In episode 32 of Cybersecurity Where You Are , co-hosts Sean Atkinson and Tony Sager discuss RSA 2022 — which is always a highlight of our conference calendar. Tony gives a preview of three sessions in which he'll present on cybersecurity nonprofits, incentivizing the adoption of cybersecurity best practices, and securing the supply chain. He also provides tips and best practices that can help RSA newbies, individual teams, and general attendees make the most of the conference. Resources Complet...
Jun 03, 2022•40 min•Ep. 32
In episode 31 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Karen Sorady, VP for Multi-State Information Sharing and Analysis Center (MS-ISAC) Member Engagement at the Center for Internet Security (CIS). Their discussion focuses on industrial control system (ICS) security, some of the threats they're susceptible to, and what goes into making a good operational technology (OT) security program. Looking back over the past 20 years, the security community has learned some valua...
May 19, 2022•47 min•Ep. 31
In episode 30 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of the Global Cyber Alliance. Their discussion focuses on the role that nonprofits play in solving cybersecurity problems at scale. In today's mutually dependent technology landscape, nonprofits' resources and expertise remove the need for enterprises to solve cybersecurity issues on their own. This is especially true given initiatives like Nonprofit Cyber, a "collective effort of eq...
May 06, 2022•47 min•Ep. 30
In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on "reasonableness" as it relates to cybersecurity risk management. This topic isn't just about proving to regulators, litigators, and others that security controls were in place prior to an incident. It also considers how to implement safeguards without overburdening users and...
Apr 28, 2022•52 min•Ep. 29
In episode 28 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Brian Ray, Director of the Center for Cybersecurity and Privacy Protection, and Leon and Gloria Professor of Law at the Cleveland-Marshall College of Law at Cleveland State University. Together, the three discuss the convergence of cybersecurity and public policy with an emphasis on the concept of 'reasonable' security measures affording a data breach safe harbor for businesses.
Apr 08, 2022•53 min•Ep. 28
In this episode of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Stacey Wright, former CIS employee and current Vice President of Cyber Resiliency Services at the Cybercrime Support Network. The discussion focuses on the common cyber scams malicious actors have been using for decades and offer advice for dealing with them. Resources Cybercrime Support Network How to Protect Seniors Against Cybercrimes and Scams Common Cyber Hoax Scams Tech Support Call Scams...
Mar 29, 2022•50 min•Ep. 27
Resources Follow Brian Hajost on LinkedIn Prioritizing a Zero Trust Journey Using CIS Controls v8 Webinar | Align and Achieve CMMC Compliance Utilizing CIS Best Practices Episode 11: Remote Attestation Helps Zero Trust CIS Critical Security Controls v8 Cybersecurity Maturity Model Certification Mapping Where Does Zero Trust Begin and Why is it Important? In episode 26 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian Hajost, Chief Operating Officer at SteelCloud. They discuss...
Mar 11, 2022•41 min•Ep. 26
In this episode of Cybersecurity Where You Are , co-host Sean Atkinson is joined by Lou Smith, a Senior Information Security Intrusion Analyst at the Center for Internet Security. Smith has a background in Digital Forensics and previously worked for New York State's Cyber Command Center. The two discuss building digital forensics and incident response capabilities in-house. Tune in to learn about the skills you need and the tactics you can use to successfully implement an incident response plan ...
Feb 25, 2022•47 min•Ep. 23
Resources Follow Guest Linnie Meehan on Twitter and Twitch US Cyber Challenge (USCC) CyberStart America Career Opportunities at CIS 11 of the Coolest Technical Jobs at CIS In episode 24 of Cybersecurity Where You Are, co-host Tony Sager poses the question that many people interested in the industry ask: How do I start a career in cybersecurity? To offer some insight, co-host Sean Atkinson joins cybersecurity professionals Linnie Meehan and Thomas Sager. Together, the three share their personal e...
Feb 11, 2022•51 min•Ep. 24
In Episode 23 of Cybersecurity Where You Are, hosts Tony Sager and Sean Atkinson are joined by our Vice President of Operations and Security Services, Josh Moulin. Together, the three share their thoughts on some of the topics that were discussed in our recent blog post, 2022 Cybersecurity Predictions to Watch Out For. Resources 2022 Cybersecurity Predictions to Watch Out For Log4j Zero-Day Vulnerability Response Sign up for the MS-ISAC Establishing Basic Cyber Hygiene Through a Managed Service ...
Jan 31, 2022•49 min•Ep. 23
Resources: Information on Log4j CIS Critical Security Controls Essential Cyber Hygiene In early January, the cybersecurity world was introduced to a new foe when researchers discovered a vulnerability in the code of a software library called Log4j. In the latest episode of Cybersecurity Where You Are, CIS CISO, Sean Atkinson, and CIS Chief Evangelist, Tony Sager, were joined by two colleagues who walked them through the steps CIS took to address the Log4j vulnerability....
Jan 21, 2022•56 min•Ep. 22
In this edition of Cybersecurity Where You Are, CIS CISO, Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager are joined by two members of the CIS podcast production team, Jason Forget, VP of Communications, and Chad Rogers, Digital Media Program Manager. Together they discuss this past year in cybersecurity, creating this podcast, and their favorite episodes.
Dec 28, 2021•53 min•Ep. 21
Resources: Learn more about the EI-ISAC Election security tools and resources In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Kathy Boockvar, Vice President of Election Operations and Support and Marci Andino, Director of the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC. Together, they discuss the state of election security for state and local governments....
Dec 13, 2021•41 min•Ep. 20
Resources: CIS Critical Security Controls About Panaseer In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Thordis Stella Thorsteins, Senior Data Scientist at Panaseer. Panaseer provides a controls monitoring platform and has played a valuable role in the development of the CIS Critical Security Controls, as well as the implementation of the CIS Controls Assessment Specification. Together, Tony and Thordis discuss the role that data collectio...
Nov 15, 2021•41 min•Ep. 19
Resources: Monthly Top 10 Malware CIS Critical Security Controls About the MS-ISAC In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Randy Rose, CIS Sr. Director of Cyber Threat Intelligence. In the spirit of Halloween, they list the top five3 (and some honorable mentions) malware of all time – so far!...
Oct 29, 2021•50 min•Ep. 21
Resources Cybersecurity Awareness Month CIS Community Defense Model 2.0 Verizon Data Breach Investigations Report SANS Security Awareness Training MITRE ATT&CK Discussed in this podcast: Cybersecurity Awareness Month Psychology of cybersecurity Evolution of common cyber threats "Big picture" resources In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Philippe Langlois of the Verizon Business Group and co-author of the Verizo...
Oct 13, 2021•49 min•Ep. 17
Resources: About Kathleen Moriarty CIS Benchmarks CIS Critical Security Controls Tools for Vendors and Consultants In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes back Kathleen Moriarty, Chief Technology Officer for CIS. Together they discuss the role service providers play in the future of cybersecurity....
Sep 27, 2021•40 min•Ep. 16
Episode Highlights: Why soft skills are important Top soft skills Building a company culture Resources: CIS Careers Publication: Cybersecurity Quarterly In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager discuss soft skills and how they pertain to the the cybersecurity industry. Whether it is an an employee wanting to expand their career or an employer seeking a new hire, soft skills are...
Sep 10, 2021•56 min•Ep. 15
Resources: Useapassphrase.com Password Policy Guide Related Blog: Password Policy Guide: Passphrases, Monitoring and More National Cybersecurity Awareness Month: MS-ISAC Tool Kit and Poster Contest Free to download: MS-ISAC 2021 Kids Safe Online Activity Book In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson counts down the top five ways families can be cyber smart. CIS Content Marketing Manager, Danielle Koonce, stops by to talk about w...
Sep 01, 2021•51 min•Ep. 14
Resources: CIS Twitter CIS LinkedIn CIS Critical Security Controls Related podcast: RC Manager at Frame.io, Mosi Platt answers the Atkinson 9 In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager share part of themselves in this intimate episode. Taking a guest-free moment of asking them the 'Atkison 9', hosts turn the questions on themselves. Listen to them discuss their favorite CIS Criti...
Aug 23, 2021•1 hr•Ep. 13
This week’s Cybersecurity Where You Are podcast highlights: The problem regulating cybersecurity Cybersecurity is currently the "Wild West" What makes cybersecurity different than other industries What roles different levels of government are taking Dispelling the mystery behind cybersecurity Episode Resources CIS Controls Basic Cyber Hygiene Press Release It can appear that cybersecurity practices are being built on the creative wizardry of technical experts rather than referential universal po...
Jul 30, 2021•40 min•Ep. 12
This week’s Cybersecurity Where You Are podcast highlights: Automated attestation processes Vendor attestation capabilities Root of trust via Trusted Platform Module (TPM) Method of verification for zero trust Episode Resources Visit the CIS Website CIS Controls List About Kathleen Moriarty, Chief Technology Officer, CIS Related Blog on Zero Trust: Where Does Zero Trust Begin and Why is it Important? In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer ...
Jul 16, 2021•32 min•Ep. 11
This week’s Cybersecurity Where You Are podcast highlights: Why the medical industry is so appealing to attackers The challenges of protecting medical facilities How a defense-in-depth strategy plays a role in a hospital’s cybersecurity plan Malicious Domain Blocking and Reporting (MDBR) for hospitals Episode Resources Visit the CIS Website The American Hospital Association Learn more about MDBR for hospitals In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security...
Jun 28, 2021•42 min•Ep. 10
Resources: Visit the CIS Website Highlights: The importance of information security governance Security vs. compliance Data – determining what you need and where to find it Understanding risk from a decision-basis Critical elements to fulfill business requirements Producing value in a compliance program Applying agility for continuous improvement Good compliance = good security Security is the practice of implementing effective technical controls to protect an organization’s digital assets. Comp...
Jun 11, 2021•57 min•Ep. 9
Resources: Visit the CIS Website Download the CIS Controls v8 Download CIS Controls v8 Change Log Join a CIS Controls Community Highlights: Everything has to be measurable Everything has to be achievable CIS Controls v8 must have a peaceful coexistence with cybersecurity frameworks The Controls need to be backed by data and able to defend against real-world threats First Impressions Matter The CIS Controls team and volunteers pretty much rewrote every word of v8 in an effort to modernize and con...
May 28, 2021•53 min•Ep. 8
Resources: What are the CIS Controls Learn more about CIS Controls v8 Free Webinar | May 18, 2021: Sign up to hear about all the changes to the CIS Controls Frequently Asked Questions In this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Randy Marchany and Phyllis Lee. Marchany is the Chief Information Security Officer (CISO) at Virginia Tech, and Lee serves as Senior Director of the CIS Controls. The connection betwee...
May 14, 2021•57 min•Ep. 7
Resources: EI-ISAC Elections Security Tools & Resources #PROTECT2020 In this edition of Cybersecurity Where You Are, host and CISO at the Center for Internet Security (CIS), Sean Atkinson welcomes guests Geoff Hale and Lew Robinson. Hale leads the Election Security Initiative at the Cybersecurity and Infrastructure Security Agency (CISA), while Robinson serves as CIS Vice President of Election Operations. Both agencies and both men, respectively, played a big role in the success of the 2020 ...
Apr 23, 2021•38 min•Ep. 6
Part 2 of a 2-part series Resources: Listen to Part 1 CIS website CIS SecureSuite Tools and Resources CIS Benchmarks CIS Controls (v8 coming Spring 2021) CIS CSAT (CIS Controls Self Assessment Tool) Community Defense Model (v2 coming Spring 2021) In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson continue their conversation on cyber defense as a risk-based process. They discuss the actions and resources that help build and implement “defensive machinery” that ...
Apr 12, 2021•57 min•Ep. 5
Episode Resources: Blog: Assess, Remediate, and Implement with CIS SecureSuite: https://www.cisecurity.org/blog/assess-remediate-and-implement-with-cis-securesuite/ Free Webinar: CIS Benchmarks and CIS-CAT Pro Tool Demo: https://www.cisecurity.org/webinar/cis-benchmarks-demo/ Part 1 of a 2-part series Technology is ever-changing AND ever-evolving, creating an uncertainty amongst cybersecurity professionals – the defenders – in their pursuit of an effective cyber defense strategy. The uncertainty...
Mar 26, 2021•41 min•Ep. 4
Resources: Find us at https://www.cisecurity.org/ Third-party Risk Association: https://www.tprassociation.org/ National Institute of Standards and Technology (NIST): https://www.nist.gov/ CIS Controls: https://www.cisecurity.org/controls/ Can a risk assessment questionnaire be the catalyst for true change to the entire vendor cybersecurity ecosystem? Cybersecurity Where You Are podcast host Sean Atkinson welcomes guest Ryan Spelman, former CIS employee, and now Managing Director at Duff & P...
Mar 12, 2021•44 min•Ep. 3
