Cybersecurity Where You Are – Details, episodes & analysis

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.

Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.

Here are some highlights from our episode:

• 01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments
• 05:08. Why have organizations look at their Active Directory environments
• 11:15. Common vulnerabilities and misconfigurations identified by Bloodhound
• 21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy
• 29:18. How Bloodhound is adapting to keep up with evolving Active Directory environments

Resources

• Bloodhound Community Edition
• Episode 62: Inside the 'Spidey Sense' of a Pentester
• What You Need to Know About Hybrid Cloud Environments
• Vulnerability Management Policy Template for CIS Control 7
• CIS Benchmarks List

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 99 of Cybersecurity Where You Are, Sean Atkinson is joined by Marcus Sachs, SVP and Chief Engineer at the Center for Internet Security® (CIS®).

Together, they discuss how cyber-informed engineering builds resilience to the potential failure of a digital system into new and existing engineering products.

Here are some highlights from our episode:

• 03:51. What cyber-informed engineering is and how this paradigm has emerged
• 11:39. What CIS is doing to emphasize cyber-informed engineering among U.S. State, Local, Tribal, and Territorial (SLTT) government organizations
• 16:25. Why resilience requires everyone to be "cyber-informed"
• 20:50. The need for boards of directors and C-Suite leaders to understand cybersecurity risk
• 25:30. What preparations help to lay the foundation for cyber-informed engineering

Resources

• Cyber-Informed Engineering
• National Cyber-Informed Engineering Strategy
• Cyber-Informed Engineering Implementation Guide
• Episode 75: How GenAI Continues to Reshape Cybersecurity
• Smart Cities Need Smarter Security

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 90 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests:

• Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
• Mia LaVada, Product Manager of CIS Benchmarks and Cloud at CIS
• Don Freeley, VP of IT Services at CIS

Together, they discuss how you can use CIS resources to ensure control continuity when migrating to the cloud.

Here are some highlights from our episode:

• 01:35. The biggest drivers for why organizations are moving to the cloud
• 02:42. Foundational factors to consider as part of your cloud migration
• 07:24. Resources from CIS designed to help you in your transition to the cloud
• 11:00. Common challenges of migrating to the cloud
• 14:37. The importance of three CIS Controls to your cloud security program
• 18:35. The value of partnerships and community in driving cloud security improvements
• 19:32. How you can use the CIS Foundations Benchmarks to get started in the cloud
• 23:06. Inside the human and process side of moving to the cloud

Resources

• Follow Charity, Mia, and Don on LinkedIn
• Keep the Cloud Secure with CIS after Migrating to the Cloud
• Cloud Security
• CIS Software Supply Chain Security Guide
• Cloud Security and the Shared Responsibility Model

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 89 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by the following guests:

• Rian Davis, Elections Cyber Threat Intelligence Intern at the Center for Internet Security® (CIS®)

• Timothy Davis, Sr. Elections Cyber Threat Intelligence Analyst at CIS

Together, they discuss how cyber threat actors (CTAs) are using generative artificial intelligence (GenAI) as an enabler of their attacks.

Here are some highlights from our episode:

• 01:04. Why it's important to raise awareness of how CTAs are using GenAI
• 01:59. How the CIS Cyber Threat Intelligence (CTI) team is seeing generative AI in CTAs' attack methodology
• 03:50. The types of attacks that are using this technology and how the frequency of those attacks is changing
• 05:46. Some notable attacks that have used GenAI in their methodology
• 16:10. The ways in which CTAs are incorporating generative AI into social engineering
• 24:17. What defenders can do in response to CTAs' use of GenAI

Resources

• An Examination of How Cyber Threat Actors Can Leverage Generative AI Platforms
• Episode 56: Cybersecurity Risks and Rewards of LLMs
• Election Security Spotlight – Generative AI and Elections
• MS-ISAC Security Primer – Spear Phishing
• Why Employee Cybersecurity Awareness Training Is Important

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 88 of Cybersecurity Where You Are, co-host Sean Atkinson discusses the evolving role of a chief information security officer (CISO).

Here are some highlights from our episode:

• 02:47. Why communication is a core competency for CISOs
• 08:35. How to take a balanced approach when evaluating an organization's implementation of artificial intelligence (AI) and machine learning (ML)
• 11:47. The role a CISO plays in integrating privacy requirements into the organization
• 15:35. Thoughts on how you can start preparing for or moving into a CISO position
• 19:12. A future outlook of the CISO role
• 26:40. Average longevity of CISOs in their roles and how this affects a security posture

Resources

• Episode 75: How GenAI Continues to Reshape Cybersecurity
• Reasonable Cybersecurity Guide
• Episode 74: The Nexus of Cybersecurity & Privacy Legislation
• CIS Critical Security Controls® (CIS Controls®)
• Cybersecurity at Scale: Piercing the Fog of More
• CIS Software Supply Chain Security Guide

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:

• Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
• Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)
• Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CIS

Together, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.

Here are some highlights from our episode:

• 02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR
• 07.27. The two types of data that Verizon uses as input for its report
• 13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement
• 24:48. A glimpse at what goes into producing the DBIR
• 28.33. The importance of leadership in guiding team dynamics and fun
• 32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR team

Resources

• 2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your Organization
• CIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report
• 2024 Data Breach Investigations Report
• The VERIS Framework
• CIS Community Defense Model 2.0

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 86 of Cybersecurity Where You Are, co-host Sean Atkinson is live once again from Booth 4319 at RSA Conference (RSAC) 2024. 

00:57. Sean chats with Mat Everman, Information Security Operations Manager, about his talk, "Shades of Purple: Getting Started and Making Purple Teaming Possible." They discuss some of the questions Mat received following his talk and how they can put purple teaming into practice at the Center for Internet Security® (CIS®).

Sean asks passersby what they're looking to get out of RSAC 2024 and what stood out to them at the conference.

• 13:56. José Mena, Founder of Digital Twin Networks
• 20:34. Jonathan Kern, CEO of Castile Defense
• 25:42. Ken Klestinec, Regional Sales Manager at Akamai

Finally, Sean talks to fellow team members about CIS's objective for RSAC 2024.

• 18:10. Aaron Perkins, Director of Communications
• 23:25. Nick Rust, Director of Reseller & Channel Partners
• 27:04. Jeff Sparks, CIS Services Sr. Account Executive
• 28:08. Mia LaVada, Product Manager of CIS Benchmarks and Cloud
• 30:01. Mishal Makshood, Sr. Cloud Security Account Executive

Resources

• Episode 85: Reenergizing Collective Action at RSAC 2024
• Episode 75: How GenAI Continues to Reshape Cybersecurity
• How to Construct a Sustainable GRC Program in 8 Steps
• Tabletop Exercises (TTX)
• CIS Critical Security Controls
• CIS Benchmarks

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 85 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are live from Booth 4319 at RSA Conference (RSAC) 2024. Together, they discuss how events like RSAC 2024 reenergize collective action in the cybersecurity industry. They begin by noting how resources such as the CIS Community Defense Model (CDM) bring more data and transparency to security recommendations for the cybersecurity industry. They then look back on some of Tony's presentations at prior years of RSAC before looking at the interest surrounding supply chain security, zero trust, and artificial intelligence (AI). To address these developments, organizations must create a foundation for defense and scale rapid improvements, needs which Tony and Sean see as opportunities for collective action in the industry.

Resources

• From Attacks to Action: An Open Community Model to Drive Defensive Choices
• The "Fog of More" - A CyberSecurity Community Challenge
• CIS Community Defense Model 2.0
• Episode 77: Data's Value to Decision-Making in Cybersecurity
• Foundational Security for Your Software Supply Chain
• Episode 44: A Zero Trust Framework Knows No End
• CIS Critical Security Controls Implementation Groups
• Episode 75: How GenAI Continues to Reshape Cybersecurity

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 84 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss the notion of reasonable cybersecurity. They begin by providing some background about reasonableness in cybersecurity and identifying the problem we need to solve — namely, the lack of a definition of reasonableness around which organizations can build their cybersecurity program. They then discuss how a definition for reasonable cybersecurity needs to include security best practices that are doable. They conclude by exploring how CIS's work around this topic may influence its content development going forward.

Resources

• Follow Brian and Phyllis on LinkedIn
• Reasonable Cybersecurity Guide
• Reasonable Cybersecurity
• CIS Critical Security Controls
• CIS Critical Security Controls Implementation Groups
• CIS Community Defense Model 2.0

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 83 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by nearly 20 employees at the Center for Internet Security® (CIS®). Together, they discuss the value of meeting in person to CIS workplace culture. With the company's 2024 Annual Full Staff Meeting in Orlando, FL, as their backdrop, they explore how personal relationships create a foundation for building effective teams, more agile workflows, and a sustainable sense of engagement and motivation at CIS. Along the way, they reflect on how much the company has changed since before the pandemic.

Resources

• Episode 82: How CIS Leadership Values Team Building Events
• Episode 58: Inside CIS's Award-Winning Workplace Culture
• Center for Internet Security Named Among 2024 Top Workplaces

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.