Cybersecurity Where You Are (video)

In episode 155 of Cybersecurity Where You Are, Tony Sager is joined by John Gilligan, President and Chief Executive Officer (CEO) of the Center for Internet Security® (CIS®). Together, they reflect on 25 years of progress for CIS and look ahead to the future. They explore the driving forces behind "CIS 2.0," including the shift toward addressing multidimensional threats, expanding CIS’s audience, and leveraging tools driven by generative artificial intelligence (GenAI). Their discussion highlights how CIS is adapting to a new era while staying true to its mission-driven roots and foundational principles. Here are some highlights from our episode:01:11. The need for a mission-driven nonprofit to support the role of government04:28. Understanding the primary catalyst behind CIS 2.005:53. Multidimensional threats, expanded audiences, and revamped tools as adaptive opportunities12:57. The challenge of linking technology risk to operational risk13:45. How attackers tend to be more systems-level thinkers than defenders15:50. Culture as a support system for navigating the evolving skills and processes of CIS 2.022:24. Collaboration, partnerships, mission focus, and culture as foundational CIS elements31:11. How our engagement with state and local governments, thought leadership, and products and services will change going forward40:47. Parting thoughts and an important reminderResources25 Years of Creating Confidence in the Connected WorldEpisode 119: Multidimensional Threat Defense at Large EventsStrengthening Critical Infrastructure: SLTT Progress & PrioritiesEnhanced Cyber Resilience as a Secure Cyber CityThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 115: Continuous Feedback as CIS Employee CultureEpisode 125: How Leadership Principles Influence CIS CultureCIS CultureCIS CommunitiesEpisode 97: How Far We've Come preceding CIS's 25th BirthdayWhy Whole-of-State Cybersecurity Is the Way ForwardAn Introduction to Artificial IntelligenceReasonable CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 153 of Cybersecurity Where You Are, Sean Atkinson is joined by Jason Ashong, IT Support Specialist at the Center for Internet Security® (CIS®). Jason shares his journey from tinkering with tech as a kid to working in IT and pursuing cybersecurity research. The conversation covers education, mentorship, hands-on experience, and advice for newcomers entering the field. Here are some highlights from our episode:01:10. Jason’s early days in IT of fixing devices and breaking things to learn02:14. First professional IT/helpdesk experience at Dutchess Community College03:48. The importance of mentors pushing you to grow06:02. Jason’s advice to students of understanding foundational computing knowledge08:45. The value of technical skills in networking, cryptography, and coding11:00. Hands-on experience through labs, competitions, and research projects16:08. Self-confidence, practice, and dedicated time as tips for navigating the job market19:29. The role of attitude in opening up new opportunities24:40. Jason flips the script and interviews SeanMistakes to avoid when entering the field: imposter syndrome and perfectionismCybersecurity as a path of continuous learningOpportunities for newcomers with experience in artificial intelligence and data scienceResourcesEpisode 129: Embedding Cybersecurity in Project ManagementEpisode 95: AI Augmentation and Its Impact on Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndTryHackMeHack The BoxIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 152 of Cybersecurity Where You Are, Sean Atkinson is joined by Cliff Moten, Manager, Cybersecurity Solutions Engineering at the Center for Internet Security® (CIS®); and Richard Vargas, Security Operations Center Manager at CIS. Together, they discuss how the 24x7x365 CIS Security Operations Center (SOC) and CIS Managed Detection and Response™ (CIS MDR™) work together to accelerate response time while enriching telemetry. Here are some highlights from our episode:01:40. Demystifying SOCs and MDR as cybersecurity concepts02:52. How the CIS SOC works to provide information, context, and next steps for an event05:04. Artificial intelligence and automation as ways to accelerate response time10:20. Real-world instances where a fast response time made a difference13:10. What it means to support underfunded organizations with the resources they need17:22. The role of contextual cyber threat intelligence in accelerating response times19:01. The value of security orchestration, automation, and response (SOAR) in helping defenders move quickly27:33. Lessons that organizations can use to cut down on their incident response timesResourcesThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksEpisode 144: Carrying on the MS-ISAC's Character and CultureEpisode 137: National Cybersecurity Through SLTT ResilienceCombatting RansomwareEstablishing Essential Cyber HygieneCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 151 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager conclude their mid-year review of 12 Center for Internet Security® (CIS®) experts' cybersecurity predictions for 2025. Here are some highlights from our episode:01:12. The importance of consolidating security operations and using what already exists03:18. The promise of generative artificial intelligence (GenAI) in relieving grunt work08:26. The great responsibility and burden of integrating GenAI into business operations10:53. How control and inspection generate trust in systems17:57. Post-quantum cryptography, IoT in edge computing, and GenAI's sociopolitical risks30:21. The need for a more holistic understanding of compliance33:34. Why zero trust doesn't mean "no trust"36:56. The need for AI as an element of critical security control41:33. The dynamic challenge of protecting all assets with varying levels of securityResources12 CIS Experts' Cybersecurity Predictions for 2025Episode 145: 2025 Cybersecurity Predictions H2 Review — Pt 1Episode 135: Five Lightning Chats at RSAC Conference 2025Establishing Essential Cyber HygieneEpisode 95: AI Augmentation and Its Impact on Cyber DefenseGuide to Asset Classes: CIS Critical Security Controls v8.1An Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsAn Introduction to Artificial IntelligenceEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 118: Preparing for Post-Quantum CryptographyEpisode 63: Building Capability and Integration with SBOMsEpisode 99: How Cyber-Informed Engineering Builds ResilienceMapping and Compliance with the CIS ControlsMapping and Compliance with the CIS BenchmarksCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 150 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Chad Rogers, Sr. Manager, Digital Media Services, at the Center for Internet Security® (CIS®); Rudy Uhde, Video Editor at CIS; and David Bisson, Sr. Content Strategist at CIS. Together, they use a roundtable chat to celebrate 150 episodes of Cybersecurity Where You Are. Here are some highlights from our episode:01:33. How the cybersecurity landscape and podcast have changed since Episode 10005:40. The "labor of love" that goes into editing and preparing an episode for publication12:13. Memorable guests and moments that changed the team's thinking about cybersecurity25:45. How the larger podcast team drives continuous improvement and innovation30:13. Parting thoughts for the audienceResourcesEpisode 100: Celebrating 100 Episodes and Looking AheadEpisode 149: Human Error, AI Missteps, and Other VM RisksEpisode 9: Mitigating Risk: Information Security GovernanceEpisode 96: Making Continuous Compliance Actionable for SMBsEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 136: How WiCyS Advances Women in CybersecurityEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 146: What Security Looks Like for a Security CompanyEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 149 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris McCullar, Director of Sales, Cloud Security, at the Center for Internet Security® (CIS®); and Mishal Makshood, Sr. Cloud Security Account Executive at CIS. Together, they discuss how to navigate human error, artificial intelligence (AI) missteps, and other landmarks in a new frontier of virtual machine (VM) risks. Here are some highlights from our episode:00:50. Introductions with Chris and Mishal02:20. The ongoing need to address the risk of human error when configuring VMs04:55. The value of building trusted security into a VM image by design07:28. A reality check of what the shared responsibility model means to an organization13:06. How the integration of AI into DevOps accelerates both automation and mistakes15:21. The importance of a secure foundation in the cloud on which you can build with AI18:19. Automated enforcement and AI's role in complementing human judgment21:03. Two examples how CIS resources can drive governance and policy integration28:05. Cybersecurity as a community-driven team sport30:33. Lifecycle management as a way of addressing organizations' security needsResourcesKeep the Cloud Secure with CIS after Migrating to the CloudAutomated Compliance: The Byproduct of Holistic HardeningMeet the Shared Responsibility Model with New CIS ResourcesEpisode 135: Five Lightning Chats at RSAC Conference 20252025 Data Breach Investigations ReportIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 148 of Cybersecurity Where You Are, Sean Atkinson is joined by Rob Reese, Cyber Incident Response Team Manager at the Center for Internet Security® (CIS®); Dustin Cox, Cyber Incident Response Team Analyst at CIS; and Cliff Moten, Manager, Cybersecurity Solutions Engineering at CIS. Together, they discuss how organizations can use Managed Detection and Response (MDR) tools to help defend against zero-day attacks. Here are some highlights from our episode:01.06. Demystifying zero-day vulnerabilities with a definition02:36. Why zero-day attacks are some of the most serious threats facing organizations today04:19. Examples of zero-day exploits and how these threats affect Incident Response (IR)10:06. The importance of understanding your environment and patch management13:58. How MDR assists with behavioral analysis, assembling holistic inventories, and IR20:02. The role of asset inventories in determining scope and containing a zero-day incident24:08. Why it's important to have humans managing and monitoring an MDR solution27:11. MDR as a means of centralizing evidence of a zero-day attack30:05. Parting thoughts for those concerned with their endpoint security postureResourcesCIS Managed Detection and Response™ (CIS MDR)Multi-State Information Sharing and Analysis Center®CIS Critical Security Control 1: Inventory and Control of Enterprise AssetsCIS Critical Security Control 2: Inventory and Control of Software AssetsThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityReal-Time Indicator FeedsIncident Response Policy Template for CIS Control 17If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 147 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security® (CIS®); and Kaitlin Drape, Hybrid Threat Intelligence Analyst at CIS. Together, they discuss how to actualize threat intel for the purpose of building effective defense programs and operational response plans. Here are some highlights from our episode:01:27. Which two questions you want to answer when providing intelligence on a threat05:19. How to avoid underutilizing or misunderstanding the utility of threat intel13.18. A real-life story from John of when intelligence made a difference in a security incident17:05. The foundation and building blocks of maturing your threat intelligence program22:14. The value of working with non-intelligence groups to formulate effective response plans24:22. CIS's ongoing work to help organizations proactively ingest and use threat intel28:24. How cross-collaboration across an organization brings threat intel into a lifecycle31:01. Kaitlin's work as an exemplar of how to make threat intelligence operational36:20. The ongoing evolution of hybrid threat intel to inform meaningful operational responsesResourcesThreatWA™How Threat Modeling, Actor Attribution Grow Cyber DefensesCountering Multidimensional Threats: Lessons Learned from the 2024 ElectionEpisode 119: Multidimensional Threat Defense at Large EventsSinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ saysIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:00:58. Introductions with Angelo and Stephanie02:07. A pro and a con of IT consulting work04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls07:08. How IT and IT security are essential to corporate strategy07:45. The use of governance to support merging three business units into an integrated security company12:04. The value of security champions in adapting to regulatory and business changes15:15. What IT and Security teams can accomplish when they work as partners17:18. The use of data to inform Board decisions and conversations around risk20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 202029:30. Advice for folks starting out in security31.28. The importance of collaboration and culture in implementing security as an organizationResourcesEpisode 144: Carrying on the MS-ISAC's Character and CultureThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1CIS Controls v8.1 Mapping to ISO/IEC 27001:2022CIS Controls v8.1 Mapping to SOC2CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3Reasonable CybersecurityEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 145 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager begin their mid-year review of 12 Center for Internet Security® (CIS®) experts' cybersecurity predictions for 2025. Here are some highlights from our episode:01:14. Verizon's Data Breach Investigations Report as a source of enlightenment and humility02:28. The use of generative artificial intelligence (GenAI) to finely tune phishing emails06:31. Cyber threat actors' Darwinian efficiency in adopting new technology07:50. Policies, oversight, and compliance in slowing defenders' adoption of technology10:30. The two-sided, dynamic challenge of managing supply chain risk18:23. Cybersecurity as a strategic business investment in protecting revenue20:40. The value of partnerships in determining rational social expectations for cybersecurity26:45. Rapid recap of several of our 2025 cybersecurity predictions28:43. Designing technology with human awareness to create a culture of responsibility32:29. The need to rethink what "connected" means in our complex worldResources12 CIS Experts' Cybersecurity Predictions for 2025Episode 117: 2025 Cybersecurity Predictions from CIS Experts2025 Data Breach Investigations Report2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationEpisode 119: Multidimensional Threat Defense at Large EventsHow to Construct a Sustainable GRC Program in 8 StepsSociety of Information Risk AnalystsReasonable CybersecurityEpisode 135: Five Lightning Chats at RSAC Conference 2025If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 144 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Carlos Kizzee, Senior Vice President of Multi-State Information Sharing and Analysis Center® (MS-ISAC®) at the Center for Internet Security®(CIS®). Together, they discuss how the MS-ISAC's new funding model helps to carry on the character and culture of this collaborative cyber defense community. Here are some highlights from our episode:01:11. The unique mission, history, and value of building community at the MS-ISAC05:36. A new fee-based model to preserve services and support amid federal funding changes07:08. Service continuity as a commitment to U.S. State, Local, Tribal, and Territorial entities09:45. Initial feedback and considerations heard at the 2025 ISAC Annual Meeting11:40. The new membership funding model and how it preserves SLTT collaboration15:25. A cost-effective approach to securing the "cyber-underserved"19:31. The range of U.S. SLTT government organizations who can enroll as members now21:59. The illusion of "free" in helping U.S. SLTTs to strengthen their cyber defenses22:55. Why U.S. SLTTs need to enroll in paid MS-ISAC membership before October 1, 202528:03. Scale as the key to making MS-ISAC activities as cost-effective as possible30:05. The essential need for U.S. SLTT government organizations to invest in the MS-ISACResourcesMulti-State Information Sharing and Analysis Center®Episode 142: SLTTs and Their Nuanced Cybersecurity NeedsEpisode 137: National Cybersecurity Through SLTT ResilienceISAC Annual MeetingMS-ISAC Membership ResourcesBecome an MS-ISAC MemberEpisode 30: Solving Cybersecurity at Scale with NonprofitsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 143 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security®(CIS®). Together, they discuss Iran's evolving multidimensional threat activity following U.S. airstrikes on Iranian nuclear facilities in June 2025. Here are some highlights from our episode:00:49. Lessons from the past on how Iran might respond to the U.S. airstrikes in June 202504:56. The use of informed practice and continuous awareness to better prepare defenders06:41. Recap of Iranian multidimensional threat activity observed between 2024 and 202511:53. The impact of contextual intelligence and education in driving threat awareness19:17. Why understanding of impact is critical to addressing a business risk23:09. Three things you need to do to be an effective threat briefer25:07. The use of tabletop exercises (TTXs) to promote incident response26:56. The 2024 General Election as a case study of what threat preparedness can doResourcesThreatWA™US hits 3 Iranian nuclear sites, Trump says, plunging America into conflictAre national security threats a concern after U.S. military strike on Iranian nuclear sites?New report: Hacker for El Chapo helped boss hunt and kill FBI informantsMS-ISAC Guide to DDoS AttacksWith July 4 just days away, US law enforcement on high alert for Iran retaliationIran-linked hackers threaten to release Trump aides' emailsIranian-aligned hackers claim responsibility for Truth Social cyberattackIranian-Aligned Hackers Claim Responsibility for Attack on Trump’s Truth Social PlatformStates and Congress wrestle with cybersecurity after Iran attacks small town water utilitiesNYPD deploying additional resources across city following US strikes on IranCIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideEnhancing Safety in the Connected World — A National Framework for ActionEpisode 138: The Use of GenAI to Refine Your TTX DevelopmentCountering Multidimensional Threats: Lessons Learned from the 2024 ElectionIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 142 of Cybersecurity Where You Are, Sean Atkinson is joined by Anthony Essmaker, former Product Marketing Manager at the Center for Internet Security®(CIS®); and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they discuss the nuanced, empathetic approach that's required to help U.S. State, Local, Tribal, and Territorial (SLTT) government organizations to address their cybersecurity needs. Here are some highlights from our episode:01.10. What the acronym "SLTT" means to CIS's operational mission05:39. Using a flexible approach to support the different cybersecurity needs of the 50 states09:43. How different resources and experiences contextualize "best practices" at the local level11:49. Trivia question: Which two U.S. states don't have counties?13:20. The complexity of cybersecurity challenges and resources for U.S. tribal entities20:11. A 20-year history of working with U.S. SLTTs to meet them where they are21:30. Relationships as the bedrock for a community model of SLTT cyber defense26:29. Geographical isolation and other factors affecting U.S. territories' cybersecurity needs32:42. A closing fun fact about the first U.S. fire districtResourcesEpisode 123: An Operational Playbook for Security ImpactThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber Maturity2024 MS-ISAC Tribal Sector Cybersecurity ReportMulti-State Information Sharing and Analysis Center®Nationwide Cybersecurity Review (NCSR)If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 141 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security®(CIS®); and Julie Haney, Computer Scientist & Human-Centered Cybersecurity Researcher at the National Institute of Standards and Technology (NIST). Together, they use a human-centered understanding of security to discuss password policies, including their benefits, drawbacks, and efficacy. Here are some highlights from our episode:01:03. Introductions to Phyllis and Julie03:34. How "human-centered cybersecurity" goes beyond just usability05:35. The use of NIST and other authoritative sources to dispel confusion in cybersecurity09:09. How password policies positively and negatively impact human behavior15:06. Three anecdotes that showcase the importance of context when enacting security policy21:49. The process of using NIST SP 800-63 to recommend password security best practices27:11. Our changing understanding of "the human element"29:23. The need to do cybersecurity awareness training "right" and measure its effectiveness31:30. Recognition of the absence of natural systems thinking in cybersecurity33:14. Psychological safety, feedback, and trust as foundations of security culture39:03. Human touchpoints as a starting point to help usability and security work togetherResourcesCIS Password Policy GuideNIST SP 800-63 Digital Identity GuidelinesEpisode 98: Transparency as a Tool to Combat Insider ThreatsEpisode 110: How Security Culture and Corporate Culture MeshWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 140 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security®(CIS®). Together, they discuss travel safety tips informed by today's evolving multidimensional threat environment. Here are some highlights from our episode:01:30. The most overlooked security risks we need to take seriously whenever we travel03:42. How threat actors can exploit our tendency to overshare online07:25. Top security practices you can use to safely plan your next trip12:28. The value of playing out your travels' worst-case scenario before you leave16:02. The benefits and drawbacks of using electronic navigations systems while traveling18:00. Videos as a means of attuning to the "flow" of a different place and/or culture24:10. Which types of people make attractive targets for foreign intelligence services25:05. Honeypot operations in the physical and digital worlds27:24. Opportunities to protect the technology on which we relyResourcesThreatWA™Travel.State.GovA Short Guide for Spotting Phishing Attempts8 Security Essentials for Managing Your Online PresenceElection Security Spotlight – Social EngineeringIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 139 of Cybersecurity Where You Are, Tony Sager is joined by Amelia Gifford, Sr. Manager, Administration, at the Center for Internet Security®(CIS®); and George Bailey, Director of Purdue cyberTAP. Together, they discuss how the 2025 grant from the Alan Paller Laureate Program will support Purdue cyberTAP's mission of community building for the cyber-underserved. Here are some highlights from our episode:01:02. Honoring a legacy of making cybersecurity practical and accessible03:34. The business of giving products away to benefit the cybersecurity community05:00. The use of the CIS Critical Security Controls (CIS Controls) to help rural electricity cooperatives in Indiana11:00. Methodology, tooling, and repeatability as part of a lifecycle of realizing a good idea11:56. Cross-Mapping as a means to help people live with so many security frameworks12:59. Accountability and re-assessment as methods for measuring program success14:59. The power of community in prioritizing the CIS Controls16:38. Community building as a way to navigate the cybersecurity business together17:42. A controlled Controls experiment to generate data, learn lessons, and create feedback19:03. Progress reporting as a way to foster connections24:39. Feedback on the Alan Paller Laureate Program application process26:30. Focus on cybersecurity community impact as a consideration for future applicants30:31. Parting thoughts about the grant program and an invitation to reach out to GeorgeResourcesCenter for Internet Security Awards Nearly $250,000 to Purdue University’s Technical Assistance ProgramEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 97: How Far We've Come preceding CIS's 25th BirthdayCIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideSEC366: CIS Implementation Group 1™How to Plan a Cybersecurity Roadmap in 4 StepsCIS SecureSuite® MembershipMapping and Compliance with the CIS ControlsReasonable Cybersecurity GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 138 of Cybersecurity Where You Are, Sean Atkinson is joined by Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security®(CIS®). Together, they discuss how organizations can use Generative Artificial Intelligence (GenAI) to refine how they develop Tabletop Exercises (TTXs). Here are some highlights from our episode:01:49. Why TTXs function as a "blue sky" opportunity for crisis management and preparedness04:33. A quick recap of how GenAI stands apart from traditional AI06:19. The direct relationship between input and output when measuring GenAI content quality07:36. TTXs as a use case for GenAI to help the "cyber-underserved"10:14. How GenAI can quickly customize TTXs for different organizations and threat models13:56. The use of GenAI to improve TTX facilitation, regularity, and cost17:22. GenAI as an inspiration to act on the findings of a simulation18:26. Risks and ethical concerns to keep in mind for GenAI-enhanced TTX development24:46. Where humans can still play a part in augmented exercises30:08. Closing thoughts about the future of GenAIResourcesLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentEpisode 134: How GenAI Lowers Bar for Cyber Threat ActorsEpisode 89: How Threat Actors Are Using GenAI as an EnablerDeepSeek: A New Player in the Global AI RaceMulti-State Information Sharing and Analysis Center®If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 137 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Terry Loftus, Assistant Superintendent (Chief Information Officer) of Integrated Technology Services at the San Diego County Office of Education (SDCOE); and Netta Squires, President of Government Affairs, Cybersecurity, & Resilience at Open District Solutions (ODS). Together, they discuss how the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) functions as a space for U.S. State, Local, Tribal, and Territorial (SLTT) entities to collectively strengthen their cyber resilience in support of U.S. national cybersecurity. Here are some highlights from our episode:01:15. A study to understand the cybersecurity perspectives of the MS-ISAC community03:24. The need for sustained cyber defense accelerators to drive U.S. SLTT resilience07:31. How surveys and focus groups uncovered U.S. SLTT cybersecurity funding, staffing, and governance challenges13:06. The superpower of cyber threat intelligence driven, tailored, and provided via community17:41. Trust as a foundation for building relationships among MS-ISAC members and partners21:26. How the MS-ISAC moved community cyber defense from conversational to operational22:22. The role of trust in making membership affordable and solutions at scale possible25:00. Opportunities for relationship building, training, and access to services in the MS-ISAC30:00. Examples of MS-ISAC success stories and the need to share them33:40. The MS-ISAC as a space to craft a strategic path for national cybersecurity36:29. Closing thoughts on how members value and can get involved in the MS-ISACResourcesStrengthening Critical Infrastructure: SLTT Progress & PrioritiesMalicious Domain Blocking and Reporting (MDBR)Episode 126: A Day in the Life of a CTI AnalystWhy Whole-of-State Cybersecurity Is the Way ForwardMS-ISAC: Defending America’s Critical InfrastructureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 136 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined live by Lynn Dohm, Executive Director of Women in CyberSecurity (WiCyS). Together, they discuss how WiCyS works to advance women in cybersecurity. Here are some highlights from our episode:01:03. A mission of recruiting, retaining, and advancing women in cybersecurity05:38. How community-focused conferences and scholarships promote community growth06:25. The need to celebrate the work of and encourage support among cyber defenders08:52. Four strategic pillars as a foundation for navigating COVID, societal change, and more13:50. The importance of laying out cybersecurity career paths outside of individual companies15:15. How a foundation of inclusion enables diversity to expand19:45. The use of strategic partners to anticipate changing cybersecurity and hiring needs22:38. Inside the successes of the mentorships and other WiCyS programs28:22. The impact of Alan Paller on opening doors for WiCyS32:35. How volunteerism supports retention in cybersecurity through inclusion and satisfactionResourcesEpisode 77: Data's Value to Decision-Making in CybersecurityEpisode 120: How Contextual Awareness Drives AI GovernanceAlan Paller Laureate ProgramEpisode 30: Solving Cybersecurity at Scale with NonprofitsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.