Hashtag Realtalk with Aaron Bregg

In this first episode of 2025, I picked a topic that is one of the few areas of security that is both 'hype' and 'real'. Threat Intelligence. It is an area that you can get great information for free but also overpay for what you get.I wanted to take a different approach to discussing this one, so I contacted a well-respected colleague of mine, Justin Lentz. Who happens to  work in the SMB Threat Intel space to come on the podcast and share his experiences and thoughts.Talking Points:How do you approach a smaller client when it comes to TI?What is different when it comes to a client that has some experience with TI?What are some pitfalls when you look at the different TI providers out there?What happens when you run into data that is not relevant to your company's process?Asking clients what is the problem that you are trying to solve?What do you do when you have a low or limited budget?What is his experiences running into this type of project (open source tools, using Azure, etc.)What does it look like a year later?SaaS platformPartnering with different groups, agencies, etc.The 'addiction' on wanting to get more dataCreating a Circle of Trust to share valuable informationEpisode Charity:Corewell Health's Blue Envelope Student Suicide Prevention ProgramEpisode Sponsor:Solis Security is a cyber security managed service provider specializing in Threat Intelligence and Incident Response.  

In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.Talking Points:Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What were some of your biggest challenges and frustrations back then?In 2018 you assumed the dual role of CTO and CISO, what was the hardest thing you had to change/overcome with having that dual role?Let's talk to WannaCry incident, what did the high level leadership view look like and what decisions needed to happen?In 2019 you had to re-evaluate the state of the security program at the halfway part of the timeline. During that you had to make some hard choice about the direction we needed to go in order to compete things. How did you come up with those decisions?You have had the distinct 'pleasure' of being a part of both a small healthcare and large scale acquisitions, what are some valuable lessons learned from each?In 2020 you had to pivot from an almost entirely in-person workforce to almost 100% remote, how did you manage to accomplish this in a timely and successful manner?In 2023 you had a chance to speak in front of congress around healthcare security, walk me through how that came about, how you felt in the moment and what things would you do differently (in hindsight)What has been the hardest part of planning and implementing Artificial Intelligence security?Heading into 2025, what advice do you have for other healthcare security leaders as they face the challenges of tighter budgets, smarter threat actors and changing business strategies? Episode Charities:Toys for Tots of Grand Rapids - Presents for less fortunate childrenNorth Kent Connect - A great foundation that helps families with items that may not be covered by other programsYMCA of Greater Grand Rapids - Great organization promoting healthy lifestylesEpisode Sponsor:Cloud Con - Michigan's premier security and infrastructure conference!

*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.In this episode, which is the first of a listener requested one around technical topics.With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and intel providers that can do this, but they're not cheap. So why don't we just do it ourselves?Python can handle simple tasks surrounding dark web scanning and offers more customization for complex tasks. Using strictly free open-source libraries and any system you have available, you can set up an automated scanner and detect threats as they arise.Scan for IP addresses, potentially compromised emails, crypto addresses, and any regex patterns that you desire. Map your findings to the most relevant onion sites and get an understanding of where your adversaries tend to operate. This is just a start. From here, you can go almost anywhere.Episode Charity:Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.Episode Sponsor:Cloud Security Alliance of West MichiganTalking Points:Why is it important that you at least have a basic understanding of the Dark Web is you are in the Small and Medium sized Business (SMB) space.Pros and Cons of Build vs BuyWhat safeguards do you want when out in the fringes?What are the mental health aspects of doing this type of work? How manage those pressures?What are Seed URLs?How to use Dark Web templates for scanning.Description credit to GrrCon

In this episode I talk with Tamer Baker around the not always clear topic of Zero Trust. While the term has been around while, it definitely gets overused by security vendors. However, because of Tamer's role as the Chief Technology Officer in the Healthcare space, he is also to bring several different points of view to the conversation.  Several of these are key to solving questions such as:Is Zero Trust truly expensive and painful? (Radiologist user experience example)As more and more healthcare systems are having to worry about budgets, he challenges the concepts on doing the same with 'less'.A lot of security vendors are talking AI in their products, what things is your company doing that is actually using AI?These are just a few of the tough questions that we tackle. So, set aside some time in your day to listen in to a great conversation!Episode CharitySince 2011, Black Girls Code has supported girls of color in tech through coding education and more. We partner with schools and organizations to offer a range of programs, both in-person and virtual, for ages 7-25.Episode SponsorZscaler is a Cloud Security company based out of San Jose California.

In this episode I talk with Matt Berzinski  about the important of understanding that identity is a journey not a destination. Matt is the Senior Director of Product Management for Ping Identity and has extensive knowledge about identity.Talking Points:Realtime Fraud/RiskOrchestrationOrganizations (The importance of offload work that you don't need to do it)Single Sign OnMulti FactorIdentity Verification (Francis talked about a local automotive company referencing mobile apps for a car)Robot or Vehicle Identity is a relationship not a dependency (Matt has a great Rosie the Robot from The Jetsons reference)Why is Obfuscation still important? Episode Charity:Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.Episode Sponsor:This episode is sponsored by Ping Identity. Ping is an identity solutions provider based out of the great state of Colorado in the awesome town that is Denver.

In this special end of summer episode, I sat down with Tyler Adams to talk about being in the trenches during the recent Crowdstrike incident and other interesting stories from the crazy summer. Tyler is an Information Security Analyst for Corewell Health. He works on the Security Business Engagement Team.Talking Points:What was it like being in the trenches during the Crowdstrike incidentHow having a Business Continuity Plan comes in playWhat was the most surprising about the incident?What challenges are stemming from what the business is working on?Getting the business to understand the value of Multi-Factor AuthenticationData 'Cleanliness' is becoming more important

In this episode I had a chance to have a candid conversation with Charles Henderson. Charles is a global managing partner at IBM and also happens to be the head of the X-Force team. IBM recently released the X-Force Threat Intelligence Index report for 2024.While the report is delves into many different areas of Threat Intelligence, we concentrated on several key areas focused primarily on artificial intelligence:Pronounced increase in Identity attacksUnderstanding how more 'business-like' malicious actors are becomingUpcoming universal AI attack surfaceHow much do you think this will get wors? For example, I reached out to a couple of CISOs from some prominent local companies and one of their worries was and I quote, "Longer term I think we will have to worry about attackers trying to attack and leverage AI technologies that are being utilized by organizations."50% is the expected market share threshold likely to trigger attacks against AI platforms.Evolution of malware delivery mechanisms. AI's part in Business Email Compromise. Another area of concern when I polled my CISO contacts was AI's ability to, and I quote again, "Easier to perfect grammar and templates for phishing and other social engineering attempts.". How do you think companies like IBM can start helping people combat these types of attacks?)Thoughts on OpenAI's Sora and its potential impact on securityEpisode Charity:The Corewell Health's involvement in the Blue Envelope Suicide Prevention Program. The School Blue Envelope Suicide Prevention Program trains middle and high school faculty and staff so that every school employee—from teachers to coaches and bus drivers—would know how to respond to a student who may express thoughts of suicide. The “Blue Envelope” protocol for crisis management was developed internally to quickly activate patient safety responses by communicating the code words "Blue Envelope."Every person within a physician's office became proficient in how to respond at a moment's notice to a patient who may have thoughts of suicide. Through previous grant and foundation dollars, this program has been able to successfully train over 8,500 middle, high, and elementary school personnel across 156 schools within 53 different school districts. This training has resulted in over 2,000 interventions for students in crisis.Episode Sponsor:This episode is sponsored by IBM, who recently celebrated their 100th birthday! IBM is a computer solution company based out of Armonk, New York.

In this episode I had a chance to sit down in person with the always insightful and never dull cybersecurity leader, Jim Kuiphof. Jim is the Deputy Chief Information Security Officer at Corewell Health. The topic for this casual conversation is Understanding Your Personal Risk Tolerance. More specifically, it speaks to understanding the different between your own risk tolerance and the business's risk tolerance.Jim has talked on this recently at events like Cloud Con and the Digital Services Summit. His ideas for understanding how to balance personal and business has been a HUGE thing in my professional career.Talking Points:What is Risk?What is Tolerance?Understanding the difference between Personal Risk and Business RiskWhy is it so important to understanding alignment?Diagnosing the DissonanceWhat do you do about it?What does taking ownership look like?Maintaining risk tolerance alignmentThis talk is not only useful for people in the cybersecurity industry, but across all of information technology. It does matter what level you are at, this information can help you!

In this episode I had a chance to speak with Bryan 'Woody' Woodworth around simplifying and securing multi-cloud networking. Bryan is the Director of Solution Strategy for Aviatrix. As we are a few weeks into 2024 and the importance of understanding and utilizing multi-cloud strategies is becoming more and more apparent. Talking Points:What are the current trends in the industry pertaining to multi-cloud?Skills Gaps - More pronounced in Multi-Clouds, FinTech and Banking industries will 'mandate' what environments you use.What are the areas where skill gaps can be addressedSecure Cloud Networking Field Report Sneak PeakWhat kind of tools can you give them and creative ideas that you can use themAutomation is hot but do you know how to prioritize what you automate?The glory days of cloud are over and how do you 'save your pennies' and still move towards a solid FinOps modelConstant state of attack that the cloud is under (How can you protect yourself going forward)Episode Charity:Proceeds from this episode will be going towards the children's mental health program at Corewell Health Foundation.Episode Sponsor:Aviatrix is a Secure Cloud Networking company based out of Santa Clara California.

In this special episode we celebrate the 4th annual holiday fundraiser podcast. It is already a blessing to raise money for great causes all while raising security awareness for small and medium sized businesses. The topic for this episode is one that is super relevant for this day and age of Digital Transformation. However, in keeping with the format of #RealTalk, we are going to explore some 'real world' use cases for using Artificial Intelligence in Security in 2024.The have two special guests and one awesome co-host for this episode. Kassandra Murphy is a Senior Consulting Solutions Engineer for Splunk. My other guest is Sanjay Kalra who is in Product Management for ZScaler.My co-host for this episode is none other than Jim Kuiphof, who happens to be the Deputy Chief Information Security Officer at Corewell Health!Talking Points:Touched on phases of the kill chain/attack lifecycle and how AI comes into play, WHY it's expanding the attack surface within each phase (i.e., system enumeration can be done at such a larger speed and scale)How will AI change how companies will be adhering to the new Security and Exchange Commission's policy for reporting security breachesResearching AI from a defensive Point of ViewHow do you keep up with the business's speed of moving forward with AI while trying to protect itEpisode Sponsors:Splunk -  Splunk is a security observability solutions provider based out of San Francisco California.Zscaler -  ZScaler is a security solution provider based out of San Jose California. Episode Charities:North Kent Connect - North Kent Connect is a Christian organization committed to improving the lives of all people in northern Kent County by providing access to basic needs and promoting economic independence.Toys for Tots West Michigan - The mission of the U. S. Marine Corps Reserve Toys for Tots Program is to collect new, unwrapped toys during October, November and December each year, and distribute those toys as Christmas gifts to less fortunate children in the community in which the campaign is conducted.Reference Links:If you are interested in the SURGe blog that Kassie talked about in the episode, you can find it Here.

Have you ever wondered what it takes to get into the information security field? Have you thought how hard could it be? What about all of the big money I hear people make in this space? Well in this episode I talk with Mattalynn Darden and Esther Muchai about how hard it really is to break in.If you are wondering how these two talented young women know, here is a little background on what they are currently doing and why it is relevant to the this episode's topic.Mattalynn is an Information Security Intern at Lear Corporation and Esther is pursuing your Master's Degree in Cybersecurity at Grand Valley State University. Both of them share some of the struggles that they are currently having and I give some advice on how to possibly overcome them.So, if you are thinking of entering the crazy, foggy world that is Information Security, then this episode is for you!Talking Points:What made you want to get into the cybersecurity field?What are some of the main challenges that you are facing right now?Did either of you go the 'paid' learning route (e.g. college or training classes)?What are some free training/tools you have found useful?

*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers.In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location.  Matt is a Senior Security Architect for Guidepoint Security. The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone.Talking Points Include:Ineffective Bad Behavior - You are doing you and your company a disservice Improper In-person Event EtiquetteDo Social Engineering for Good!What you as a Customer can do to help set expectationsThe importance of building relationshipsSpecial shout outs to Maril Vernon, Michelle Beracy and Anthony Coggins!

In this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter. Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter.Talking Points:How can the CIS 18 help an SMB build your security program?How can the CIS 18 help mature a security program?Which controls should a company start with?And many more!Episode Sponsor:Grand Rapids ISSA Chapter (with special thanks to Optiv). The GR-ISSA is the local chapter of the Information Systems Security Association.Episode Charity:The charity for the month of November is the Corewell Health Foundation. More specifically, the money will be going to assist children with various mental health challenges.

In this episode I had a chance to speak with Chris Jordan and Al Wissigner about where a small and medium sized business (SMB) should start their security journey. This is especially important in this day and age of the ever expanding cloud infrastructure and Software as a Service (SaaS) models.  Both of these fine gentlemen work for Fluency and have a TON of experience working SMBs.Talking Points:The idea of bridging the gap between what they want to do and what they can afford to do?Why is it so important for an SMB to understand how to properly do cross-platform?Security companies are generally not targeting SMBsWhy is BEC one of the most important things to do understand?How can a SMB use automation to help offset the lack of a large security team?Episode Charity:October's selected charity is called the Both Hands. Both Hands is an organization that helps local widows with chores/projects that are hard to do on their own, all while raising money for a family to adopt a child.Episode Sponsor:This episode was sponsored by Fluency. Fluency is a modern security operations platform that can handle today's agile environments. They are based out of Rockville, Maryland.

Despite the recent push by some old school (re: outdated) leaders to force employees to return the office, remote work is here to stay. While we all talk about the importance of making remote work secure, there isn't much talk about how the experience for the end-users. Fortunately, there are some companies out there that are understanding the need to balance security, business and end user needs.In this episode I talk with Melinda Ann O'Neill about Digital Employee Experience (DEX). Melinda Ann is a Director of Strategic Accounts for Tanium. We covered several key areas of both business success and information security success.Talking Points:Why is ensuring a remote employees' experience is critical to a company's success?What are some of the main challenges businesses are having when it comes to DEX?What are some ways that a multi-faceted solution can balance both security and business concerns?Episode Charity:October's selected charity is called the Both Hands. Both Hands is an organization that helps local widows with chores/projects that are hard to do on their own, all while raising money for a family to adopt a child.Episode Sponsor:This episode was sponsored by Tanium. Tanium is a End Point Solutions company based out of the West Coast state of Washington.

In this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams. Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health.Talking Points:How has Network Segmentation changed in 2023?Who is responsible? Is that team being supported enough?How are you compartmentalizing things?Should you separate your IT and your OT?Does network segmentation make it easier to start a deception campaign?How can you get business buy it to make this happen?Episode Sponsor:This episode is sponsored by Fortinet. Fortinet is a Network Security Solutions company based out of Sunnyvale California.Episode Charity:Part of the sponsorship fees from this episode will be going to the Alex's Saints charity. Alex's Saints Foundation works to provide life-changing emotional and financial assistance to young adults who struggle with substance use disorder, while empowering long-term recovery.Editor's Note:A quick note about the charity comment in the episode. I mistakenly confused the topic of the charity we are working this month to one I am looking into. Alex's Saints is not a suicide prevention organization.  My sincerest apologies for the confusion.

A few years ago, the topic for the 3rd episode for the #RealTalk with Aaron Bregg podcast about Diversity And Inclusion in the Cybersecurity Industry. To this date it is one of the most downloaded episodes. Since that episode was publish a LOT has changed in the world. I felt that it was time to revisit the topic but with a little bit of a twist. The need for a twist comes from the fact that DEI in cybersecurity still where it needs to be.As luck would have it I had met Angela Hill a few years back when Matt Nelson and I were looking to have her as a keynote speaker. While due to scheduling issues it didn't work out, it did lead to this moment.Join me as I have a #RealTalk conversation about 'Rethinking DEI' and more specifically focusing on Latinas in Cybersecurity. Angela Hill from Palo Alto Networks, Samantha Bolet. from TikTok, Vanessa Morales. from NBC Universal who are some of the co-founders of Latinas In Cyber challenge me and themselves into taking a different approach to solving this problem.Talking Points:What kind of restrictions do you run into? E.g. Cultural roadblocks, etc.What issues do you run into when it comes to showcasing your 'real world' experience?The importance of having a security 'brand' - VanessaHow do we need to change our approach to DEI? The importance of DEI in academia and starting to embrace creativity - SamA HUGE thanks to SevCo, Cadre and NetSPI today the podcast donated $500 to support Latinas in Cyber!

In this episode I had a chance to dive into a topic that is ripped straight from my day job. Multi Cloud Compliance. My guest for this episode is Mike Roman. Mike is a Senior Security Sales Engineer for Orca Security, which happens to be  the company that just won the 'Best Swag' award at Cloud Con last week!In all seriousness though, more and more companies are having to rely on multi-cloud environments in order to keep the lights on. You may be a Amazon AWS shop but you may use Snowflake for data analytics and something else for your ERP solution.Getting compliant across the different environments not only means business success but may keep you from avoiding fines from regulators.Talking Points:What is an overly permission role in a multi-cloud environment?Is it really over permissive or is it really right for the job?What is the 'real' world example for the principle of least privilege for multi-cloud?Stitching the flow from misconfigs back to identity Taking a lot more inputs from many different spots including Behavioral Analytics informationEpisode Sponsor: This episode is sponsored by Orca Security. Orca is a cloud security solution and is based out of Portland, Tel-Aviv and London.Episode Charity: Part of the sponsorship fees from this episode will be going to the Alex's Saints charity. Alex's Saints Foundation works to provide life-changing emotional and financial assistance to young adults who struggle with substance use disorder, while empowering long-term recovery.

In this episode I break from the norm a little bit in order to delve into the minds of security leadership. These insights come from a recent Grand Valley State University Cybersecurity Masters Graduate, Isaac Beasley.As part Isaac's Master's project, he interviewed 10 different cybersecurity leaders in the West Michigan area about a variety of different topics. For the sake of time, I concentrated on talking to the following key data points:Hiring, Retention, & Advancement80% reported not fully cyber staffed60% struggle with team burnout70% see diversity as a top challenge when building out a teamGRC, Security Architects and Cloud Security where the most in demand rolesTo help me with the intricacies of this episode is a security leader that participated in the interviews but also is very familiar with them, Jim Kuiphof, Deputy Chief Information Security Officer of Corewell Health.

While PenTesting (i.e. hacking) may be the most visible part of Information Security, it is sometimes can lead to a false sense of security. In this episode I had a chance to talk with Nabil Hannan about rethinking your penetration testing strategy and moving towards Attack Surface Management. Nabil is the Field Chief Information Security Officer for NetSPI  and has a ton of useful information to share about starting this journey.Talking points include:What are the biggest misconceptions with PenTesting?The problem with buying security 'things'Understanding your Attack Surface using Breach and Attack SimulationsTargeting your ransomware readinessEpisode Sponsor:NetSPI is a penetration testing company based out of Minneapolis, Minnesota.Episode Charity:This episode's charity is Latinas in Cyber. LAIC is focused on continuing to break barriers and open paths for those who chose to pursue careers in cybersecurity. Our mission is to empower through mentorship, networking, support, and representation.

Earlier this year Cloud Security Alliance covered the big debate around should you buy or build for your Cyber Asset Attack Surface Management (CAASM) solution. As luck would have it, Ken Liao recently reached out to me regarding the new company that he works for who handles this very topic. In this episode I had a chance to talk with Sevco Security's Chief Strategy Officer, Brian Contos, on this very topic. The timeliness is very apt, as Gartner recently named CAASM as an emerging technology that enables security teams to solve persistent asset visibility and vulnerability changes.Talking Points:What is Asset Intelligence?How has it evolved Various Use Cases Where it's heading (Security, IT Ops, Risk Management) Is 4D Intelligence is more than just marketing fluffEpisode Sponsor: This episode is sponsored by Sevco Security. Sevco Security is a CAASM security vendor based out of Austin Texas.Episode Charity:This episode's charity is Latinas in Cyber. LAIC is focused on continuing to break barriers and open paths for those who chose to pursue careers in cybersecurity. Our mission is to empower through mentorship, networking, support, and representation.

I know some of you are thinking, "Ugh another podcast on artificial intelligence!", to which I say, "Nope". Originally this was supposed to be a two-part series with the first episode focusing on high level AI talk. The second episode that drills down into how to actually come up with AI/ML policies and standards.However, like all things related to the podcast, we are going to mix it up a little. In this episode I have a non-security co-host, Brian Carlson and a security guest, Tim O'Connor. Brian is one of the Lead Data Analysts for Corewell Health and Tim is Manager of Knowledge Services for Cadre Information Security.The premise of the episode is around the talking point of 'What AI is and What it is Not'. Brian brings the insight from working with AI/ML for a major healthcare system and Tim brings some insight on some of the confusion and questions he is getting from his clients.Episode Sponsor:Cadre Information Security is a WBE certified network and information security solutions provider that serves large and medium sized firms. They are based out of Cincinnati Ohio.Episode Charity:This episode's charity is Latinas in Cyber. LAIC is focused on continuing to break barriers and open paths for those who chose to pursue careers in cybersecurity. Our mission is to empower through mentorship, networking, support, and representation.

In this episode I go outside of the topics and talk about one that I think is definitely underrated, Protecting Your Executives. I sometime forget how lucky my healthcare organization is very forward thinking when it comes to security. However, not all companies have the luxury of having a full team to protect VIPs.I had a chance to have an in-depth conversation with Daniel Floyd around this very subject. Daniel is the Chief Information Security Officer for BLACKCLOAK. BLACKCLOAK was one of the first companies to focus on Digital Executive Protection. Daniel shares some interesting stories about the crazy things that happen when protecting VIPs.Talking Points:Why is it is important to protect executives outside of the corporate wall (CISO working on a Sunday example)When you need someone to 'Black Ops' outside of your org?Why are some Execs in denial about their being 'attackable'?What about new types of attacks like AI generated sound clips?Episode Sponsor:This episode is sponsored by BLACKCLOAK. BLACKCLOAK is a Digital Executive Protection for executives, high-profile, high-net-worth & ultra-high-net-worth individuals & families. They are based out of Orlando Florida.Episode Charity:Proceeds from this sponsorship will be going to the Mecosta-Osceola Career Center's rural outreach program to try and talk with elementary and middle school girls to consider a career in STEM.

In a recent episode Matt Nelson from Guidepoint was talking about how he is seeing a trend with medium-sized companies moving away from the idea of building out or building up a security team. There were several reasons including budget constraints and an experienced talent shortage. So I reached out to Bill Bernard about having a deeper discussion on how revisiting the topic of using a #managedsecurityoperations company.Talking Points:What is Managed Detection and Response?Because of budget and resource constraints, more companies are starting to move away from the idea of building up their internal solution. What are you (the guests) seeing lately? Digital Transformation seems to be moving out from it's 1st phase since Covid and becoming more mature. Because of this more and more companies are moving to 3rd party SaaS solutions for things that were traditionally done 'In House'. Why is it so important to revisit how you handle #SIEM and #SOAR APIs when it comes to a managed #SOC?Episode Sponsor:This episode is sponsored by Deepwatch. Deepwatch is a Managed Security Operation solution based out of Denver, Colorado. The charity topic for this episode is helping a Rural Northern Michigan career center recruit more young girls into IT/Cybersecurity.

In this episode I had a chance to talk with Todd Brockdorf and Chris Lawrence about Zero Trust. Todd is a Senior Sales Engineer and Chris is a Customer Success Engineer. Nowadays it is hard to sift through all of the security vendor marketing chaff to get #RealTalk about Zero Trust.Talking Points:What is the biggest misconception around Zero Trust that is happening right now?What about thinking of the cloud as a segmented network?How are upcoming government regulations, how do company's balance with regulations and end user experience?How does ChatGPT and other emerging AI/ML technologies play into a Zero Trust mindset?Episode Sponsor:This episode was sponsored by Zscaler. Zscaler is a security solution provider based out of San Jose California. Proceeds from this episode will be going toward supporting families of children with autism in Michigan via the Autism Alliance of Michigan.

4.6.23 Update:If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up!*Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer. Additionally, this episode is not sponsored and therefore is not influenced by outside sources.In this episode I finally had some time to go over to the 'Fresh' Coast of West Michigan and sit down with Matt Nelson to talk about the current state of the cybersecurity industry. Matt is a Senior Solutions Architect for GuidePoint Security and brings a plethora of both useful and useless security knowledge to the conversation!We kept the conversation focused on several different key areas of information security:How NOT to work with a business if you are a security vendorHow are companies dealing with the rising cost of cybersecurityGiving some #RealTalk advice to  people looking to break into the information security industryWhile this episode went a little bit longer that I would like, it contains a TON of useful advice for not only employees and leaders, but security vendors as well.

In this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3. We took the time to break down several different issues that are happening right now across multiple industries.Talking Points:How do you build a solution agnostic environment?How can we learn from the recent issues with Southwest to help going forward?How do you marry up your resiliency goals with your security goals?Breaking down the Broadcom takeover of VMWare and what it means to your environmentsEpisode Sponsor:Trace3 is a technology solutions provider based out of Irvine California with offices in Grand Rapids Michigan and other regional locations. Proceeds from the sponsorship will be going towards helping the Mecosta-Osceola Career Center reach and attract more young girls to the IT and Security program.

In the episode I had a chance to talk to not one, not two but THREE talented gents about the future of medical and IoT device security. Nathanael Dick, Russ Ramsay and Dan Rittersdorf all work for a great, and local, embedded systems engineering company called DornerWorks.I was fortunate enough to do the podcast prep meeting in person and was able to tour their very cool West Michigan offices. Obviously, medical device security is very important to me considering I work in healthcare. However, we touched on the following other relevant IoT security topics:A brief overview of what is the current state of IoT securityWhat are some common misconceptions about medical IoT security (e.g. IV Pump hacking)What happens when an embedded device is at end-of-life (e.g. when patching isn't an option. Use PACS as an example)How is FDA compliance going to affect embedded control manufacturers like Dorner Works?What does the near future look like? (Securing Distributed AI)At the end of the episode we were visited by a very talented co-worker, Taylor E. Taylor was gracious enough to talk to the importance of being an ally to black woman and supporting charities like Black Girls Who Code.Episode Sponsor:Huge thanks to DornerWorks for sponsoring this episode. DornerWorks is a Embedded Systems Engineering company based in West Michigan.

In this episode I get a chance to talk with Liav Caspi about rethinking how you do your Secure Software Development Lifecycle. Liav is one of the co-founders of Legit Security and got his start in the Israel Intelligence (Unit 800) scene many years ago. He and his other co-founders worked for a well known Static Application Security Testing (SAST) company I know very well. They then branched off a few years back to form what is now called Legit Security.Talking PointsWhy your current Secure Software Development Lifecycle process needs to changeWhat is Secure Software Development Management?What about Securing Infrastructure as Code?Application Security Management is more than just looking at Open Source libraries a development team uses (looking at your entire development ecosystem)What do you need to do to get to a 'Golden Pipeline'?Additionally, I asked him his thoughts about a recent conversation that Jim Kuiphof and I had on the topic and how it needs to move into more of a Secure Software Development Management (SSDM) strategy.Episode Sponsor:This episode was sponsored by Legit Security. Legit Security is a Secure Software Development Lifecycle solution based out of Israel. Proceeds from this sponsorship will be going toward our last planned donation to the Autism Support of Kent County Michigan.

In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassandra is a Senior Consulting Solutions Engineer at Splunk. Rich is the Lead Security Operation Center Analyst for Corewell Health. Talking Points:Data hygiene is the 1st stepNormalizing data as it applies to data security and being able to better search across your entire data setTechnical challenges like alert fatigueTech is advancing but still a view of security as a check the box or an after thoughAll data is security data!There are easier to way to align your data flows to things like the MITRE or NIST6 phase of logging maturity:CollectingMaturingEnriching  (collation of the end point data threat landscape) ExpandingAutomation (what are repeatable processes that can be moved to save money and time) Advance Detection (via machine learning)Episode Sponsor:This episode is sponsored by Splunk. Splunk is a security observability solutions provider based out of San Francisco California.Proceeds from this episode will be going to different Autism charities - Autism Alliance of Michigan and Autism Support of Kent County

In this episode I get to talk with Daniel Post about data classification and data governance. Dan is a Senior Sales Engineer for Varonis. He has been in the industry for a while and has knowledge that we break down into 'bite sized' chunks to make it easier for your staff to consume.Talking Points:Where does a company first start their Data Classification and Governance journey?What are some of the challenges that a company can expect when it comes to data classification?What are you seeing in the field right now that makes it hard for companies in their data governance program?Now that data lives in the 'Hybrid' world, how does data governance work when you have data on network drives like Isilon and cloud drives like Microsoft or Box?Does it integrate with a CMDB/ticketing system like Service Now or Service Desk, so your GRC team can take 'action' on it?Podcast Sponsor: The sponsor for this episode is Varonis. Varonis is a cybersecurity solutions company that is very mature in the Data Classification and Governance space. They are based out of good ole' New York City! Proceeds from this sponsorship will be going to the Autism Support of Kent County Michigan. Pam and her team help parents with finding support idea/solutions for their children with Autism. More information here - https://www.autismsupportofkentcounty.org/

In this episode I had a chance to talk to Lisa Jones-Huff about the importance of data visualization and how it can help both security AND the business. Lisa is the Senior Director of Global Security Specialists for Elastic.Talking Points:Some basic steps for understanding how to interpret your data:What is the very first thing you should do on your data visualization journey?What type of data do you have?What is the value of that data?What types of use cases provide the most 'Combined Value'?How can Graph can help tell the story in a detail that a 'regular' person can understand?Episode Sponsor:This episode is sponsored by Elastic. Elastic is a multi-faceted business and security solutions company based out of Mountain View California.  Part of the sponsor ship fee will be going to raise money for the Autism Alliance of Michigan.

In this the 3rd annual holiday fundraiser podcast episode, I talk with Kam Amir and Brenden Morgenthaler about what enterprise logging will look like in 2023. Kam is the Director of Technical Alliances for Cribl. Brenden is an Enterprise Architect for CDW.Talking Points:Kam has developed a formula for getting the most value from your setup using the three 'Vs':VarietyValueVelocityThis allows for you to get more freedom to get valuable data into your platform.Brenden talks to real life uses cases like:Grouping Meta Data for things like charge back, How do you setup threshold rules to help with crashing clustersAuditing Kerberos events issuePodcast Sponsors:This holiday event raised funds for 3 great causes:Toys for TotsSTEM GreenhouseGrand Rapids Community College Girls STEM ScholarshipMany thanks to Cribl, CDW and Custom Business Solutions for helping us raise over $1,000 for charity!

In this episode I have a 1 on 1 conversation with the one and only Brian 'Schneebs' Schneble about Advanced Email Security. Brian is a Senior Enterprise Account Executive for Abnormal Security. Brian is not only an active member of the Michigan cybersecurity community but he has extensive knowledge of the automotive industry. Talking Points:In a break from the traditional talking points, for this episode we break down a real world use case where a company was hit by a very creative 'double whammy'. Both a compromised email account and a look-a-like domain were used in this attack.Brian and I walk through what happened, how it could happen and how you can do things to avoid this in your company.Compromised Email AccountsHow Malicious Actors 'Learn' Your WorkflowsLook Alike DomainsDefensive DomainsDMARCThis was a highly informative episode and don't mind the state of security talk about the beginning.  Listen/View the whole episode, as it will definitely be worth spending your time on! Podcast Sponsor:This episode is sponsored by Abnormal Security. Abnormal Security is an Email Security Solutions provider that is known for using Machine Learning to detect non-traditional email attacks.  Parts of the proceeds from this sponsorship will be going towards a 2023 InfoSec scholarship at my alma matter Grand Rapids Community College.

In this episode I sit down with Paul McManus about all things Privacy. Paul is a Senior Information Governance Analyst for Corewell Health Corporate. I have had the distinct pleasure of working with Paul on several different privacy related engagements over the years.Talking Points: What are some of the challenge you are seeing in privacy space right now?Integration Who watches the watcher? As more and more things are outsourced, how do you this with digital assets?Do people realize that data that may not be considered 'confidential' now may considered something different in a year or two?How are privacy laws changing?How is the GDPR different than the US laws?Are what point do we 'globalized' healthcare privacyOwnership vs RightsWhat are re-selling of de-identified data?What about privacy with wearables and driving trackers? We even had the pleasure of having a quick appearance from a special 'In-House' guest that knows a thing or two about Research Privacy, resident System Architect, Heather Bregg.

In this special episode I had the honor of MC'ing a Security Awareness Month online panel for Cadre Information Security and the topic was Human Factors in Cybersecurity. The panelists were Phil Swaim, Mike Davenport, Tim O'Connor and Mike Peterson.  We not only had great discussions on how to build your Security Awareness Program but actions steps you can take right now to create 'Security Champions' in your organization. Talking Points:So how is a Security Awareness Program different from Security Awareness Training?Why would an organization want a Security Awareness Program?Do only larger organizations typically have Security Awareness Programs?Why should Social Media exploits be covered in your program and ultimately your training?What are some of the pitfalls organizations should try to avoid when implementing Security Awareness Programs and training?

In this episode I talk with Rob Walk about looking at vulnerability management differently.  As recently as last week I have seen a shift is how people are thinking about the topic.  Some range from the talk of how it needs to fit in with business needs all of the way to 'CVSS is Dead!'.  Rob is a Senior Engineer from Tenable and shares from valuable insight on how thinking differently can be accomplished heading into 2023.Talking Points:What do you fix when there are some many vulnerabilities?What are the downsides to prioritizing on the Common Vulnerability Scoring System?What is Risk Based Vulnerability Management?What is the term Exposure Management that I keep hearing about?Episode Sponsor:This episode is sponsored by Tenable and proceeds will be going towards a girls S.T.E.M scholarship in 2023.  Tenable is an Exposure Management company that is based out of Columbia, Maryland.  Tenable can help you gain comprehensive visibility into your attack surface so you can stay one step ahead of attackers.

In this episode I talk with Rob Bowker about securing your email using DMARC.  Rob is the Sales Director for EasyDMARC.  Besides the high level explanation of what DMARC is, we delve deeper into the following topics.Talking Points:Why is there slow global adoption of DMARC?Are cyber insurance companies interested in a customer is using DMARC?Why your marketing team should care if you use DMARC?What is the value of aggregating sender reports?What does the future look like? I am very excited to share that parts of money raised from this episode will be going to a 2023 scholarship for a girl's STEM  program recipient.  #RTWAB is working closely with the fine folks at The Right Place to increase the Tech Talent here in West Michigan. 

In this special Pre-Cloud Con episode we mix things up a little. Rather than joining me as a co-host, the Cloud Security Alliance of West Michigan's own Anthony Coggins, sits on the other side of the mic.  He along with the ever knowledgeable Tim O'Connor, discuss the current state of cybersecurity insurance in 2022. Anthony is the Senior Manager of the Security Operations Team at Grand Rapid's own rocket ship insurance company, Acrisure. Tim is the Manager of Knowledge Services at Cadre Information Security.Talking Points:What does the industry look like today and why does it look that way?What do you need to know when you are filling out the forms?Do customers truly understand the questions being askedIs the form an indicator of the maturity of the insurance carrier? (Tim talks about the differences in the 20+ insurance forms he has on his desk)Did you know you can carry supplemental insurance like Home and Auto insurance? (Anthony talks about Ransomware Supplemental Form)Is it true insurance carriers lower rates if you have 'X' cybersecurity solution in your ecosystem?Episode Sponsor:This episode is sponsored by Cadre Information Security.  Cadre is a trust security partner based out of Cincinnati, Ohio and has been a long time supporter of the podcast.  As always, parts of the sponsorship fee goes to Michigan charities.

In this episode I get a chance to talk to Kevin Peterson about Network Observability in a Hybrid Cloud World.  Kevin is great information security evangelist who works for Arista. One of the many challenges that I face in the healthcare industry is handling devices that live On-Prem and send data to multiple cloud environments.Kevin and I talk about some very common use cases and the challenges that come along with it.  We also tag about how to handle segmentation across multiple domains.  So if you can relate to having to secure data that transverses to many cloud environments, this episode is for you!Podcast Sponsor:This episode is sponsored by Arista and proceeds will be going toward youth autism programs here in Michigan.  Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.  Arista has recently made a big push into the information security space using their vast experience with networks.  Arista is based out of Santa Clara California.

In this special episode I speak with Peter HJ van Eijk about the CCSK and  CCAK cloud security certifications from the Cloud Security Alliance.  Peter is the owner of Club Cloud Computing and an authorized CCSK and CCAK trainer.I have personally taken his training course and thought it was one of the best ones out there.  He also offers free refresher courses and online focus sessions.  If you want to learn more about CSA certifications, then definitely listen in!

In this episode I had the pleasure of talking with Jonathan Jesse about medical device security.  Jonathan is a Senior Systems Engineer for Forescout.  In fact, he has been working for the same information security company for over 6 years!  That is pretty unheard of nowadays in the security vendor space.What prompted this interesting discussion you say? Well Forescout recently acquired CyberMDX.  They are company that specializes in medical device security protection.  Since I have to work protecting medical devices sometimes as part of my 'real job'.  I have several different business use cases to discuss.  Including one around a urinalysis device.  Intrigued yet?Talking Points:Brief overview of why Forescout acquired CyberMDXWhat is Device Centric Risk Management?How to 'fingerprint' different medical devices that may be from the same manufacturer?Compliance and Governance - Are medical manufacturers still using FDA regulations as an excuse not to patchWhat are some good preventative measures? Episode Sponsor: I want to thank Forescout for sponsoring this episode.  They are a network security solutions vendor based out of San Jose California.  Part of the proceeds from this sponsorship will be going towards Youth Mental Health programs here in Michigan!

In this episode I talk with Richard Melick about mobile security. Richard is the Director of Threat Reporting for Zimperium, so he knows a thing or two about what is happening out in the mobile world right now.We definitely took a deeper look at the current state of mobile security and the talking points cover a bunch of key areas.Talking Points:What is more important and more secure to have, your wallet or your phone?Mobile threats can happen when you least expect it or in the last place you may suspect, subways anyone?There is no more 'consumer' grade mobile security A closer look at the global mobile threat reportZimperium's Global Mobile Threat Report:https://www.zimperium.com/global-mobile-threat-report/

In this episode I had a chance to talk with Rebecca Harvey about Cloud Identity. Rebecca does regional sales for SailPoint and she is also a co-founder of the Women's Security Alliance (WomSA).Her and I talked about why companies are still getting Cloud Identity wrong.  We also did a deeper dive into cutting edge items like Robot Identity and Robotic Process Automation.Episode Sponsor:This episode was sponsored by SailPoint.  SailPoint is an Identity Security Solutions Provider that is based out of great city of Austin, Texas.  Proceeds from this sponsorship will be going to Spectrum Health Foundation's Youth Mental Health program. Reference Links: NIST Guidelines: https://pages.nist.gov/800-63-3 IDSA: https://www.idsalliance.org/identity-defined-security-framework/best-practices/ Forum link to discussion around MFA for RPA: https://forum.uipath.com/t/robot-guidance-for-handling-multi-factor-authentication/345476 

In this episode I had a chance to talk with Brian Philips about 5G security.  Brian is the Chief Solutions Architect for NetScout.  We had a chance to dive into various parts of 5G and what does it mean for the future of the 'Mobile Office'. We also talked about future use cases that are not as far as away as you think.How is 5G going to impact security?5G Internet to home isn't 'private' yetCellular security is wider than it needs to be right nowHow companies like Amazon could utilize 5G for both a private network and a 'near me' cloud serviceEpisode Sponsor:This episode is sponsored by NetScout.  NetScout is a Security and Communication Service Provider based out of Westford, Massachusetts. Proceeds from this sponsorship will be going towards a youth mental health progream here in West Michigan.

In this episode I had a chance to talk with Brian Schneble, Claudio Catti and Chuck Chessor about mobile security and rethinking 'trust' in the new Digital Transformation age. This was a more detailed discussion from the holiday fundraiser episode and has some great real world examples.Talking Points:As WFH becomes permanent, do we need to rethink 'trust' in the digital transformation age?How many companies are well verse in SASE philosophy?General Motors CEO asked her employees to turn off their VPN. What are the ramifications of that precedence?The rise of SaaS apps being delivering malware is Google Apps.Do we need to stop saying 'zero trust'?

In this first episode of 2022 I am reaching into my distance security past and invited a former colleague, Mike Ahrendt, to join Natasha Young and myself to take a close look at digital forensics.Mike has worn many security hats, including recent leadership roles, but his heart lies in the SOC.  Mike shares some insightful stories and answers from tough questions from Natasha!Talking Points:What is the difference between Public Sector vs Private Sector?How come some companies don't prioritize digital forensics investigations?Why can't forensics data be subjective (hint: legal reasons and hack journalism)?Why can more incidents be public (hint: brand damage)?Should there be more government regulations in this area?What is the problem with the current Threat Intel pipeline?Reference Links:To learn more about the FBI's Infragard initiative visit their website here.Episode Disclaimer: The views and opinions in this episode are my own and not a reflection of my employer or my awesome leaders. If you want the official stance of my employer on the incident from 2016 then use DuckDuckGo and research the issue from 2016. Stay safe and stay informed!! 

In this brief end of the year episode I talk about a recent phishing attack on a 3rd party vendor that was compromised via email in a very unique way. I reveal how it happened and why defense in depth in so important.Talking Points:What is a lookalike domain?The importance of having a defensive domain strategyHow bad guys used an operating system and email applications default behavior against the user

In this episode I had a chance to talk with Israel Barak about a listener submitting topic, 'How do I prepare for a ransomware attack?'. Israel is the CISO for Cybereason and has intricate knowledge of ransomware and cybersecurity dating back to his days in the Israeli Defense Force.Using his extensive knowledge we talked through his concept of having different security 'pillars' to help navigate the lifecycle of ransomware: Security Hygiene - Checklists are in security hygiene - you don't build a program around ransomwarePeople - Executive Leadership (how to educate exec leadership), Awareness (do you know what to do when you have already clicked), Security People (surgery example)Recovery - How do you plan for a recovery processInsurance - Do you really need it, do you trust it with your CFOEpisode Sponsor:This episode is sponsored by Cybereason. Cybereason is an eXtended Detection and Response solution company with Global Headquarters based out of Boston Massachusetts. Proceeds from the sponsorship fee will be going towards a local Youth Mental Health program that is happening in 2022.

In this special holiday fundraising episode I have not one but two special guests joining a small panel to discuss the current state of mobile security and the pitfalls of social engineering. Mike Jones is a former Anonymous hacker and founder of the Haunted Hacker security podcast and magazine. Jonathan Scott is a Mobile Security Researcher and the author of the Pegasus ID software. I was also joined by Jim Kuiphof, Director of Information Security for Spectrum Health, Richard Melick from Zimperium, Brian Schneble and Mitch Milligan from Sentinel One, Claudio Cattai and Chuck Chessor from Netskope. Talking Points:Can you really be hacked with just a mobile text message?Is your data 'really' gone after you wiped your phone?Did you know that your smart watch is listening when you wash your hands?Is Pegasus the only Nation State malware out there?How will this affect TeleHealth on mobile devices?What can we do to start reigning this issue?How do we protect ourselves from different social mobile attacks?Episode Sponsors:We are very to have 3 great sponsors for this fundraiser episode. Many thanks to Sentinel One for being a second year sponsor, and to Netskope and Zimperium for helping raise funds for 3 great charities! North Kent Connect, Toys for Tots and Hand for Help.  Thank you very much!

In this episode I sit down with Lloyd Guyot,  Mike Peterson and Steve Barnes to discuss the state of cybersecurity in 2021. Lloyd is a Client Solutions Advisor for Optiv, Mike is a Cybersecurity Consultant for Cadre and Steve is a Systems Engineer for Fortinet.Talking Points:How do we secure the new hybrid workforce?Is SASE where is needs to be going into 2022?Do you think there is ransomware fatigue?How is Social Engineering just security marketing hype?We cover a veritable cornucopia of security topics for your listening pleasure! Episode Sponsor:This episode is sponsored by Fortinet. Fortinet is a leader in the Gartner® Magic Quadrant™ for Network Firewalls and moving towards a Zero Trust Access future. Fortinet is based out of Sunnyvale, California.