In episode 85 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are live from Booth 4319 at RSA Conference (RSAC) 2024. Together, they discuss how events like RSAC 2024 reenergize collective action in the cybersecurity industry. They begin by noting how resources such as the CIS Community Defense Model (CDM) bring more data and transparency to security recommendations for the cybersecurity industry. They then look back on some of Tony's presentations at prior years of RSAC be...
May 22, 2024•51 min•Ep. 85
In episode 84 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss the notion of reasonable cybersecurity. They begin by providing some background about reasonableness in cybersecurity and identifying the problem we need to solve — namely, the lack of a definition of reasonableness a...
May 15, 2024•40 min•Ep. 84
In episode 83 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by nearly 20 employees at the Center for Internet Security® (CIS®). Together, they discuss the value of meeting in person to CIS workplace culture. With the company's 2024 Annual Full Staff Meeting in Orlando, FL, as their backdrop, they explore how personal relationships create a foundation for building effective teams, more agile workflows, and a sustainable sense of engagement and motivation at CIS. Along the way, t...
May 01, 2024•30 min•Ep. 83
In episode 82 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Gilligan, President and CEO at the Center for Internet Security® (CIS®); and Gina Chapman, Chief Operating Officer at CIS. Together, they discuss the importance of in-person team building events. They use the pandemic as a frame to understand how events such as the 2024 Annual Full Staff Meeting preserve and cultivate CIS's workplace culture. They also look to other ongoing initiatives at the c...
Apr 24, 2024•23 min•Ep. 82
In episode 81 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Daniel McIntyre, Identity and Access Management (IAM) Manager at the Center for Internet Security® (CIS®). Together, they acknowledge Identity Management Day 2024 with a discussion of IAM. They begin by looking at how IAM as a concept has changed over the years. They then explore current challenges in the modern environment and strategies for IAM to keep up with emerging threats. After emphasizing the importance of ...
Apr 10, 2024•31 min•Ep. 81
In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber . Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation by...
Apr 03, 2024•29 min•Ep. 80
In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to inte...
Mar 27, 2024•30 min•Ep. 79
In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize practices a...
Mar 13, 2024•35 min•Ep. 78
In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection i...
Feb 28, 2024•50 min•Ep. 77
In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice on ...
Feb 16, 2024•46 min•Ep. 76
In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting the ...
Feb 02, 2024•52 min•Ep. 75
In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing how ...
Jan 19, 2024•47 min•Ep. 74
In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, " Our Experts' Top Cybersecurity Predictions for 2023 ." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the C...
Jan 05, 2024•55 min•Ep. 73
In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss " Cybersecurity: Practice What, and While, We Teach ," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now . Throughout this episode, they pull in recorded snippets from their panel. They use those recor...
Dec 22, 2023•1 hr 8 min•Ep. 72
In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of Integr...
Dec 08, 2023•51 min•Ep. 71
In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the lan...
Nov 22, 2023•46 min•Ep. 70
In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned by ...
Nov 09, 2023•35 min•Ep. 69
In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires partners...
Oct 27, 2023•46 min•Ep. 68
In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might cons...
Oct 13, 2023•41 min•Ep. 67
In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic tes...
Oct 06, 2023•42 min•Ep. 66
In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the...
Sep 29, 2023•39 min•Ep. 65
In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of ...
Sep 15, 2023•26 min•Ep. 64
In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency. Resources Episode 22: CIS Behind the Veil: Log4j CIS Software Supply Chain ...
Sep 01, 2023•38 min•Ep. 63
In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology ...
Aug 18, 2023•49 min•Ep. 62
In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how...
Aug 04, 2023•48 min•Ep. 61
In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a docu...
Jul 21, 2023•40 min•Ep. 60
In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests exc...
Jul 07, 2023•55 min•Ep. 59
In episode 58 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by more than a dozen Center for Internet Security (CIS) employees during the company's 2023 Full Staff Meeting at the Sagamore Resort. Together, they discuss the collaborative nature of CIS's award-winning workplace culture. Using the Full Staff Meeting as a lens, each employee reflects on the importance of an annual in-person meeting for all employees. Their responses highlight how colleagues, teams, and business unit...
Jun 23, 2023•35 min•Ep. 58
In episode 57 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests: William Pelgrin, Founder and Former Chair of the MS-ISAC; Thomas Duffy, Former Senior VP Of Operations and Services at the MS-ISAC; and Karen Sorady, VP of MS-ISAC Stakeholder Engagement Division. Together, they celebrate the 20th anniversary of the Multi-State Information Sharing and Analysis Center (MS-ISAC). They look back on the past two decades and reminisce on pivotal mom...
Jun 09, 2023•1 hr 24 min•Ep. 57
In episode 56 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Dr. Paulo Shakarian, Associate Professor at the School of Computing, Informatics, and Decision Systems Engineering (CIDSE) at Arizona State University. Together, they discuss the cybersecurity implications of large language models (LLMs) like ChatGPT-3. They first look back on how deep learning has enabled machine learning (ML) and artificial intelligence (AI) to reach new levels of accuracy. Next, they discuss how ...
May 26, 2023•51 min•Ep. 56
