In this first episode of 2025, I picked a topic that is one of the few areas of security that is both 'hype' and 'real'. Threat Intelligence. It is an area that you can get great information for free but also overpay for what you get. I wanted to take a different approach to discussing this one, so I contacted a well-respected colleague of mine, Justin Lentz . Who happens to work in the SMB Threat Intel space to come on the podcast and share his experiences and thoughts. Talking Points: How do y...
Jan 15, 2025•38 min•Season 7Ep. 5
In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen . I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health . So you can say he has been here for the entire Information Security program revamp that started back in 2016. Talking Points: Back in 2016 you were the CTO ...
Dec 18, 2024•51 min•Season 7Ep. 4
*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn. In this episode, which is the first of a listener requested one around technical topics. With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs o...
Nov 06, 2024•51 min•Season 7Ep. 3
In this episode I talk with Tamer Baker around the not always clear topic of Zero Trust. While the term has been around while, it definitely gets overused by security vendors. However, because of Tamer's role as the Chief Technology Officer in the Healthcare space, he is also to bring several different points of view to the conversation. Several of these are key to solving questions such as: Is Zero Trust truly expensive and painful? (Radiologist user experience example) As more and more healthc...
Oct 16, 2024•52 min•Season 7Ep. 2
In this episode I talk with Matt Berzinski about the important of understanding that identity is a journey not a destination. Matt is the Senior Director of Product Management for Ping Identity and has extensive knowledge about identity. Talking Points: Realtime Fraud/Risk Orchestration Organizations (The importance of offload work that you don't need to do it) Single Sign On Multi Factor Identity Verification (Francis talked about a local automotive company referencing mobile apps for a car) Ro...
Sep 04, 2024•49 min•Season 7Ep. 1
In this special end of summer episode, I sat down with Tyler Adams to talk about being in the trenches during the recent Crowdstrike incident and other interesting stories from the crazy summer. Tyler is an Information Security Analyst for Corewell Health . He works on the Security Business Engagement Team. Talking Points: What was it like being in the trenches during the Crowdstrike incident How having a Business Continuity Plan comes in play What was the most surprising about the incident? Wha...
Aug 29, 2024•32 min•Season 6Ep. 4
In this episode I had a chance to have a candid conversation with Charles Henderson . Charles is a global managing partner at IBM and also happens to be the head of the X-Force team. IBM recently released the X-Force Threat Intelligence Index report for 2024. While the report is delves into many different areas of Threat Intelligence, we concentrated on several key areas focused primarily on artificial intelligence: Pronounced increase in Identity attacks Understanding how more 'business-like' m...
Mar 01, 2024•47 min•Season 6Ep. 3
In this episode I had a chance to sit down in person with the always insightful and never dull cybersecurity leader, Jim Kuiphof . Jim is the Deputy Chief Information Security Officer at Corewell Health . The topic for this casual conversation is Understanding Your Personal Risk Tolerance. More specifically, it speaks to understanding the different between your own risk tolerance and the business's risk tolerance. Jim has talked on this recently at events like Cloud Con and the Digital Services ...
Feb 14, 2024•47 min•Season 6Ep. 2
In this episode I had a chance to speak with Bryan 'Woody' Woodworth around simplifying and securing multi-cloud networking. Bryan is the Director of Solution Strategy for Aviatrix . As we are a few weeks into 2024 and the importance of understanding and utilizing multi-cloud strategies is becoming more and more apparent. Talking Points: What are the current trends in the industry pertaining to multi-cloud? Skills Gaps - More pronounced in Multi-Clouds, FinTech and Banking industries will 'manda...
Jan 24, 2024•44 min•Season 6Ep. 1
In this special episode we celebrate the 4th annual holiday fundraiser podcast. It is already a blessing to raise money for great causes all while raising security awareness for small and medium sized businesses. The topic for this episode is one that is super relevant for this day and age of Digital Transformation. However, in keeping with the format of #RealTalk, we are going to explore some 'real world' use cases for using Artificial Intelligence in Security in 2024. The have two special gues...
Dec 21, 2023•50 min•Season 5Ep. 23
Have you ever wondered what it takes to get into the information security field? Have you thought how hard could it be? What about all of the big money I hear people make in this space? Well in this episode I talk with Mattalynn Darden and Esther Muchai about how hard it really is to break in. If you are wondering how these two talented young women know, here is a little background on what they are currently doing and why it is relevant to the this episode's topic. Mattalynn is an Information Se...
Nov 29, 2023•50 min•Season 5Ep. 22
*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers. In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location. Matt is a Senior Security Architect for Guidepoint Security . The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone. Talking Points Include: Ineffective Bad Behavior - You are doing you and your comp...
Nov 15, 2023•40 min•Season 5Ep. 21
In this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter . Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter. Talking Points: How can the CIS 18 help an SMB build your security program? How can the CIS 18 help mature a security program? Which controls should a company start with? And many more!...
Oct 31, 2023•43 min•Season 5Ep. 20
In this episode I had a chance to speak with Chris Jordan and Al Wissigner about where a small and medium sized business (SMB) should start their security journey. This is especially important in this day and age of the ever expanding cloud infrastructure and Software as a Service (SaaS) models. Both of these fine gentlemen work for Fluency and have a TON of experience working SMBs. Talking Points: The idea of bridging the gap between what they want to do and what they can afford to do? Why is i...
Oct 11, 2023•43 min•Season 5Ep. 19
Despite the recent push by some old school (re: outdated) leaders to force employees to return the office, remote work is here to stay. While we all talk about the importance of making remote work secure, there isn't much talk about how the experience for the end-users. Fortunately, there are some companies out there that are understanding the need to balance security, business and end user needs. In this episode I talk with Melinda Ann O'Neill about Digital Employee Experience (DEX). Melinda An...
Sep 27, 2023•39 min•Season 5Ep. 18
In this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams . Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health . Talking Points: How has Network Segmentation changed in 2023? Who is responsible? Is that team being supported enough? How are you compartmentalizing things? Should you separate your IT and your OT? Does network segmentation make it easier ...
Sep 06, 2023•39 min•Season 5Ep. 17
A few years ago, the topic for the 3rd episode for the #RealTalk with Aaron Bregg podcast about Diversity And Inclusion in the Cybersecurity Industry. To this date it is one of the most downloaded episodes. Since that episode was publish a LOT has changed in the world. I felt that it was time to revisit the topic but with a little bit of a twist. The need for a twist comes from the fact that DEI in cybersecurity still where it needs to be. As luck would have it I had met Angela Hill a few years ...
Aug 16, 2023•56 min•Season 5Ep. 16
In this episode I had a chance to dive into a topic that is ripped straight from my day job. Multi Cloud Compliance. My guest for this episode is Mike Roman . Mike is a Senior Security Sales Enginee r for Orca Security, which happens to be the company that just won the 'Best Swag' award at Cloud Con last week! In all seriousness though, more and more companies are having to rely on multi-cloud environments in order to keep the lights on. You may be a Amazon AWS shop but you may use Snowflake for...
Aug 02, 2023•36 min•Season 5Ep. 15
In this episode I break from the norm a little bit in order to delve into the minds of security leadership. These insights come from a recent Grand Valley State University Cybersecurity Masters Graduate, Isaac Beasley . As part Isaac's Master's project, he interviewed 10 different cybersecurity leaders in the West Michigan area about a variety of different topics. For the sake of time, I concentrated on talking to the following key data points: Hiring, Retention, & Advancement 80% reported n...
Jul 12, 2023•55 min•Season 5Ep. 14
While PenTesting (i.e. hacking) may be the most visible part of Information Security, it is sometimes can lead to a false sense of security. In this episode I had a chance to talk with Nabil Hannan about rethinking your penetration testing strategy and moving towards Attack Surface Management. Nabil is the Field Chief Information Security Officer for NetSPI and has a ton of useful information to share about starting this journey. Talking points include: What are the biggest misconceptions with P...
Jun 28, 2023•38 min•Season 5Ep. 13
Earlier this year Cloud Security Alliance covered the big debate around should you buy or build for your Cyber Asset Attack Surface Management (CAASM) solution . As luck would have it, Ken Liao recently reached out to me regarding the new company that he works for who handles this very topic. In this episode I had a chance to talk with Sevco Security's Chief Strategy Officer , Brian Contos , on this very topic. The timeliness is very apt, as Gartner recently named CAASM as an emerging technology...
Jun 14, 2023•39 min•Season 5Ep. 12
I know some of you are thinking, "Ugh another podcast on artificial intelligence!", to which I say, "Nope". Originally this was supposed to be a two-part series with the first episode focusing on high level AI talk. The second episode that drills down into how to actually come up with AI/ML policies and standards. However, like all things related to the podcast, we are going to mix it up a little. In this episode I have a non-security co-host, Brian Carlson and a security guest, Tim O'Connor . B...
May 31, 2023•51 min•Season 5Ep. 11
In this episode I go outside of the topics and talk about one that I think is definitely underrated, Protecting Your Executives . I sometime forget how lucky my healthcare organization is very forward thinking when it comes to security. However, not all companies have the luxury of having a full team to protect VIPs. I had a chance to have an in-depth conversation with Daniel Floyd around this very subject. Daniel is the Chief Information Security Officer for BLACKCLOAK . BLACKCLOAK was one of t...
May 17, 2023•42 min•Season 5Ep. 10
In a recent episode Matt Nelson from Guidepoint was talking about how he is seeing a trend with medium-sized companies moving away from the idea of building out or building up a security team. There were several reasons including budget constraints and an experienced talent shortage. So I reached out to Bill Bernard about having a deeper discussion on how revisiting the topic of using a #managedsecurityoperations company. Talking Points: What is Managed Detection and Response? Because of budget ...
May 03, 2023•47 min•Season 5Ep. 9
In this episode I had a chance to talk with Todd Brockdorf and Chris Lawrence about Zero Trust . Todd is a Senior Sales Engineer and Chris is a Customer Success Engineer. Nowadays it is hard to sift through all of the security vendor marketing chaff to get #RealTalk about Zero Trust. Talking Points: What is the biggest misconception around Zero Trust that is happening right now? What about thinking of the cloud as a segmented network? How are upcoming government regulations, how do company’s bal...
Apr 26, 2023•47 min•Season 5Ep. 8
4.6.23 Update: If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up! *Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer. Additionally, this episode is not sponsored and therefore is not influenced by out...
Apr 05, 2023•44 min•Season 5Ep. 7
In this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3 . We took the time to break down several different issues that are happening right now across multiple industries. Talking Points: How do you build a solution agnostic environment? How can we learn from the recent issues with Southwest to help going forward? How do you marry up your resiliency goals with y...
Mar 22, 2023•48 min•Season 5Ep. 6
In the episode I had a chance to talk to not one, not two but THREE talented gents about the future of medical and IoT device security. Nathanael Dick , Russ Ramsay and Dan Rittersdorf all work for a great, and local, embedded systems engineering company called DornerWorks . I was fortunate enough to do the podcast prep meeting in person and was able to tour their very cool West Michigan offices. Obviously, medical device security is very important to me considering I work in healthcare. However...
Mar 15, 2023•54 min•Season 5Ep. 5
In this episode I get a chance to talk with Liav Caspi about rethinking how you do your Secure Software Development Lifecycle. Liav is one of the co-founders of Legit Security and got his start in the Israel Intelligence (Unit 800) scene many years ago. He and his other co-founders worked for a well known Static Application Security Testing (SAST) company I know very well. They then branched off a few years back to form what is now called Legit Security . Talking Points Why your current Secure S...
Mar 08, 2023•38 min•Season 5Ep. 4
In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassand...
Feb 15, 2023•40 min•Season 5Ep. 3
