
In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.
Sep 15, 2023
26 min

In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.
Sep 1, 2023
37 min

In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.
Aug 18, 2023
49 min

In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.
Aug 4, 2023
48 min

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.
Jul 21, 2023
39 min

In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests excel when they prioritize education using a process of feedback. During the course of the conversation, Sean and Ed draw upon their years of collaboration to explain what this process can look like. They conclude by providing advice on how less mature organizations can get value from a penetration test.
Jul 7, 2023
55 min

In episode 58 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by more than a dozen Center for Internet Security (CIS) employees during the company's 2023 Full Staff Meeting at the Sagamore Resort. Together, they discuss the collaborative nature of CIS's award-winning workplace culture. Using the Full Staff Meeting as a lens, each employee reflects on the importance of an annual in-person meeting for all employees. Their responses highlight how colleagues, teams, and business units alike focus on building relationships. Doing so empowers CIS to engage with partners, members, and the cybersecurity community writ large as a cohesive whole.
Jun 23, 2023
34 min

In episode 57 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests: William Pelgrin, Founder and Former Chair of the MS-ISAC; Thomas Duffy, Former Senior VP Of Operations and Services at the MS-ISAC; and Karen Sorady, VP of MS-ISAC Stakeholder Engagement Division. Together, they celebrate the 20th anniversary of the Multi-State Information Sharing and Analysis Center (MS-ISAC). They look back on the past two decades and reminisce on pivotal moments in the MS-ISAC's history, including when it became a division of the Center for Internet Security (CIS). After discussing how much it's grown in that time, they turn their eyes to the future and explore the MS-ISAC's plans to continue to serve its membership.
Jun 9, 2023
1 hr 24 min

In episode 56 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Dr. Paulo Shakarian, Associate Professor at the School of Computing, Informatics, and Decision Systems Engineering (CIDSE) at Arizona State University. Together, they discuss the cybersecurity implications of large language models (LLMs) like ChatGPT-3. They first look back on how deep learning has enabled machine learning (ML) and artificial intelligence (AI) to reach new levels of accuracy. Next, they discuss how ChatGPT-3 and other new AI models, which are designed to mimic human language, may have inaccuracies. This possibility opens up new vulnerabilities, such as the ability to scale information operations, along with new challenges from a cybersecurity perspective. They conclude by sharing their thoughts about the future of the AI and LLM space.
May 26, 2023
50 min

In episode 55 of Cybersecurity Where You Are, co-host Sean Atkinson speaks with experts in attendance at RSA Conference 2023. He asks nearly a dozen different attendees to share their impressions of the event. They explain how someone can get the most out of being at RSA and what made this year's conference stand out compared to previous years. (Spoiler alert: "AI" as a buzzword was everywhere.) They also discuss just some of the different topics you can learn about at RSA, such as the opportunity for partnerships between red teams and blue teams as well as the cybersecurity impact of AI on the music industry.
May 12, 2023
38 min
Load more
