DiscoverCybersecurity Where You Are
Cybersecurity Where You Are
Claim Ownership

Cybersecurity Where You Are

Author: Center for Internet Security

Subscribed: 41Played: 492
Share

Description

Welcome to “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all whether we are surfing the web at home, managing a company, supporting clients, or running a state or local government. Join Sean Atkinson and Tony Sager of CIS every other Wednesday as they discuss trends and threats, identify ways to implement controls and infrastructure, explore best practices, and interview experts in the industry. Together, we’ll clarify these complex issues and create confidence in the connected world.
79 Episodes
Reverse
In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to internet technology. Both agree that common good efforts must include more than just money to produce meaningful change in the cybersecurity industry.ResourcesFollow Philip on LinkedInEpisode 30: Solving Cybersecurity at Scale with NonprofitsGlobal Cyber AllianceFoundational Security for Your Software Supply ChainThe Cost of Ignoring the Log4j VulnerabilityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize practices and controls that help enhance coverage and efficacy of things that need to be done. Together, the three discuss the hurdles of harmonizing teams to determine acceptable risk in the cybersecurity ecosystem.Resources:Follow Lisa on LinkedInQuantitative Risk Analysis: Its Importance and ImplicationsEpisode 65: Making Cyber Risk Analysis Practical with QRAFAIR: A Framework for Revolutionizing Your Risk AnalysisIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection is the enemy of the good" as its paradigm. When we understand the data with which we can work, we can frame the information in a way to strengthen the cybersecurity posture of our respective organizations.ResourcesFollow Roger on LinkedInA Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be UsingCybersecurity at Scale: Piercing the Fog of MoreKnown Exploited Vulnerabilities CatalogEpisode 60: Guiding Vendors to IoT Security by DesignEpisode 75: How GenAI Continues to Reshape CybersecurityFighting Phishing: Everything You Can Do to Fight Social Engineering and PhishingIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice on how individuals, especially senior leaders, can get started with thought leadership.ResourcesFollow Julie on LinkedInEpisode 30: Solving Cybersecurity at Scale with NonprofitsEpisode 75: How GenAI Continues to Reshape CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting the verification challenge of GenAI.ResourcesEpisode 48: 3 Trends to Watch in the Cybersecurity IndustryEpisode 49: Artificial Intelligence and Cybersecurity = Minutes 26:00 and 31:00Episode 56: Cybersecurity Risks and Rewards of LLMs = Minute 8:00The LLM Misinformation Problem I Was Not ExpectingEpisode 44: A Zero Trust Framework Knows No EndDefining "Reasonable" Security with a Risk Assessment MethodIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing how the privacy laws passed by U.S. states over the past several years all include a cybersecurity element – namely, the effort to implement "reasonable" cybersecurity around protecting consumers' data. They then look to the future and consider how the laws will lead to regulations and, in turn, enforcement actions that will help raise our understanding of consumer privacy rights and how they can be defended.ResourcesCIS Controls v8 Privacy Companion GuideWhat is Cyber Threat Intelligence?Defining "Reasonable" Security with a Risk Assessment MethodEpisode 49: Artificial Intelligence and CybersecurityCybersecurity at Scale: Piercing the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, "Our Experts' Top Cybersecurity Predictions for 2023." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the Center for Internet Security® (CIS®) contributed their thoughts.ResourcesEpisode 56: Cybersecurity Risks and Rewards of LLMsEpisode 44: A Zero Trust Framework Knows No EndEmbedded IoT Security: Helping Vendors in the Design ProcessCyber Insurance Price Increases Highlight Ransomware DefenseEpisode 63: Building Capability and Integration with SBOMsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those recordings to reflect on IT operational challenges and the need to balance different interests in education organizations, including K-12 schools and higher education institutions. They also highlight commonalities that present not only opportunities for collaboration in the education sector but also instances where CIS can help advance cybersecurity in education through the content it produces.ResourcesFollow Phyllis on LinkedInCybersecurity for Educational InstitutionsEpisode 71: Advancing K-12 Cybersecurity Through CommunityThe Cost of Cyber Defense: CIS Controls IG1CIS Critical Security Controls Version 8U.S. Cyber ChallengeIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of Integrated Technology Services for the San Diego County Office of Education.Together, they discuss how our publication, "K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year," facilitates better decision-making around K-12 cybersecurity. They begin by considering some common cybersecurity challenges for K-12 organizations, most notably a lack of funding and skilled personnel. From there, they reflect on how entities in this sector have grown their cybersecurity maturity despite those obstacles over the past few years. Their conversation ends with guidance for getting started with a K-12 cybersecurity program.ResourcesFollow Carlos, Bhargav, and Terry on LinkedInK-12 Report: A Cybersecurity Assessment of the 2021-2022 School YearMulti-State Information Sharing and Analysis Center®Episode 69: How the NCSR Assessment Sows SLTT Cyber MaturityHow the Foundational Assessment Makes Starting or Improving a Cybersecurity Program EasierEstablishing Essential Cyber HygieneRansomware Defense-in-DepthIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the language that the media uses to report on cybersecurity affects its ability to build trust with the public. Their conversation ends by reviewing tips for how members of the public can find trustworthy media channels in the infosec space.ResourcesFollow Mathew on LinkedInDataBreachToday.comKillnet Group Targeting Ukraine Supporters with DDoS AttacksProtecting Against Potential Russian Cyber AttacksEpisode 68: Designing Cyber Defense as a Partnership EffortIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned by SLTTs through participating in the NCSR, the steps to getting involved with the program, as well as the resources from CIS and the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISACs) that a participant can use to strengthen their cyber maturity.ResourcesFollow Tyler on LinkedInNationwide Cybersecurity Review (NCSR)MS-ISAC ServicesEstablishing Essential Cyber HygieneEpisode 61: Overcoming Pre-Audit Scaries Through GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires partnership activity. They observe that cybersecurity companies like CIS and CrowdStrike must continue to work together, and they highlight the importance of working with customers directly to identify new angles, new challenges, and new ways of providing help.ResourcesFollow James on LinkedInCrowdStrike Partner PageExpanded Cybersecurity Partnership with CrowdStrike Further Protects the Public Against Potential AttacksEndpoint Security: The Key to Combatting Sophisticated CTAsEpisode 56: Cybersecurity Risks and Rewards of LLMsCrowdStrike 2023 Global Threat ReportSEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public CompaniesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might consider responding to certain audit findings within your organization. Throughout the entire episode, they cite the importance of using business context to determine your priorities and a way for achieving them.ResourcesFollow Stephanie on LinkedIn6 Mitigation Strategies to Make the Most of Audit ResultsBuild a Robust Continuous Audit Program in 10 StepsEpisode 65: Making Cyber Risk Analysis Practical with QRAEpisode 61: Overcoming Pre-Audit Scaries Through GovernanceHow to Navigate the Cybersecurity Audit Cycle with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic testing approach for these technologies. From there, they explain how RABET-V differs from traditional testing methodologies by verifying non-voting election systems using a three-pronged approach. They conclude by sharing their ongoing work to improve RABET-V.ResourcesRABET-VRABET-V Launch EventRABET-V Final Pilot Summary and Next StepsEpisode 63: Building Capability and Integration with SBOMsCIS Software Supply Chain Security GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the challenges of getting started. Their conversation then gets into how the CIS Board of Directors, specifically the Risk Committee, is using different methods of QRA to achieve CIS's business goals and objectives.ResourcesFollow Christopher on LinkedIn.Quantitative Risk Analysis: Its Importance and ImplicationsFAIR: A Framework for Revolutionizing Your Risk AnalysisCIS RAM v2.1: A Way to Demonstrate Reasonable SecurityEpisode 61: Overcoming Pre-Audit Scaries Through GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.ResourcesData Management Policy Template for CIS Control 3The Cost of Cyber Defense: CIS Controls IG1Prioritizing a Zero Trust Journey Using CIS Controls v8Episode 61: Overcoming Pre-Audit Scaries Through GovernanceHow to Navigate the Cybersecurity Audit Cycle with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org. 
In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.ResourcesEpisode 22: CIS Behind the Veil: Log4jCIS Software Supply Chain Security GuideEpisode 56: Cybersecurity Risks and Rewards of LLMsSoftware Bill of Materials (SBOM)Executive Order on Improving the Nation’s CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org. 
In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.ResourcesFollow Chris and Erik on LinkedInCounter HackA CISO's Best Friend: The PentesterEpisode 59: Probing the Modern Role of the PentestEpisode 49: Artificial Intelligence and CybersecurityEpisode 55: Live at RSA Conference 2023If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org. 
In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.ResourcesFollow Stephanie on LinkedInHow to Navigate the Cybersecurity Audit Cycle with CIS SecureSuiteEpisode 9: Mitigating Risk – Information Security GovernanceRemote Attestation Enabling Posture Assessment for Automated GRCCIS Software Supply Chain Security GuideService Provider Management Policy Template for CIS Control 15If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org. 
In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.ResourcesFollow Kathleen and Ben on LinkedInEmbedded IoT Security: Helping Vendors in the Design ProcessEpisode 33: The Shift-Left of IoT Security to VendorsCIS Controls v8 Internet of Things & Mobile Companion GuidesMaking Security Simpler for Organizations Big and SmallIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org. 
loading
Comments 
Download from Google Play
Download from App Store