybersecurity Engineer on the CIS Critical Security Controls team here at CIS. Valecia and Sean discuss how their mentorship took shape and how it worked as a partnership from the very beginning. Together with Tony, they go over mentorship vs. career counseling and note that a vetting process can help you spot the difference. They conclude by exploring why it's important to pay it forward whether you're a mentor or mentee.
Fri, 16 Dec 2022 - 42min - 44 - Episode 44: A Zero Trust Framework Knows No End
In episode 44 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Scott Hall, Security Architect at the Center for Internet Security (CIS). Together, they identify resources and buy-in as some of the key elements for implementing a zero trust framework. So begins a journey that evolves with your organization's changing business processes and functions. To be successful, it's important to accept that you'll always be tweaking things to fit your needs. It's also invaluable to take a business-centered approach. This includes maintaining an inventory of what you have so that your zero trust journey can drive, not inhibit, business growth.
Fri, 02 Dec 2022 - 59min - 43 - Episode 43: Giving Back Through CIS CARES
In episode 43 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Amanda Flynn, Manager of Admin Services and Board Relations at the Center for Internet Security (CIS), and Elijah Cedeno, Sr. Account Management Specialist at CIS. Together, they discuss the work of CIS CARES, a CIS program which gives back to the community every year through campaigns focused on community, animals, resource conservation, and education. Their conversation looks back at the evolution of CIS CARES over the past 11 years, explores the program's focus for Q4 2022, and teases what's to come next year and beyond.
Fri, 18 Nov 2022 - 24min - 42 - Episode 42: Advocacy for the Underserved
In episode 42 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mat Everman, Information Security Operations Manager at the Center for Internet Security (CIS). Together, they discuss the topic of advocating for the underserved. Both agree that there's no silver bullet that a person or business can use to minimize all cyber risk. In the absence of a cure-all solution, however, there are opportunities for improving the security maturity of the underserved more broadly. This process begins with a discussion of where the underserved are. It then focuses on security measures that they can use to establish a baseline and create a foundation for an ever-evolving security journey.
Fri, 28 Oct 2022 - 54min - 41 - Episode 41: A Blueprint for Ransomware Defense
In episode 41 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Valecia Stocchetti, Sr. Cybersecurity Engineer of the CIS Critical Security Controls (CIS Controls); Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology; and Davis Hake, Co-Founder and Vice President of Policy at Resilience Insurance. Together, they discuss their collaboration as members of the Ransomware Task Force to create the "Blueprint for Ransomware Defense." After situating this effort within the evolving ransomware landscape, they explain how organizations can best use the Blueprint as an internal and external resource to minimize their ransomware risk. They also offer insight into how the Blueprint stands apart from other anti-ransomware guides that are currently available.
Fri, 21 Oct 2022 - 43min - 40 - Episode 40 See Yourself in Cyber to Be Cyber Smart
In episode 40 of Cybersecurity Where You Are, co-host Tony Sager is joined by Murray Kenyon, Vice Cybersecurity Partnerships Executive at U.S. Bank.
Fri, 07 Oct 2022 - 41min - 39 - Episode 39: Cybersecurity at Scale
In episode 39 of Cybersecurity Where You Are, CIS's Chief Information Security Officer Sean Atkinson discusses the importance of scaling in relation to cybersecurity. A business needs to be able to manage growth without risking security, while also managing security without hindering growth. Atkinson offers guidance on how to go about this and highlights the benefits organizations will see when scaling their cybersecurity strategy.
Fri, 16 Sep 2022 - 44min - 38 - Episode 38: How the Cyber Threat Landscape Is Changing
In episode 38 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Theodore "TJ" Sayers, Manager of the Cyber Threat Intelligence (CTI) team at the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC), and Aaron Zaleski, Sr. Cyber Incident Response Team Analyst at the MS-ISAC. Together, they discuss how the cyber threat landscape is changing. Some cyber threat actors (CTAs) are now writing their payloads in different programming languages, for instance, while others are employing new types of delivery vectors. Their conversation wraps up by identifying steps that organizations can take to defend themselves against these and other developments going forward.
Fri, 02 Sep 2022 - 33min - 37 - Episode 37: Collaboration at the 15th Annual MS-ISAC Meeting
In episode 37 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Carlos Kizzee, SVP of CIS Stakeholder Engagement Operations at the Multi-State Information Sharing and Analysis Center (MS-ISAC). Together, they discuss how the 15th Annual ISAC Meeting – held recently in Baltimore – gives an opportunity for representatives of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations to network, share best practices, and learn from one another's experiences. Tony then takes us to the ISAC Meeting, connects with a couple of attendees on the floor, and explores what the event means to them.
Fri, 19 Aug 2022 - 23min - 36 - Episode 36: Strong Elections are Cyber STRONG
In episode 36 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Marci Andino, Sr. Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), and Trevor Timmons, EI-ISAC Executive Committee Chair and Chief Information Officer at Colorado Department of State. Together, they discuss Cyber STRONG, a campaign launched by the EI-ISAC that encourages election officials to take decisive and deliberate steps towards improving their cybersecurity posture. Cyber STRONG provides officials with actionable guidance that they can use to further protect the security and integrity of their elections. Resources Follow Marci and Trevor on LinkedIn Strong Elections Are Cyber STRONG…Are You? The 2020 Elections Year in Review Best practices for election systems security Episode 20: The State of Election Cybersecurity How to Improve Election Technology Verification
Fri, 05 Aug 2022 - 41min - 35 - Episode 35: Remembering the Late Alan Paller
Tony Sager and Sean Atkinson are joined by Bobbie Stempfley, Board Chair at the Center for Internet Security (CIS). Together, they remember the late Alan Paller, a CIS co-founder and former Board member.
Fri, 15 Jul 2022 - 40min - 34 - Episode 34: A Survey of Hacking in Hollywood
In episode 34 of Cybersecurity Where You Are, co-host Sean Atkinson and Chris Elgee, a senior security analyst and Core NetWars Tournament design lead for Counter Hack, look back at how Hollywood has portrayed hacking over the years. They cover long-standing crowd favorites like Hackers, Sneakers, and Mr. Robot along with some lesser-known gems. The overarching trend? Viewers are getting more computer-literate, so the way in which Hollywood portrays hacking is evolving in a way that not only satisfies audiences but also raises their awareness of cybersecurity.
Fri, 08 Jul 2022 - 46min - 33 - Episode 33" The Shift-Left of IoT Security to Vendors
In episode 33 of Cybersecurity Where You Are, co-host Sean Atkinson and Ben Carter, IoT Specialist for CIS’s Chief Technology Officer, discuss the need to secure IoT devices at the vendor level. This is impossible without taking a high-level view and ensuring that all protocols used by IoT devices and vendors are taken into account. Only by ensuring security by design can organizations in healthcare, manufacturing, government, and other sectors accomplish security at scale for IoT management – all while preserving interoperability between their connected devices.
Mon, 27 Jun 2022 - 37min - 32 - Episode 32: What You Need to Know Ahead of RSA 2022
In episode 32 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss RSA 2022 — which is always a highlight of our conference calendar. Tony gives a preview of three sessions in which he'll present on cybersecurity nonprofits, incentivizing the adoption of cybersecurity best practices, and securing the supply chain. He also provides tips and best practices that can help RSA newbies, individual teams, and general attendees make the most of the conference.
Fri, 03 Jun 2022 - 40min - 31 - Episode 31: To Achieve ICS Security Today, Look to Yesterday
In episode 31 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Karen Sorady, VP for Multi-State Information Sharing and Analysis Center (MS-ISAC) Member Engagement at the Center for Internet Security (CIS). Their discussion focuses on industrial control system (ICS) security, some of the threats they're susceptible to, and what goes into making a good operational technology (OT) security program. Looking back over the past 20 years, the security community has learned some valuable lessons on the information technology (IT) side of things. But we won't be able to apply those lessons to OT and ICS without communication and collaboration. This isn't just about fostering conversations between OT and IT teams. It's also a call to action for organizations to work with public-private partnerships and communities like the MS-ISAC so that they don't have to go it alone.
Thu, 19 May 2022 - 47min - 30 - Episode 30: Solving Cybersecurity at Scale with Nonprofits
In episode 30 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of the Global Cyber Alliance. Their discussion focuses on the role that nonprofits play in solving cybersecurity problems at scale. In today's mutually dependent technology landscape, nonprofits' resources and expertise remove the need for enterprises to solve cybersecurity issues on their own. This is especially true given initiatives like Nonprofit Cyber, a "collective effort of equals" for which Philip and Tony are Executive Committee Co-chairs.
Fri, 06 May 2022 - 46min - 29 - Episode 29: Conceptualizing Reasonableness for Risk Analysis
In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on "reasonableness" as it relates to cybersecurity risk management. This topic isn't just about proving to regulators, litigators, and others that security controls were in place prior to an incident. It also considers how to implement safeguards without overburdening users and executives.
Resources
Follow Chris Cronin on LinkedInThe Risk ConversationManage Cybersecurity Risk with the CIS ControlsThird-party Risk Management – Beyond the Questionnaire3 Things You’ll Learn Conducting a Cyber Risk Assessment with CIS RAMThu, 28 Apr 2022 - 51min - 28 - Episode 28: The Convergence of Cybersecurity and Public Policy
In episode 28 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Brian Ray, Director of the Center for Cybersecurity and Privacy Protection, and Leon and Gloria Professor of Law at the Cleveland-Marshall College of Law at Cleveland State University. Together, the three discuss the convergence of cybersecurity and public policy with an emphasis on the concept of 'reasonable' security measures affording a data breach safe harbor for businesses.
Fri, 08 Apr 2022 - 52min - 27 - Episode 27: Cyber Scams
In this episode of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Stacey Wright, former CIS employee and current Vice President of Cyber Resiliency Services at the Cybercrime Support Network. The discussion focuses on the common cyber scams malicious actors have been using for decades and offers advice for dealing with them.
Tue, 29 Mar 2022 - 50min - 26 - Episode 26: Automating the Secure Configuration Management Process
In episode 26 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian Hajost, Chief Operating Officer at SteelCloud. They discuss some of the common issues around secure configuration management, the struggles that organizations face, and ways to overcome those challenges.
Fri, 11 Mar 2022 - 40min - 25 - Episode 25: Building an Internal Incident Response Team
In this episode of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Lou Smith, a Senior Information Security Intrusion Analyst at the Center for Internet Security. Smith has a background in Digital Forensics and previously worked for New York State's Cyber Command Center. The two discuss building digital forensics and incident response capabilities in-house. Tune in to learn about the skills you need and the tactics you can use to successfully implement an incident response plan at your organization.
Resources
Six Tabletop Exercises to Help Prepare Your Cybersecurity TeamTabletop Exercises (TTX)7 Reasons Tabletop Exercises Are A MustIncident Response Tabletop: Working with Law Enforcement and InsurersSANS Training via CIS CyberMarketFri, 25 Feb 2022 - 47min - 24 - Episode 24: How Do I Start a Career in Cybersecurity?
In episode 24 of Cybersecurity Where You Are, co-host Tony Sager poses the question that many people interested in the industry ask: How do I start a career in cybersecurity?
Fri, 11 Feb 2022 - 51min - 23 - Episode 23: Cybersecurity Predictions for 2022
In Episode 23 of Cybersecurity Where You Are, hosts Tony Sager and Sean Atkinson are joined by our Vice President of Operations and Security Services, Josh Moulin. Together, the three share their thoughts on some of the topics that were discussed in our recent blog post, 2022 Cybersecurity Predictions to Watch Out For.
Mon, 31 Jan 2022 - 48min - 22 - Episode 22: CIS Behind the Veil: Log4j
In the latest episode of Cybersecurity Where You Are, CIS CISO, Sean Atkinson, and CIS Chief Evangelist, Tony Sager, were joined by two colleagues who walked them through the steps CIS took to address the Log4j vulnerability.
Fri, 21 Jan 2022 - 55min - 21 - Episode 21: Year In Review; A List of our Favorite Episodes
The team looked back on the many topics they discussed throughout the year including governance, employment, zero-trust, and more. Here are some of their favorite episodes (with some of their favorite guests answering "The Atkinson 9").
Tue, 28 Dec 2021 - 53min - 20 - Episode 20: The State of Election CybersecurityMon, 13 Dec 2021 - 41min
- 19 - Episode 19: For Data Compliance, Automation is Key
When it comes to cybersecurity, an enterprise must start by listing the assets it needs to protect, select controls to protect those assets, and institute a system to monitor those controls. Simple steps in theory – but complex and time consuming to implement in reality.
Mon, 15 Nov 2021 - 41min - 18 - Episode 18: Top 5 Scariest Malware
In the spirit of Halloween, we list the top five (and some honorable mentions) malware of all time – so far!
Fri, 29 Oct 2021 - 50min - 17 - Episode 17: Cybersecurity Awareness Month: It's All About the Big Picture
In celebration of Cybersecurity Awareness Month, this episode discusses the DBIR and version 2.0 of the CIS Critical Security Controls (CIS Controls) Community Defense Model (CDM). Both reports pull data from a community of experts and many different resources to provide a more holistic picture of cybersecurity.
Wed, 13 Oct 2021 - 48min - 16 - Episode 16: Cybersecurity: Think INSIDE the Box
In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes back Kathleen Moriarty, Chief Technology Officer for CIS. Together they discuss the role service providers play in the future of cybersecurity.
Mon, 27 Sep 2021 - 40min - 15 - Episode 15: Cybersecurity Success Takes Soft Skills
In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager discuss soft skills and how they pertain to the the cybersecurity industry. Whether it is an an employee wanting to expand their career or an employer seeking a new hire, soft skills are just as important as technical knowledge.
Fri, 10 Sep 2021 - 55min - 14 - Episode 14: The Top 5 Cybersecurity Tips for the Family
In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson counts down the top five ways families can be cyber smart. CIS Content Marketing Manager, Danielle Koonce, stops by to talk about what she does as a parent to keep her child safe from cyber-attackers.
Wed, 01 Sep 2021 - 51min - 13 - Episode 13: What's Important to You in Cybersecurity? A Host Q&A
Taking a guest-free moment of asking them the 'Atkinson 9', hosts Tony Sager and Sean Atkinson turn the questions on themselves.
Mon, 23 Aug 2021 - 60min - 12 - Episode 12: Cybersecurity and Government: Less Wizardry, More Policy
In this edition of Cybersecurity Where You Are, host and Senior Vice President and Chief Evangelist Tony Sager for CIS welcomes guest Brian de Vallance, Alliance Outreach Coordinator for CIS. Together, they discuss the role government and technology experts play in the building of universal cybersecurity best practices and policy.
Fri, 30 Jul 2021 - 39min - 11 - Episode 11: Remote Attestation Helps Zero Trust
In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guest Kathleen Moriarty, Chief Technology Officer (CTO) at CIS. Together, the duo discuss attestation in terms of hardware and software, and the process of performing a posture assessment.
Fri, 16 Jul 2021 - 31min - 10 - Episode 10: Hospitals in Need of Cybersecurity STAT!
The medical industry is an appealing target for cyber-attackers due to the vast personal information hospitals and facilities maintain. With one targeted effort, attackers can obtain anything from patient and employee medical and financial records to medical research and innovations. Records like these are more valuable for resale compared a simple credit card number.
Mon, 28 Jun 2021 - 41min - 9 - Episode 9: Mitigating Risk: Information Security Governance
In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guest Mosi Platt to the show. Platt is the GRC Manager at Frame.io. The two longtime friends discuss where they fall on the often-debated security or compliance front, and how managing risk is the reason both groups exist.
Fri, 11 Jun 2021 - 56min - 8 - Episode 8: CIS Controls v8...First Impressions
Part 2 of a 2-part series on the CIS Controls v8 update In this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Phyllis Lee, Senior Director of the CIS Controls, and CIS Controls Community Adopter and Volunteer, Rick Doten. Picking up where Part 1 of the series left off, Lee highlights the guiding principles that helped the development of v8 start off strong.
Fri, 28 May 2021 - 52min - 7 - Episode 7: CIS Controls v8...It’s Not About the List
PART 1 of a 2-PART SERIES In this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Randy Marchany and Phyllis Lee. Marchany is the Chief Information Security Officer (CISO) at Virginia Tech, and Lee serves as Senior Director of the CIS Controls. The connection between the two guests is the CIS Controls – a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.
Fri, 14 May 2021 - 56min - 6 - Episode 6: 2020 Elections Year in Review
In this edition of Cybersecurity Where You Are, host and CISO at the Center for Internet Security (CIS), Sean Atkinson welcomes guests Geoff Hale and Lew Robinson. Hale leads the Election Security Initiative at the Cybersecurity and Infrastructure Security Agency (CISA), while Robinson serves as CIS Vice President of Election Operations. Both agencies and both men, respectively, played a big role in the success of the 2020 General Election, which has been deemed the most secure election in American history.
Fri, 23 Apr 2021 - 37min - 5 - Episode 5: The Tools of Cyber Defense...an Ongoing, Repetitive Process
Part 2 of a 2-part series In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson continue their conversation on cyber defense as a risk-based process. They discuss the actions and resources that help build and implement “defensive machinery” that support an organization’s current cyber defense plan and help it mature.
Mon, 12 Apr 2021 - 57min - 4 - Episode 4: Dynamics of Cyber Defense...an Ongoing, Repetitive Process
Technology is ever-changing AND ever-evolving, creating an uncertainty amongst cybersecurity professionals – the defenders – in their pursuit of an effective cyber defense strategy. The uncertainty of the defender can justifiably be attributed to the uncertainty of the attacker. In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson introduce cyber defense as a risk-based process to reduce the overall probability and impact that a cyber-attack will have on an organization.
Fri, 26 Mar 2021 - 41min - 3 - Episode 3: Third-party Risk Management – Beyond the Questionnaire
Can a risk assessment questionnaire be the catalyst for true change to the entire vendor cybersecurity ecosystem? Cybersecurity Where You Are podcast host Sean Atkinson welcomes guest Ryan Spelman, former CIS employee, and now Managing Director at Duff & Phelps on their CYBERCLARITY360 team. Together, Sean and Ryan discuss tactics companies can use to better understand their cyber-risk posture and how stronger relationships between companies and their third parties impact the industry as a whole.
Fri, 12 Mar 2021 - 43min - 2 - Episode 1: Welcome to the Basics
Co-hosts Sean Atkinson and Tony Sager welcome you to the CIS podcast! Learn what the Center for Internet Security is, hear how the co-hosts grew with the industry, and understand the importance of basic cyber hygiene. What you learn here can be customized to your specific security needs whether you are a private business, government entity, or educational institution. Learn more at www.cisecurity.org
Wed, 27 Jan 2021 - 56min - 1 - Episode 2: Trends: Then, Now, and Into the Future
Sean Atkinson and Tony Sager discuss the top cybersecurity issues from 2020 and what the road ahead holds for the industry.
Fri, 05 Mar 2021 - 34min
Podcasts similares a Cybersecurity Where You Are
- Global News Podcast BBC World Service
- El Partidazo de COPE COPE
- Herrera en COPE COPE
- The Dan Bongino Show Cumulus Podcast Network | Dan Bongino
- Es la Mañana de Federico esRadio
- La Noche de Dieter esRadio
- Hondelatte Raconte - Christophe Hondelatte Europe 1
- Dateline NBC NBC News
- 財經一路發 News98
- La rosa de los vientos OndaCero
- Más de uno OndaCero
- La Zanzara Radio 24
- L'Heure Du Crime RTL
- El Larguero SER Podcast
- Nadie Sabe Nada SER Podcast
- SER Historia SER Podcast
- Todo Concostrina SER Podcast
- Conflict Skills Simon Goode
- 安住紳一郎の日曜天国 TBS RADIO
- アンガールズのジャンピン[オールナイトニッポンPODCAST] ニッポン放送
- 辛坊治郎 ズーム そこまで言うか! ニッポン放送
- 飯田浩司のOK! Cozy up! Podcast ニッポン放送
- 吳淡如人生實用商學院 吳淡如
- 武田鉄矢・今朝の三枚おろし 文化放送PodcastQR