CISOs are typically not the owner of their organization's most critical (or even non-critical) assets and data. There are usually business unit leaders assigned to that, and the CISO's role is to help reduce the risk to those assets. If the CISO does have direct access to those assets, it's a bad architectural design. That's today's #CyberSunday topic. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON ...
Jun 30, 2024•5 min•Season 3Ep. 19
Security conferences and events are often built with a certain audience in mind. Some are for a a general audience, and others are focused on the CISO. But if an event has a focus on the CISO, it should be for a good reason. I discuss some of those reasons in today's #CyberSunday. Things Mentioned: https://www.linkedin.com/posts/kane-n_its-sad-to-see-many-security-events-these-activity-7209360322237800448-eiiE?utm_source=share&utm_medium=member_desktop https://www.execseccon.com/ Want to rea...
Jun 23, 2024•6 min•Season 3Ep. 18
Does practice make perfect? Probably not perfect, but it does make you better. That also applies when performing tabletop exercises. But is it feasible to practice as much as you SHOULD when everyone has other jobs to do? That's what Michael is talking about in today's #CyberSunday. Things Mentioned: · Peter Sacawaker’s LinkedIn Post - https://www.linkedin.com/feed/update/urn:li:activity:7207171692832432128/ · Clint Bodungen’s tabletop company - https://threatgen.com Want to reach out to the hos...
Jun 16, 2024•6 min•Season 3Ep. 17
In mentorship, it's often thought that the mentor is doing the teaching and the mentee is doing the learning. But mentors should also be open to and seek out lessons that they can take from the mentee. In this #CyberSunday, I talk about how tenured #cybersecurity professionals can learn about new tech and new concepts from those who are newer to the field but have other experiences. Things Mentioned: HSC User Group - https://www.hscusergroup.com/ Want to reach out to the host? Email us at podcas...
Jun 02, 2024•6 min•Season 3Ep. 16
The 2024 RSA Security Conference is here. While I am not going this year, I do want to give a few professional networking pointers for folks who are going, especially if you are a new conference attendee. These conference habits have helped me in my professional career, and I hope they help you as well. #CyberSunday #RSA2024 #securityconference #cybersecurity A quick note... I am talking about "professional networking" advice in this video, but I mentioned Jennifer Leggio 's article in SecurityW...
May 05, 2024•6 min•Season 3Ep. 15
Attack vectors and methods tend to by cyclical, meaning attackers will come back to see if old tricks will yield new results. I talk about one such attack vector that might be coming back in style... with a slight twist. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.CAST Check out our Conferences: · HOU.SEC.CON. · OT.SEC...
Apr 28, 2024•5 min•Season 3Ep. 14
SIEM (Security Incident and Event Management) has been a round a long time. But there are some recent trends and new vendors that are creating fresh ways to implement and operationalize SIEM. I'm discussing a couple of the larger SIEM and security operations trends on today's #CyberSunday. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other ...
Apr 21, 2024•5 min•Season 3Ep. 13
How can you tell if a new #cybersecurity concept (think Zero Trust) in cybersecurity is a just a flash in the pan or a valuable idea that can be utilized in your program? In this #CyberSunday, I talk about an unusual method for being able to potentially tell the difference. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.C...
Apr 07, 2024•5 min•Season 3Ep. 12
There is a lot of fear of the security implications about AI and other new and/or improved technologies. And while some fear is healthy, we also can't let it keep us from thinking about uses for that same tech to improve security. Let's talk about it in this #CyberSunday. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.CAS...
Mar 31, 2024•5 min•Season 3Ep. 11
Michael talked about security control monitoring a few weeks ago. In this #CyberSunday, he is digging in a bit around an essential part of control monitoring: configuration management/monitoring. What is config management/monitoring, what do you need to do before you can even start monitoring and managing configs, etc. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · ...
Mar 24, 2024•5 min•Season 3Ep. 10
There is a lot of talk and advice on social media, blogs, etc. about the Cybersecurity job market. There's no doubt it's a tough market right now, but does that mean you should stay away? Here's my opinion on the topic and some quick advice of my own for experienced cyber folks who are having trouble getting interviews. Things Mentioned: https://www.linkedin.com/feed/update/urn:li:activity:7174160450119467008/?updateEntityUrn=urn%3Ali%3Afs_feedUpdate%3A%28V2%2Curn%3Ali%3Aactivity%3A7174160450119...
Mar 17, 2024•6 min•Season 3Ep. 9
An X/Twitter thread about technology vs communication in #cybersecurity inspired today's video. Which one do you think is more important or more difficult? Watch today's #CyberSunday to get Michael's opinion. Things Mentioned: https://x.com/mikepsecuritee/status/1760299590337622309?s=20 Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other sho...
Mar 10, 2024•5 min•Season 3Ep. 8
Today's #CyberSunday is about monitoring controls regularly (as opposed to a point-in-time assessment). Michael gets into some methods of monitoring and what you should monitor them against (hint: monitoring is NOT just technical). Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.CAST Check out our Conferences: · HOU.SEC.CO...
Mar 03, 2024•5 min•Season 3Ep. 7
Many of us were affected by the cell carrier outage last week. Some initial explanations have come out, but are those explanations plausible? And is a #cyberattack just - or more - plausible than the explanation that AT&T gave? On today's #cybersunday, Michael talks about the outage, the explanations both given and imagined, and some ideas on what lessons we should learn from the outage. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By...
Feb 26, 2024•6 min•Season 3Ep. 6
Indecision and apathy from alert fatigue are big issues in #cybersecurity. But have you thought about how FUD marketing can cause some of the same problems? And it's not just vendors throwing the FUD. In today's cybersunday, Michael talks about the issues with FUD and how you need to watch out for it from some unusual sources. Things Mentioned: https://www.securityweek.com/beyond-the-hype-questioning-fud-in-cybersecurity-marketing/ https://brothke.medium.com/the-big-lie-of-millions-of-informatio...
Feb 18, 2024•6 min•Season 3Ep. 5
It's #cybersunday, and it's also time for the Big Game (can't use the real name because reasons). Michael is a big American Football fan, so he's getting into #cybersecurity football analogies. But he's also trying to dig a little deeper and staying away from some obvious analogies. Let us know what you think about them! Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook ...
Feb 11, 2024•5 min•Season 3Ep. 4
Michael is in the snow in Michigan to record today's Cyber Sunday. The cold weather and road conditions inspire a cybersecurity analogy around making decisions and determining priorities for your security program. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.CAST Check out our Conferences: · HOU.SEC.CON. · OT.SEC.CON. ·...
Jan 21, 2024•5 min•Season 3Ep. 3
Michael is wrapping up his Risk Management/Assessment series on today's #CyberSunday. His two points today are around risk assessment frameworks and a caution about GRC tools. We hope you enjoyed the series! If there's anything you'd like to see Michael cover in future videos, let us know! Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · LinkedIn · Twitter · Facebook · Instagram Check out our other ...
Jan 14, 2024•5 min•Season 3Ep. 2
Michael tells a story from his professional past explaining some of the differences between Risk Mitigation and Risk Avoidance. The scenario on today's #CyberSunday runs through some of the reasons and calculations that went into the decision leadership made between fixing the risk or avoiding it. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · Houstonseccon.com · LinkedIn · Twitter · Facebook · In...
Jan 07, 2024•6 min•Season 3Ep. 1
2024 is almost here, and that means a special end-of-year CyberSunday to close out the year. Today, Michael is talking about three topics that warrant special consideration for enterprise security programs in the new year. Listen in and tell us what you think! Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · Houstonseccon.com · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU...
Dec 31, 2023•6 min•Season 2Ep. 17
It is crucial to know what role the CISO/security leader plays when it comes to risk. In today's #CyberSunday Michael talks about working with asset owners/business leaders before, during, and after a risk assessment. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU.SEC.CON · Houstonseccon.com · LinkedIn · Twitter · Facebook · Instagram Check out our other show · HOU.SEC.CAST...
Dec 10, 2023•5 min•Season 2Ep. 16
Risk assessments have inherent value for the business if done correctly. But there can also be explicit value for the business in performing a risk assessment and implementing a security program based on that assessment. In this #CyberSunday, Michael talks about both. Mentioned Twitter/X Post: https://x.com/mattjay/status/1730618458272866622?s=46&t=LUbuPP0qd83nb1-gVcAXLw Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch...
Dec 03, 2023•6 min•Season 2Ep. 15
Before you can figure out what risks to accept, you have to prioritize the risk. Before you can prioritize risk, you have to get visibility in your environment to determine what your risks are made of. In today's #CyberSunday, Michael talks about the benefits of risk prioritization and visibility into your environment to find those risks. Mentioned LinkedIn Post: https://www.linkedin.com/feed/update/urn:li:activity:7124455952996581376 Thank you to Forescout for sponsoring this episode! Want to r...
Nov 19, 2023•6 min•Season 2Ep. 14
A CISO recently shared a LinkedIn post regarding speaking engagements. In this post he advised security leaders to ONLY accept paid engagements as their time is valuable. In this week’s #cybersunday Michael, who is not only a CISO but the founder of a cybersecurity conference, pushes back on this idea in favor of giving back to the community by sharing your time and knowledge. Mentioned LinkedIn Post: https://www.linkedin.com/posts/davidedelvecchio_when-asked-to-participate-as-a-speaker-to-activ...
Nov 12, 2023•6 min•Season 2Ep. 13
Reviewing accepted risks is a crucial part of a risk management program. In today's #cybersunday, Michael talks about some important best practices like considering risk tolerance changes, involving business units in your review process, and others. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch...
Oct 29, 2023•6 min•Season 2Ep. 12
Some recent notable #cybersecurity breaches have come from #socialengineering attacks. Humans are always going to fall for this, but we can help lessen the success of these attacks via awareness training. Michael talks in today’s #cybersunday about how #securityawarenesstraining can be targeted and doesn’t have to be so boring and difficult. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch...
Oct 22, 2023•4 min•Season 2Ep. 11
If you're looking for an MDR (Managed Detection and Response) vendor, the temptation is to think of them as a product company versus a services company. On this #cybersunday, Michael talks about why that happens, why it can lead to more confusion when trying to decide which vendor to go with, and some of the things you need to think about that can help you choose. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch...
Oct 01, 2023•6 min•Season 2Ep. 10
The Barracuda ESG Vulnerability is still causing havoc, with the vendor telling their customers to replace the box. In this CyberSunday, Michael discusses some of the implications and considerations of this kind of vulnerability in an important and widely-deployed security device. Things Mentioned: · https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally · https://www.infosecurity-magazine.com/news/barracuda-appliances-exploited/ · https://www.rapid7.com/blog/post/2023/06/08/et...
Sep 24, 2023•5 min•Season 2Ep. 9
There are a few paths to getting into cybersecurity, and not all of them are considered “technical”. But what does that mean? In this #CyberSunday, Michael talks about a discussion around GRC as a career path and if it is “technical” or not. Things Mentioned: · https://www.linkedin.com/posts/mikesportfolio_cybersecurity-informationsecurity-infosec-activity-7097581791925993472-6ZN7?utm_source=share&utm_medium=member_desktop...
Sep 17, 2023•5 min•Season 2Ep. 8
How do you work towards a solution for a problem like Shadow IT with people when everyone wants to try to throw tech at it? On today's #CyberSunday, I talk about how using security champions in your company can help. #ShadowIT #cybersecurity #securitychampions
Apr 23, 2023•5 min•Season 2Ep. 7
