DiscoverThe Virtual CISO Moment
The Virtual CISO Moment

The Virtual CISO Moment

Author: Greg Schaffer

Subscribed: 5Played: 360
Share

Description

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Quick strike and wrap up audio-only episodes drop Mondays and Fridays; Throwback Thursday episodes are repeats. email greg.schaffer@secondchancebook.org. A Second Chance Publishing, LLC podcast.
228 Episodes
Reverse
From October 4, 2022 - Gary Chan of Alfizo LLC helps businesses stay secure from hackers and insider threats, meet legal and regulatory compliance, and enable sales by meeting their customers' expectations for security. He is also a "security mentalist", and if you're like me and have never heard of this term, you need to check out this episode - it's fascinating! Gary's websites: • Creating memorable experiences for corporate audiences, https://www.gschan2000.com/ • Helping organizations build their information security programs, https://alfizo.com/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Derek Morris is a virtual Chief Information Security Officer (vCISO) with almost 3 decades in IT, Information Security, Cybersecurity. He possesses numerous industry certifications including: CISSP, CISM, CISA, CDPSE, PCI-QSA, CCSFP, CCNA, and MCSA. Bachelor's Degree in Computer Information Systems from Bryant University with a minor in Applied Statistics. We discuss the virtual CISO space and what to look for in a virtual CISO, including "IT empathy". --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Links: https://www.bbc.com/news/business-64452986 https://heimdalsecurity.com/blog/new-mimic-ransomware-uses-windows-search-engine-to-find-and-encrypt-files/ https://www.bankinfosecurity.com/blogs/targets-opportunity-how-ransomware-groups-find-victims-p-3365 https://www.securityweek.com/the-effect-of-cybersecurity-layoffs-on-cybersecurity-recruitment/ https://coruzant.com/security/three-essential-proactive-steps-for-keeping-enterprises-cybersecure/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
From September 28, 2022 -  Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC’s Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber Attacks - https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
BJ Withrow, Manager, Major Accounts, East Coast at Tenable, is a self-proclaimed geek at heart and cybernerd by trade. When he is passionate about something, it comes out in everything he does, and he loves what he does. We cover a variety of topics, including cybersecurity for small and midsized businesses, exercising, and the importance of a servant's heart. Note a production error resulted in mismatched video and audio for host, not guest. We have switched platforms going forward because of this issue. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Southwest upgrades, NIST CSF update, ransomware affects 1000 ships' connectivity,  ransomware threat in next 24 months, iOS 12 zero-day fix, SCOTUS infosec risk management fails, securing IoT (list), my appearance this morning on the KAJMasterclass, and a thanks to Cynomi for including me as a top vCISO influencer. https://www.ciodive.com/news/southwest-airlines-technology-data-upgrades-FAA/640890/ https://news.yahoo.com/southwest-didnt-heed-calls-upgrade-020007630.html https://www.nextgov.com/cybersecurity/2023/01/nist-releases-potential-updates-its-cybersecurity-framework/381970/ https://www.theregister.com/2023/01/19/ransomware_attack_cuts_1000_ships/ https://www.darkreading.com/attacks-breaches/organizations-likely-to-experience-ransomware-threat-in-the-next-24-months-according-to-info-tech-research-group https://nakedsecurity.sophos.com/2023/01/24/apple-patches-are-out-old-iphones-get-an-old-zero-day-fix-at-last/ https://www.csoonline.com/article/3685938/us-supreme-court-leak-investigation-highlights-weak-and-ineffective-risk-management-strategy.html#tk.rss_all https://www.techrepublic.com/article/securing-edge-securing-iot-devices/ https://www.youtube.com/watch?v=vHyQyfRa4So&ab_channel=TheKAJMasterclassLIVE https://www.cynomi.com/blog/top-12-vciso-influencers/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
T-Mobile breach (again), MailChimp breach (again), ransomware payments down, TikTok fined for cookie issue, Avast posts decryptor for BianLian, five trends for 2023, and leveraging LNK files.  https://www.wsj.com/articles/t-mobile-says-hackers-stole-data-on-about-37-million-customers-11674166048 https://techcrunch.com/2023/01/19/t-mobile-data-breach/ https://www.msn.com/en-gb/money/technology/mailchimp-suffers-another-major-data-breach-following-employee-hack/ar-AA16w1Z3 https://www.theregister.com/2023/01/19/ransomware_payments_down/ https://www.secureworld.io/industry-news/tiktok-fined-cookie-policies https://www.scmagazine.com/news/ransomware/avast-posts-decryptor-for-the-bianlian-ransomware https://www.enterprisetimes.co.uk/2022/12/22/the-security-outlook-for-2023-five-trends/ https://thehackernews.com/2023/01/new-research-delves-into-world-of.html https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-of-lnk-shortcut-files-malware/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
From September 27, 2022 - Cy Sturdivant, Director at Forvis (Cybersecurity Division), joins us to discuss his path from accounting and finance to cybersecurity and the audit field. We dive into controls, the Three Line of Defense model, and how audit as the third line helps organizations achieve and maintain a solid information security posture. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Brent Forrest is a leader, architect, and strategic advisor of holistic cybersecurity. He has developed security programs across Oil & Gas, Financial, Insurance, and Construction industries including architecture of endpoint visibility/protection, managed detection and response (MDR), and security awareness as well as leading real-world cyberbreach response efforts. He is a graduate of Western Governors University and a holder of CISSP, C|CISO, and other technology certifications. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Malware attack on CircleCI, FortiOS vuln exploited, RTU ransomware attack, Lifelock compromise, Cloudflare and .gov, how and why to improve security culture, and nine top-of-mind issues for CISOs in 2023. https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html#tk.rss_all https://industrialcyber.co/industrial-cyber-attacks/hacker-group-discloses-ability-to-encrypt-an-rtu-device-using-ransomware-industry-reacts/? https://www.darkreading.com/remote-workforce/norton-lifelock-warns-on-password-manager-account-compromises https://www.darkreading.com/attacks-breaches/cloudflare-wins-cisa-contract-for-registry-and-authoritative-domain-name-system-dns-services https://www.tripwire.com/state-of-security/c-suite-security-how-it-teams-improve-security-culture https://blogs.cisco.com/security/nine-top-of-mind-issues-for-cisos-going-into-2023 --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
US air grounding due to one engineer's error, vuln in chromium browsers, Citrix vuln, Tech Republic bundle offer, 10 penetration testing decision factors, and why soft skills are necessary in infosec. https://www.dailymail.co.uk/news/article-11628753/FAA-flight-grounding-debacle-stranded-tens-thousands-hours-caused-engineer.html https://thehackernews.com/2023/01/experts-detail-chromium-browser.html https://www.csoonline.com/article/3685414/royal-ransomware-group-actively-exploiting-citrix-vulnerability.html#tk.rss_all https://www.techrepublic.com/article/explore-information-security-huge-course-bundle/ https://christianespinosa.com/blog/top-10-penetration-testing-decision-factors/ https://technative.io/why-soft-skills-are-key-to-filling-the-digital-talent-gap/ If you're interested in filling the gap for Tuesday's episode please send me an email at greg@gregschaffer.info. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
From September 20, 2022: Adam Bricker has led many career lives, from working on Tomahawk missiles to cofounding the Carolina Cyber Center, focused on hardening community resources and continuing education to address the nation's critical cybersecurity talent shortfall. He currently provides consulting services for businesses in high tech, IT-enabled and emerging markets as the founder of ePower Learning, and his testimony of faith in relation to his callings is truly inspirational. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Mary-Michael Horowitz, CISM, is the Founding Partner/CEO at Asylas, LLC. Asylas is a cybersecurity solutions firm heavily focused on remarkable service and customized approaches to security, privacy and risk consulting. We discuss small and midsized business security challenges, including passwords and password managers. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Experian security flaw, CISOs focus on three trends, email services encryption, importance of SaaS user permissions, $24B MATIC coin risk, and today's list: 10 CRUCIAL cybersecurity tips for small business. https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/ https://www.darkreading.com/microsoft/cisos-are-focused-on-these-3-trends-are-you- https://www.techrepublic.com/article/cloud-email-services-bolster-encryption-against-hackers/ https://thehackernews.com/2023/01/why-do-user-permissions-matter-for-saas.html https://www.cpomagazine.com/cyber-security/critical-vulnerability-that-put-24-billion-in-matic-coins-at-risk-patched-by-polygon/ https://esabda.com/10-crucial-cybersecurity-tips-for-small-business/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Flipper phish, Slack breach, LastPass last trust, Twitter account info for free, Iran DDoS attack, data privacy trends, and a question of whether or not to use a VPN firewall (feedback encouraged, email greg@gregschaffer.info). https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/ https://cybernews.com/security/slack-admits-security-breach/ https://www.pcmag.com/opinions/lastpass-is-losing-our-trust https://www.forbes.com/sites/petersuciu/2023/01/04/data-from-200-million-twitter-users-offered-for-free-on-hacker-forum/ https://www.jpost.com/middle-east/iran-news/article-726852 https://www.law360.com/articles/1559756/5-data-privacy-law-trends-that-will-continue-into-2023 --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
From September 13, 2022 - Elvis Huff is the Vice President - Director of Security/Information Security Officer for Wilson Bank and Trust. His path to bank ISO is not typical but is inspirational, with 12 years as a police officer prior to entering the world of banking. His reason for the transition involves faith and following a calling. He also produces an awesome security newsletter, Security Stuff with Elvis Huff - check it out at https://www.wbtsecurityblog.com/! --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
For our kickoff episode of Season Five, Dave Evangelista joins us. He has 20 years of experience with financial institutions and is currently the Vice President Information Technology for a midwestern credit union where he is responsible for the tactical direction, control, and ongoing analysis and planning for the credit union’s IT environment. Infrastructure, Operations, Critical Systems, Information Security, Development, e-Services, Service Delivery, Digital and Technology Support. He also has 24 years of law enforcement experience, including as a Kentucky certified Cyber and Financial Crimes Investigator, Kentucky certified Advanced Internet Crimes Investigator, election consultant on crimes against children to former Governor Ernie Fletcher, founder  and executive director for the United States Internet Crime Task Force (1998-2020), and is a recognized expert witness on digital forensics. --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Twitter GDPR investigation, ransomware group clones victim's site, LockBit apologizes to children's hospital, ransomware ecosystem diversifying, IT Pros' cybersecurity fears, FinTech cybersecurity issues, and cybersecurity tools to keep you safe as a remote worker...sort of. https://gdprbuzz.com/news/twitter-faces-investigation-in-ireland-over-data-breach/ https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/ https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/ https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html https://securityboulevard.com/2023/01/an-overview-of-cybersecurity-issues-faced-by-the-fintech-industry/ https://www.digitalinformationworld.com/2023/01/85-of-it-pros-fear-cybersecurity-issues.html https://www.makeuseof.com/best-free-cybersecurity-tools-to-keep-you-safe-as-a-remote-worker/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Ransomware not covered by cyber insurance, cyberattacks may be impossible to insure without some changes, whatever happened to UEBA, 100,000 students have their data exposed, six tips for hiring cybersecurity talent, and my predictions for 2023. https://www.jurist.org/news/2022/12/ohio-supreme-court-says-insurance-policy-does-not-cover-ransomware-attack-on-software/ https://www.techspot.com/news/97118-cyberattacks-could-soon-become-impossible-insure.html https://www.darkreading.com/dr-tech/how-to-get-the-most-out-of-ueba? https://www.bitdefender.com/blog/hotforsecurity/renowned-education-platform-leaks-personal-data-of-100-000-students-online/ https://www.forbes.com/sites/forbestechcouncil/2022/12/22/six-ways-to-pivot-hiring-strategies-to-attract-cybersecurity-talent/?sh=2b3a54af742e --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
From September 6, 2022 - Donna Gallaher, President and CEO of New Oceans Enterprises, LLC, is a seasoned IT and information security pro providing virtual CISO and risk management services. She is a FAIR (Factor Analysis of Information Risk) evangelist and is passionate about growing the virtual CISO community, including serving on the Board of Directors for vCISO Catalyst, a Public Benefit Corporation supporting the improvement of cybersecurity programs of small and medium businesses. If you have never heard of FAIR or are interested in the virtual CISO field (or both), check out this episode! New Oceans Enterprises, LLC - https://www.newoceansenterprises.com/ --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
loading
Comments 
Download from Google Play
Download from App Store