POPULARITY
5 episodes with crisc
3 episodes with crisc
3 episodes with crisc
4 episodes with crisc
3 episodes with crisc
4 episodes with crisc
2 episodes with crisc
2 episodes with crisc
2 episodes with crisc
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Charles King talks with Debbie Lew about the transformative role of artificial intelligence in internal auditing. They discuss the integration of AI tools like Copilot, the importance of prompt writing, and how AI is enhancing audit processes. The conversation also covers training strategies, real-world applications, and the impact of AI on stakeholder engagement. HOST: Charles King, CIA, CPA, CFE, CIPP Partner, AI in Internal Controls Leader, KPMG US GUEST: Debbie Lew, CISA, CRISC, CHIAP Senior Vice President and Chief Audit Executive, Kaiser Permanente Key Points: Introduction [00:00-00:38] Inside Kaiser Permanente's Internal Audit Team [00:39-02:14] AI Adoption at Kaiser Permanente [02:15-03:21] Prompt Writing as a Core Skill [03:22-04:10] Guidance Manuals and Prompt Libraries [04:11-05:02] Building AI Agents to Support Audits [05:03-05:51] Training, Communication, and Driving Adoption [05:52-07:23] Innovative Applications of GenAI in Audit [07:24-08:28] Inspiring a Tech-Forward Culture [08:29-10:06] Final Thoughts [10:07-10:31] IIA Related Content: Interested in this topic? Visit the links below for more resources. 2025 International Conference Knowledge Centers: Artificial Intelligence Auditing the Cybersecurity Program Certificate Cybersecurity Topical Requirement “Undercover AI,” Internal Auditor Magazine The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer
Join Kamyabi Network: https://kamyabinetwork.com/Guest Introduction: Joining us today is Shayan Shabir, the Founder and CEO of Strategic Pulse, a company helping businesses grow using AI, cybersecurity, and digital tools. Shayan has over 20 years of experience working across the UK, Australia, and South Asia.Before this, he was the CIO and CSO at Nova Systems, where he led a $35 million digital transformation and built a $7 million cybersecurity program. He has worked in defence, energy, and healthcare, and handled many real cyber attacks in his career.Shayan is certified in CISM, CRISC, and CDPSE, and is focused on helping businesses become faster, safer, and more future-ready.Do not forget to subscribe and press the bell icon to catch on to some amazing conversations coming your way!Socials:TBT's Official Instagram: https://www.instagram.com/thoughtbehindthings Muzamil's Instagram: https://www.instagram.com/muzamilhasan Muzamil's LinkedIn: https://www.linkedin.com/in/muzamilhasan Shahyan's LinkedIn: https://www.linkedin.com/in/shahyan-s-6994261a3/Podcast Links:Spotify: https://spoti.fi/3z1cE7F Google Podcast: https://bit.ly/2S84VEd Apple Podcast: https://apple.co/3cgIkf
Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, management, author, a public speaker and is the host of “The Cyber Executive” podcast. He is a member of the Missouri Bankers Association Technology Committee, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer and treasurer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank's information security, financial crimes unit, physical security, and the network services departmentsLISTEN NOW to discover, "3 Cybersecurity Threats You Can't Ignore."
In this inspiring episode ofTech Beyond Gender, host Meena Satishkumar sits down with Agnes Magombedze, Divisional Risk Partner at Bank of New Zealand. Agnes shares her remarkable journey from Zimbabwe to New Zealand, navigating the tech and risk industries with resilience, authenticity, and determination. With over 15 years of experience in IT risk management and prestigious certifications (CISA, CISM, CRISC), Agnes discusses overcoming gender and cultural challenges, embracing opportunities, and empowering the next generation of women in tech. Tune in for an engaging conversation on leadership, mentorship, and staying true to oneself while adapting to new environments.#TechBeyondGender #WomenInTech #DiversityInTech #TechLeadership #RiskManagement #WomenEmpowerment #MigrantsInTech #InclusionMatters #TechCareers #PodcastNZ #TechPodcast
As organizations continue to grapple with complex cybersecurity challenges, the demand for Certified in Risk and Information Systems Control (CRISC) professionals remains high. CRISC certification demonstrates expertise in identifying and managing IT risk, making candidates sought after for roles in risk management, compliance, and cybersecurity. If you're preparing for a CRISC interview, here are some technical questions you might encounter. In this article, we have those questions along with their answers: View More: Top Interview Questions for Risk and Information Systems Control Officer
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024Pub date: 2024-11-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity
Preparing for the Certified in Risk and Information Systems Control (CRISC) exam? In this episode, we review the top 5 best resources to help you succeed. From official ISACA materials and practice exams to online courses and study groups, our experts share their recommendations to ensure you are fully equipped for exam day.
You've earned your Certified Information Security Manager (CISM) certification—what's next? In this episode of the InfosecTrain podcast, we explore the career paths and advanced certifications available to professionals who have achieved CISM. Our experts discuss options like CISSP, CRISC, and CISA, as well as leadership roles in cybersecurity, risk management, and IT governance. We'll also provide tips on how to leverage your CISM certification to advance your career, expand your skill set, and position yourself for executive roles in information security. Whether you're looking to further specialize or step into a leadership role, this episode will guide you on the next steps after achieving CISM. Tune in to chart your path forward in the ever-evolving field of cybersecurity!
Ezz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada's Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto's school of management. Ezz has cofounded Cypienta, an on-prem rule-less event correlation & contextualization solution that plugs into SIEMs, XDRs, and SOARs, to help SOCs find relevant alerts, logs, and events to any investigation in real-time. Cypienta is backed by Techstars, ORNL, TVA, Univ of Tennessee Sys, and supported by 35Mules-Next Era, BAE Systems, and others. Ezz authored MITRE Attack Flow DetectorFor more SecTools podcast episodes, visit https://infoseccampus.com
What is Governance? Governance involves the duty of supervising and safeguarding an entity's assets, typically managed by the directors or board of an organization. These individuals establish strategic goals and policies, while the senior management team keeps an eye on the daily operations, ensuring alignment with the established strategies. This organizational structure is prevalent across different types of entities such as corporations, cooperatives, and partnerships, although specific titles and roles may differ. Examples of Governance Imagine a company like Apple. The board of directors decides on the big-picture strategies – like entering a new market or launching a new product line. Then, the senior management, including the CEO and other executives, takes care of the everyday tasks to make these strategies work, like designing products, marketing, and sales. View More: CRISC Domain 1: Governance
Are you aspiring to become a Certified in Risk and Information Systems Control (CRISC) professional? Join us for an insightful session where our expert will share invaluable tips, strategies, and insights to help you ace the ISACA CRISC exam on your first attempt!
AI is creating an impact on privacy, security, and jobs. And this is what we discussed with our guest Jan Anisimowicz and host Punit Bhatia in this episode. We explore how technologies like ChatGPT have revolutionized data privacy practices, telling both opportunities and challenges. Analyzing the major risks AI poses to information security and the ethical concerns that arise in the wake of AI-powered systems. KEY CONVERSATION POINT 00:02:48 How has AI transformed privacy practices? 00:04:00 How is AI evolution crucial to handling volumes of data? 00:04:43 What are the major AI risks? 00:06:23 Would this create ethical concerns? 00:07:53 Is the algorithm biased? 00:11:28 What is the current state of AI regulations? 00:11:28 Are they also revolutionizing cyber security? How is it working? 00:14:38 Is there consent for data usage? What are the potential solutions to ensure transparency when it comes to data processing? 00:18:00 Is there a risk that Al would take all the jobs of the people around the world? 00:20:11 Can ChatGPT substitute auditors? ABOUT THE GUEST Jan Anisimowicz, experienced senior IT Executive with an impressive career spanning over 23 years. Jan's expertise encompasses a wide spectrum, including Governance, Risk and Compliance (GRC), Data Warehousing, Business Intelligence, and Data Analysis. Throughout his professional journey, he has contributed significantly to the telecommunication, banking, pharmaceutical, and insurance sectors, leveraging his comprehensive business and technical acumen. He is particularly skilled in orchestrating the creation and development of IT products and services tailored to suit specific business needs. His philosophy is centered around a pragmatic end-to-end product lifecycle that seamlessly integrates various aspects such as technical design, marketing, digital campaigning, sales, solution delivery, and maintenance. He is a proponent of lean, cost-effective approaches toward implementing regulatory requirements within organizations. His work also extends to the analytical evaluation and validation of the role of Artificial Intelligence (AI) in assisting auditors, particularly within Big Data and cloud IT landscapes. He is a firm believer in the potential of blockchain technology, particularly its capabilities with Smart Contracts concerning data privacy principles. Furthermore, He is an ardent supporter of Quantum Computing and AI, including LLM models supporting solutions akin to ChatGPT. His professional certifications include CISM and CRISC from ISACA, PMP from PMI, and membership with the Institute of Internal Auditors (IIA). Additionally, He is an ESG Approved Officer, a credential awarded by the Institute of Compliance. ABOUT THE HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals. Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES: Websites: www.fit4privacy.com , www.punitbhatia.com Podcast: www.fit4privacy.com/podcast Blog: www.fit4privacy.com YouTube: youtube.com/fit4privacy --- Send in a voice message: https://podcasters.spotify.com/pod/show/fit4privacy/message
Organizational governance forms the backbone of effective risk management within an organization. From setting standards to defining roles and responsibilities, governance ensures alignment with legal, ethical, and operational requirements. In this article, we delve into the intricacies of organizational governance, its components, and its critical role in mitigating risk. Introduction to Organizational Governance At its core, governance serves as the glue that binds an organization's mission, strategy, goals, and objectives together. It encompasses both internal and external elements, dictating how the organization operates within the framework of laws, regulations, and industry standards. External governance originates from regulatory bodies and industry mandates, while internal governance is shaped by organizational culture and leadership directives. Example: In the context of the CRISC certification, organizational governance ensures that an organization's risk management practices align with its strategic objectives and comply with relevant industry standards and regulations. For instance, CRISC professionals play a crucial role in integrating risk management into the organization's governance framework to ensure alignment with business goals and regulatory requirements. View More: Organizational Governance in CRISC
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank's information security, fraud, physical security, and the network services departments. [Dec 18, 2023] 00:00 - Intro 00:22 - Ryan Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:16 - Marc Ashworth Intro 05:51 - Recap 08:26 - Speaking the Same Language 09:36 - The Threats Get Better 11:45 - Clash of the Robots 13:42 - AI for Bad 17:46 - AI for Good 19:32 - Decepticons 22:39 - Regulations: Money Talks 26:48 - The Perfect Storm 30:16 - Insider Threat Safety Tips 33:00 – Mentors - Bala Nibhanupudi - Shelley Seifert - Tom Bakewell 35:17 - Book Recommendations 36:37 - Find Mark Ashworth Online - LinkedIn: linkedin.com/in/marcashworth/ 38:06 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
In this episode, Becky Gaylord talks about the "human layer" of cybersecurity—a realm often underestimated but important to protecting your digital world.
Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022] 00:00 – Intro 00:49 – Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:15 – Marc Ashworth Intro 05:17 – What was the path that led you to InfoSec? 07:41 – Cultivating good security practices 09:31 – Learning to "scale" your security 11:22 – The value of Strategic Thinking 13:40 – It's all in the presentation 15:25 – The importance of Customer Service 18:32 – The Art of Translation 21:32 – Small Wins 24:34 – Letters to a young CISO 26:20 – Don't avoid Pen Testing! 28:11 – Adopting a "Partnership" mindset 30:30 – Long line of influence 33:40 – Book Recommendations - We Are Legion (We Are Bob) – Dennis E. Taylor - Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou - The Goals Program – Zig Ziglar - The 7 Habits of Highly Effective People – Stephen Covey 36:14 – Find Marc Ashworth online - LinkedIn: www.linkedin.com/in/marcashworth/ 38:36 – Wrap Up 38:56 – Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.
Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:Elements of a mature regulatory compliance programSteps you can take to create a mature compliance program in your organizationChallenges you might face, and how to resolve themHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Máte skúsenosť s incidentom kybernetickej bezpečnosti? Štvrtina malých a stredných firiem na Slovensku áno. Na to, aby ste boli potenciálnym cieľom útoku stačí, že máte počítač, mobil, webovú stránku alebo účet v banke. Digitálne zručnosti a povedomie o kyberbezpečnosti by malo byť v súčasnosti povinnou výbavou každého zamestnanca. Čo môže firma urobiť, aby si ochránila svoje cenné dáta? Aké sú aktuálne hrozby? Aj o tom sme sa rozprávali s odborníkom, ktorý pôsobí v IT odvetví už od roku 1993. Spolupracoval tiež na slovenskej a európskej legislatíve súvisiacej s informačnou a kybernetickou bezpečnosťou. Naším hosťom bol Ing. Ivan Makatura, CRISC, CDPSE – generálny riaditeľ Kompetenčného a certifikačného centra kybernetickej bezpečnosti. Zároveň je predsedom správnej rady Asociácie kybernetickej bezpečnosti, certifikovaným audítorom informačnej bezpečnosti a súdnym znalcom v odvetví bezpečnosť a ochrana informačných systémov. V rozhovore sa dozviete: Aké sú hlavné úlohy Kompetenčného a certifikačného centra kybernetickej bezpečnosti (KCCKB) a prečo ho Národný bezpečnostný úrad zriadil? Kyberbezpečnosť ako nové znalecké odvetvie – odkedy je platná novela zákona a čo to znamená pre prax? Kto sa môže obrátiť na KCCKB a s akou otázkou? Čo je kybernetická bezpečnosť a prečo by sa ňou mala zaoberať každá firma? Kto je zodpovedný za kybernetickú bezpečnosť vo firme? Dá sa merať úroveň kybernetickej bezpečnosti vo firme? Ako súvisia digitálne zručnosti s kyberbezpečnosťou? Čo o digitálnych zručnostiach a kyberbezpečnosti vo firmách hovorí najnovší prieskum? Aké sú aktuálne hrozby? Aký je rozdiel medzi kybernetickým incidentom a kybernetickým útokom? Čo by mala firma urobiť pre zaručenie bezpečnosti svojich dát? Aké sú možnosti vzdelávania sa v oblasti kyberbezpečnosti? Október je v Európskej únii mesiacom kybernetickej bezpečnosti. Preto pre vás Poradca podnikateľa prináša 5. ročník EPI konferencie Kybernetická bezpečnosť 2023 pod záštitou NBÚ. Odborníci sa budú venovať aktuálnym témam bezpečnostných hrozieb, príležitostí umelej inteligencie, cez etické otázky vo vzťahu k auditu kyberbezpečnosti, ľudské zdroje a ochranu údajov až po odolnosť v kyberpriestore. Bližšie informácie a podrobný program nájdete TU. Poradca podnikateľa - za každou radou je človek. pp.sk
We're continuing our Industry Podcast Series with a dive into the current opportunities and challenges specific to financial institutions. The Current Expected Credit Loss (CECL) Accounting Standard ushered in a new era for financial institutions that they are still grappling with, but the industry's recent focus has shifted towards discussions about liquidity after the failures of Silicon Valley Bank and others. Join our financial industry experts Jeff Burleson, CPA, and Josh Bowen, CPA, CGMA, CAMS, CITP, as they discuss the evolving landscape for financial institutions and the continued influence of CECL, as well as strategies for driving stability, growth and adaptability in the face of change. Special Guest: Justin Headley, CISSP, CISA, CDPSE, CRISC, member of the firm's Risk Advisory & Assurance Services GroupIn this episode, you'll hear: Discussion surrounding CECL and its implementationHow the 2023 failures of Silicon Valley Bank and Signature Bank led to shifts in liquidity managementInformation about how economic uncertainty has led to the tightening of lending practicesThe importance of third-party risk management within a financial institution's cybersecurity policyStrategies to help financial institutions manage staffing levels Resources for additional information:Blog: Don't Turn Your Back on CECLBlog: Current Expected Credit Loss (CECL) Standard Update: Best Practices for ImplementationBlog: What is Enterprise Risk Management?Blog: The Biggest Cyber Risks for Your Company and How to Manage ThemPrevious Podcast Episode: Employee Retention and Recruiting in Today's Competitive EnvironmentEvent Invitations: Subscribe to receive invitations to future Bank and Credit Union Roundtables.
The second thing I did for overcoming impostor syndrome was just adopting this 1% better mindset that you're not seeking perfection. Every month or every year, you're going to improve yourself a little bit. The third thing is to just say yes to opportunity, even if you don't feel like you're 100% fit. And I think that goes more for applying for roles if you're looking for jobs, if you don't meet 100% of the job description, that's okay, you should still apply. Privacy is such an emerging field, and people encourage diversity, so you never know what your unique skill set would bring to the organisation, and maybe that's what they're looking for. So just say yes to job opportunities. Apply to speak at different conferences. Even if you don't think you have a very compelling story, you are judging yourself more harshly than others are.Attention Privacy Professionals, this episode is tailor-made for YOU! Join us as Jamal and Nandita dive deep into the strategies that will skyrocket your career.In this episode, we discuss:Practical tips to continue upskill and stay ahead of the curve.How to position yourself effectively and switch roles without starting from scratchHow to step out of your comfort zone and develop your personal brand with confidence Uncover the secrets to supercharge your privacy career!Nandita Rao Narla is the Head of Technical Privacy and Governance at DoorDash, where she leads the privacy engineering, privacy assurance and privacy operations teams. Previously, she was part of the founding team of NVISIONx.ai, a data profiling startup that classifies enterprise data to optimize security controls and solve privacy compliance challenges. As an advisory manager at EY, she focused on leveraging data governance to enhance privacy programs, scaling risk management functions, and driving data protection initiatives for Fortune 500 companies. Nandita currently serves on the Advisory Boards and committees for privacy and cybersecurity focused non-profits such as Extended Reality Safety Initiative (XRSI), Institute of Operational Privacy by Design, NIST, Techno Security & Digital Forensics Conference, and IAPP - Privacy Engineering. Nandita holds an MS in Information Security from Carnegie Mellon University, a BTech in Computer Science from JNT University, and privacy and security certifications such as FIP, CIPP/US, CIPT, CIPM, CDPSE, CISM, CRISC, and CISA.If you're ready to transform your career and become the go-to GDPR expert, download the first chapter of 'The Easy Peasy Guide To The GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Nandita on LinkedIn: https://www.linkedin.com/in/nandita-narla/Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers► https://newsletter.privacypros.academy/sign-upSubscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much...
InfosecTrain hosts a live event entitled “CRISC Exam Approach & Preparation” with certified expert ‘Aswini.' For more details or free demo with our expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar
On this week's Trailblazers episode, Russ welcomes CHIME CIO of the Year, Theresa Meadows, and CHIME's own resident cybersecurity expert, David Finn, to talk all things cybersecurity! Both esteemed guests recently received recognition through the Baldrige Foundation, and they share what this recognition means to them personally and professionally. Discussions on recent cybersecurity "battles" take place, plus they share the biggest cybersecurity challenges they have each faced over the course of their careers. Tune in for their insights and expert guidance, and learn from Theresa and David's perspectives on what the next five years in the industry will look like. Russ Branzell, CHIME President & CEO Theresa Z. Meadows, FCHIME, CHCIO, LCHIME, CDH-E David Finn, CISA, CISM, CRISC, CDPSE
The great Marc Quibell visits The Brett Johnson Show for a chat. Marc Quibell is a cybersecurity blue team expert with over 30 years of professional IT experience. In addition to being an Infosec Skills author, he's a consultant and security architect with a Bachelors of Science in Technology Information Management from Upper Iowa University and an Associate of Applied Science in Computer Systems Networking from Texas State Technical College in Waco. Marc has been CISSP certified since 2009 and was previously CCNA, MCSE and CRISC certified. Marc is a fantastic individual.
From November 22, 2022 - Robin Wilde is the Director of Business Solutions for TeamHealth. She is passionate about project management and cyber security, particularly Identity Management, as well as promoting women in cyber. She holds a variety of certifications, including the CISSP, CRISC, PMP, ACP, CSP, and Prosci, demonstrating her vast skillset and experience. She introduces the phrase "privilege sprawl" - listen to find out what that means! --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
From September 28, 2022 - Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC's Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber Attacks - https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
Today's guest is Steve Walbroehl, Chief Technology Officer / Chief Security Officer and cofounder of Halborn. Halborn is a blockchain cybersecurity firm that aims to secure the blockchain and protect users against data and monetary. Operating across the software development lifecycle, Halborn provides a suite of products and services designed to identify and close vulnerabilities in Web3 applications, helping to create the security standards that the market lacks. The company serves a diverse global client base spanning Layer 1 blockchains, infrastructure providers, financial institutions, and application and game developers. Halborn was founded in 2019 and is based in Miami, Florida. Steve has over 15 years of experience in cybersecurity, he is an expert, trainer, and technical leader in penetration testing, ethical hacking, web application, and cloud security, infrastructure security, vulnerability scanning and detection, IT compliance, and risk mitigation. He's worked with Fortune 500 companies spanning the Financial, Insurance, Mortgage, Technology, Utilities, Hospitality, and Blockchain industries. He holds several information technology and security certifications, including CISSP, CEH, CRISC, OSCP, OSWP, CISM, GWAPT, GAWN, AWS Solutions Architect Associate, CCNA, and Six Sigma. We begin our conversation by discussing the differences between traditional and crypto cybersecurity. Steve explains why security is the most important sector of industry, the crypto. We discuss why being a security specialist in crypto is very stressful. We discuss the connection between regulation and cybersecurity. We stress that regulation can foster decentralization and provide better user protection guidelines. Steve shares how the internet regulation during the early days of the internet could provide a blueprint for how to foster proper regulation and compliance in crypto. Our next conversation topic centered around the systemic risks that developed in DeFi due to greed. We discuss how greed fueled flawed protocol design spurring the wrong incentives resulted in the collapse of various centralized institutions. Steve expresses his concern about proof-of-stake as a centralizing force. Steve shares a story where he explains the systemic risks that can come from cross-chain liquidity, similar to the 2008 financial crisis. We transition our conversation to focus on the security risks in crypto. Steve explains the full spectrum of vulnerabilities that are present in crypto. We discuss how these vulnerabilities can be exploited and why a particular type of protocol is targeted more routinely than others. Steve explains that security in crypto requires taking into account technical vulnerabilities and socio-economic incentives to properly assess a project's vulnerabilities. Our next conversation topic centered around Halborn. Steve shares that one of the requirements to work as a security engineer at Halborn is to hack their way in. We discuss how coding and security testing is both an art and a science. We discuss the security of SHA-256 and why Bitcoin was a cryptography marvel. Our conversation transitions to focus on Seraph, the world's first blockchain security notary platform powered by Halborn. Steve explains how Seraph can help provide a security framework and guardrails for projects looking to standardized security practices. Our final discussion topic centered around the connection between adoption and security. Steve explains how increased security will lead to increased adoption of DeFi. Please enjoy my conversation with Steve Walbroehl.
InfosecTrain hosts a live event entitled “CRISC Exam Prep” with certified expert ‘Mukesh Kumar'. CRISC is one of the most well-known certifications that verifies your ability to avoid security breaches. Since CRISC holders are in high demand all over the world, this certification gives you a specialization in your field with higher pay. The webinar will give an insight into how to prepare for the CRISC exam. The webinar will be delivered by a domain expert with extensive industry experience. Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com Agenda for the Webinar
In this episode, Omar Turner, Managing Director of Cloud Security at Microsoft, discusses data privacy and protection. Key takeaways: Data protection and privacy Evaluating smaller vs. big companies Stakeholder buy-in Data protection/privacy divergence from security Classifying data Privacy defines who has access Being aware of the data you have Understanding data sovereignty About today's guest: Omar A. Turner is a Managing Director of Cloud Security for Microsoft. He brings over 25 years of experience supporting, deploying, architecting, and securing solutions for startups and globally recognized organizations. He holds numerous certifications, including the CISSP, CCSP, CRISC, CISA, CDPSE, and CISM, and holds B.S. degrees in Mathematics and Computer Science. Omar is passionate about cybersecurity enablement and training and career mentoring for those looking to start their journey in the fantastic and important field of cloud security. LinkedIn: https://www.linkedin.com/in/omarturner/ ___ Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)
Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022] 00:00 – Intro 00:49 – Intro Links: Social-Engineer.com - http://www.social-engineer.com/ Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb CLUTCH - http://www.pro-rock.com/ innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:15 – Marc Ashworth Intro 05:17 – What was the path that led you to InfoSec? 07:41 – Cultivating good security practices 09:31 – Learning to "scale" your security 11:22 – The value of Strategic Thinking 13:40 – It's all in the presentation 15:25 – The importance of Customer Service 18:32 – The Art of Translation 21:32 – Small Wins 24:34 – Letters to a young CISO 26:20 – Don't avoid Pen Testing! 28:11 – Adopting a "Partnership" mindset 30:30 – Long line of influence 33:40 – Book Recommendations We Are Legion (We Are Bob) – Dennis E. Taylor Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou The Goals Program – Zig Ziglar The 7 Habits of Highly Effective People – Stephen Covey 36:14 – Find Marc Ashworth online LinkedIn: www.linkedin.com/in/marcashworth/ 38:36 – Wrap Up 38:56 – Outro www.social-engineer.com www.innocentlivesfoundation.org
Robin Wilde is the Director of Business Solutions for TeamHealth. She is passionate about project management and cyber security, particularly Identity Management, as well as promoting women in cyber. She holds a variety of certifications, including the CISSP, CRISC, PMP, ACP, CSP, and Prosci, demonstrating her vast skillset and experience. She introduces the phrase "privilege sprawl" - listen to find out what that means! --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support
"The network people are worried about data being stolen. The engineers are worried about a process being affected. This is where our big difference lies." In this episode, I'm in conversation with Joe Weiss, who is the Managing Partner, of Applied Control Solutions, and Managing Director of ISA99. The ISA99 committee establishes standards and practices for defining procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. A mouthful, but a cyber expert. We discuss the impacts that cyber problems are having on the oil and gas industry. "[Cyber is] electronic communication between systems where people and systems that affects confidentiality, integrity, or availability. The point being nowhere in that definition, is the word malicious ever used." "Cyber became an IT issue, which is what we're dealing with, to this day." Joe Weiss is an expert on control system cyber security. He has published over 80 papers on instrumentation and control systems, control system cyber security, book chapters on cyber security for electric substations, water/wastewater, data centers, and cyber policy, and authored Protecting Industrial Control Systems from Electronic Threats. He is an ISA Fellow, Managing Director of ISA99, a Ponemon Institute Fellow, and an IEEE Senior Member. He was featured in Richard Clarke's book- Warning – Finding Cassandras to Stop Catastrophes. He has patents on instrumentation, control systems, and OT networks, is a registered professional engineer and has CISM and CRISC certifications. "Y2K. Because they knew exactly when it was going to end and what it was, there was a law that basically made all officers and directors personally liable. And because of that, a personal silos came down personally liable for what exactly? Anything that would occur from Y2K." Links: LinkedIn profiles (personal, business): Personal: https://https://www.linkedin.com/in/joew1 Website: http://www.controlglobal.com/unfettered Book http://www.momentumpress.net/books/protecting-industrial-control-systems-electronic-threats
Cybersecurity and Information security are the most demanding career options in today's world. This comprehensive blog is curated to provide the key difference between Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certifications, which are the highest earning IT certifications in the Information security domain. What is CISM? Certified Information Security Manager (CISM) is a professional certification accredited by the Information Security Audit and Control Association (ISACA) that validates the level of expertise in information security governance, incident management, program development and management, and risk management. It is an advanced certification mainly focusing on the enterprise's information security. What is CRISC? Certified in Risk and Information Systems Control (CRISC) is an advanced certification accredited by Information Systems Audit and Control Association (ISACA). It validates skills and knowledge in implementing risk management programs and best practices to identify, analyze, assess, prioritize, and respond to risks. This certification mainly focuses on enterprise IT risk management.
A conversation with Maria Thompson, CISSP, CRISC, SLG Leader, Cybersecurity Amazon Web Services (AWS). Maria has a passion for public service and in particular, cybersecurity awareness and readiness. Maria served as North Carolina's top cybersecurity official, after six-and-a-half years as its chief risk officer where she often advocated for a “whole-of-state” mentality in protecting securing IT and infrastructural assets, an approach that resulted in closer collaboration not just between agencies in Raleigh, but with local governments and the education and private sectors. Before state government, Maria had a 20-year career in the Marine Corps, during which she was among the branch's first group of cybersecurity personnel, ultimately retiring as its first cybersecurity and information assurance chief. We discuss the need to bring greater diversity into public service – and in particular tech.
In this month's special end of month Wednesday episode Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC's Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber Attacks - https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support
In this episode, Grant Reveal, the Director of Identity and Access Management at Micron Technology, talks about how we can demonstrate the business value of Identity and Access Management and how we get away from being viewed as the department of “NO” to “more SECURE”. Key Takeaways: From the department of “no” to “more secure” Three components of IAM (People, Process, and Technology) Why does the story matter? Why Is Information Security important? Time component in learning IAM is a must. The day-1 Process is building relationships and making people secure. Identity and Access Management vs Traction The Automation of training and hiring time. How does the SDLC process help customers' needs? Having a defined roadmap for a team is very helpful. When leaders share their stories, they also build credibility. Compliance with IAM policies and procedures Strong procurement and audit systems Importance of building relationships and awareness in the organization. About today's guest: Connect to Grant at: www.linkedin.com/in/grantreveal Grant is an experienced leader with breadth and depth throughout the IT and InfoSec disciplines. His focus for almost ten years has been within the Identity and Access Management space, with experience building and leading the IAM teams for three Fortune 500 firms. Before focusing on the InfoSec discipline, Grant led IT teams and held senior-level leadership positions within Higher Education, including CIO. He has several professional certifications, including CISSP, CCSP, CRISC, CISM, CDPSE, and earned his Bachelor of Science in Information Technology from Franklin University. Grant has spoken at numerous conferences and gatherings regarding the business values IAM can deliver and was named to Security Magazine's 2019 List of Most Influential People in Security. Grant also values lifelong learning as he continues to pursue his Master's degree and works to give back through training and mentoring the next generation of technologists. ________ Thank you so much for checking out this episode of The Tech Trek and if you enjoyed this episode, please take a minute and leave a quick rating and review on the Apple podcast app! Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)
Another great session.Find the Recording, with these exceptional Governance leaders, to discuss the Governance of Digital Transformation In Today's fast changing digital disruptions and risk optimization.Dr Ashraf Gamal Ceo of Hawkamah Institute for Corporate GovernanceMr Mark Thomas, CGEIT, CRISC, Certified COBIT Assessor President of Escoute Consulting.
Another great session.Find the Recording, with these exceptional Governance leaders, to discuss the Governance of Digital Transformation In Today's fast changing digital disruptions and risk optimization.Dr Ashraf Gamal Ceo of Hawkamah Institute for Corporate GovernanceMr Mark Thomas, CGEIT, CRISC, Certified COBIT Assessor President of Escoute Consulting.
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 42: How Skills Outside of the CyberSecurity Space Lay the Groundwork for a Great CyberSecurity Career with Art ConklinPub date: 2022-06-14Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today! Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security. He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+.His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics.Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training,If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area. Show highlights:There is a different level of thinking that gets taught and applied today. (5:49)After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10)Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07)Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05)The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08)Learning is about more than just knowledge because knowledge needs to be applied. (18:38)Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40)In some respects, transitioning out of the military is not easy, from a job perspective. (24:01)Art explains why he did another degree after getting his doctorate. (27:44)Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14)What he has done and is currently doing at the University of Houston. (32:32)If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16)If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu. Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42)How to invest in yourself. (46:20)Links:(CS)²AIArt Conklin on LinkedInThe University of Houston (Search for cybersecurity)The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today! Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security. He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+. His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics. Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training, If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area. Show highlights: There is a different level of thinking that gets taught and applied today. (5:49) After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10) Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07) Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05) The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08) Learning is about more than just knowledge because knowledge needs to be applied. (18:38) Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40) In some respects, transitioning out of the military is not easy, from a job perspective. (24:01) Art explains why he did another degree after getting his doctorate. (27:44) Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14) What he has done and is currently doing at the University of Houston. (32:32) If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16) If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu. Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42) How to invest in yourself. (46:20) Links: https://www.cs2ai.org/ ((CS)²AI) https://www.linkedin.com/in/waconklin/ (Art Conklin on LinkedIn) https://uh.edu/ (The University of Houston) (Search for cybersecurity) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if...
✅Agenda of the Session ✔️CRISC Exam Practice Q&A Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains
Privacy & Compliance expert from Microsoft, Ingrid Rodriguez, joins hosts Jerich Beason& Whitney McCollum to discuss taking risk out of silos. They talk about how the entire organization needs to have understanding of the enterprise risks. Specifically, how does security & compliance fit into the enterprise risk framework? What are the situational perspectives of the C-Suite and how can those perspectives drive compliance goals? How can the CISO and legal work together and with the enterprise for compliance? They will also talk about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals. How much and how often should you communicate risks and mitigation strategy? Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice. They represent their views only and not those of Epiq or their respective employers.”BIOGRAPHYIngrid is an Advanced Compliance Global Black Belt with Microsoft Security Solutions Area supporting the South, Southeast of the US, and LATAM regions. In her role, Ingrid shares her enterprising multinational information and security risk management executive experience, to help customers strategize within their Risk and Compliance obligations leveraging our solutions in Compliance, Information Protection, Privacy Management, and Insider Threat management capabilities. During her 18 years tenure in IT Risk & Compliance Leadership, Ingrid designed for an innovative Global Technology Risk Management Framework, as well as a vision for tactical implementation of technology and security controls by combining a variety of data security standards such as: NIST, ISO, PCI, HIPAA, FFIEC, GDPR, to mention a few. Ingrid designed and built the first Global Technology Risk Management programs in most of her previous employers. She lead, supported and guided over 45 countries to meet US and country-level compliance and privacy needs and well as Global Standards. Ingrid is from Puerto Rico, based in Dallas, TX but soon relocating to beautiful Pensacola, FL. She is a frequent speaker on Risk Management and Compliance topics, in both languages English and Spanish, in many global, national and regional events including ISACA, Microsoft Executive Briefing Center, Fintech, Partners and many other associations and affiliations within the Privacy, Risk and Compliance industry in the US and LATAM. Ingrid received a Bachelor's Degree in Computer Engineering from the University of Puerto Rico, and also holds a Master's Degree in Sciences, Computer Sciences from the University of Phoenix. She holds various industry certifications, including CRISC, CDPSE, ITIL among others. LinkedIn: https://www.linkedin.com/in/inrodz/ Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.
#CISOThursday - Breaking into Cybersecurity: Matt Stamper 5.5.22 Matt Stamper, MPIA, MS, CISA, CIPP-US, CISM, CDPSE, CRISC, ITIL https://www.linkedin.com/in/stamper/ It's really a conversation about what they did before, why did they pivot in cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way. About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber
#CISOThursday - Breaking into Cybersecurity: Matt Stamper 5.5.22 Matt Stamper, MPIA, MS, CISA, CIPP-US, CISM, CDPSE, CRISC, ITIL https://www.linkedin.com/in/stamper/ It's really a conversation about what they did before, why did they pivot in cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way. About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber
How did Cybrary instructor Corey Holzer go from being the IT help desk person for the World Wrestling Federation to becoming a PhD-holding Information Security Manager? In this episode of the Cybrary podcast, please enjoy Corey's fascinating stories of nearly colliding with the Undertaker, losing his internet connection during the CRISC exam, and developing essential problem-solving skills as a cybersecurity professional. Get a behind-the-scenes look at Corey's newest course, Linux Hardening—out now on the Cybrary platform! Connect with Corey: ~LinkedIn Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
People often talk about upskilling from a physical security role to becoming a cyber or converged security specialist. But what does that really mean? On this episode of the podcast, we speak with Shaun Southall, an operator that has expertly and effectively converged the two worlds of physical and cyber together as a working security specialist. Join us this week as we talk about: Shaun's asymmetric career journey into cyber security. How the ‘uninitiated,' physical security specialist can augment their skills. What steps to take and what to avoid when breaking into the field. The single biggest mindset shift that will determine your success. As we say here, knowledge is power and, in our industry, “what you don't know can hurt you.” So, tune in and get skilled up with our latest expert sharing his tricks of the trade and gems of experience! More about Shaun: Shaun is a Cyber Security Oversight Specialist for the Civil Aviation Authority, with almost twenty years of experience, a plethora of certifications, and an ambitious hashtag - #cisoby60! He holds a Level 6 diploma in Security Risk Management and an itch for formal self-improvement that has led to becoming an ISO 27001 Lead Implementer and gaining audit experience through voluntary work, before embarking on four ISACA certifications – CISM, CRISC, CDPSE and COBIT Foundation – in just four months. He is heavily influenced by Doug Hubbard, Alexei Sidorenko and Norman Marks and is driven to shift the mentality from ‘red amber green and five by fives' to a holistic appreciation of risk that considers the complexity of the threat landscape. Shaun is also a regular presenter at ASIS CPE events, promoting risk quantification and ‘debiasing the human', an active member of SIRA, FAIR and ISACA London Chapter, is a proud to be part of an organisation tasked with maintaining the safety and security of aviation in the UK. https://www.linkedin.com/in/shaunsouthall/ (Linkedin) More about the Circuit: The Circuit Magazine is written and produced by volunteers, most of who are operationally active, working full time in the security industry. The magazine is a product of their combined passion and desire to give something back to the industry. By subscribing to the magazine you are helping to keep it going into the future. https://circuit-magazine.com/read/ (Find out more >) If you liked this podcast, we have an accompanying weekly newsletter called 'On the Circuit' where we take a deeper dive into the wider industry. http://bit.ly/OntheCircuit (Opt in here >) The Circuit team is: Elijah Shaw Jon Moss Shaun West Phelim Rowe Connect with Us: https://circuit-magazine.com/ (Circuit Magazine) https://mailchi.mp/the-bba.org.uk/bba-connect (BBA Connect) https://www.theprotectorapp.com/ (NABA Protector) https://the-bba.org.uk/ (British Bodyguard Association)
Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company. Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC. Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications. Steve currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer since 2017. • Executive advisory board member for security startups, providing guidance to the executive leadership on sec Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything Highlights: 0:00 - Introductions and Backgrounds Steve highly recommends everyone takes a sabbatical 8:14 – Brutal Truths “it's not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren't solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process” 15:15 – “I Learn to Understand the Perspectives of the Individual I'm Working with – the Win-Win” 25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that." 29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again." 42:39 - It Takes a Village! "We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently." LinkedIn: https://www.linkedin.com/in/szalewski/ (https://www.linkedin.com/in/szalewski/) Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/ (https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/) r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/ (https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/)
What does a “high” risk mean to you? What does it mean to your colleague? Does your organization have multiple risks marked as “high” but it's hard to figure out which one to focus on first? If you answered yes to the last question, risk quantification may be the right fit for you. However, risk quantification has proven to be a popular and complex subject. That is why we invited Bob Maley, Chief Security Officer at Black Kite to talk to us about how risk quantification helps risk pros use quantification to make sense of qualitative data and effectively communicate risk across an organization. Bob is CRISC, CTPRP, and an Open FAIR™ certified risk quantification expert who has led state-of-the-art risk management programs.In this episode of GRC & Me, Bob discusses the importance of risk quantification and how it can help organizations make better strategic decisions. We also discuss how Black Kite's Open FAIR™ based solution calculates the probable financial impacts of cyber breaches and how it communicates risks in quantitative, easy-to-understand business terms so that organizations can risk smarter and with confidence.
Podcast: Cyber Security Weekly Podcast (LS 37 · TOP 2.5% what is this?)Episode: Episode 292 - Critical Info Infrastructure Protection in Singapore with Cyber Security Agency of SingaporePub date: 2021-10-24Interview by Jane Lo, Singapore Correspondent with Lim Thian Chin (Director, Critical Info Infrastructure Division, Cyber Security Agency of Singapore) Thian Chin is leading the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). The division is responsible for building the cyber resilience of the Nation's essential services across 11 CII sectors covering government, utilities, transport and services clusters. His team works with sectoral regulators to strengthen the cyber resilience of CII owners, to promote confidence-building measures and to deepen the public-private partnership between the government and CII stakeholders. Thian Chin also represents Singapore in International and regional cybersecurity forums where he shares his knowledge on cybersecurity resiliency and capability building. Thian Chin has over 19 years of experience in Information & Technology governance, risk management, resilience and compliance, and Operational Technology cybersecurity. Prior to joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC from 2008 – 2013. In his earlier years, he was a Manager and had led a team of auditors in Information Technology in Ernst & Young. Thian Chin holds an Executive Masters (Cybersecurity) with Brown University, a bachelor's degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is certified as a GICSP, CGEIT, CDPSE, CRISC, CISM, CISSP, CISA, and SABSA practitioner. In this podcast, Thian Chin shared some highlights* on cybersecurity and operational technology (OT) at the Singapore International Cyber Week (SICW 2021), and the OT Cybersecurity Expert Panel (OTCEP), organized by the Cyber Security Agency of Singapore. Touching on cybersecurity incidents highlighted in the “Singapore Cyber Landscape 2020” such as ransomware and supply chain, he noted the increasing complexity of the threat landscape. He discussed some common perceptions of the cybersecurity professionals and the engineers running the operating infrastructure, including infrastructure “air gap” and cultural differences such as skills and language, and security goals (“CIA” - versus “SRP”). Referring to one of Singapore's largest cyber incidents in the CII sector, and the recent threats, he shared perspectives on how government policies such as the OT-ISAC, the OT Cybersecurity Code of Practice (updated in 2019) and the Cybersecurity Competency Framework (2021) help to boost cyber defenses. With the recent release of the “Singapore Cyber Security Strategy 2021”, he also several areas of focus for the CII cybersecurity ecosystem, including structuring an approach to managing supply chain risks and building cyber resiliency profiles. *also included highlights from OT-ISAC (Operational Technology Information Sharing and Analysis Centre) and ISACA Singapore Chapter Recorded: 15th October 2021 (SGT 8.30am)The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Interview by Jane Lo, Singapore Correspondent with Lim Thian Chin (Director, Critical Info Infrastructure Division, Cyber Security Agency of Singapore) Thian Chin is leading the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). The division is responsible for building the cyber resilience of the Nation's essential services across 11 CII sectors covering government, utilities, transport and services clusters. His team works with sectoral regulators to strengthen the cyber resilience of CII owners, to promote confidence-building measures and to deepen the public-private partnership between the government and CII stakeholders. Thian Chin also represents Singapore in International and regional cybersecurity forums where he shares his knowledge on cybersecurity resiliency and capability building. Thian Chin has over 19 years of experience in Information & Technology governance, risk management, resilience and compliance, and Operational Technology cybersecurity. Prior to joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC from 2008 – 2013. In his earlier years, he was a Manager and had led a team of auditors in Information Technology in Ernst & Young. Thian Chin holds an Executive Masters (Cybersecurity) with Brown University, a bachelor's degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is certified as a GICSP, CGEIT, CDPSE, CRISC, CISM, CISSP, CISA, and SABSA practitioner. In this podcast, Thian Chin shared some highlights* on cybersecurity and operational technology (OT) at the Singapore International Cyber Week (SICW 2021), and the OT Cybersecurity Expert Panel (OTCEP), organized by the Cyber Security Agency of Singapore. Touching on cybersecurity incidents highlighted in the “Singapore Cyber Landscape 2020” such as ransomware and supply chain, he noted the increasing complexity of the threat landscape. He discussed some common perceptions of the cybersecurity professionals and the engineers running the operating infrastructure, including infrastructure “air gap” and cultural differences such as skills and language, and security goals (“CIA” - versus “SRP”). Referring to one of Singapore's largest cyber incidents in the CII sector, and the recent threats, he shared perspectives on how government policies such as the OT-ISAC, the OT Cybersecurity Code of Practice (updated in 2019) and the Cybersecurity Competency Framework (2021) help to boost cyber defenses. With the recent release of the “Singapore Cyber Security Strategy 2021”, he also several areas of focus for the CII cybersecurity ecosystem, including structuring an approach to managing supply chain risks and building cyber resiliency profiles. *also included highlights from OT-ISAC (Operational Technology Information Sharing and Analysis Centre) and ISACA Singapore Chapter Recorded: 15th October 2021 (SGT 8.30am)
¡Aprende SecTY! El mercado mundial de la ciberseguridad crece constantemente cada año y la tecnología avanza para demostrar que nunca se extinguirá. Se pronostica que el tamaño del mercado mundial de ciberseguridad crecerá a 345,4 mil millones de dólares para 2026. https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/ ¿Estas comenzando en el campo de la seguridad de información? ¿Sabes cual es el mejor campo de ciberseguridad para escoger? Consultoría de Seguridad de Información Identidad de Acceso Seguridad para Infraestructura Seguridad de la Red Etc… Escucha el episodio para que escuches el consejo de cuál es el campo mas atractivo. Estas son algunas de los enlaces de varias certificaciones: CISSP: https://www.isc2.org/landing/CISSP-path?utm_source=google&utm_medium=cpc&utm_campaign=GBL-CISSPpath&utm_term=search&utm_content=CISSPpath&gclid=Cj0KCQjwg7KJBhDyARIsAHrAXaFL-aPWLl9Dz2zcUDkbEnxyVHtll2cN3MWkqHfVM_vJTEJB3tuiWqoaAjsUEALw_wcB# Security + : https://www.comptia.org/certifications/security CCNA: https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna.html CISA: https://www.isaca.org/credentialing/cisa CISM: https://www.isaca.org/credentialing/cism CSX-P: https://www.isaca.org/credentialing/csx-p CRISC: https://www.isaca.org/credentialing/crisc CEH: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ ¡Gracias!: *****Recuerda que, si deseas que te envíe una guía de 8 tips para saber como identificar un Phishing email, escríbeme en @sectycs en Instagram, Facebook, LinkedIN o Twitter. O Escribeme un correo a la dirección: itsec@sectycs.com ***** Síguenos en Facebook, Instagram, Twitter y LinkedIN como: @SecTYCS Búscanos en YouTube como Aprende SecTY Envíame tus preguntas o recomendaciones a: itsec@sectycs.com Deja tu reseña en iTunes/Apple Podcast y compártelo con personas que necesiten mejorar la seguridad en su negocio y en su vida. Puedes escucharnos por medio de: iTunes/Apple Podcast, Spotify, Stitcher, Google Podcast y YouTube.
"We all rely on service providers to keep our businesses afloat. I get asked all the time, 'How do I know that this service provider is going to be careful with my data?' Service providers can elevate our risk, while at the same time giving us really important services that we need. "When using service providers, managing your 3rd party risk can be a challenge. Tune in this week as Jen Stone (MCIS | CISSP | CISA | QSA) talks with Paul Poh (CISSP, CISM, CRISC, CIPP/US) about how we can best manage and minimize that 3rd party risk that often comes with using these service providers.Listen to learn:-Things to look for when choosing a service provider.-Keeping your data secure with your service provider.-Things you need to know about your own security.Paul Poh on LinkedIn - https://www.linkedin.com/in/paulpoh/[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Richard Pharro, CEO of APMG International, discusses the recent interest in Governance and how to tell if investments are really creating value for an enterprise, in this second episode of In Conversation with Richard Pharro.Featuring international expert on Governance Risk and Compliance, Mark Thomas, he gives us his perspective on the importance of governance in Digital Transformation.apmg-international.com/events/importance-governance-mark-thomas
The Department of Defense's Cybersecurity Maturity Model Certification (CMMC) is on the horizon and companies in the defense supply chain have many questions. In this podcast, Nick DeLena and Scott Goodwin from DGC's IT Risk Assurance & Advisory practice are here to tell us if these five statements about CMMC are true or false, and share their insights: CMMC will directly impact your ability to do business in the defense supply chain CMMC is just a project for the IT Department Reviewing your NIST 800-171 implementation is critical CMMC will not be retroactive on contracts There are five levels of CMMC certification and everyone must reach all five levels ***To watch a video version of this podcast, click here.*** For additional CMMC resources, visit our CMMC Insights Center page. DGC's IT Risk Assurance & Advisory Practice can help you achieve compliance with the CMMC. We are actively engaged with our clients across all areas of the CMMC framework including gap assessments, self-assessments, and both SSP and PoAM development. If you have questions about who is impacted by the CMMC standards and what the compliance and certification process looks like, please contact a member of your DGC client service team or Nick DeLena, CISSP, CISA, CRISC, CDPSE at 781-937-5191 / ndelena@dgccpa.com or Scott Goodwin, OSCP, OSWP at 781-937-5722 / sgoodwin@dgccpa.com. ***This podcast was originally recorded on March 26, 2021.***
I got to interview the most recent cohort of the latest Slay and Play Sisterhood: a group of incredible, powerful, vulnerable, deep and playful women of color: Michelle Fujisaki, Alicia Hilbert, Kara Johnson, Kendra Lewis and Denise Li (see bios below) . During this program, these amazing women let go of scarcity, cultural limiting beliefs that no longer served them and defined their own version of success with joy. They delved deep in their identity and bonded in ways that you can only with people who get you. They grew their businesses, started businesses, wrote a book, created art, danced, wrote a song, played video games, created an empire, delegated more and worked less, surfed and skateboarded, got promotions, created additional income streams, made more money, supported each other, delved deep and spoke their truth, all with fun and play incorporated. In this episode, they share this experience. I am kicking off another cohort in early July and I'm looking for women of color who want to slay, play and support other powerful women of color to do the same. I'm selective about who can participate as I want this group to have the right chemistry. Are you ready to stop holding back your greatness and to be supported? Taking applications here: slayandplaysisterhood.com Apply today!Bios:Kara Johnson is a Technical Program Manager with 7+ years in the tech industry. During the Slay & Play program she founded Tidy Digital, a service that teaches people to maintain tidy electronic spaces like email, photos, and documents. Her book, Digital Tidiness, will release on Kindle in October 2021. Kara is of Pacific Islander and European descent. Twitter: @tidydigital, TikTok: @tidydigital, Facebook: @tidydigital, Instagram: @tidy_digitalDenise Li works as a Governance, Risk, and Compliance Analyst in information security. She authored The Ocean Accepts All Rivers: Life and Money Lessons from My Taiwanese American Upbringing and she moonlights as a blogger, vlogger, and personal finance coach. During the Slay & Play program she wrote a super secret love song for her husband, began working with a personal trainer, attained her CRISC professional certification, and got promoted.Support the show (https://www.patreon.com/beyondblendingin)
In this Special Mother's Day (Mother's Month) episode, Kassy interviewed a Digital Parenting Coach and Cybersecurity Expert Jessie Liew SP for a LIVE conversation of the Ambitious Tribe Podcast inside Ambitious Tribe INNER CIRCLE - Coaches And Consultants. The episode tackled foundations and values on how parents can support, empower and protect children from predators online and offline and learn the 5 methodologies on how you can instill control without driving your kids towards rebellion and decrease screen time - without resistance. Jessie's been in the cybersecurity field for more than 14 years. She also holds professional certifications in Cyber Security (CISSP, CRISC, and CISA). She has been able to shape the companies' employees' internet habits as well as in her own children. HERE ARE THE KEY TAKEAWAYS OF THIS EPISODE: ➤ [13:29] – We cannot be there for our children 24/7. I think there will come a time wherein they'll carve their own paths. ➤ [15:28] – I think nowadays parents are too busy wearing multiple hats. ➤ [18:41] – The Internet is a double-edged sword. ➤ [25:05] – Now, we have digital parenting but I don't think that the foundations of parenting, in general, have changed at all. Join Kassy's FREE Driven and Ambitious Community - Ambitious Tribe Inner Circle (http://www.facebook.com/groups/ambitioustribe/) Claim your 5 Day Masterclass on how you'll be able to turn your network into paid high ticket clients with a plan (www.kassypajarillo.com/) FOLLOW KASSY ON INSTAGRAM: https://www.instagram.com/kassypajarillo/ FOLLOW KASSY ON LINKEDIN: http://www.linkedin.com/in/kassypajarillo/ SUBSCRIBE TO HER YOUTUBE CHANNEL: http://www.youtube.com/c/kassypajarillo/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/ambitioustribe/message
On this episode of Legally Accountable, our hosts Dan Blanchard and Charlie Muracco are joined by Joseph Ingemi of Pinarus Technologies, a Veteran Owned Small Business located in Hammonton, NJ that provides cyber-security risk assessments, governance, IT auditing, business analysis, and project management to discuss cyber-security risks, requirements, and solutions for mitigating risks and ensuring compliance. Joe, Owner and Lead Consultant of Pinarus Technologies, earned his undergraduate degree from West Point in Electrical Engineering and holds a Master’s Degree in Public Policy from Duke University. Joe is currently earning his Master’s in Accounting from Seton Hall University, where he also is an adjunct professor. Prior to Pinarus Technologies, Joe worked for a variety of Fortune 500 companies and small businesses. Joe holds his CISA, CRISC, PMP, and CMMC RP credentials. Joe is a veteran, having served 5.5 years in the US Army. In his spare time, you can find Joe exploring the Hudson Valley and spending time with his family and his rescue pets.https://link.edgepilot.com/s/dfd3ffbe/Mo-DtAY-UEW5jYCCk6mxsw?u=https://pinarustech.com/%C2%A0https://www.linkedin.com/in/josephingemi/https://www.linkedin.com/in/cpacmuracco/https://www.linkedin.com/in/daniel-l-blanchard-7549bb5b/
This week I sit down with Aubrey Turner, Executive Advisor Ping Identity. Aubrey and I discuss his journey into the Cybersecurity space, his love of going fast, and the importance of having a platform as a person of color. Oh, and he also issues a little challenge to yours truly. Enjoy! Meet AubreyAubrey Turner – Executive Advisor, Ping IdentityCareer BIO - Highlights Aubrey Turner has extensive background in successfully delivering strategic, enterprise cybersecurity solutions to Fortune 1000 companies that address business problems, strengthens organizations, reduces risk, and delivers positive business outcomes. Aubrey has demonstrated rapport and consensus building with key stakeholders. Additionally, he has proven leadership, communication, management, collaboration, and sales skills. Aubrey's background is comprised of the following:20 years of cybersecurity experience comprisingOver 12 years in identity access management starting in the early 2000s through the present (Deloitte/FishNet Security/Optiv/Ping Identity)Five years of experience in data security (governance/DLP) and privacyMulti-domain experience also includes risk management, BCP/DRP, network/software security, application security, threat, and vulnerability management20 years of customer-facing strategic advisory consulting, implementation, and solution sales experienceExperience covering financial services, healthcare, retail, software, telecom, and other sectorsHold the following certifications: CISSP, CIPP, CISA, and CRISC
Jack Jones is one of the most well respected thought leaders in risk management and information security. During his 30 years in the industry he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management. Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack was also on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification. Today, Jack is in charge of Research at RiskLens, Inc. and is a sought after speaker at national conferences and universities like Carnegie Mellon and Ohio State University. He is also the Chairman of The FAIR Institute (http://www.fairinstitute.org/), a non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on FAIR.
Los delincuentes cibernéticos tienen hambre, son inteligentes y están coordinados; no es de extrañar que sigamos viendo que el nivel de sofisticación y el impacto de los ciberataques aumentan. Estos ataques están evolucionando, impactando a nuevas víctimas, beneficiarios finales, monedas, tipos de mensajes y cantidades. Durante esta sesión, SWIFT compartirá las mejores prácticas para la detección de fraudes para ayudar a defenderse de estos ataques. Únase a nosotros para descubrir cómo puede aprovechar el CSP como parte de su gestión de riesgos y proceso de toma de decisiones comerciales. Con Alejandro Mijares, CRISC, CISA, MSMISCybersecurity & Compliance – Risk Advisory ServiceKAUFMAN ROSSIN Rodrigo RubioGerente de Seguridad TIBanco Bci
Have you ever wondered where internal audit functions and fraud investigations intersect? How they're different? On this week's episode of The Investigation Game Podcast, Leah interviews Jami Shine, Corporate and IT Audit Manager for QuikTrip Corporation about this very topic. Join us either via audio or video this week wherever you listen to podcasts or YouTube!Jami Shine graduated summa cum laude from the Honors Program at Oral Roberts University and has over 13 years of combined internal and external audit experience. She is currently the Corporate and IT Audit Manager for QuikTrip Corporation, where she manages operational, IT, and financial audits and consulting engagements. She also co-facilitates the Enterprise Risk Management (“ERM”) program and conducts the annual risk assessment process with the CAE. Her favorite project at QuikTrip was getting to write and facilitate a series of training videos for the 20,000+ store employees. Jami enjoys being a facilitator for the Institute of Internal Auditors (“IIA”), leading both online and in-person trainings, as well as being a recurring speaker at IIA and MISTI conferences, IIA and ISACA chapters, and other local organizations. She also loves serving as a member of the IIA's North American Chapter Relations Committee. She was honored with the IIA Tulsa Chapter's “Auditor of the Year” Award in 2018.Connect with Jami: jshine@quiktrip.comLinkedIn: https://www.linkedin.com/in/jamishine/ Subscribe to Workman Forensics: http://bit.ly/2Qrna20 LIKE us on Facebook: http://bit.ly/2K73yiN FOLLOW us on Twitter: http://bit.ly/2WoRQ9N FOLLOW us on Instagram: http://bit.ly/2W9rf0Z FOLLOW us on LinkedIn: http://bit.ly/2I3iH1X
Paul Poh (CISSP, CISM, CRISC, CIPP/US) has had an interest in cybersecurity since before the internet as we know it existed. From his first exposure to the “Morris Worm” in the early ‘90s as a software engineer at Tufts University, to his current role as Partner at Radical Security, Paul’s mixture of curiosity and wisdom have helped him maintain the perspective needed to be a successful penetration tester. He shares his insights with our Host Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) on why it’s the small things that can take down an organization’s security. “Your Software Development, Engineering, and DevOps can all be great. But a malicious actor can still break a password, attack your source code, and insert a backdoor that would then be pushed into production. You can do a great job protecting production, but if a hacker can find something small, they will.”Listen in to learnCase studies that compare typical security measures to actual threats and vulnerabilitiesPenetration testing requirements, preparation, tips, timing, timeline, and best practices Tips for choosing a penetration testing firm and the surprising qualities that make for a good penetration testerPaul Poh on LinkedIn2020 SecurityMetrics PCI Guide
Today’s episode is focused on “Business Risk and Cyber Security”. This is an area that many of the C-Level executives are concerned about. The Cyber Security threats were already high but with the Covid19 pandemic, it has increased significantly. With the majority of corporate employees working remotely, the cyber threat landscape has expanded dramatically. According to a recent study published by OpenVPN, 90% of respondents said that remote workers are a security risk to the organization and 73% of VP and C-suite IT leaders believe remote workers pose a higher risk than onsite employees. Today's conversation is with Dominique Singer. He is one of our leading experts in Business Security. He has over 25 years of experience in IT and Security, working with well known Global Organizations. He holds numerous security certifications, such as CISM, CCSK, CRISC, CISSP, GSEC Gold, COBIT, and more! If you'd like to speak with one of our advisors, please email us at advisor@nadicent.com to schedule a FREE consultation. --- Send in a voice message: https://anchor.fm/nadicenttech/message
Guest: Yudi Arijanto, CISSP, CISM, CRISC, CISA – Manager of System Engineering at Palo Alto Networks The post SOC: Cara Taktis Menekan Ancaman Cyber – E22 written by Faisal Yahya appeared first on Bincang Cyber.
Interview with Chirag Joshi, M.S., CISA, CISM, CRISC, author of 7 Rules to Influence Behaviour and Win at Cyber Security Awareness. Using humour, real-world anecdotes, and experiences, this book introduces seven simple rules to communicate cyber security concepts effectively and get the most value from your cyber awareness initiatives. Since one of the rules is “Don’t Be Boring,” this proven process is presented in an entertaining manner without relying on scary numbers, boring hoodie-wearing hacker pictures, or techie jargon! Additionally, this book addresses the “What” and “Why” of cyber security awareness in layman’s terms, homing in on the fundamental objective of cyber awareness—how to influence user behaviour and get people to integrate secure practices into their daily lives.It draws wisdom from several global bodies of knowledge in the technology domain and incorporates relevant teachings from outside the traditional cyber areas, such as behavioural psychology, neuroscience, and public health campaigns. Chirag has extensive experience working directly with the C-suite executives to implement cyber security awareness training programs. During the course of his career spanning over a decade across multiple sectors, he has built, implemented, and successfully managed cyber security, risk management, and compliance programs. As a leader holding senior positions in organizations, Chirag excels at the art of translating business and technical speak in a manner that optimizes value. Chirag has also conducted several successful cyber training and awareness sessions for non-technical audiences in diverse industries such as finance, energy, healthcare, and higher education. Chirag’s academic qualifications include a master’s degree in telecommunications management and a bachelor’s degree in electronics and telecommunications. He holds multiple certifications, including Certified Information Security Manager, Certified Information Systems Auditor, and Certified in Risk and Information Systems Control. Recorded 16 January 2020 at Tank Stream Labs, Sydney - courtesy of IQ Innovation.
Every day we hear about another cyber attack. Another virus that we have to guard against. Defending our digital infrastructure is an ongoing and top priority for every organization. It must also be incorporated into every project, from inception to close-out. In this episode, host, Kendall Lott, convenes a round table of experts to discuss best practices to safeguard your project from digital predators. Listen, learn, and get a free PDU! PDU Information Use the following information in PMI’s CCRS system to register the PDUs for this podcast: PDU Category: Online or Digital Media Provider Number: 4634 PDU Claim Code: 4634UKD1P2 Activity Number: PMPOV0067 PDUs for this episode: 1 About the Speakers Charles L. (Chuck) McGann, Jr., is a Cybersecurity consultant and education professional with 49 years of IT and Cybersecurity experience. He currently contracts with small to mid-size organizations, addressing compliance concerns and overall Cybersecurity policy, architecture and implementation challenges of government contractors providing IT and Security services. Chuck retired from the position of Corporate Information Security Officer (CISSO) for the US Postal Service (USPS) in November 2014. Responsibilities included securing an intranet that is one of the largest maintained by any organization in the world. Susan Parente is a project engineer, consultant, speaker, author, professor, and mentor who leads large complex IT software implementation projects, and the establishment of Enterprise PMOs. She has 20+ years of experience leading software and business development projects in the private and public sectors, including a decade of experience implementing IT projects for the US Department of Defense, and other federal government agencies. Mrs. Parente has a BS in Mechanical Engineering from the University of Rochester in NY and a MS in Engineering Management from George Washington University in DC. She has numerous project management, Agile, risk management, and IT Security certifications, including: PMP, PMI-RMP, PMI-ACP, CSM, CSPO, PSM I, CISSP, RESILIA, CRISC and ITIL certified, and she is a CMMI and ISO 9001 Practitioner. Dr. Nima Zahadat is an instructor of information systems and engineering with more than 20 years of experience in cybersecurity, application development, and database systems. He is frequently asked to be a keynote speaker on current topics related to information systems and security. Dr. Zahadat has designed, developed, and taught information system curricula courses in the fields of security, cyber security, web design, database management, programming, visualization, virtualization, networking, and system administration to the commercial sector, the US Department of Defense, and within the University setting. He is an active member of the Information Systems Security Association (ISSA).
True or false? The asset size of a credit union largely dictates the success of a security and education awareness program.According to CUES podcast guest Ray Murphy, CRISC, this statement is definitely false. “Regardless of size, each credit union can have a world-class information security program,” he says in this episode.Chief information security officer and cyber security advisor for LEO Cyber Security, a CUES strategic provider, Murphy previously built out the information security program at $106 billion Navy Federal Credit Union, Vienna, Virginia. Before working at Navy FCU, Murphy’s tenure at Mobile Oil exposed him to every facet of information security—from desktop and mainframe to PCs, voice operations and even executive support.In the show, Murphy identifies some of the biggest challenges credit unions face every day: ransomware, which holds an organization’s system hostage in expectation of a ransom payment, and business email compromise, a particular type of phishing attack that tries to trick employees into clicking on a link to release malware that will take over a company’s network. “One of the things that organizations need to be focused on is to make sure they have a very robust incident response plan so they’re prepared … so they know what to do,” Murphy says. “If you have a threat that comes to fruition within your organization, time is of the essence.”In this episode, Murphy also talks about the importance of securing cloud computing, having a good insider threat program and managing the regulatory environment—especially as it relates to protecting member privacy.The show also gets into:Steps organizations can take to educate employees and increase their level of awarenessThe reasons why every credit union needs an incident response planThe risks of not having an incident response planKey elements of an incident response planWhy all employees need to be involved in securing members’ dataThe role of communication and leadership in cybersecurity
Your “gut” is a culmination of your experiences. Robin Kennedy, MA, CISA, CRISC
In this episode, I'm joined by Gary R. Hayslip, Cybersecurity Strategist & CISO. Together we discuss the global impact of cybersecurity mergers & acquisitions, along with the impact that they are having on today's CISOs. With over 25 years of information technology, security leadership, and risk management experience, Hayslip has an exceptional record of success leading multiple, diverse cross-functional security and risk governance teams in the planning, analyzing and implementation of information security programs to support organizational business objectives. Hayslip is a proven cybersecurity professional; he has established a reputation as a highly skilled communicator, author, and keynote speaker. Hayslip has developed the ability to work within all business channels of an organization and is extremely effective in communicating the nuances of cybersecurity in business/risk terms for executive management and boards of directors. Hayslip’s previous executive roles include multiple CISO, CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software. In all of these roles, Hayslip led diverse teams of 10 – 300 employees and built information technology and security programs from the ground up. He partnered with software development and agile teams, integrating security into innovative workflows and new services. Hayslip collaborated with customers, strategic partners, and executive leadership teams on the deployment of new products, merger & acquisition due diligence services, and the management of his organizations business risks. Hayslip recently co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, which are considered among the leading books on enabling CISOs to expand their leadership and business expertise. He serves as an EvoNexus Selection Committee member, where he reviews and mentors cybersecurity and Internet-of-Things startups. He sits on the board of directors for both the Cyber Center of Excellence and Infragard’s San Diego chapter. Hayslip is an active member of the professional organizations ISC2, ISSA, ISACA, OWASP, and Infragard. He currently holds several professional certifications, including CISSP, CISA, and CRISC. Hayslip has a BS in information systems management from UMUC and an MBA from San Diego State University. LinkedIn Profile: http://www.linkedin.com/in/ghayslip Twitter: @ghayslip --- Send in a voice message: https://anchor.fm/cyberspeakslive/message
What kinds of things would we do back then knowing what we know now? Robin Kennedy, MA, CISA, CRISC
Today, we are going to complete the conversation with Susan Parente But before we get to the interview I want to ask: Do you realize that we are coming to the third anniversary of the founding of the Center for Grateful Leadership? On June 14, 2016 Judy Umlas founded the Center for Grateful leadership. It can be found at www.gratefulleadership.com Here is what it says right on the Center for Grateful leadership's front page: Collaborate globally with other Grateful Leaders, and those who want to become such leaders, to create a future filled with gratitude and appreciation! Tap into the power of personal commitment and dedication by acknowledging people in an authentic, heartfelt manner. Inspire your team and bring out the best in your people by dramatically increasing levels of engagement, productivity, and willingness to take initiative. Since its founding, the Center for Grateful Leadership has grown to almost 1,000 members We have monthly webinars with guest speakers We have several regular contributors: The Gratitude Connection by Don Officer The Grateful Teen Weekly with Kendall, Kylie and Blair Seaman Get the Right Attitude with Gratitude by Harry Waldron The Art of Grateful Leadership Podcast, all of our previous podcasts can be found there And much more. Come and join our growing membership, sharing our Grateful Leadership journey And Happy Birthday, Judy Umlas and the Center for Grateful Leadership! Now back to our regularly scheduled program.. [I always wanted to say that on the air] As I mentioned, we are concluding our conversation with Susan Parente If you don't know Susan, here is a little about her background: She is a project engineer, consultant, speaker, author, and mentor who leads large complex IT software implementation projects, and the establishment of Enterprise PMOs. She has 20+ years of experience. Her credentials include: Numerous project management, Agile, risk management, and IT Security certifications, including: PMP, PMI-RMP, PMI-ACP, CSM, CSPO, PSM I, CISSP, RESILIA, CRISC and ITIL certifications, and she is a CMMI and ISO 9001 Practitioner. Today we conclude our conversation with a discussion regarding Grateful leadership on Colocated and Virtual teams Keywords: #IWorkForGM; Art of Grateful Leaders
Business Continuity is a plan of action…to ensure that business will continue during and after a disaster; the difference between survival and total shutdown. Robin Kennedy, MA, CISA, CRISC
A “control” is a procedure, policy, or task that provides ‘reasonable assurance' that the organization or process operates as designed. Robin Kennedy, MA, CISA, CRISC
Richard Hollis is the Chief Executive Officer for Risk Factory Ltd, a European information security risk management consulting firm specialising in providing effective, independent information risk management services. As a Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control, (CRISC), Certified Protection Professional (CPP) and a Payment Card Industry (PCI) Qualified Security Assessor (QSA), Richard possesses extensive hands on skills and experience in designing, implementing and managing and auditing information security programs. Over the course of his career Richard has served as Director of Security for Phillips, Paris, and Deputy Director of Security for the US Embassy Moscow Reconstruction Project as well as a variety of sensitive security positions within the US government and military. In addition to his work with Orthus, Richard serves on several security technology company boards and security industry advisory councils. A celebrated public speaker, Richard has presented to hundreds of audiences across the world on a wide variety of information risk management topics and techniques. As a recognised industry authority, he has published numerous articles and white papers. He has also appeared on national and international broadcast news as well as being cited in a wide range of press including the BBC, MSNBC, Radio 4, the Financial Times, Time magazine and various others. A Confederacy of Dunces (John Kennedy Toole) Jeremiah Johnson (DVD) To find out more about Risk Factory click here. To find out more about Risk Crew click here. Don't forget you can also follow Jenny on Twitter by clicking the link here.
The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets. Robin Kennedy, MA, CIsa, CRISC
Everyone is a leader…tasks are managed, people are led and those people include yourself because it is personal. Robin Kennedy, MA, CISA, CRISC
Our goals are to grow and to innovate, to gain operational efficiencies, protect our brand, serve our customers, and leverage whatever resources…for advanced learning. Robin Kennedy, MA, CISA, CRISC
Designed to be the overall command and control document for how we create, manage, and implement policies at this internship, at PGIP, at the company. Robin Kennedy, MA, CISA, CRISC
Establishing a Governance Framework at PGIP-Tech so that everyone sees the big picture and everyone is all on the same page as far as what our goals are and where we're headed. Robin Kennedy, MA, CISA, CRISC
InSecurity Podcast: As a Healthcare CISO, Taylor Lehmann protects more than just Endpoints Is a Patient a User? A Customer? A Client? Wellforce CISO Taylor Lehmann Needs to Protect Them All. Taylor Lehmann is the CISO of a healthcare system spread over 8 locations that treats hundreds of thousands of patients and employs thousands of staff. He has to be on top of all it from a cybersecurity perspective. Wellforce users and “customers” are a very different responsibility for Taylor compared to that of the average CISO. Lives are literally on the line. In this episode of InSecurity, Matt Stephenson chats with Wellforce’s Taylor Lehmann on the role of the CISO at a large, multi-location healthcare system. Taylor isn’t just a suit-and-tie executive, though. He puts on the scrubs and does rounds with the medical staff in order to immerse himself in the daily operations of the facilities. For Taylor, that is the only way to grok what is happening at Wellforce and to know what he and his teams must be doing to protect it About Taylor Lehmann Taylor Lehman (@sidechannelsec) is the CISO of Wellforce and Tufts Medical Center. He was formerly the CPO/CISO/CIO/ Director for Independent Health, HealthEdge, and PwC, as well as the former VP of Cyber Risk Management at State Street Bank. Taylor is also an expert in securing software development and delivery, and is on the boards of Gartner Evanta, the HITRUST Community Extension Program, the TPA Summit, and the Business Associate Council. He has CBCP, CISM, CISA, CRISC, CIPP/US, CCSFP (HITRUST), ITIL, HCISPP, and PMP certifications. About Matt Stephenson Insecurity Podcast hostMatt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before. Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste
Professionals with the Certified in Risk and Information Systems Control (CRISC) certification earn an average of $127,507 each year, making it the highest-paying IT certification available. Leighton Johnson, the CTO of Information Security Forensics Management Team and a CRISC-certified professional, discusses how earning your CRISC can open new career opportunities, as well as what the CRISC certification process is like. Kristin Zurovitch, director of marketing at InfoSec Instiute, helps guide the discussion and takes listener questions. Learn more about the CRISC certification: https://www2.infosecinstitute.com/crisc Watch the webinar version: https://www2.infosecinstitute.com/crisc-webinar
Captive insurance is an alternative to commercial insurance for professional liability, property, workers comp, etc. In addition to self-insuring risks, Captives also invest to reduce losses. Providers now use captives for other risks such as employee health plans and managed care risk. Guests explore why Cyber risk may be suited for captives. Rebecca Cady, Esp., BSN Vice President and Chief Risk Officer for Children’s National Health System Bob Chaput, CISSP, HCISSP, CRISC, CIPP/US Founder & Chairman of Clearwater
Becky Havlisch (Banner Health) and Bob Chaput (Clearwater) lead their respective organization’s search for better cyber risk management. Havlisch has an unusual title: vice president of business health. That title reflects her organization’s innovative approach to cyber risk. Chaput describes why the 2009 HITECH Act led to the explosion of healthcare-related cyberattacks. He describes a vision of ongoing risk and compliance gap assessment as a method to optimize OpEx and CapEx spent on cyber risk. Along the way, we learn the difference between cyber risk and cyber security, lessons from Banner’s 2016 breach, and the role of the Audit Committee of the Board. Guests: Rebecca Havlisch, RN, JD, Vice President, Business Health, Banner Health Bob Chaput, MA, CISSP, HCISSP, CRISC, CIPP Chief Executive Officer Clearwater Compliance
What do you think is the biggest obstacle to cybersecurity success? Convenience. We love our convenience. The ability to do what we went, when we want, whatever way we want. Hackers love our love of convenience. Convenience breeds laziness. Cached passwords, the same password everywhere, simple passwords, lack of software and firmware updates are just a few examples of ways hackers can infiltrate your computer and online accounts. So what can you do right now? Listen to this episode. Dr. Stephanie Carter is a cybersecurity expert. She has more certifications thank I can write here and has made it her mission to transform the way we think about cybersecurity. Dr. Stephanie Carter started her cyber career in the US Army in 1994. During her military career she has been relocated to several states and countries around the world. She has served in many capacities all captured under the umbrella of cybersecurity disciplines such as network engineering, network administration, security analyst, information management officer. She has partnered on behalf of DoD with other agencies such as DISA, NSA, FBI, and FEMA leading large scale IT projects and serving as lead security specialist in disaster recovery and incident response efforts. After 20 years of service she retired and entered into the civilian cyber workforce. In her civilian career, she has worked for and with agencies such as Department of Homeland Defense (DHS), Defense Health Agency (DHA), USCERT Team, and Drug Enforcement Agency (DEA) all in senior cybersecurity/subject matter expert roles. Dr. Carter currently works as a contractor for the Department of Justice (DOJ) managing a team of Information System Security Officers (ISSOs). Outside of serving as the lead of this team, she is also the SME for all cloud implementations, NIST Risk Management Framework, the FedRAMP framework, ISO 17020, and NIST 800-171. She takes great pride in the mentorship and development of future cybersecurity professionals in her role as a professor with the University of Maryland University College (UMUC) teaching courses in the Cybersecurity Graduate School programs as well as teaching classes for local chapters in the fields which she is certified. She is certified CISM, CISSP, and CISA. She is pursuing her PMI-RMP and CRISC later this year. In addition to her military awards, she has won ICMCP Minority Teacher of the Year 2017, Humanitarian Award 2017, and has been recognized by ASIS, UMUC, IOBSE and many local cybersecurity chapters for speaking engagements. With the unmeasurable desire she has for cybersecurity, she even continues to mentor cybersecurity professionals one on one, outside of the busy schedule detailed above all with the goal of furthering the diversity and DNA of the field of cybersecurity.
Honey invites Chad Knutson back to the studio to talk about the Equifax data breach. How did it happen? Could it happen again? How does it affect me? How do I protect my information? Chad also talks about implementing a business plan to prevent such a breach from happening at your institution and about the opportunity your bank or credit union has to help customers or members take appropriate action.About our GuestChad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry, and has served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.Chad is dedicated to educating industry professionals about cybersecurity. While consulting with financial institutions, he saw the need to empower employees to be better prepared to confidently handle cybersecurity threats, create and manage strong information security programs, and understand ever-changing regulations at their institution. He was a driving force in the development of the SBS Institute certification program, which is uniquely designed to serve the banking industry by providing banking specific, role-based certifications cyber education. The SBS Institute has grown to include over ten certifications and State Association partners in over 30 states.
Is your bank or credit union protected against cyber attacks? Never before have we been under greater threat from the dangers that lurk online. Viruses, malware, phishing, hacking, identity theft, ransomware. Those are just a handful of things that should be of great concern to any business, but especially to a financial institution. Are you at risk of being a target for cyber criminals?Honey talks to Chad Knutson from SBS CyberSecurity about what you should do to protect yourself, your bank, and your customers from malicious activity online. Chad and Honey also discuss trends on how criminals will try breach your systems in the futureAbout our GuestChad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cyber security consulting and audit firm dedicated to making a positive impact on the banking and financial services industry, and has served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.Chad is dedicated to educating industry professionals about cyber security. While consulting with financial institutions, he saw the need to empower employees to be better prepared to confidently handle cyber security threats, create and manage strong information security programs, and understand ever-changing regulations at their institution. He was a driving force in the development of the SBS Institute certification program, which is uniquely designed to serve the banking industry by providing banking specific, role-based certifications cyber education. The SBS Institute has grown to include over ten certifications and State Association partners in over 30 states.
AQUI HUELE A MUERTO. SPIN OFF DE MISION DE AUDACES FEAR THE WALKING DEAD 2X13 DATE OF DEATH Parrapato y Plissken Mysterios comentan este maravilloso capítulo. Travis jugón !! Criscópata genio.... Maddison, reacciona !! Todo muy bonito... si si Quieres un podcast serio? en serio? Besos y Almuerzos @misiondeaudaces
Jack Freund, the guest of my latest podcast, is the co-author of a book with Jack Jones on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach). This book was inducted into the Cybersecurity Canon in 2016. The Cyber Security Canon is a Hall of Fame for IT Security books. The founder Rick Howard has been a previous guest on this podcast. Some of the links that I really like from this episode are Jack’s presentation called “Assessing Quality in Cyber Risk Forecasting”, his most recent article in the ISSA Journal that I love called “Using Data Breach Reports to Assess Risk Analysis Quality”. You will be able to find all links and show notes at redzonetech.net/podcast This episode is sponsored by the CIO Scoreboard Major take-aways from this episode are: 1. Elevate Your IT Security Risk Communication Game using Data Breach reports to Inspire Action in the Business 2. How to use Risk Data so that the business becomes more comfortable with uncertainty 3. New Refreshing perspectives on presenting IT Security Risk to the business 4. Predicting and Forecasting likelihood and frequency of events happening into your risk analysis 5. How to Use External Data Breach Sources of competitors and non-competitors to build your risk cases. About Jack Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups. Jack has been awarded a Doctorate in Information Systems, Masters in Telecom and Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations. Jack's academic credentials include being named a Senior Member of the ISSA, IEEE, and ACM, a Visiting Professor, and an Academic Advisory Board member. Find transcript here How to get in touch with Jack Freund LinkedIn profile Twitter Key Resources: Jack’s personal blog and website The Risk Doctor Books/Publications Jack’s book Measuring and Managing Information Risk: A FAIR Approach inducted into the Cyber Security Canon Hall of Fame – Books every cyber security professional should read ISSA Journal Article , Feb 2016, that has links to important external data sources for risk analysis: (see page 21) Assessing Quality in Cyber Risk Forecasting Presentation Article in ISACA “Cloudy with a chance of risk” This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time.
In this episode DREAMR: What is it, and why is it so important to Enterprise Security today? Examples of aligning business and security requirements and winning hearts & minds How does a security organization get around "see I told you so!" security An example of how to make the framework work for you We discuss the importance of listening, then listening, then listening some more Jessica and Ben explain "accomodating" the business Jessica and Ben give us "One critical piece of advice" Guests Jessica Hebenstreit ( @secitup ) - Jessica Hebenstreit has been a member of the Information Security community for over a decade. Having worked on both the technical and business sides of various enterprises, Hebenstreit has a unique perspective that allows for more understanding when balancing competing interests. She is a successful and results-oriented Information Security expert with hands-on information security experience in security monitoring, incident response, risk assessment, analysis, and architecture and solution design. She holds the following certifications, CISSP, GIAC-GSEC, CRISC and SFCP. In March 2012, she earned her Masters of Science in IT (MSIT) specializing in Information Assurance and Security. She is currently the Manager of Security Informatics - Threat Analysis and Response at Mayo Clinic. She is building a smart response architecture for incident response from the ground up. Ben Meader ( @blmeader ) - Ben Meader is a Senior Security professional with a unique blend of technical acumen and business know-how. Meader’s security thought leadership has been battle tested at multi-national firms over the past 13 years ranging from network security and operational security to performing detailed risk assessments and implementing a firm-wide privacy program. He remains up to date in both security and business having received his M.B.A. from DePaul University and has a current CISSP. He is also active in the entrepreneurial community and is Co-Founder of a mobile application company on the side. His education and range of experiences in working with firms both large and small have given him a unique perspective on the role of security within different business cultures and how competing philosophies can collide.
In this episode Jason tells us why he isn't hating on compliance Jason talks about how security people are often the source of the issues Jason gives us his perspective on compliance-driven security Jason correlates compliance to quality assurance in security We talk about security's unbroken streak of failing at the basics We lament poor metrics, why we suck at them, and what comes next We discuss how you can tell whether an investment in security 'is working' We discuss the need for repetitive and consistent security Jaason gives us his three things that he wants to leave you with Guest Jason Oliver ( @jasonmoliver ) - Jason M Oliver, CISSP, CRISC is the Chief and CEO of Tikras Technology Solutions Corp, a Native American Owned Small Business, President at Arrow Ventures, a seasoned security industry veteran, leader, and lifelong pursuer of knowledge. His unique approach to solving security issues involves individualized plans tailored to meet each specific customer’s needs. His high level of unwavering integrity has been met by the highest regard from both customers and peers.
Episode 0x1B -- Happy New Year, Start Yer Complaining NOW! That's audio episode 28 out of us - not too bad to start off the new year. PITHY COMMENTARY Upcoming this week... Lots of News Breaches The SCADAs/ICS and Cyber DERPs!!! and then we're going to shoot through a whole bunch of brief items without discussionin our new segment - BRIEFS (which goes well with Ben's male bag doesn't it) And if you've got commentary, please sent it tomailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 4 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Privacy czar tries to find web surveillance bill solution Los Alamos nuclear weapons lab removes Chinese tech over spying concerns Facebook bug: Reset anybody's password. Rusty Foster (of Kuro5hin fame) discovered that he was declared dead on Facebook. Turns out you can do this to your "friends" Rails Fail Whale (Sail, Mail, Hail) ..and boom Software maker faces jail for other people using his software malware author on sploit buying spree Another "WE HACKED YOUR FULL DISC ENCRYPTION" by having physical access to the device. No shit. Really? Same as in 2005 people - never sleep a FDE machine, always hibernate or poweroff. From NYTimes - "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt" Really? No shit. Hmmm. I hadn't thought of that. (h/t Securosis) Breaches - The never ending never ending story... Raj Musicals - 12000 SCMagazine (@SCMagazine) 2012-12-23 9:25 Here's a list of the top 8 breaches that took place in 2012. wiki.debian.org security breach Hacker at public works goes unnoticed Army says hacker got Fort Monmouth personal info The SCADAs/ICS and Cyber Industrial Control Systems Faced Nearly 200 Attacks: DHS Building a 21st Century Cyber Workforce Dale Peterson of Digital Bond on a rant about Insecure By Design PLCs Secret Plan Aims to Defend Power Grid (Perfect Citizen) PDF LINK - Canada's National Energy Board gave permission to the regions to make NERC CIP a requirement. Ongoing since 2002. Go Canada? (h/t Digital Bond) CMaaS - Continuous Monitoring as a Service. WTF. ProfiNet fuzzer developed 29C3: SCADA Strangelove - an ICS talk with the wrong name on it. Good nonetheless Mailbag / Bizarro Land Hi guys, my boss and I were debating the merits of using opensource products over shiny boxen. Any points for or against? - Mike, SC Briefly - NO ARGUING OR DISCUSSION ALLOWED 20+ best FREE security tools Yahoo DOM XSS Top 10 web hacking technique vote - 2012 Honeydrive! An off premise browser NTLM Challenge Response is completely broken A couple of University of Washington courses on Coursera - If I was carrying fewer courses this semester, I'd be on these two.If you're a grandfathered CRISC, you might want to take these to fulfill your CPE's for 2013! Information Security and Risk Management in Context and Building an Information Risk Management Toolkit From BSI - PAS555: Cyber Security Risk - Governance and Management Specification OSINT Tools - Recommendations from Subliminal Hacking Memoto: The medical prosthetic for memory. Like I talked about at DEFCON 17. Don't know how I missed this on kickstarter. MIght just order one anyways. The Slow Data Movement The Process Myth And lastly... WTF. Eugene is #8 on Wired's list of the most dangerous people in the world? Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing Movie Review not a movie, but go read Wool and it's prequels Security Blogger Awards 2013...ah hem (not like we're pandering for votes or anything, we only do that for ISC2 board seats) :) everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And big news for next week, but it's still a secret. Seacrest Says: "INSERT SEACREST COMMENT HERE" Creative Commons license: BY-NC-SA
Synopsis My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic set of quotes including: "No matter how long you hold the light bulb up, the world will not revolve around InfoSec" and other gems. We talk through how to present to a business group or executive, the communication and written skills required and various other topics related with bridging the business - security gap. This is a great episode to listen to - we cover a lot of ground. Guest David Elfering (@icxc) - David is the Senior Director of Information Security over at Werner Enterprises out of Omaha, NB. David is a verteran of the IT industry providing leadership at corporate level, building and leading the security program and infrastructure for a two billion dollar, multi-national corporation. Experience at community, state and national levels with FBI Infragard, Nebraska Infrastructure Protection Council and the SANS Institute. Able to translate information security practices to business advantage. Experienced speaker, instructor and mentor. Member ISSA CISO Executive Forum. CRISC #1115272
"Make sure you're doing it for the right reasons."In Episode 10 of the Cyber Life podcast, join cybersecurity expert Chris Foulon, CISSP, CRISC as we discuss some sound advice for people looking to get into the industry.Don't forget to get your Cyber Life swag:https://teespring.com/new-cyber-life-podcastTake a journey with Chris as he reminisces from his sales days to discovering his true calling in cybersecurity.Chris also explains what "Digital Transformation" means.Connect with Chris on LinkedInhttps://www.linkedin.com/in/christophefoulon/Book one-on-one consulting with Chrishttps://cpfcoaching.wordpress.com/Check out Chris and Renee's podcastAre you interested in Breaking into Cybersecurity? Curious as to what it takes? Check out our series #BreakingIntoCybersecurity on Podcasthttps://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698 on YouTube https://www.youtube.com/channel/UCM3YAEDu6W7JmQc0kb-CNtw/featuredon OnDemand at https://www.crowdcast.io/e/breaking-into-2/Sharing it with others is appreciated, as it helps to raise awareness.Renee's book on hiringhttps://www.amazon.com/Magnetic-Hiring-Companys-Attracting-Security-ebook/dp/B07H9L27Y7/ref=sr_1_1?crid=1J1FPRW43FXUX&keywords=magnetic+hiring&qid=1563588829&s=gateway&sprefix=magnetic+hiring%2Caps%2C172&sr=8-1Keirsten Brager, CISSP's book we mention in this episode.https://keirstenbrager.tech/securetheinfosecbag/Support this podcast at — https://redcircle.com/cyber-life/donations
© 2020-2025 Ivy Podcast Discovery LLC
