Navigating NIST CSF 2.0: Guide to Frameworks and Governance
Description
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising.
Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs.
Guest Socials: Lukasz's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security BootCamp
Questions asked:
(00:00 ) Introduction
(03:00 ) A bit about Lukasz
(04:32 ) Security Challenges for Tech First advertising company
(05:16 ) Security Challenges for Retail Industry
(06:00 ) Difference between the two industries
(07:01 ) Best way to build Cybersecurity Program
(09:44 ) NIST CSF 2.0
(13:02 ) Why go with a framework?
(16:26 ) Which framework to start with for your cybersecurity program?
(18:33 ) Technical CISO vs Non Technical CISO
(25:37 ) The Fun Section
Resources spoken about during the interview:
Mapping between the frameworks
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight
Verizon Data Breach Investigations Report (DBIR)
United States
