Afleveringen
-
In episode 129 of Cybersecurity Where You Are, Sean Atkinson discusses best practices for embedding cybersecurity in project management. Here are some highlights from our episode:
01:34. Elements for connecting the dots between cybersecurity risk assessment and project risk assessment03:06. How our conceptualization of a project changes under a zero trust implementation04:02. What security may look like in a Waterfall vs. Agile approach to project management06:26. The importance of resources and stakeholders in managing any project08:34. Scope creep and other challenges of embedding cybersecurity in project management15:45. How continuous monitoring and other best practices can help us to overcome these hurdles25:30. How cybersecurity can inform projects involving generative artificial intelligenceResources
Episode 105: Context in Cyber Risk QuantificationQuantitative Risk Analysis: Its Importance and ImplicationsHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndHow to Construct a Sustainable GRC Program in 8 StepsEpisode 33: The Shift-Left of IoT Security to VendorsEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 128 of Cybersecurity Where You Are, Sean Atkinson is joined by Joshua Palsgraf, Senior Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they examine how cyber threat actors use cryptocurrency for financial fraud and how professionals like Joshua track this illicit activity. Here are some highlights from our episode:
01:35. What a data-driven approach to CTI looks like02:47. What makes cryptocurrency useful in the digital economy, including for financial fraud06:50. How cryptocurrency-related financial crime compares to traditional forms of fraud13:20. Examples of cryptocurrency theft and its use in facilitating ransomware attacks27:24. Tooling and forensic methods that are being used to track crypto fraud/scams31:40. The need to build awareness around financial crime in the digital economyResources
Episode 77: Data's Value to Decision-Making in Cybersecurity2023 Cryptocurrency Fraud Report Released2025 Crypto Crime Trends: Illicit Volumes Portend Record Year as On-Chain Crime Becomes Increasingly Diverse and ProfessionalizedSuspected Lazarus subgroup behind DMM crypto heistEpisode 126: A Day in the Life of a CTI AnalystCombatting RansomwareEpisode 124: The Many Layers of a Malware Takedown OperationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
Zijn er afleveringen die ontbreken?
-
In episode 127 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Scott Alldridge, President and CEO of IP Services and the IT Process Institute. Together, they use Scott's book, "Visible Ops Cybersecurity: Enhancing Your Cybersecurity Posture with Practical Guidance," to discuss how visible IT operations (Visible Ops) provide a foundation for cybersecurity. Here are some highlights from our episode:
01:31. How Visible Ops reflect an appreciation for the original config change release processes10:19. The limitations of treating security as a silo and "new toys" as security cure-alls15:23. How to embrace a dynamic view of visibility and configuration management24:50. The importance of leadership buy-in when shifting left to a security-first mindset27:10. What an effective change configuration management system looks like and how it changes people's view of IT30:20. Parting thoughts and where to find more of Scott's workResources
IT Process InstituteWhat is ITIL? Your guide to the IT Infrastructure LibraryCIS Critical Security Controls (CIS Controls) ResourcesAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsEpisode 44: A Zero Trust Framework Knows No EndWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 126 of Cybersecurity Where You Are, Sean Atkinson is joined by Casey Cannon, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they review what a regular day looks like for a CTI analyst. Here are some highlights from our episode:
01:46. How a service-oriented mindset factors into a CTI career03:55. What task prioritization looks like at the beginning of a CTI analyst's day06:50. How bedrock CTI principles and threat actor matrices help to counter information overload and filter out noise10:45. The value of an "eclectic" set of intelligence sources25:50. How the CIS CTI team works with the 24x7x365 CIS Security Operations Center (SOC), the Cyber Incident Response Team (CIRT), and others31:27. Advice for getting into CTI as a career pathResources
Episode 124: The Many Layers of a Malware Takedown OperationEpisode 62: Inside the 'Spidey Sense' of a PentesterCombatting RansomwareThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 125 of Cybersecurity Where You Are, Sean Atkinson is joined by Waldo Perez, Human Resources Support Specialist at the Center for Internet Security® (CIS®); and Penny Davis, Sr. Manager of Leadership Development at CIS. Together, they use the CIS Leadership Principles and other examples from CIS to understand how leadership influences and nurtures the organization's workplace culture.
Here are some highlights from our episode:
02:00. The human aspect in defining workplace culture03:55. How leadership principles directly shape company culture05:40. Key indicators of a strong company culture and one that can improve16:31. Examples where company culture has made an impact on a CIS employee's experience21:59. The importance of feedback in supporting positive cultural change25:41. How leadership training programs help employees to growResources
CIS CultureEpisode 115: Continuous Feedback as CIS Employee CultureThe Envelope, Please! The CIS 2024 President’s Award Goes to…Center for Internet Security Named Among 2024 Top WorkplacesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 124 of Cybersecurity Where You Are, Sean Atkinson is joined by Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they explore the many layers of a malware takedown operation.
Here are some highlights from our episode:
01:58. A high-level overview of what a malware takedown might involve04:11. Some of the key players who help to disrupt known malware infrastructure07:35. Which operational functionalities make malware infrastructure and tactics difficult to dismantle10:56. Jurisdictional and legal challenges of a takedown operation14:53. What goes into identifying malware networks and infected end-user devices20:47. The technical strategies used for disrupting malware24:13. How cyber threat actors respond differently to a takedown effortResources
Phobos Ransomware Affiliates Arrested in Coordinated International DisruptionQakbot Malware Disrupted in International Cyber TakedownEpisode 89: How Threat Actors Are Using GenAI as an EnablerRenew Your Ransomware Defense with CISA's Updated GuidanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 123 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Gina Chapman, Chief Operating Officer (COO) at the Center for Internet Security® (CIS®). Together, they use examples from CIS to identify elements of an operational playbook for making an impact in the cybersecurity industry.
Here are some highlights from our episode:
01:21. Business development and organizational change over the course of 12 years at CIS13:49. Change management and communication as means for preserving company culture23:08. The importance of context in developing an operational playbook for a business32:49. The use of operational understanding to create effective cybersecurity business modelsResources
Gina ChapmanCIS CultureCIS Leadership PrinciplesEpisode 82: How CIS Leadership Values Team Building EventsCybersecurity at Scale: Piercing the Fog of MoreCombatting RansomwareEpisode 68: Designing Cyber Defense as a Partnership EffortIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 122 of Cybersecurity Where You Are, Sean Atkinson is joined by Rian Davis, Associate Hybrid Threat Intelligence Analyst at the Center for Internet Security® (CIS®); and Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at CIS. Together, they discuss security and utility considerations surrounding the DeepSeek AI model.
Here are some highlights from our episode:
01:31. What enterprises and individuals can do before they start deploying foreign-developed, open-source large language models (LLMs)08:48. How DeepSeek fits into evolving adversarial tactics and techniques involving AI25:15. The impact on threat assessments and where we see controls built around AI31:45. Parting thoughts on approaching newer technologies like DeepSeekResources
DeepSeek hit by cyberattack as users flock to Chinese AI startupA 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House saysTikTok: Influence Ops, Data Practices Threaten U.S. SecurityWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat HistoryEpisode 89: How Threat Actors Are Using GenAI as an EnablerODNI Releases 2024 Annual Threat Assessment of the U.S. Intelligence CommunityThe Strava Heat Map and the End of SecretsMan who exploded Cybertruck in Las Vegas used ChatGPT in planning, police sayEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 121 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa. Together, they discuss the role of economics in cyber risk quantification and cybersecurity decision-making.
Here are some highlights from our episode:
01:55. How incentives, market failures, and other economic principles intersect with cybersecurity08:39. A model of translating shared information as a way to capture complexity in cybersecurity decision-making13:20. Pressing issues when making decisions about cybersecurity18:08. How to have enough confidence and a cyber risk quantification model that's useful23:45. How rigorous recommendations can help to match modeling and techniques like minimization29:23. The role of the Board in making cybersecurity decisions and how to speak its language34:57. Parting thoughts about risk quantification in cybersecurityResources
Episode 105: Context in Cyber Risk Quantification2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Community Defense Model 2.0FAIR: A Framework for Revolutionizing Your Risk AnalysisSociety of Information Risk AnalystsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 120 of Cybersecurity Where You Are, Sean Atkinson explores how contextual awareness of generative artificial intelligence (GenAI) deployment in the business creates a foundation for AI governance strategy.
Here are some highlights from our episode:
01:58. Why specificity is important when we use the term "AI" in the governance space04:10. Two AI distributions and how contextual function varies between them13:52. The importance of engagement and asking the right questions18:28. The role of lifecycle approaches and risk tolerance in understanding AI integration23:45. Navigating two common questions that arise when governing AIResources
Episode 116: AI-Enhanced Ransomware and Defending Against ItEU AI Act: first regulation on artificial intelligenceAI Risk Management FrameworkIAPP AI Governance CenterHow to Construct a Sustainable GRC Program in 8 StepsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 119 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®). Together, they discuss the importance and provide examples of multidimensional threat defense as a means of securing large events.
Here are some highlights from our episode:
01:42. An overview of the multidimensional threat landscape from 2024 going into 202507:00. The shift to multidimensional threat analysis in crisis management10:52. The importance of a sustainable, actionable approach to addressing today's threats16:10. How CIS is working to help organizations build safety against multidimensional threats, including at large eventsResources
2024 Election Threat LandscapeElection Security Spotlight — Prep for Election DisruptionsEpisode 93: Building Public Resilience in a Connected WorldThreatWA™Countering Multidimensional Threats: Lessons Learned from the 2024 ElectionIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 118 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Smith, Security Architect for BP and Instructor at the SANS Institute. Together, they review the state of post-quantum cryptography as well as share recommendations for how organizations and individuals can prepare to move into the post-quantum era.
Here are some highlights from our episode:
02:55. What post-quantum cryptography is and why we need to pay attention04:11. The impact of a cryptographically relevant quantum computer on symmetric vs. asymmetric cryptography08:58. How media attention contributes to preparedness from an infrastructure perspective14:30. The importance of a cryptography bill of materials (CBOM)21:58. How organizations can prepare against quantum-enabled cyber attacks29:05. How individuals need to understand quantum infrastructure in order to protect it32:24. Optimism for the future of post-quantum cryptographyResources
Episode 48: 3 Trends to Watch in the Cybersecurity IndustryPost Quantum Cryptography by Attack Detect Defend (rot169)NIST Releases First 3 Finalized Post-Quantum Encryption StandardsEpisode 75: How GenAI Continues to Reshape CybersecurityInternet of Things: Embedded Security GuidanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 117 of Cybersecurity Where You Are, Sean Atkinson reflects on the 2025 cybersecurity predictions of 12 experts at the Center for Internet Security® (CIS®), as shared on the CIS website.
Here are some highlights from our episode:
01:40. Artificial intelligence (AI) as a means for crafting higher quality phishing emails04:24. Zero trust with identity as a catalyst in 202507:55. A governance focus for K-12 school districts12:37. Secure by design as part of the DNA of IT departments14:22. The need for continuous patching with Internet of Things (IoT) devices15:27. Training and adherence to basic cybersecurity practices as ongoing emphases17:15. Consolidation from an operations perspective20:40. The integration of AI into business operations24:07. The socio-political impacts of emerging technologies on multidimensional threats26:46. Growing attention on cloud security and data location29:13. Cybercriminal markets and Phishing as a Service models32:16. The benefit of AI to organizationsResources
Episode 75: How GenAI Continues to Reshape CybersecurityAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsHow to Deter Multidimensional Threats in the Connected WorldEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 44: A Zero Trust Framework Knows No EndEpisode 107: Continuous Improvement via Secure by DesignEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 95: AI Augmentation and Its Impact on Cyber DefenseWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 110: How Security Culture and Corporate Culture MeshEpisode 99: How Cyber-Informed Engineering Builds ResilienceEpisode 87: Marking 11 Years as a Verizon DBIR ContributorIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 116 of Cybersecurity Where You Are, Sean Atkinson discusses the threat of AI-enhanced ransomware along with the use of generative artificial intelligence (GenAI) to defend against it.
Here are some highlights from our episode:
02:10. How AI in the cybersecurity space has advanced over the past few years05:12. Why cybercriminals are incorporating artificial intelligence into their attacks19:24. The application of AI in various stages of a ransomware attack26:10. How AI can inform different aspects of a ransomware defense strategyResources
Episode 89: How Threat Actors Are Using GenAI as an EnablerEpisode 95: AI Augmentation and Its Impact on Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndThe State of Ransomware 2024Ransomware: The Data Exfiltration and Double Extortion TrendsEpisode 113: Cyber Risk Prioritization as Ransomware DefenseSecurity Chaos Engineering: Sustaining Resilience in Software and SystemsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 115 of Cybersecurity Where You Are, Sean Atkinson is joined by Carolyn Comer, Chief Human Resources Officer at the Center for Internet Security® (CIS®); Heidi Gonzalez, Sr. Employee Experience Specialist at CIS; and Jennifer Myers, Sr. Director of Learning and Development at CIS. With an in-person holiday open house and office party as their backdrop, they celebrate the continuous feedback that sustains and grows the employee culture at CIS.
Here are some highlights from our episode:
02:35. How the holiday open house and office party celebrate CIS employee culture04:11. How the workforce culture at CIS has changed over time07:57. What types of employee feedback CIS obtains after in-person events09:33. How in-person interactions guide a continuous learning program for CIS employees10:55. How events such as the holiday open house and office party continue to evolve16:48. Why CIS has been so successful in helping employees to navigate remote work20:04. The impact of an engaged Board of Directors on workplace culture21:40. Celebrations and upcoming plans for culture and learning at CISResources
Episode 83: Why Meeting in Person Matters to CIS EmployeesEpisode 58: Inside CIS's Award-Winning Workplace CultureCenter for Internet Security Named Among 2024 Best Companies to Work for in New YorkCenter for Internet Security Named Among 2024 Top WorkplacesIDEA AllianceCIS CaresEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 114 of Cybersecurity Where You Are, Tony Sager is joined by three past and current Board Chairs of the Center for Internet Security® (CIS®): Frank Reeder, CIS Director Emeritus and Founding Chair as well as Director of the National Cybersecurity Scholarship Foundation; John Gilligan, President and Chief Executive Officer of CIS; and Bobbie Stempfley, CIS Board Chair and Business Security Officer of the Infrastructure Solutions Group at Dell Technologies. Together, they reflect on 25 years of CIS building community in the cybersecurity space.
Here are some highlights from our episode:
07:04. Perception of the problem that led to the idea of CIS10:18. The value of building community outside of government17:31. A sustainable and powerful business model for CIS21:28. John's priorities during his transition from Board Chair to CEO34:38. What CIS will focus on next39:00. Parting thoughts for the futureResources
Episode 35: Remembering the Late Alan PallerEpisode 97: How Far We've Come preceding CIS's 25th BirthdayEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 76: The Role of Thought Leadership in CybersecurityEpisode 58: Inside CIS's Award-Winning Workplace CultureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 113 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security® (CIS®); Adam Bobrow, Co-Founder and President of Veribo Analytics; and Sridevi Joshi, Co-Founder and CEO of Veribo Analytics. Together, they discuss how the Business Impact Analysis tool created by CIS and Veribo Analytics empowers individuals and organizations to use cyber risk prioritization as a basis for their ransomware defense strategy.
Here are some highlights from our episode:
04:35. Background on the impetus for the tool's development07:57. How our understanding of cybersecurity risk differs from other areas of risk12:21. Insight into Sridevi's learning process about cyber risk prioritization as a technologist18:23. How the development process of the Business Impact Analysis tool got underway21:05. What went into the process of translating the goal into tooling31:34. Reflections on the tool's reception and what's nextResources
CIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0CIS Controls Self Assessment Tool (CIS CSAT)SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies4.3 Establish a Bureau of Cyber StatisticsFAIR: A Framework for Revolutionizing Your Risk AnalysisReasonable CybersecurityHow to Measure Anything in CybersecurityEpisode 107: Continuous Improvement via Secure by DesignEpisode 105: Context in Cyber Risk QuantificationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 112 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Rob T. Lee, Chief of Research and Head of Faculty at SANS Institute. Together, they discuss how SANS Institute applies an operational or "do" model of leadership to gather expertise, build shared purpose, and foster action on evolving cybersecurity trends.
Here are some highlights from our episode:
05:47. How Rob ended up teaching at SANS Institute08:49. Rob's first experience meeting and working with the late Alan Paller12:07. How Rob's responsibility at SANS Institute has expanded20:02. Key cybersecurity trends on Rob's agenda as Chief of Research23:52. The need to refine our understanding of AI based on its different applications36:28. Guidance for the 47th U.S. Presidential AdministrationResources
Episode 35: Remembering the Late Alan PallerThe Cyber Security Hall of Fame Announces 2024 HonoreesEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 75: How GenAI Continues to Reshape CybersecurityCrowdStrike Falcon Outage Exploited for Social EngineeringWhy Whole-of-State Cybersecurity Is the Way ForwardFrom Both Sides: A Parental Guide to Protecting Your Child's Online ActivityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 111 of Cybersecurity Where You Are, Tony Sager is joined by Rick Howard, N2K Chief Security Officer and the Chief Analyst and Senior Fellow at The Cyberwire. Together, they discuss a first principle of cybersecurity proposed by Rick in his book, Cybersecurity First Principles: A Reboot of Strategy and Tactics.
Here are some highlights from our episode:
04:30. What drove the need to formulate a foundational cybersecurity assumption07:44. How other "first" principles of cybersecurity have failed14:13. The three elements of Rick's first principle of cybersecurity25:55. How to derive action and improvements from Rick's first principle40:34. Tips on getting started with a risk forecasting strategyResources
Episode 105: Context in Cyber Risk QuantificationFAIR: A Framework for Revolutionizing Your Risk AnalysisElection Security Spotlight – CIA TriadEpisode 44: A Zero Trust Framework Knows No EndExecutive Order on Improving the Nation’s CybersecurityCybersecurity CanonSuperforecasting: The Art and Science of PredictionHow to Measure Anything in Cybersecurity RiskIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
-
In episode 110 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Lee Noriega, Executive Director of the Cybersecurity Services Organization and Acting General Manager of Sales and Business Services at the Center for Internet Security® (CIS®); and Jerry Gitchel, founder of Leverage Unlimited and listener to Cybersecurity Where You Are. Together, they examine a question sent in by Jerry: if a corporate culture is lacking, can a security culture exist?
Here are some highlights from our episode:
01:33. What security culture is and how it differs from corporate culture05:30. What elements factor into a strategy to drive corporate culture09:30. The importance of a feedback loop for culture15:43. How to cultivate "institutional ownership" in an organization's workforce19:03. What goes into fostering security consciousness in support of security champions25:14. The challenges of engaging corporate culture to think about security culture29:13. Examples and takeaways for listenersResources
Why Employee Cybersecurity Awareness Training Is ImportantEpisode 107: Continuous Improvement via Secure by DesignSeth Godin | Why People Like Us Do ThisThe Cuckoo's Egg: Tracking a Spy Through the Maze of Computer EspionageIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
- Laat meer zien
