Cybersecurity Where You Are

In episode 137 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Terry Loftus, Assistant Superintendent (Chief Information Officer) of Integrated Technology Services at the San Diego County Office of Education (SDCOE); and Netta Squires, President of Government Affairs, Cybersecurity, & Resilience at Open District Solutions (ODS). Together, they discuss how the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) functions as a space for U.S. State, Local, Tribal, and Territorial (SLTT) entities to collectively strengthen their cyber resilience in support of U.S. national cybersecurity. Here are some highlights from our episode:01:15. A study to understand the cybersecurity perspectives of the MS-ISAC community03:24. The need for sustained cyber defense accelerators to drive U.S. SLTT resilience07:31. How surveys and focus groups uncovered U.S. SLTT cybersecurity funding, staffing, and governance challenges13:06. The superpower of cyber threat intelligence driven, tailored, and provided via community17:41. Trust as a foundation for building relationships among MS-ISAC members and partners21:26. How the MS-ISAC moved community cyber defense from conversational to operational22:22. The role of trust in making membership affordable and solutions at scale possible25:00. Opportunities for relationship building, training, and access to services in the MS-ISAC30:00. Examples of MS-ISAC success stories and the need to share them33:40. The MS-ISAC as a space to craft a strategic path for national cybersecurity36:29. Closing thoughts on how members value and can get involved in the MS-ISACResourcesStrengthening Critical Infrastructure: SLTT Progress & PrioritiesMalicious Domain Blocking and Reporting (MDBR)Episode 126: A Day in the Life of a CTI AnalystWhy Whole-of-State Cybersecurity Is the Way ForwardMS-ISAC: Defending America's Critical InfrastructureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 136 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined live by Lynn Dohm, Executive Director of Women in CyberSecurity (WiCyS). Together, they discuss how WiCyS works to advance women in cybersecurity. Here are some highlights from our episode:01:03. A mission of recruiting, retaining, and advancing women in cybersecurity05:38. How community-focused conferences and scholarships promote community growth06:25. The need to celebrate the work of and encourage support among cyber defenders08:52. Four strategic pillars as a foundation for navigating COVID, societal change, and more13:50. The importance of laying out cybersecurity career paths outside of individual companies15:15. How a foundation of inclusion enables diversity to expand19:45. The use of strategic partners to anticipate changing cybersecurity and hiring needs22:38. Inside the successes of the mentorships and other WiCyS programs28:22. The impact of Alan Paller on opening doors for WiCyS32:35. How volunteerism supports retention in cybersecurity through inclusion and satisfactionResourcesEpisode 77: Data's Value to Decision-Making in CybersecurityEpisode 120: How Contextual Awareness Drives AI GovernanceAlan Paller Laureate ProgramEpisode 30: Solving Cybersecurity at Scale with NonprofitsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 134 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®); and Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at CIS. Together, they discuss how generative artificial intelligence (GenAI) lowers the barrier of entry for cyber threat actors (CTAs). Here are some highlights from our episode:01:37. CTAs' use of GenAI to improve their existing campaigns03:38. The need for CTI teams to look beyond language in analyzing GenAI-enabled threats07:22. The evolving impact of GenAI on phishing campaigns, malware development, deepfakes, and malicious Artificial Intelligence as a Service (AIaaS) offerings12:28. How GenAI increases the the speed at which CTAs can scale their efforts17:29. Technical barriers and other limitations that shape CTAs' use of GenAI22:46. A historical perspective of AI-enabled cybersecurity and how GenAI can support cybersecurity awareness training26:50. The cybersecurity benefits of AI and machine learning (ML) capabilities for clustering data29:05. What the future might hold for GenAI from an offensive and defensive perspectiveResourcesThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 89: How Threat Actors Are Using GenAI as an EnablerEpisode 95: AI Augmentation and Its Impact on Cyber Defense12 CIS Experts' Cybersecurity Predictions for 2025CIS Critical Security Controls®Multi-State Information Sharing and Analysis Center®If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 133 of Cybersecurity Where You Are, Sean Atkinson is joined by Lauren McFayden, Threat Intelligence Analyst at the Center for Internet Security® (CIS®). Together, they discuss the Distributed Denial of Service (DDoS) hacktivism of DieNet and how the group continues to evolve its Tactics, Techniques, and Procedures (TTPs). Here are some highlights from our episode:01:22. An overview of DieNet and its emergence on Telegram01:55. DDoS attacks and the potential for service disruptions02:55. DieNet's pro-Palestinian ideology and opposition to the 47th U.S. Presidential Administration05:00. U.S. and foreign targets claimed by the group06:30. DieNet's history of claiming attacks against U.S. critical national infrastructure (CNI)10:33. Two pieces of evidence used to partially assess the credibility of a claimed attack15:16. How DieNet v2 suggests an escalation of attack strategies20:43. How the DDoS hacktivist group may continue to evolve its TTPs in subsequent versions23:48. The use of the CIS Critical Security Controls (CIS Controls) to reduce an attack surface25:56. How ThreatWA stands out in keeping you informed about emerging threatsResourcesHacktivist Group DieNet Claims DDoS Attacks against U.S. CNIMS-ISAC Guide to DDoS AttacksThreatWACIS Critical Security Control 1: Inventory and Control of Enterprise AssetsCIS Critical Security Control 2: Inventory and Control of Software AssetsCIS Critical Security Control 3: Data ProtectionEpisode 44: A Zero Trust Framework Knows No EndIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 132 of Cybersecurity Where You Are, Sean Atkinson is joined by Valecia Stocchetti, Sr. Cybersecurity Engineer of the CIS Critical Security Controls (CIS Controls) at the Center for Internet Security® (CIS®). Together, they discuss what the first day, step, and dollar of implementing a controls framework look like for organizations stepping into their cybersecurity journey. Here are some highlights from our episode:01:54. Building and improving a cybersecurity program through the power of consensus04:55. The use of an assessment to determine where you are and where you're going09:15. How cross-mapping to multiple frameworks simplifies regulatory compliance efforts12:00. The use of governance to secure leadership buy-in for your cybersecurity program13:33. Continuous auditing and monitoring as tools for adapting to change15:10. How Controls prioritization flows through the Implementation Groups (IGs)19:39. Leadership as the backbone for getting any business program off the ground22:59. Calculating the cost of cyber defense as a preventative action24:55. Tradeoffs with security tools to keep in mind so that you can budget efficiently30:00. Qualifications when using security offerings of MSPs and CSPsResourcesCIS Community Defense Model 2.0How Risk Quantification Tests Your Reasonable Cyber DefenseCIS Controls Self Assessment Tool (CIS CSAT)Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1How to Plan a Cybersecurity Roadmap in 4 StepsThe Cost of Cyber Defense: CIS Controls IG1If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 131 of Cybersecurity Where You Are, Tony Sager is joined by Stan Stahl, PhD, Founder and President of SecureTheVillage. Together, they discuss how SecureTheVillage, a nonprofit and inaugural Alan Paller Laureate Program awardee, is using a collaboration-driven approach to enhance reasonable cybersecurity awareness and practices within Southern California (SoCal). Here are some highlights from our episode:01:07. An introduction to Stan and how he came to champion small business cybersecurity04:28. How SecureTheVillage emerged to support small businesses' cybersecurity needs using the power of community07:15. The need for nonprofits to play a strong role in addressing cybersecurity challenges12:01. How Stan drew inspiration from Alan Paller and support from the Alan Paller Laureate Program to advance SecureTheVillage's work17:57. Reasonable cybersecurity as part of SecureTheVillage's foundation story22.13. Aligning cybersecurity needs to the goals of public policy25:33. What's next for SecureTheVillage29:52. Closing thoughts on why a "village" model for cybersecurity is so importantResourcesAlan Paller Laureate ProgramImplementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1Episode 30: Solving Cybersecurity at Scale with NonprofitsReasonable Cybersecurity GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 130 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by John Gilligan, President and Chief Executive Officer (CEO) of the Center for Internet Security® (CIS®). Set against the backdrop of the 2025 CIS Annual Full Staff Meeting, they celebrate 25 years of CIS, including the "serendipity" by which the company became a global cybersecurity thought leader. They also discuss how this thought leadership may evolve over the next 25 years. Here are some highlights from our episode:01:30. How CIS started along with how John and Tony initially got involved07:12. How CIS thought leadership changed with the absorption of the "SANS Top 20," the precursor of the CIS Critical Security Controls11:04. The "serendipity" through which CIS grew and formalized its sales, funding, support, and other operations in the 2010s15:18. How mission and culture advanced CIS to its 25th anniversary in 202522:52. What the future might hold for "CIS 2.0"Resources25 Years of Creating Confidence in the Connected WorldEpisode 97: How Far We've Come preceding CIS's 25th BirthdayEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 125: How Leadership Principles Influence CIS CultureEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 119: Multidimensional Threat Defense at Large EventsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 129 of Cybersecurity Where You Are, Sean Atkinson discusses best practices for embedding cybersecurity in project management. Here are some highlights from our episode:01:34. Elements for connecting the dots between cybersecurity risk assessment and project risk assessment03:06. How our conceptualization of a project changes under a zero trust implementation04:02. What security may look like in a Waterfall vs. Agile approach to project management06:26. The importance of resources and stakeholders in managing any project08:34. Scope creep and other challenges of embedding cybersecurity in project management15:45. How continuous monitoring and other best practices can help us to overcome these hurdles25:30. How cybersecurity can inform projects involving generative artificial intelligenceResourcesEpisode 105: Context in Cyber Risk QuantificationQuantitative Risk Analysis: Its Importance and ImplicationsHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndHow to Construct a Sustainable GRC Program in 8 StepsEpisode 33: The Shift-Left of IoT Security to VendorsEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 128 of Cybersecurity Where You Are, Sean Atkinson is joined by Joshua Palsgraf, Senior Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they examine how cyber threat actors use cryptocurrency for financial fraud and how professionals like Joshua track this illicit activity. Here are some highlights from our episode:01:35. What a data-driven approach to CTI looks like02:47. What makes cryptocurrency useful in the digital economy, including for financial fraud06:50. How cryptocurrency-related financial crime compares to traditional forms of fraud13:20. Examples of cryptocurrency theft and its use in facilitating ransomware attacks27:24. Tooling and forensic methods that are being used to track crypto fraud/scams31:40. The need to build awareness around financial crime in the digital economyResourcesEpisode 77: Data's Value to Decision-Making in Cybersecurity2023 Cryptocurrency Fraud Report Released2025 Crypto Crime Trends: Illicit Volumes Portend Record Year as On-Chain Crime Becomes Increasingly Diverse and ProfessionalizedSuspected Lazarus subgroup behind DMM crypto heistEpisode 126: A Day in the Life of a CTI AnalystCombatting RansomwareEpisode 124: The Many Layers of a Malware Takedown OperationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 127 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Scott Alldridge, President and CEO of IP Services and the IT Process Institute. Together, they use Scott's book, "Visible Ops Cybersecurity: Enhancing Your Cybersecurity Posture with Practical Guidance," to discuss how visible IT operations (Visible Ops) provide a foundation for cybersecurity. Here are some highlights from our episode:01:31. How Visible Ops reflect an appreciation for the original config change release processes10:19. The limitations of treating security as a silo and "new toys" as security cure-alls15:23. How to embrace a dynamic view of visibility and configuration management24:50. The importance of leadership buy-in when shifting left to a security-first mindset27:10. What an effective change configuration management system looks like and how it changes people's view of IT30:20. Parting thoughts and where to find more of Scott's workResourcesIT Process InstituteWhat is ITIL? Your guide to the IT Infrastructure LibraryCIS Critical Security Controls (CIS Controls) ResourcesAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsEpisode 44: A Zero Trust Framework Knows No EndWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 126 of Cybersecurity Where You Are, Sean Atkinson is joined by Casey Cannon, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they review what a regular day looks like for a CTI analyst. Here are some highlights from our episode:01:46. How a service-oriented mindset factors into a CTI career03:55. What task prioritization looks like at the beginning of a CTI analyst's day06:50. How bedrock CTI principles and threat actor matrices help to counter information overload and filter out noise10:45. The value of an "eclectic" set of intelligence sources25:50. How the CIS CTI team works with the 24x7x365 CIS Security Operations Center (SOC), the Cyber Incident Response Team (CIRT), and others31:27. Advice for getting into CTI as a career pathResourcesEpisode 124: The Many Layers of a Malware Takedown OperationEpisode 62: Inside the 'Spidey Sense' of a PentesterCombatting RansomwareThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 125 of Cybersecurity Where You Are, Sean Atkinson is joined by Waldo Perez, Human Resources Support Specialist at the Center for Internet Security® (CIS®); and Penny Davis, Sr. Manager of Leadership Development at CIS. Together, they use the CIS Leadership Principles and other examples from CIS to understand how leadership influences and nurtures the organization's workplace culture.Here are some highlights from our episode:02:00. The human aspect in defining workplace culture03:55. How leadership principles directly shape company culture05:40. Key indicators of a strong company culture and one that can improve16:31. Examples where company culture has made an impact on a CIS employee's experience21:59. The importance of feedback in supporting positive cultural change25:41. How leadership training programs help employees to growResourcesCIS CultureEpisode 115: Continuous Feedback as CIS Employee CultureThe Envelope, Please! The CIS 2024 President's Award Goes to…Center for Internet Security Named Among 2024 Top WorkplacesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 124 of Cybersecurity Where You Are, Sean Atkinson is joined by Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security® (CIS®). Together, they explore the many layers of a malware takedown operation.Here are some highlights from our episode:01:58. A high-level overview of what a malware takedown might involve04:11. Some of the key players who help to disrupt known malware infrastructure07:35. Which operational functionalities make malware infrastructure and tactics difficult to dismantle10:56. Jurisdictional and legal challenges of a takedown operation14:53. What goes into identifying malware networks and infected end-user devices20:47. The technical strategies used for disrupting malware24:13. How cyber threat actors respond differently to a takedown effortResourcesPhobos Ransomware Affiliates Arrested in Coordinated International DisruptionQakbot Malware Disrupted in International Cyber TakedownEpisode 89: How Threat Actors Are Using GenAI as an EnablerRenew Your Ransomware Defense with CISA's Updated GuidanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 123 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Gina Chapman, Chief Operating Officer (COO) at the Center for Internet Security® (CIS®). Together, they use examples from CIS to identify elements of an operational playbook for making an impact in the cybersecurity industry.Here are some highlights from our episode:01:21. Business development and organizational change over the course of 12 years at CIS13:49. Change management and communication as means for preserving company culture23:08. The importance of context in developing an operational playbook for a business32:49. The use of operational understanding to create effective cybersecurity business modelsResourcesGina ChapmanCIS CultureCIS Leadership PrinciplesEpisode 82: How CIS Leadership Values Team Building EventsCybersecurity at Scale: Piercing the Fog of MoreCombatting RansomwareEpisode 68: Designing Cyber Defense as a Partnership EffortIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 122 of Cybersecurity Where You Are, Sean Atkinson is joined by Rian Davis, Associate Hybrid Threat Intelligence Analyst at the Center for Internet Security® (CIS®); and Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at CIS. Together, they discuss security and utility considerations surrounding the DeepSeek AI model.Here are some highlights from our episode:01:31. What enterprises and individuals can do before they start deploying foreign-developed, open-source large language models (LLMs)08:48. How DeepSeek fits into evolving adversarial tactics and techniques involving AI25:15. The impact on threat assessments and where we see controls built around AI31:45. Parting thoughts on approaching newer technologies like DeepSeekResourcesDeepSeek hit by cyberattack as users flock to Chinese AI startupA 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House saysTikTok: Influence Ops, Data Practices Threaten U.S. SecurityWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat HistoryEpisode 89: How Threat Actors Are Using GenAI as an EnablerODNI Releases 2024 Annual Threat Assessment of the U.S. Intelligence CommunityThe Strava Heat Map and the End of SecretsMan who exploded Cybertruck in Las Vegas used ChatGPT in planning, police sayEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 121 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa. Together, they discuss the role of economics in cyber risk quantification and cybersecurity decision-making.Here are some highlights from our episode:01:55. How incentives, market failures, and other economic principles intersect with cybersecurity08:39. A model of translating shared information as a way to capture complexity in cybersecurity decision-making13:20. Pressing issues when making decisions about cybersecurity18:08. How to have enough confidence and a cyber risk quantification model that's useful23:45. How rigorous recommendations can help to match modeling and techniques like minimization29:23. The role of the Board in making cybersecurity decisions and how to speak its language34:57. Parting thoughts about risk quantification in cybersecurityResourcesEpisode 105: Context in Cyber Risk Quantification2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Community Defense Model 2.0FAIR: A Framework for Revolutionizing Your Risk AnalysisSociety of Information Risk AnalystsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 120 of Cybersecurity Where You Are, Sean Atkinson explores how contextual awareness of generative artificial intelligence (GenAI) deployment in the business creates a foundation for AI governance strategy.Here are some highlights from our episode:01:58. Why specificity is important when we use the term "AI" in the governance space04:10. Two AI distributions and how contextual function varies between them13:52. The importance of engagement and asking the right questions18:28. The role of lifecycle approaches and risk tolerance in understanding AI integration23:45. Navigating two common questions that arise when governing AIResourcesEpisode 116: AI-Enhanced Ransomware and Defending Against ItEU AI Act: first regulation on artificial intelligenceAI Risk Management FrameworkIAPP AI Governance CenterHow to Construct a Sustainable GRC Program in 8 StepsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 119 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®). Together, they discuss the importance and provide examples of multidimensional threat defense as a means of securing large events.Here are some highlights from our episode:01:42. An overview of the multidimensional threat landscape from 2024 going into 202507:00. The shift to multidimensional threat analysis in crisis management10:52. The importance of a sustainable, actionable approach to addressing today's threats16:10. How CIS is working to help organizations build safety against multidimensional threats, including at large eventsResources2024 Election Threat LandscapeElection Security Spotlight — Prep for Election DisruptionsEpisode 93: Building Public Resilience in a Connected WorldThreatWA™Countering Multidimensional Threats: Lessons Learned from the 2024 ElectionIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 118 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Smith, Security Architect for BP and Instructor at the SANS Institute. Together, they review the state of post-quantum cryptography as well as share recommendations for how organizations and individuals can prepare to move into the post-quantum era.Here are some highlights from our episode:02:55. What post-quantum cryptography is and why we need to pay attention04:11. The impact of a cryptographically relevant quantum computer on symmetric vs. asymmetric cryptography08:58. How media attention contributes to preparedness from an infrastructure perspective14:30. The importance of a cryptography bill of materials (CBOM)21:58. How organizations can prepare against quantum-enabled cyber attacks29:05. How individuals need to understand quantum infrastructure in order to protect it32:24. Optimism for the future of post-quantum cryptographyResourcesEpisode 48: 3 Trends to Watch in the Cybersecurity IndustryPost Quantum Cryptography by Attack Detect Defend (rot169)NIST Releases First 3 Finalized Post-Quantum Encryption StandardsEpisode 75: How GenAI Continues to Reshape CybersecurityInternet of Things: Embedded Security GuidanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 117 of Cybersecurity Where You Are, Sean Atkinson reflects on the 2025 cybersecurity predictions of 12 experts at the Center for Internet Security® (CIS®), as shared on the CIS website.Here are some highlights from our episode:01:40. Artificial intelligence (AI) as a means for crafting higher quality phishing emails04:24. Zero trust with identity as a catalyst in 202507:55. A governance focus for K-12 school districts12:37. Secure by design as part of the DNA of IT departments14:22. The need for continuous patching with Internet of Things (IoT) devices15:27. Training and adherence to basic cybersecurity practices as ongoing emphases17:15. Consolidation from an operations perspective20:40. The integration of AI into business operations24:07. The socio-political impacts of emerging technologies on multidimensional threats26:46. Growing attention on cloud security and data location29:13. Cybercriminal markets and Phishing as a Service models32:16. The benefit of AI to organizationsResourcesEpisode 75: How GenAI Continues to Reshape CybersecurityAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsHow to Deter Multidimensional Threats in the Connected WorldEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 44: A Zero Trust Framework Knows No EndEpisode 107: Continuous Improvement via Secure by DesignEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 95: AI Augmentation and Its Impact on Cyber DefenseWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 110: How Security Culture and Corporate Culture MeshEpisode 99: How Cyber-Informed Engineering Builds ResilienceEpisode 87: Marking 11 Years as a Verizon DBIR ContributorIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 116 of Cybersecurity Where You Are, Sean Atkinson discusses the threat of AI-enhanced ransomware along with the use of generative artificial intelligence (GenAI) to defend against it.Here are some highlights from our episode:02:10. How AI in the cybersecurity space has advanced over the past few years05:12. Why cybercriminals are incorporating artificial intelligence into their attacks19:24. The application of AI in various stages of a ransomware attack26:10. How AI can inform different aspects of a ransomware defense strategyResourcesEpisode 89: How Threat Actors Are Using GenAI as an EnablerEpisode 95: AI Augmentation and Its Impact on Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndThe State of Ransomware 2024Ransomware: The Data Exfiltration and Double Extortion TrendsEpisode 113: Cyber Risk Prioritization as Ransomware DefenseSecurity Chaos Engineering: Sustaining Resilience in Software and SystemsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 115 of Cybersecurity Where You Are, Sean Atkinson is joined by Carolyn Comer, Chief Human Resources Officer at the Center for Internet Security® (CIS®); Heidi Gonzalez, Sr. Employee Experience Specialist at CIS; and Jennifer Myers, Sr. Director of Learning and Development at CIS. With an in-person holiday open house and office party as their backdrop, they celebrate the continuous feedback that sustains and grows the employee culture at CIS.Here are some highlights from our episode:02:35. How the holiday open house and office party celebrate CIS employee culture04:11. How the workforce culture at CIS has changed over time07:57. What types of employee feedback CIS obtains after in-person events09:33. How in-person interactions guide a continuous learning program for CIS employees10:55. How events such as the holiday open house and office party continue to evolve16:48. Why CIS has been so successful in helping employees to navigate remote work20:04. The impact of an engaged Board of Directors on workplace culture21:40. Celebrations and upcoming plans for culture and learning at CISResourcesEpisode 83: Why Meeting in Person Matters to CIS EmployeesEpisode 58: Inside CIS's Award-Winning Workplace CultureCenter for Internet Security Named Among 2024 Best Companies to Work for in New YorkCenter for Internet Security Named Among 2024 Top WorkplacesIDEA AllianceCIS CaresEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 114 of Cybersecurity Where You Are, Tony Sager is joined by three past and current Board Chairs of the Center for Internet Security® (CIS®): Frank Reeder, CIS Director Emeritus and Founding Chair as well as Director of the National Cybersecurity Scholarship Foundation; John Gilligan, President and Chief Executive Officer of CIS; and Bobbie Stempfley, CIS Board Chair and Business Security Officer of the Infrastructure Solutions Group at Dell Technologies. Together, they reflect on 25 years of CIS building community in the cybersecurity space.Here are some highlights from our episode:07:04. Perception of the problem that led to the idea of CIS10:18. The value of building community outside of government17:31. A sustainable and powerful business model for CIS21:28. John's priorities during his transition from Board Chair to CEO34:38. What CIS will focus on next39:00. Parting thoughts for the futureResourcesEpisode 35: Remembering the Late Alan PallerEpisode 97: How Far We've Come preceding CIS's 25th BirthdayEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 76: The Role of Thought Leadership in CybersecurityEpisode 58: Inside CIS's Award-Winning Workplace CultureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 113 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security® (CIS®); Adam Bobrow, Co-Founder and President of Veribo Analytics; and Sridevi Joshi, Co-Founder and CEO of Veribo Analytics. Together, they discuss how the Business Impact Analysis tool created by CIS and Veribo Analytics empowers individuals and organizations to use cyber risk prioritization as a basis for their ransomware defense strategy.Here are some highlights from our episode:04:35. Background on the impetus for the tool's development07:57. How our understanding of cybersecurity risk differs from other areas of risk12:21. Insight into Sridevi's learning process about cyber risk prioritization as a technologist18:23. How the development process of the Business Impact Analysis tool got underway21:05. What went into the process of translating the goal into tooling31:34. Reflections on the tool's reception and what's nextResourcesCIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0CIS Controls Self Assessment Tool (CIS CSAT)SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies4.3 Establish a Bureau of Cyber StatisticsFAIR: A Framework for Revolutionizing Your Risk AnalysisReasonable CybersecurityHow to Measure Anything in CybersecurityEpisode 107: Continuous Improvement via Secure by DesignEpisode 105: Context in Cyber Risk QuantificationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 112 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Rob T. Lee, Chief of Research and Head of Faculty at SANS Institute. Together, they discuss how SANS Institute applies an operational or "do" model of leadership to gather expertise, build shared purpose, and foster action on evolving cybersecurity trends.Here are some highlights from our episode:05:47. How Rob ended up teaching at SANS Institute08:49. Rob's first experience meeting and working with the late Alan Paller12:07. How Rob's responsibility at SANS Institute has expanded20:02. Key cybersecurity trends on Rob's agenda as Chief of Research23:52. The need to refine our understanding of AI based on its different applications36:28. Guidance for the 47th U.S. Presidential AdministrationResourcesEpisode 35: Remembering the Late Alan PallerThe Cyber Security Hall of Fame Announces 2024 HonoreesEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 75: How GenAI Continues to Reshape CybersecurityCrowdStrike Falcon Outage Exploited for Social EngineeringWhy Whole-of-State Cybersecurity Is the Way ForwardFrom Both Sides: A Parental Guide to Protecting Your Child's Online ActivityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 111 of Cybersecurity Where You Are, Tony Sager is joined by Rick Howard, N2K Chief Security Officer and the Chief Analyst and Senior Fellow at The Cyberwire. Together, they discuss a first principle of cybersecurity proposed by Rick in his book, Cybersecurity First Principles: A Reboot of Strategy and Tactics.Here are some highlights from our episode:04:30. What drove the need to formulate a foundational cybersecurity assumption07:44. How other "first" principles of cybersecurity have failed14:13. The three elements of Rick's first principle of cybersecurity25:55. How to derive action and improvements from Rick's first principle40:34. Tips on getting started with a risk forecasting strategyResourcesEpisode 105: Context in Cyber Risk QuantificationFAIR: A Framework for Revolutionizing Your Risk AnalysisElection Security Spotlight – CIA TriadEpisode 44: A Zero Trust Framework Knows No EndExecutive Order on Improving the Nation's CybersecurityCybersecurity CanonSuperforecasting: The Art and Science of PredictionHow to Measure Anything in Cybersecurity RiskIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 110 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Lee Noriega, Executive Director of the Cybersecurity Services Organization and Acting General Manager of Sales and Business Services at the Center for Internet Security® (CIS®); and Jerry Gitchel, founder of Leverage Unlimited and listener to Cybersecurity Where You Are. Together, they examine a question sent in by Jerry: if a corporate culture is lacking, can a security culture exist?Here are some highlights from our episode:01:33. What security culture is and how it differs from corporate culture05:30. What elements factor into a strategy to drive corporate culture09:30. The importance of a feedback loop for culture15:43. How to cultivate "institutional ownership" in an organization's workforce19:03. What goes into fostering security consciousness in support of security champions25:14. The challenges of engaging corporate culture to think about security culture29:13. Examples and takeaways for listenersResourcesWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 107: Continuous Improvement via Secure by DesignSeth Godin | Why People Like Us Do ThisThe Cuckoo's Egg: Tracking a Spy Through the Maze of Computer EspionageIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 109 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®); and Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CIS. Together, they examine the scariest malware of 2024 and share some recommendations for how organizations can keep up with the changing cyber threat landscape.Here are some highlights from our episode:01:32. What makes certain malware strains "scarier" than others05:37. What trends shaped the cyber threat landscape in 202414:25. The most terrifying cyber threat actor sphere in 202419:41. How malware tactics and techniques from 2024 will continue to evolve25:04. How individuals and organizations can proactively defend themselves29:52. National strategies that are shaping malware defense and incident responseResourcesTop 10 Malware Q3 2024Election Security Spotlight – What Is Misinformation?Salt Typhoon Hacks of Telecommunications Companies and Federal Response ImplicationsEpisode 107: Continuous Improvement via Secure by DesignIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 108 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Ed Skoudis, CEO of Counter Hack Challenges and President of SANS Technology Institute. Together, they discuss the evolution of gaming and competition in cybersecurity and how these activities help to make the industry stronger.Here are some highlights from our episode:02:04. What goes into creating a game environment that attracts all kinds of skill levels04:43. A multi-disciplinary approach to creating a game environment16:14. How gaming and competition help to spot people with talent and potential23:32. The challenges of keeping pace with new technology32:03. The biggest challenges of putting a game environment together36:47. How to keep track of characters, situations, and story elements of a gameResourcesSANS Cyber RangesSANS Holiday Hack ChallengeEpisode 59: Probing the Modern Role of the PentestEpisode 95: AI Augmentation and Its Impact on Cyber DefenseLockBit 3.0 RaaS Gang Incorporates BlackMatter CapabilitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 107 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Steve Lipner, Executive Director of SAFECode. Together, they discuss how software development organizations can use principles of "secure by design" to get on a track of continuous improvement.Here are some highlights from our episode:01:38. Steve's background and thoughts on the emergence of secure by design14:04. Three guiding principles of secure software development16:13. The impact of security awareness from a developer's perspective22:22. How threat modeling helps to address security as a system problem25:37. The effect of modern software development methodologies like Agile and DevSecOps30:29. What CISA's activity around secure by design means for the industryResourcesSAFECodeSecure Software Development Framework (SSDF)Embedded IoT Security: Helping Vendors in the Design ProcessEpisode 95: AI Augmentation and Its Impact on Cyber DefenseIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 106 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris Smith, Social Media Specialist at the Center for Internet Security® (CIS®).Together, they use a donation scam about a natural disaster to advise how you can stay safe against this type of cyber threat.Here are some highlights from our episode:00:49. Why it's important to talk about donation scams and why they're so prevalent05:13. Recounting a real-world example of a donation scam10:43. Common tactics leveraged by online scammers13:27. Guidance for defending against a donation scam16:48. The rise of checks and balances to defend against crowdfunding scams20:59. How research can help you to verify before you donate29:11. What to do if you have fallen for a scamResourcesEpisode 27: Cyber ScamsOctober: Cybersecurity Awareness MonthIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 105 of Cybersecurity Where You Are, Sean Atkinson discusses the importance of context in maturing how you use cyber risk quantification to build cases for risk treatment strategies.Here are some highlights from our episode:01:56. The inspiration for an episode on cyber risk quantification02:38. How to situate risk quantification in your business processes08:56. Traps to avoid when quantifying cyber risks12:12. How the quantification process relates to controls implementation16:50. Why the right people and data can help you build something sustainable23:19. Three lenses for examining cyber risk26:50. Different means for communicating risk to stakeholdersResourcesQuantitative Risk Analysis: Its Importance and ImplicationsFAIR: A Framework for Revolutionizing Your Risk AnalysisCIS Critical Security Controls®CIS Risk Assessment Method6 Truths of Cyber Risk QuantificationSociety of Information Risk AnalystsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 104 of Cybersecurity Where You Are, Sean Atkinson is joined by Kennidi Ortega, Information Security Analyst at the Center for Internet Security® (CIS®).Together, they explore the experience of a first-year analyst and how they might make the most of getting started in a cybersecurity career.Here are some highlights from our episode:01:07. How Kennidi got started in cybersecurity and what led her to the field03:44. What the beginning of Sean's cybersecurity career looked like04:23. The biggest challenges a first-year analyst may face07:56. Helpful resources for getting started in the cybersecurity industry11:58. Which technical skills Kennidi sharpened the quickest in her role16:05. The most important business skills for planning a future in cybersecurity20:13. How an agile mindset in cybersecurity supports career growth23:00. Recommendations on career mapping for first-year analysts28:13. The value of mentorships in cybersecurityResourcesEpisode 103: Education vs. Experience in CybersecurityEpisode 54: How to Get Started in CybersecurityEpisode 15: Cybersecurity Success Takes Soft SkillsEpisode 45: The Importance of MentorshipTryHackMeSANS Cyber Security SummitsPancakesConTrace LabsBackdoors & BreachesRaices CyberCyberWarriorCyber.orgWomen in CyberSecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 103 of Cybersecurity Where You Are, Sean Atkinson examines education and experience as pathways for new professionals to enter the cybersecurity industry.Here are some highlights from our episode:01:42. What's motivating Sean to talk about this topic03:32. The value of cybersecurity degrees05:17. The pros and cons of degree programs in cybersecurity07:47. How a cybersecurity certification compares to a degree10:57. Considerations for pursuing a certification in cybersecurity14:00. Using certifications to learn new technology paradigms16:54. Why a breadth of practical experience is important22:49. Pathways for gaining experience in cybersecurityResourcesEpisode 75: How GenAI Continues to Reshape CybersecurityEpisode 59: Probing the Modern Role of the PentestOutliers: The Story of SuccessHack The BoxTryHackMeDavid BombalIppSecPortSwiggerJohn HammondIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 102 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Lawrence Cruciana, President of Corporate Information Technologies (CorpInfoTech)Together, they discuss the "sporty" rigor underlying the process and value of achieving CIS Controls Accreditation.Here are some highlights from our episode:01:36. What is meant by CIS Controls Accreditation, as certified by CREST03:32. What motivated CorpInfoTech to pursue accreditation07:47. The importance of CIS Controls Accreditation to the cybersecurity ecosystem20:07. The business value of accreditation for recipientsResourcesCIS Controls AccreditationCorpInfoTech Receives First CIS Controls AccreditationCorpInfoTechTop Hurdles for MSSPs and One Shining SolutionCIS Community Defense Model 2.0Episode 44: A Zero Trust Framework Knows No EndIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.Here are some highlights from our episode:01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments05:08. Why have organizations look at their Active Directory environments11:15. Common vulnerabilities and misconfigurations identified by Bloodhound21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy29:18. How Bloodhound is adapting to keep up with evolving Active Directory environmentsResourcesBloodhound Community EditionEpisode 62: Inside the 'Spidey Sense' of a PentesterWhat You Need to Know About Hybrid Cloud EnvironmentsVulnerability Management Policy Template for CIS Control 7CIS Benchmarks ListIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 100 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by David Bisson, Sr. Content Marketing Strategist at the Center for Internet Security® (CIS®).Together, they celebrate the first 100 episodes of Cybersecurity Where You Are and discuss where the podcast might go in the future.Here are some highlights from our episode:01:14. How the podcast's approach and content have changed since the first episode04:19. What surprised the team about the "machinery" of putting on a cybersecurity podcast07:53. A look back at some of our favorite guests and types of podcast episodes27:20. How the podcast can continue to support the cybersecurity industry going forwardResourcesEpisode 1: Welcome to the BasicsEpisode 7: CIS Controls v8…It's Not About the ListEpisode 9: Mitigating Risk: Information Security GovernanceEpisode 24: How Do I Start a Career in Cybersecurity?Episode 59: Probing the Modern Role of the PentestEpisode 96: Making Continuous Compliance Actionable for SMBsEpisode 97: How Far We've Come preceding CIS's 25th BirthdayIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 99 of Cybersecurity Where You Are, Sean Atkinson is joined by Marcus Sachs, SVP and Chief Engineer at the Center for Internet Security® (CIS®).Together, they discuss how cyber-informed engineering builds resilience to the potential failure of a digital system into new and existing engineering products.Here are some highlights from our episode:03:51. What cyber-informed engineering is and how this paradigm has emerged11:39. What CIS is doing to emphasize cyber-informed engineering among U.S. State, Local, Tribal, and Territorial (SLTT) government organizations16:25. Why resilience requires everyone to be "cyber-informed"20:50. The need for boards of directors and C-Suite leaders to understand cybersecurity risk25:30. What preparations help to lay the foundation for cyber-informed engineeringResourcesCyber-Informed EngineeringNational Cyber-Informed Engineering StrategyCyber-Informed Engineering Implementation GuideEpisode 75: How GenAI Continues to Reshape CybersecuritySmart Cities Need Smarter SecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 98 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.Together, they embrace transparency as a vehicle for the cybersecurity industry to better defend against insider threats.Here are some highlights from our episode:01:28. How KnowBe4 detected an insider threat from North Korea09:09. How the Center for Internet Security® (CIS®) responded to news of this incident21:02. The role of technical controls in detecting these types of threats23:56. Common signs you can use to detect fake employees in your hiring process29:22. How cybersecurity companies can use this incident to improve their defensesResourcesHow a North Korean Fake IT Worker Tried to Infiltrate UsNorth Korean Fake IT Worker FAQEpisode 77: Data's Value to Decision-Making in CybersecurityDefense-in-Depth: A Necessary Approach to Cloud SecurityeBook: A CISO's Guide to Bolstering Cybersecurity PostureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 97 of Cybersecurity Where You Are, Tony Sager is joined by the following guests:Dr. Ramon Barquin, Board Member at the Center for Internet Security® (CIS®) and President and Chief Executive Officer at Barquin InternationalFranklin Reeder, Director Emeritus and Founding Chair of CIS as well as Director of the National Cybersecurity Scholarship FoundationClint Kreitner, Founding President/CEO and Former Board Member at CISTogether, they look back at how much CIS has accomplished as an organization in the leadup to its 25th birthday.Here are some highlights from our episode:06:04. What brought everyone to CIS's founding meeting at the Cosmos Club16:08. The first steps to operationalizing the takeaways of the Cosmos Club meeting25:40. How CIS's business model came to be34:24. The events that brought the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) into CIS42:42. Tracing the past forward to where we are nowResources20 Years of Creating Confidence in the Connected WorldEpisode 35: Remembering the Late Alan PallerReasonable Cybersecurity GuideEpisode 79: Advancing Common Good in Cybersecurity – Part 1MS-ISAC: 20 Years as Your Trusted Cyber Defense CommunityDr. Ramon BarquinFranklin ReederIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 96 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Tarah Wheeler, CEO of Red Queen Dynamics.Together, they discuss ongoing efforts to translate continuous compliance into something actionable for small- to medium-sized businesses (SMBs).Here are some highlights from our episode:03:11. The philosophy behind a business model focused on continuous compliance for SMBs17:44. How the Fog of More complicates security and compliance for the "cyber-underserved"30:56. How the industry can navigate the multiple-framework issue and streamline complianceResourcesFollow Tarah on LinkedInEpisode 95: AI Augmentation and Its Impact on Cyber DefenseImplementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1Build a Robust Continuous Audit Program in 10 StepsHow Prioritized Security Controls Break Through the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 95 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®).Together, they discuss AI augmentation in terms of how cyber defenders are using generative artificial intelligence to enhance their capabilities.Here are some highlights from our episode:01:16. How artificial intelligence has changed the landscape for cybersecurity defenders03:49. How AI is starting to augment threat detection10:12. What security researchers are exploring around AI and cyber defense20:54. Key challenges and limitations for AI-based cyber defense30:54. Future trends and innovations for cybersecurity defenders' use of AIResourcesEpisode 56: Cybersecurity Risks and Rewards of LLMsEpisode 59: Probing the Modern Role of the PentestSEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionalsfr0gger / Awesome-GPT-AgentsThe LLM Misinformation Problem I Was Not ExpectingSeparating FUD from Practical for Post-Quantum CryptographyIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 94 of Cybersecurity Where You Are, Tony Sager is joined by the following guests from the Center for Internet Security® (CIS®):Carlos Kizzee, SVP of Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & PlansKaren Sorady, VP of MS-ISAC Strategy & PlansGreta Noble, Director of Community EngagementTogether, they discuss how the ISAC Annual Meeting supports the 24x7x365 community defense efforts of the MS-ISAC and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®).Here are some highlights from our episode:02:30. Background information on ISACs in general and the role of the MS-ISAC04:17. Why it's an annual meeting and not a conference06:40. What made the 2024 ISAC Annual Meeting the largest of its kind so far08:43. How the human dimension drives our yearly meeting15:44. The role of the MS- and EI-ISACs in CIS's broader strategy19:42. How our yearly meeting improves what CIS does29:57. What's next for the ISAC Annual MeetingResourcesMS-ISAC: 20 Years as Your Trusted Cyber Defense CommunityEpisode 76: The Role of Thought Leadership in CybersecurityReasonable Cybersecurity GuideCybersecurity at Scale: Piercing the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 93 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined once again by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®).Together, they discuss a whole-of-society approach to help make the U.S. public resilient against multidimensional threats in our connected world.Here are some highlights from our episode:01:52. What the U.S. pubic needs to consider in order to strengthen its resilience06:04. How a national framework addresses the need for organizations to build resilience and intercommunication in the face of increasingly sophisticated threats11:41. Identifying who key partners are in a complex, hybrid world16:49. How people are responding to the national framework and where they are seeing value21:50. Clarifying hopes for the national framework going forwardResourcesJohn D. CohenEnhancing Safety in the Connected World — A National Framework for ActionEpisode 92: A Framework to Counter Evolving Cyber ThreatsWhy Whole-of-State Cybersecurity Is the Way ForwardPublic Water and Wastewater Sector Face Mounting Cyber ThreatThe National Cybersecurity StrategyIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 92 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Cohen, Executive Director of Countering Hybrid Threats at the Center for Internet Security® (CIS®). Together, they discuss "Enhancing Safety in the Connected World — A National Framework for Action," a multi-year project to help law enforcement and security professionals better contextualize and respond to evolving cyber threats.Here are some highlights from our episode:02:01. Why the current threat environment necessitates a framework that accounts for "cyber physical," "cyber safety," and other considerations08:48. How entities at the federal level and local law enforcement approach evolving cyber threats differently16:34. The different types of threats that characterize the evolving cyber threat environment22:05. How the Federalist Papers inform the Framework's "whole-of-society" approachResourcesJohn D. CohenEnhancing Safety in the Connected WorldEpisode 75: How GenAI Continues to Reshape CybersecurityWhy Whole-of-State Cybersecurity Is the Way ForwardEstablishing Essential Cyber HygieneIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 91 of Cybersecurity Where You Are, Sean Atkinson is joined by Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®).Together, they discuss what you need to know about the release of CIS Controls v8.1.Here are some highlights from our episode:01:17. What you can expect to see in version 8.1 of the Controls06:19. How CIS Controls v8.1 helps you to integrate other governance structures09:23. How version 8.0 and version 8.1 of the Controls differ14:19. What goes into creating a new version of the Controls21:06. Which resources you can use to guide your implementation plan26:39. A sneak peek into the development of version 9.0ResourcesFollow Charity on LinkedInCIS Critical Security Controls v8.1CIS Critical Security Controls v8.1 Change LogHow to Construct a Sustainable GRC Program in 8 StepsCIS Controls v8.1 Mapping to NIST CSF 2.0CIS Critical Security Controls NavigatorEpisode 87: Marking 11 Years as a Verizon DBIR ContributorCybersecurity at Scale: Piercing the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 90 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Mia LaVada, Product Manager of CIS Benchmarks and Cloud at CISDon Freeley, VP of IT Services at CISTogether, they discuss how you can use CIS resources to ensure control continuity when migrating to the cloud.Here are some highlights from our episode:01:35. The biggest drivers for why organizations are moving to the cloud02:42. Foundational factors to consider as part of your cloud migration07:24. Resources from CIS designed to help you in your transition to the cloud11:00. Common challenges of migrating to the cloud14:37. The importance of three CIS Controls to your cloud security program18:35. The value of partnerships and community in driving cloud security improvements19:32. How you can use the CIS Foundations Benchmarks to get started in the cloud23:06. Inside the human and process side of moving to the cloudResourcesFollow Charity, Mia, and Don on LinkedInKeep the Cloud Secure with CIS after Migrating to the CloudCloud SecurityCIS Software Supply Chain Security GuideCloud Security and the Shared Responsibility ModelIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 89 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by the following guests:Rian Davis, Elections Cyber Threat Intelligence Intern at the Center for Internet Security® (CIS®)Timothy Davis, Sr. Elections Cyber Threat Intelligence Analyst at CISTogether, they discuss how cyber threat actors (CTAs) are using generative artificial intelligence (GenAI) as an enabler of their attacks.Here are some highlights from our episode:01:04. Why it's important to raise awareness of how CTAs are using GenAI01:59. How the CIS Cyber Threat Intelligence (CTI) team is seeing generative AI in CTAs' attack methodology03:50. The types of attacks that are using this technology and how the frequency of those attacks is changing05:46. Some notable attacks that have used GenAI in their methodology16:10. The ways in which CTAs are incorporating generative AI into social engineering24:17. What defenders can do in response to CTAs' use of GenAIResourcesAn Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsEpisode 56: Cybersecurity Risks and Rewards of LLMsElection Security Spotlight – Generative AI and ElectionsMS-ISAC Security Primer – Spear PhishingWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 88 of Cybersecurity Where You Are, co-host Sean Atkinson discusses the evolving role of a chief information security officer (CISO).Here are some highlights from our episode:02:47. Why communication is a core competency for CISOs08:35. How to take a balanced approach when evaluating an organization's implementation of artificial intelligence (AI) and machine learning (ML)11:47. The role a CISO plays in integrating privacy requirements into the organization15:35. Thoughts on how you can start preparing for or moving into a CISO position19:12. A future outlook of the CISO role26:40. Average longevity of CISOs in their roles and how this affects a security postureResourcesEpisode 75: How GenAI Continues to Reshape CybersecurityReasonable Cybersecurity GuideEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Critical Security Controls® (CIS Controls®)Cybersecurity at Scale: Piercing the Fog of MoreCIS Software Supply Chain Security GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CISTogether, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.Here are some highlights from our episode:02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR07.27. The two types of data that Verizon uses as input for its report13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement24:48. A glimpse at what goes into producing the DBIR28.33. The importance of leadership in guiding team dynamics and fun32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR teamResources2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report2024 Data Breach Investigations ReportThe VERIS FrameworkCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.