Claim Ownership


Subscribed: 0Played: 0


In this special Pre-Cloud Con episode we mix things up a little. Rather than joining me as a co-host, the Cloud Security Alliance of West Michigan's own Anthony Coggins, sits on the other side of the mic.  He along with the ever knowledgeable Tim O'Connor, discuss the current state of cybersecurity insurance in 2022. Anthony is the Senior Manager of the Security Operations Team at Grand Rapid's own rocket ship insurance company, Acrisure. Tim is the Manager of Knowledge Services at Cadre Information Security.Talking Points:What does the industry look like today and why does it look that way?What do you need to know when you are filling out the forms?Do customers truly understand the questions being askedIs the form an indicator of the maturity of the insurance carrier? (Tim talks about the differences in the 20+ insurance forms he has on his desk)Did you know you can carry supplemental insurance like Home and Auto insurance? (Anthony talks about Ransomware Supplemental Form)Is it true insurance carriers lower rates if you have 'X' cybersecurity solution in your ecosystem?Episode Sponsor:This episode is sponsored by Cadre Information Security.  Cadre is a trust security partner based out of Cincinnati, Ohio and has been a long time supporter of the podcast.  As always, parts of the sponsorship fee goes to Michigan charities.
In this episode I get a chance to talk to Kevin Peterson about Network Observability in a Hybrid Cloud World.  Kevin is great information security evangelist who works for Arista. One of the many challenges that I face in the healthcare industry is handling devices that live On-Prem and send data to multiple cloud environments.Kevin and I talk about some very common use cases and the challenges that come along with it.  We also tag about how to handle segmentation across multiple domains.  So if you can relate to having to secure data that transverses to many cloud environments, this episode is for you!Podcast Sponsor:This episode is sponsored by Arista and proceeds will be going toward youth autism programs here in Michigan.  Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.  Arista has recently made a big push into the information security space using their vast experience with networks.  Arista is based out of Santa Clara California.
In this special episode I speak with Peter HJ van Eijk about the CCSK and  CCAK cloud security certifications from the Cloud Security Alliance.  Peter is the owner of Club Cloud Computing and an authorized CCSK and CCAK trainer.I have personally taken his training course and thought it was one of the best ones out there.  He also offers free refresher courses and online focus sessions.  If you want to learn more about CSA certifications, then definitely listen in!
In this episode I had the pleasure of talking with Jonathan Jesse about medical device security.  Jonathan is a Senior Systems Engineer for Forescout.  In fact, he has been working for the same information security company for over 6 years!  That is pretty unheard of nowadays in the security vendor space.What prompted this interesting discussion you say? Well Forescout recently acquired CyberMDX.  They are company that specializes in medical device security protection.  Since I have to work protecting medical devices sometimes as part of my 'real job'.  I have several different business use cases to discuss.  Including one around a urinalysis device.  Intrigued yet?Talking Points:Brief overview of why Forescout acquired CyberMDXWhat is Device Centric Risk Management?How to 'fingerprint' different medical devices that may be from the same manufacturer?Compliance and Governance - Are medical manufacturers still using FDA regulations as an excuse not to patchWhat are some good preventative measures? Episode Sponsor: I want to thank Forescout for sponsoring this episode.  They are a network security solutions vendor based out of San Jose California.  Part of the proceeds from this sponsorship will be going towards Youth Mental Health programs here in Michigan!
In this episode I talk with Richard Melick about mobile security. Richard is the Director of Threat Reporting for Zimperium, so he knows a thing or two about what is happening out in the mobile world right now.We definitely took a deeper look at the current state of mobile security and the talking points cover a bunch of key areas.Talking Points:What is more important and more secure to have, your wallet or your phone?Mobile threats can happen when you least expect it or in the last place you may suspect, subways anyone?There is no more 'consumer' grade mobile security A closer look at the global mobile threat reportZimperium's Global Mobile Threat Report:
In this episode I had a chance to talk with Rebecca Harvey about Cloud Identity. Rebecca does regional sales for SailPoint and she is also a co-founder of the Women's Security Alliance (WomSA).Her and I talked about why companies are still getting Cloud Identity wrong.  We also did a deeper dive into cutting edge items like Robot Identity and Robotic Process Automation.Episode Sponsor:This episode was sponsored by SailPoint.  SailPoint is an Identity Security Solutions Provider that is based out of great city of Austin, Texas.  Proceeds from this sponsorship will be going to Spectrum Health Foundation's Youth Mental Health program. Reference Links: NIST Guidelines: IDSA: Forum link to discussion around MFA for RPA: 
In this episode I had a chance to talk with Brian Philips about 5G security.  Brian is the Chief Solutions Architect for NetScout.  We had a chance to dive into various parts of 5G and what does it mean for the future of the 'Mobile Office'. We also talked about future use cases that are not as far as away as you think.How is 5G going to impact security?5G Internet to home isn't 'private' yetCellular security is wider than it needs to be right nowHow companies like Amazon could utilize 5G for both a private network and a 'near me' cloud serviceEpisode Sponsor:This episode is sponsored by NetScout.  NetScout is a Security and Communication Service Provider based out of Westford, Massachusetts. Proceeds from this sponsorship will be going towards a youth mental health progream here in West Michigan.
In this episode I had a chance to talk with Brian Schneble, Claudio Catti and Chuck Chessor about mobile security and rethinking 'trust' in the new Digital Transformation age. This was a more detailed discussion from the holiday fundraiser episode and has some great real world examples.Talking Points:As WFH becomes permanent, do we need to rethink 'trust' in the digital transformation age?How many companies are well verse in SASE philosophy?General Motors CEO asked her employees to turn off their VPN. What are the ramifications of that precedence?The rise of SaaS apps being delivering malware is Google Apps.Do we need to stop saying 'zero trust'?
In this first episode of 2022 I am reaching into my distance security past and invited a former colleague, Mike Ahrendt, to join Natasha Young and myself to take a close look at digital forensics.Mike has worn many security hats, including recent leadership roles, but his heart lies in the SOC.  Mike shares some insightful stories and answers from tough questions from Natasha!Talking Points:What is the difference between Public Sector vs Private Sector?How come some companies don't prioritize digital forensics investigations?Why can't forensics data be subjective (hint: legal reasons and hack journalism)?Why can more incidents be public (hint: brand damage)?Should there be more government regulations in this area?What is the problem with the current Threat Intel pipeline?Reference Links:To learn more about the FBI's Infragard initiative visit their website here.Episode Disclaimer: The views and opinions in this episode are my own and not a reflection of my employer or my awesome leaders. If you want the official stance of my employer on the incident from 2016 then use DuckDuckGo and research the issue from 2016. Stay safe and stay informed!! 
In this brief end of the year episode I talk about a recent phishing attack on a 3rd party vendor that was compromised via email in a very unique way. I reveal how it happened and why defense in depth in so important.Talking Points:What is a lookalike domain?The importance of having a defensive domain strategyHow bad guys used an operating system and email applications default behavior against the user
In this episode I had a chance to talk with Israel Barak about a listener submitting topic, 'How do I prepare for a ransomware attack?'. Israel is the CISO for Cybereason and has intricate knowledge of ransomware and cybersecurity dating back to his days in the Israeli Defense Force.Using his extensive knowledge we talked through his concept of having different security 'pillars' to help navigate the lifecycle of ransomware: Security Hygiene - Checklists are in security hygiene - you don't build a program around ransomwarePeople - Executive Leadership (how to educate exec leadership), Awareness (do you know what to do when you have already clicked), Security People (surgery example)Recovery - How do you plan for a recovery processInsurance - Do you really need it, do you trust it with your CFOEpisode Sponsor:This episode is sponsored by Cybereason. Cybereason is an eXtended Detection and Response solution company with Global Headquarters based out of Boston Massachusetts. Proceeds from the sponsorship fee will be going towards a local Youth Mental Health program that is happening in 2022.
In this special holiday fundraising episode I have not one but two special guests joining a small panel to discuss the current state of mobile security and the pitfalls of social engineering. Mike Jones is a former Anonymous hacker and founder of the Haunted Hacker security podcast and magazine. Jonathan Scott is a Mobile Security Researcher and the author of the Pegasus ID software. I was also joined by Jim Kuiphof, Director of Information Security for Spectrum Health, Richard Melick from Zimperium, Brian Schneble and Mitch Milligan from Sentinel One, Claudio Cattai and Chuck Chessor from Netskope. Talking Points:Can you really be hacked with just a mobile text message?Is your data 'really' gone after you wiped your phone?Did you know that your smart watch is listening when you wash your hands?Is Pegasus the only Nation State malware out there?How will this affect TeleHealth on mobile devices?What can we do to start reigning this issue?How do we protect ourselves from different social mobile attacks?Episode Sponsors:We are very to have 3 great sponsors for this fundraiser episode. Many thanks to Sentinel One for being a second year sponsor, and to Netskope and Zimperium for helping raise funds for 3 great charities! North Kent Connect, Toys for Tots and Hand for Help.  Thank you very much!
In this episode I sit down with Lloyd Guyot,  Mike Peterson and Steve Barnes to discuss the state of cybersecurity in 2021. Lloyd is a Client Solutions Advisor for Optiv, Mike is a Cybersecurity Consultant for Cadre and Steve is a Systems Engineer for Fortinet.Talking Points:How do we secure the new hybrid workforce?Is SASE where is needs to be going into 2022?Do you think there is ransomware fatigue?How is Social Engineering just security marketing hype?We cover a veritable cornucopia of security topics for your listening pleasure! Episode Sponsor:This episode is sponsored by Fortinet. Fortinet is a leader in the Gartner® Magic Quadrant™ for Network Firewalls and moving towards a Zero Trust Access future. Fortinet is based out of Sunnyvale, California. 
In this episode I have a special guest joining me to talk about a 'Passwordless Future'.  Jorel VanOs is the Chief Information Security Officer for the insurance company that is taking off like a rocket ship, Acrisure.  This is continuing a great conversation that was discussed in the Security Leadership panel at this year's C3 Tech Advisors IT Summit.Talking Points:What are companies not understanding about Multi Factor Authentication (MFA)?Why do banks use Email/SMS in this age of basic data already being out there?If security keys are the answer then why aren't companies not using them more?What is this upcoming MFA apocalypse/reckoning I keep hearing about?What are somethings that a SMB can do right now when it comes to better use of MFA?Google Voice/Fi? Apple/Google need to convert their phones into an open standard  Why can't your mobile phone provider use their verification as an MFA Podcast Charity: On behalf of Jorel's work in creating the Work + Shelter charity to support women in India, #RealTalkwithAaronBregg is donating $100 each to the following local charities for helping shelter women: Safe Haven MinistriesDegage Ministries Episode Sponsor:This episode was sponsored by Yubico.  Yubico is a global authentication leader based of out Sweden(!) with a US office in Palo Alto.Episode Giveway:We are giving away (5) new Yubico BioKeys!  All you have to do is be a new subscriber to the #RTWAB YouTube Channel and then message me on LinkedIn with your name, email address and company that you work for.  A fair trade of a little bit of information for a great new security product!
In this episode we are going to do things a little different. I am very to have Rebecca Harvey take over the hosting duties.  She will be interviewing myself and my awesome mentee, Natasha Young, about the last 6 months of our participation in WomSA mentorship program.If you are interested in becoming either a mentor or a mentee, I highly encourage you to set aside sometime to listen to this episodes.  Kudos to Rebecca for being a great guest host and to Natasha for being a great mentee!
In this episode I talked with Dave Golding about Security Posture Management as a Service.  What the heck is it? Are misconfigurations just FUD from vendor marketing teams?  Dave is a Sales Executive for AppOmni.Talking Points:What the heck is Security Posture Management anyways?What is your CASB not doing (not in a bad way)?What is the biggest problem with default configuration that you are seeing with customers?What is one of the biggest surprises that you are seeing in the industry?What about best practice policies?Episode Sponsor:This episode is sponsored by AppOmni.  AppOmni is a SaaS Security Management Software.  They are based out of San Francisco California.  As always, part of the sponsorship fees goes towards charities in West Michigan!
In this episode I sit down with Corwin Tobias, to take a deeper dive into maturing a Security Awareness program.  Corwin is the Information Security Awareness Ambassador for Blue Yonder.  I had the pleasure of working with Corwin when he was working on the Information Security Training Team for Spectrum Health.Talking Points:How to quip your staff to identify key risksDoes an employee know what to do when they make a mistake?A Human Firewall sounds good but doesn't always work in real life because cyber criminals adaptWhat are some things that people get wrong about Security Awareness? (Information Security Compliance fallacies)What departments does information security frustrate the most? Why is it important to identify them?Metrics are more granular than you think? It's not all about volume
In this episode I talk with Tim O'Connor about what companies don't understand about Security Awareness programs. Tim is the Manager of Knowledge Services for Cadre Information Security.Talking Points:Security Awareness is  more than just Phishing awareness trainingWhat doesn't the business get about Security Education?Risk Assessments and Vulnerability Assessments are two different thingsThe importance of Table Top exercisesBrand Name ProtectionIT is NOT where the cybersecurity buck stopsEpisode Sponsor:This episode is sponsored by Cadre Information Security.  Cadre is a trust security partner based out of Cincinnati Ohio.  As always, parts of the sponsorship fee goes to Michigan charities.  In 2021 #RTWAB has raised over $3,000!
In this episode I have a special co-host, Alex O'Meera to help me interview my guest, Jim Jakary about Security Operation Center (SOC) as a Service. Alex is a newly minted Senior Security Engineer for Spectrum Health (congrats!) and Jim is an Account Executive for Expel. This was the first remote broadcast in a long time and definitely contained lots of #RealTalk!Talking Points:We already have a security program, what can SOCaaS do to further help?Should be looking at metrics to help guide you?Can SOCaaS help your program with alert fatigue?Can a mature VM program help setup your SOC as a Success?Do you have the tools in place to help setup your SOC as a Success?Podcast Sponsor:This episode is sponsored by Expel, Expel is a Security Operations Center as a Service company that is based out of Herdon Virginia.  As always proceeds from the sponsorship will go to charities in West Michigan.
In this special milestone episode I talked with Ryan Dengate and Tim Vandermel about setting up a SIEM and SOC program before you try and tackle implementing SOAR.  Ryan is a Technical Engineer Lead and Tim is a Global Account Executive.  They both work for a great West Michigan company called C3 Tech Advisors. Talking Points:What are they seeing/hearing from customers right nowDo SMBs understand the importance of cyber liability insurance how SIEM/SOC programs can help?Where do you start your program?What are things you can do to 'get ready' to implement them?What are some of the biggest challenges?Can SOAR help with resource issues?Episode Sponsor:This episode is sponsored by C3 Tech Advisors.  C3 is based out of beautiful West Michigan and offers both security solutions and Telecomm voice and data solutions as well.  As always have of the sponsorship fee goes to charities throughout Michigan!
Download from Google Play
Download from App Store