Back

Explore every episode of the podcast Cybersecurity Where You Are

Dive into the complete episode list for Cybersecurity Where You Are. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 100

TitlePub. DateDuration
Episode 101: Visualizing Attack Paths in Active Directory18 Sep 202400:34:14

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.

Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.

Here are some highlights from our episode:

  • 01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments
  • 05:08. Why have organizations look at their Active Directory environments
  • 11:15. Common vulnerabilities and misconfigurations identified by Bloodhound
  • 21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy
  • 29:18. How Bloodhound is adapting to keep up with evolving Active Directory environments

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 99: How Cyber-Informed Engineering Builds Resilience04 Sep 202400:34:23

In episode 99 of Cybersecurity Where You Are, Sean Atkinson is joined by Marcus Sachs, SVP and Chief Engineer at the Center for Internet Security® (CIS®).

Together, they discuss how cyber-informed engineering builds resilience to the potential failure of a digital system into new and existing engineering products.

Here are some highlights from our episode:

  • 03:51. What cyber-informed engineering is and how this paradigm has emerged
  • 11:39. What CIS is doing to emphasize cyber-informed engineering among U.S. State, Local, Tribal, and Territorial (SLTT) government organizations
  • 16:25. Why resilience requires everyone to be "cyber-informed"
  • 20:50. The need for boards of directors and C-Suite leaders to understand cybersecurity risk
  • 25:30. What preparations help to lay the foundation for cyber-informed engineering

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 90: Migrating to the Cloud with Control Continuity03 Jul 202400:31:05

In episode 90 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests:

  • Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
  • Mia LaVada, Product Manager of CIS Benchmarks and Cloud at CIS
  • Don Freeley, VP of IT Services at CIS

Together, they discuss how you can use CIS resources to ensure control continuity when migrating to the cloud.

Here are some highlights from our episode:

  • 01:35. The biggest drivers for why organizations are moving to the cloud
  • 02:42. Foundational factors to consider as part of your cloud migration
  • 07:24. Resources from CIS designed to help you in your transition to the cloud
  • 11:00. Common challenges of migrating to the cloud
  • 14:37. The importance of three CIS Controls to your cloud security program
  • 18:35. The value of partnerships and community in driving cloud security improvements
  • 19:32. How you can use the CIS Foundations Benchmarks to get started in the cloud
  • 23:06. Inside the human and process side of moving to the cloud

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 89: How Threat Actors Are Using GenAI as an Enabler26 Jun 202400:31:17

In episode 89 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by the following guests:

  • Rian Davis, Elections Cyber Threat Intelligence Intern at the Center for Internet Security® (CIS®)
  • Timothy Davis, Sr. Elections Cyber Threat Intelligence Analyst at CIS

Together, they discuss how cyber threat actors (CTAs) are using generative artificial intelligence (GenAI) as an enabler of their attacks.

Here are some highlights from our episode:

  • 01:04. Why it's important to raise awareness of how CTAs are using GenAI
  • 01:59. How the CIS Cyber Threat Intelligence (CTI) team is seeing generative AI in CTAs' attack methodology
  • 03:50. The types of attacks that are using this technology and how the frequency of those attacks is changing
  • 05:46. Some notable attacks that have used GenAI in their methodology
  • 16:10. The ways in which CTAs are incorporating generative AI into social engineering
  • 24:17. What defenders can do in response to CTAs' use of GenAI

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 88: The Evolution of the Role of a CISO19 Jun 202400:30:02

In episode 88 of Cybersecurity Where You Are, co-host Sean Atkinson discusses the evolving role of a chief information security officer (CISO).

Here are some highlights from our episode:

  • 02:47. Why communication is a core competency for CISOs
  • 08:35. How to take a balanced approach when evaluating an organization's implementation of artificial intelligence (AI) and machine learning (ML)
  • 11:47. The role a CISO plays in integrating privacy requirements into the organization
  • 15:35. Thoughts on how you can start preparing for or moving into a CISO position
  • 19:12. A future outlook of the CISO role
  • 26:40. Average longevity of CISOs in their roles and how this affects a security posture

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 87: Marking 11 Years as a Verizon DBIR Contributor05 Jun 202400:38:41

In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:

  • Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)
  • Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)
  • Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CIS

Together, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.

Here are some highlights from our episode:

  • 02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR
  • 07.27. The two types of data that Verizon uses as input for its report
  • 13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement
  • 24:48. A glimpse at what goes into producing the DBIR
  • 28.33. The importance of leadership in guiding team dynamics and fun
  • 32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR team

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 86 Evangelizing CIS's Message at RSAC 202429 May 202400:34:07

In episode 86 of Cybersecurity Where You Are, co-host Sean Atkinson is live once again from Booth 4319 at RSA Conference (RSAC) 2024. 

00:57. Sean chats with Mat Everman, Information Security Operations Manager, about his talk, "Shades of Purple: Getting Started and Making Purple Teaming Possible." They discuss some of the questions Mat received following his talk and how they can put purple teaming into practice at the Center for Internet Security® (CIS®).

Sean asks passersby what they're looking to get out of RSAC 2024 and what stood out to them at the conference.

  • 13:56. José Mena, Founder of Digital Twin Networks
  • 20:34. Jonathan Kern, CEO of Castile Defense
  • 25:42. Ken Klestinec, Regional Sales Manager at Akamai

Finally, Sean talks to fellow team members about CIS's objective for RSAC 2024.

  • 18:10. Aaron Perkins, Director of Communications
  • 23:25. Nick Rust, Director of Reseller & Channel Partners
  • 27:04. Jeff Sparks, CIS Services Sr. Account Executive
  • 28:08. Mia LaVada, Product Manager of CIS Benchmarks and Cloud
  • 30:01. Mishal Makshood, Sr. Cloud Security Account Executive

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 85: Reenergizing Collective Action at RSAC 202422 May 202400:50:51

In episode 85 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are live from Booth 4319 at RSA Conference (RSAC) 2024. Together, they discuss how events like RSAC 2024 reenergize collective action in the cybersecurity industry. They begin by noting how resources such as the CIS Community Defense Model (CDM) bring more data and transparency to security recommendations for the cybersecurity industry. They then look back on some of Tony's presentations at prior years of RSAC before looking at the interest surrounding supply chain security, zero trust, and artificial intelligence (AI). To address these developments, organizations must create a foundation for defense and scale rapid improvements, needs which Tony and Sean see as opportunities for collective action in the industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 84: Why We Need to Define Reasonable Cybersecurity15 May 202400:40:08

In episode 84 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss the notion of reasonable cybersecurity. They begin by providing some background about reasonableness in cybersecurity and identifying the problem we need to solve — namely, the lack of a definition of reasonableness around which organizations can build their cybersecurity program. They then discuss how a definition for reasonable cybersecurity needs to include security best practices that are doable. They conclude by exploring how CIS's work around this topic may influence its content development going forward.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 83: Why Meeting in Person Matters to CIS Employees01 May 202400:29:46

In episode 83 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by nearly 20 employees at the Center for Internet Security® (CIS®). Together, they discuss the value of meeting in person to CIS workplace culture. With the company's 2024 Annual Full Staff Meeting in Orlando, FL, as their backdrop, they explore how personal relationships create a foundation for building effective teams, more agile workflows, and a sustainable sense of engagement and motivation at CIS. Along the way, they reflect on how much the company has changed since before the pandemic.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 82: How CIS Leadership Values Team Building Events24 Apr 202400:22:54

In episode 82 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Gilligan, President and CEO at the Center for Internet Security® (CIS®); and Gina Chapman, Chief Operating Officer at CIS. Together, they discuss the importance of in-person team building events. They use the pandemic as a frame to understand how events such as the 2024 Annual Full Staff Meeting preserve and cultivate CIS's workplace culture. They also look to other ongoing initiatives at the company, such as CIS Cares and the IDEA Alliance, as efforts to sustain employee engagement both in person and virtually.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 81: Exploring IAM for Identity Management Day 202410 Apr 202400:31:03

In episode 81 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Daniel McIntyre, Identity and Access Management (IAM) Manager at the Center for Internet Security® (CIS®). Together, they acknowledge Identity Management Day 2024 with a discussion of IAM. They begin by looking at how IAM as a concept has changed over the years. They then explore current challenges in the modern environment and strategies for IAM to keep up with emerging threats. After emphasizing the importance of training in an effective IAM program, they conclude their conversation by sharing best practices for getting started in IAM and cybersecurity more broadly.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 98: Transparency as a Tool to Combat Insider Threats28 Aug 202400:35:50

In episode 98 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.

Together, they embrace transparency as a vehicle for the cybersecurity industry to better defend against insider threats.

Here are some highlights from our episode:

  • 01:28. How KnowBe4 detected an insider threat from North Korea
  • 09:09. How the Center for Internet Security® (CIS®) responded to news of this incident
  • 21:02. The role of technical controls in detecting these types of threats
  • 23:56. Common signs you can use to detect fake employees in your hiring process
  • 29:22. How cybersecurity companies can use this incident to improve their defenses

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 80: Advancing Common Good in Cybersecurity – Part 203 Apr 202400:29:00

In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber. Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation by looking to the future of Common Good Cyber and explaining how you can get involved. 

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 79: Advancing Common Good in Cybersecurity – Part 127 Mar 202400:29:38

In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to internet technology. Both agree that common good efforts must include more than just money to produce meaningful change in the cybersecurity industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 78: Conductors of Risk Building Harmony in Ambiguity13 Mar 202400:34:58

In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize practices and controls that help enhance coverage and efficacy of things that need to be done. Together, the three discuss the hurdles of harmonizing teams to determine acceptable risk in the cybersecurity ecosystem.

Resources:

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 77: How to Use Data to Make Cybersecurity Decisions28 Feb 202400:49:54

In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection is the enemy of the good" as its paradigm. When we understand the data with which we can work, we can frame the information in a way to strengthen the cybersecurity posture of our respective organizations.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 76: The Role of Thought Leadership in Cybersecurity16 Feb 202400:45:36

In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice on how individuals, especially senior leaders, can get started with thought leadership.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 75: How GenAI Continues to Reshape Cybersecurity02 Feb 202400:51:30

In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting the verification challenge of GenAI.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 74: The Nexus of Cybersecurity & Privacy Legislation19 Jan 202400:47:24

In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing how the privacy laws passed by U.S. states over the past several years all include a cybersecurity element – namely, the effort to implement "reasonable" cybersecurity around protecting consumers' data. They then look to the future and consider how the laws will lead to regulations and, in turn, enforcement actions that will help raise our understanding of consumer privacy rights and how they can be defended.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 73: A YIR for Our 2023 Cybersecurity Predictions05 Jan 202400:55:21

In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, "Our Experts' Top Cybersecurity Predictions for 2023." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the Center for Internet Security® (CIS®) contributed their thoughts.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 72: Cybersecurity in Education as a Balancing Act22 Dec 202301:07:30

In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those recordings to reflect on IT operational challenges and the need to balance different interests in education organizations, including K-12 schools and higher education institutions. They also highlight commonalities that present not only opportunities for collaboration in the education sector but also instances where CIS can help advance cybersecurity in education through the content it produces.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 71: Advancing K-12 Cybersecurity Through Community08 Dec 202300:51:12

In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of Integrated Technology Services for the San Diego County Office of Education.

Together, they discuss how our publication, "K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year," facilitates better decision-making around K-12 cybersecurity. They begin by considering some common cybersecurity challenges for K-12 organizations, most notably a lack of funding and skilled personnel. From there, they reflect on how entities in this sector have grown their cybersecurity maturity despite those obstacles over the past few years. Their conversation ends with guidance for getting started with a K-12 cybersecurity program.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 97: How Far We've Come preceding CIS's 25th Birthday21 Aug 202400:51:00

In episode 97 of Cybersecurity Where You Are, Tony Sager is joined by the following guests:

  • Dr. Ramon Barquin, Board Member at the Center for Internet Security® (CIS®) and President and Chief Executive Officer at Barquin International
  • Franklin Reeder, Director Emeritus and Founding Chair of CIS as well as Director of the National Cybersecurity Scholarship Foundation
  • Clint Kreitner, Founding President/CEO and Former Board Member at CIS

Together, they look back at how much CIS has accomplished as an organization in the leadup to its 25th birthday.

Here are some highlights from our episode:

  • 06:04. What brought everyone to CIS's founding meeting at the Cosmos Club
  • 16:08. The first steps to operationalizing the takeaways of the Cosmos Club meeting
  • 25:40. How CIS's business model came to be
  • 34:24. The events that brought the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) into CIS
  • 42:42. Tracing the past forward to where we are now

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 70: How the Media Molds Public Perception of Infosec22 Nov 202300:46:20

In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the language that the media uses to report on cybersecurity affects its ability to build trust with the public. Their conversation ends by reviewing tips for how members of the public can find trustworthy media channels in the infosec space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 69: How the NCSR Assessment Sows SLTT Cyber Maturity09 Nov 202300:35:13

In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned by SLTTs through participating in the NCSR, the steps to getting involved with the program, as well as the resources from CIS and the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISACs) that a participant can use to strengthen their cyber maturity.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 68: Designing Cyber Defense as a Partnership Effort27 Oct 202300:46:27

In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires partnership activity. They observe that cybersecurity companies like CIS and CrowdStrike must continue to work together, and they highlight the importance of working with customers directly to identify new angles, new challenges, and new ways of providing help.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 67: Seizing the Moment after a Cybersecurity Audit13 Oct 202300:40:50

In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might consider responding to certain audit findings within your organization. Throughout the entire episode, they cite the importance of using business context to determine your priorities and a way for achieving them.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 66: How RABET-V Verifies Non-Voting Election Tech06 Oct 202300:42:06

In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic testing approach for these technologies. From there, they explain how RABET-V differs from traditional testing methodologies by verifying non-voting election systems using a three-pronged approach. They conclude by sharing their ongoing work to improve RABET-V.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 65: Making Cyber Risk Analysis Practical with QRA29 Sep 202300:39:12

In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the challenges of getting started. Their conversation then gets into how the CIS Board of Directors, specifically the Risk Committee, is using different methods of QRA to achieve CIS's business goals and objectives.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 64: Defining Your Data Management Standards15 Sep 202300:26:10

In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 63: Building Capability and Integration with SBOMs01 Sep 202300:37:37

In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 62: Inside the 'Spidey Sense' of a Pentester18 Aug 202300:49:19

In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 61: Overcoming Pre-Audit Scaries Through Governance04 Aug 202300:48:14

In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 96: Making Continuous Compliance Actionable for SMBs14 Aug 202400:43:09

In episode 96 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Tarah Wheeler, CEO of Red Queen Dynamics.

Together, they discuss ongoing efforts to translate continuous compliance into something actionable for small- to medium-sized businesses (SMBs).

Here are some highlights from our episode:

  • 03:11. The philosophy behind a business model focused on continuous compliance for SMBs
  • 17:44. How the Fog of More complicates security and compliance for the "cyber-underserved"
  • 30:56. How the industry can navigate the multiple-framework issue and streamline compliance

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 60: Guiding Vendors to IoT Security by Design21 Jul 202300:39:46

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 59: Probing the Modern Role of the Pentest07 Jul 202300:55:20

In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests excel when they prioritize education using a process of feedback. During the course of the conversation, Sean and Ed draw upon their years of collaboration to explain what this process can look like. They conclude by providing advice on how less mature organizations can get value from a penetration test.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 58: Inside CIS's Award-Winning Workplace Culture23 Jun 202300:34:54

In episode 58 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by more than a dozen Center for Internet Security (CIS) employees during the company's 2023 Full Staff Meeting at the Sagamore Resort. Together, they discuss the collaborative nature of CIS's award-winning workplace culture. Using the Full Staff Meeting as a lens, each employee reflects on the importance of an annual in-person meeting for all employees. Their responses highlight how colleagues, teams, and business units alike focus on building relationships. Doing so empowers CIS to engage with partners, members, and the cybersecurity community writ large as a cohesive whole.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 57: Celebrating the 20th Anniversary of the MS-ISAC!09 Jun 202301:24:10

In episode 57 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests: William Pelgrin, Founder and Former Chair of the MS-ISAC; Thomas Duffy, Former Senior VP Of Operations and Services at the MS-ISAC; and Karen Sorady, VP of MS-ISAC Stakeholder Engagement Division. Together, they celebrate the 20th anniversary of the Multi-State Information Sharing and Analysis Center (MS-ISAC). They look back on the past two decades and reminisce on pivotal moments in the MS-ISAC's history, including when it became a division of the Center for Internet Security (CIS). After discussing how much it's grown in that time, they turn their eyes to the future and explore the MS-ISAC's plans to continue to serve its membership.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 56: Cybersecurity Risks and Rewards of LLMs26 May 202300:50:39

In episode 56 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Dr. Paulo Shakarian, Associate Professor at the School of Computing, Informatics, and Decision Systems Engineering (CIDSE) at Arizona State University. Together, they discuss the cybersecurity implications of large language models (LLMs) like ChatGPT-3. They first look back on how deep learning has enabled machine learning (ML) and artificial intelligence (AI) to reach new levels of accuracy. Next, they discuss how ChatGPT-3 and other new AI models, which are designed to mimic human language, may have inaccuracies. This possibility opens up new vulnerabilities, such as the ability to scale information operations, along with new challenges from a cybersecurity perspective. They conclude by sharing their thoughts about the future of the AI and LLM space.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 55: Live at RSA Conference 202312 May 202300:38:32

In episode 55 of Cybersecurity Where You Are, co-host Sean Atkinson speaks with experts in attendance at RSA Conference 2023. He asks nearly a dozen different attendees to share their impressions of the event. They explain how someone can get the most out of being at RSA and what made this year's conference stand out compared to previous years. (Spoiler alert: "AI" as a buzzword was everywhere.) They also discuss just some of the different topics you can learn about at RSA, such as the opportunity for partnerships between red teams and blue teams as well as the cybersecurity impact of AI on the music industry.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 54: How to Get Started in Cybersecurity28 Apr 202300:42:10

In episode 54 of Cybersecurity Where You Are, co-host Sean Atkinson addresses how to get started in cybersecurity. He begins by looking at the different types of hard skills and soft skills that form the foundation of any cybersecurity career. Next, he draws upon his expertise to offer advice around certifications, learning a programming language, using a training provider, and building a portfolio. He also shares key insights into how you can make cybersecurity a rewarding career choice for years to come.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 53: Fostering a Neurodiverse Cybersecurity Industry14 Apr 202300:39:26

In episode 53 of Cybersecurity Where You Are, co-host Tony Sager is joined by Ron Gula, President and Co-Founder of Gula Tech Foundation. Together, they acknowledge Autism and Neurodiversity Awareness Month by discussing the need to create more opportunities in cybersecurity for neurodiverse individuals. They point out that there's no one way for all employers and supervisors to support employees with different abilities. It's up to the employers and supervisors to decide where those efforts fit into their culture and what each victory looks like.

Attending RSA Conference 2023? Make sure you visit the main conference hall at 12:00 P.M. PT on Wednesday, April 26. At that time and place, Gula Tech Foundation will announce the four winners of its Spring 2023 grant campaign, "Expanding Opportunities in Cyber for the Neurodivergent." As part of the ceremony, you'll have a chance to speak with the winners about engaging neurodiverse individuals in your organization.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 52: Back in the Buzz of RSA Conference31 Mar 202300:45:04

In episode 52 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss RSA Conference 2023. Together, they point out that the annual conference is more than just a trade show. They use that lens to identify some tips and tricks that attendees can use to get the most out of their time there. Additionally, they discuss what themes and activities you can expect to see at RSA Conference 2023. Their conversation ends with a teaser of Sean's talk at the event.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 51: Making a Roadmap for Your Cybersecurity Journey15 Mar 202301:01:23

In episode 51 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss the strategic importance of using a roadmap to navigate your cybersecurity journey. Together, they point out that this journey is like many others. You need to know how to get packing, plan your route, hit the road, and take a snapshot of how far you've come and where you're going next. Sean and Tony identify some important considerations to keep in mind for each leg of your trip, and they note that the Center for Internet Security shares your journey and supports you along it.

One of the ways it does this is through CIS SecureSuite. Members gain access to benefits, tools, and resources that help them, their clients, and their customers navigate the different stages of their respective cybersecurity journeys. Now through April 30, you can save up to 20% on a new CIS SecureSuite Membership using promo code CYBER2023. 

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org

Episode 95: AI Augmentation and Its Impact on Cyber Defense07 Aug 202400:34:59

In episode 95 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®).

Together, they discuss AI augmentation in terms of how cyber defenders are using generative artificial intelligence to enhance their capabilities.

Here are some highlights from our episode:

  • 01:16. How artificial intelligence has changed the landscape for cybersecurity defenders
  • 03:49. How AI is starting to augment threat detection
  • 10:12. What security researchers are exploring around AI and cyber defense
  • 20:54. Key challenges and limitations for AI-based cyber defense
  • 30:54. Future trends and innovations for cybersecurity defenders' use of AI

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 50: The Best of Cybersecurity Where You Are03 Mar 202300:47:17

In episode 50 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Randy Rose, Sr. Director of Security Operations & Intel for the MS-ISAC, and Kathleen Moriarty, Chief Technology Officer at CIS. Together, they celebrate Cybersecurity Where You Are reaching Episode 50. To mark this milestone, they look back on some of their favorite moments in the podcast's history. They also share how those moments tie back not only to the maturation of the podcast but also to CIS's ethos as a "platform for activism." (Thanks, Tony.)

Thank you to all our listeners for helping us reach Episode 50. We couldn't have done it without you. More laughter and learning to come!

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 49: Artificial Intelligence and Cybersecurity17 Feb 202300:48:46

In episode 49 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson discuss artificial intelligence (AI) and cybersecurity. The two review the relationship, specifically how AI and cybersecurity meet, enhance each other, and ways AI could be a detriment.

Resources:

Episode 48: 3 Trends to Watch in the Cybersecurity Industry03 Feb 202300:26:38

In episode 48 of Cybersecurity Where You Are, co-host Sean Atkinson introduces three trends within the cybersecurity industry that we'll discuss in upcoming episodes. He first touches on how new developments in artificial intelligence, particularly ChatGPT, might affect cybersecurity processes like incident response. Next, Sean reflects on what widespread layoffs in big tech mean for cybersecurity, especially when set against an ongoing cybersecurity skills gap. Finally, he provides an overview of the legislation and preparations for securing a post-quantum world.

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Episode 45: The Importance of Mentorship16 Dec 202200:42:48

In episode 45 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Valecia Stocchetti who is a Sr. Cybersecurity Engineer on the CIS Critical Security Controls team here at CIS. Valecia and Sean discuss how their mentorship took shape and how it worked as a partnership from the very beginning. Together with Tony, they go over mentorship vs. career counseling and note that a vetting process can help you spot the difference. They conclude by exploring why it's important to pay it forward whether you're a mentor or mentee.

Resources:

© My Podcast Data
About usPrivacy Policy