POPULARITY
“Cybersecurity used to be the Department of ‘No'. Today, it's about enablement—how we help people work securely without getting in the way.”Cybersecurity isn't just an IT issue—it's a trust issue. Michael Nouguier, Partner at Richey May's Cybersecurity Services, joins us to discuss how nonprofits can better protect donor data, assess third-party platforms, and prepare for the inevitable breach.Michael opens with a striking truth: “Cybersecurity is about risk—what we choose to accept, and what we work to prevent.” From this lens, this episode offers a detailed breakdown of today's most pressing cybersecurity concerns, especially as they relate to data collection, donor privacy, and evolving threats like AI-driven attacks.The conversation kicks off with the importance of identifying and documenting what data your organization actually collects—not just donor information, but client data, health records, payment details, and beyond. Michael stresses the danger of overlooking third-party vendors, who may have weak security protocols but still process sensitive data on your behalf.Julia Patrick, host, presses Michael on how access control works in today's remote-first world. His response is practical: build systems around role-based access and restrict data visibility by “need to know.” Whether you're a 5-person nonprofit or a national organization, overly broad permissions are a recipe for disaster.Michael shares real-world examples of organizations undermining their own security—like contractors blocking ChatGPT integrations due to risk, prompting staff to email data to themselves for off-system use. It's not just about locking systems down—it's about enabling safer, smarter workflows that employees will actually use.The episode wraps-up with a powerful call for scenario planning. Just like fire drills, “tabletop exercises” around cybersecurity incidents can build organizational muscle memory, reduce financial loss, and preserve your nonprofit's reputation when—not if—a breach occurs.If you think this topic is too technical to matter to your mission, think again. This conversation makes clear: cybersecurity is mission-critical because your donors expect trust, your clients deserve privacy, and your organization can't afford the fallout of avoidable mistakes. 00:00:00 Welcome and introduction to Michael Nouguier 00:02:06 Why Richey May expanded into cybersecurity 00:04:11 What data are you collecting and why it matters 00:05:35 Understanding third-party data responsibilities 00:07:59 How to evaluate vendor security 00:10:15 Remote work and role-based access control 00:13:18 Does organization size change the approach? 00:16:01 Enabling staff without compromising security 00:19:22 What really happens in a data breach 00:21:24 The importance of practicing breach response 00:23:01 Tabletop exercises and insider risks 00:26:38 Is there hope for cybersecurity progress? #NonprofitCybersecurity #DonorTrustFind us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show
For many nonprofits, cybersecurity feels like a luxury they simply can't afford. But according to Michael Nouguier, Partner of Cybersecurity Services at Richey May, ignoring cybersecurity can end up being far more expensive than proactively investing in it.Michael dismantles the myth that strong digital security comes with an unaffordable price tag. In fact, many nonprofits already have powerful security tools built into systems they're already using—yet few take advantage of them. “What's almost as good as free,” Michael explains, “is something that you've already been paying for and didn't know that you could leverage.”From free services offered by federal agencies like CISA to deeply discounted nonprofit rates from companies like Microsoft and Google, this conversation uncovers a path to digital protection that doesn't require massive budget increases. Michael urges nonprofits to start by auditing what they already use. Whether it's Google Workspace or Microsoft 365, most platforms include underutilized features like multi-factor authentication, access control, and data encryption.These protections aren't just theoretical—they're essential. As Michael points out, “You don't know what to protect if you haven't actually done an assessment to understand where those risks are.” He encourages leaders to seek out risk assessment tools—many of which are available at no cost—and build a strategy around known vulnerabilities, not guesswork.The conversation also takes a practical look at automation, which reduces labor costs by removing repetitive security tasks. Many nonprofits mistakenly believe they're starting from scratch when in reality, they already have a baseline of protections in place—they just need to activate them. Michael shares examples of simple, low-cost ways to improve security posture, including free policy templates and vulnerability scans.Additionally, he challenges nonprofits to shift their mindset around vendor relationships. Too many organizations fail to ask whether vendors offer nonprofit pricing or security guarantees—questions that could drastically reduce both risk and cost. And when vendors are breached, it's often the nonprofit that must explain the damage to stakeholders, regardless of fault.Throughout the session, with host Julia Patrick, the underlying message is clear: cybersecurity isn't about fear—it's about preparedness and resourcefulness. The greatest danger lies not in doing too little, but in assuming you're too small or stretched to do anything at all. 00:00:00 Welcome and introduction of Michael Nouguier 00:01:30 Why cybersecurity is more expensive to ignore 00:03:10 How accounting firms became cybersecurity leaders 00:05:45 Budgeting vs risk: where to start 00:06:40 Leveraging existing tools like Microsoft and Google 00:08:20 Understanding identity and access integration 00:09:45 Why multi-factor authentication matters 00:11:30 Free services from CISA and others 00:14:10 Asking for nonprofit discounts on software 00:16:25 Why every nonprofit needs Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
IBM has released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. The 2025 report tracks new and existing trends and attack patterns - pulling from incident response engagements, dark web and other threat intelligence sources. Some key findings in the 2025 report include: Critical infrastructure organizations accounted for 70% of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation. More cybercriminals opted to steal data (18%) than encrypt it (11%) as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths. Nearly one in three incidents observed in 2024 resulted in credential theft, as attackers invest in multiple pathways to quickly access, exfiltrate and monetize login information. "Cybercriminals are most often breaking in without breaking anything - capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points" said Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM. "Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data." Patching Challenges Expose Critical Infrastructure Sectors to Sophisticated Threats Reliance on legacy technology and slow patching cycles prove to be an enduring challenge for critical infrastructure organizations as cybercriminals exploited vulnerabilities in more than one-quarter of incidents that IBM X-Force responded to in this sector last year. In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion. Exploit codes for these CVEs were openly traded on numerous forums - fueling a growing market for attacks against power grids, health networks and industrial systems. This sharing of information between financially motivated and nation-state adversaries highlights the increasing need for dark web monitoring to help inform patch management strategies and detect potential threats before they are exploited. Automated Credential Theft Sparks Chain Reaction In 2024, IBM X-Force observed an uptick in phishing emails delivering infostealers and early data for 2025 reveals an even greater increase of 180% compared to 2023. This upward trend fueling follow-on account takeovers may be attributed to attackers leveraging AI to create phishing emails at scale. Credential phishing and infostealers have made identity attacks cheap, scalable and highly profitable for threat actors. Infostealers enable the quick exfiltration of data, reducing their time on target and leaving little forensic residue behind. In 2024, the top five infostealers alone had more than eight million advertisements on the dark web and each listing can contain hundreds of credentials. Threat actors are also selling adversary-in-the-middle (AITM) phishing kits and custom AITM attack services on the dark web to circumvent multi-factor authentication (MFA). The rampant availability of compromised credentials and MFA bypass methods indicates a high-demand economy for unauthorized access that shows no signs of slowing down. Ransomware Operators Shift to Lower-Risk Models While ransomware made up the largest share of malwa...
Podcast: Automation Chat (LS 26 · TOP 10% what is this?)Episode: 5 Strategies to Strengthen Industrial CybersecurityPub date: 2025-04-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, The Journal's Digital Editor Maggie MacHale brings the written word to life by reading the article, “5 Strategies to Strengthen Industrial Cybersecurity.” It's written by Kamil Karmali, Senior Global Commercial Manager of Cybersecurity Services at Rockwell Automation. You'll learn how a three-phase protection strategy and mandatory regulatory reporting requirements can help safeguard manufacturing systems from evolving cyber threats. Resources from this episode: Read the article online: “5 Strategies to Strengthen Industrial Cybersecurity.” Subscribe to our 4 digital magazines and monthly e-newsletter at http://rok.auto/thejournal-subscribe. Please share this episode with someone else who would benefit from the information. And kindly give us a 5-star rating and a review. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on YouTube. Find us on LinkedIn. Find us on Facebook. Got a topic you want us to cover? Questions or comments? Email Executive Editor Theresa Houck at thouck@endeavorb2b.com. ** Named “Best Podcast” for 3 Consecutive Years! 2022 - 2024 Apex Awards of Publication Excellence.The podcast and artwork embedded on this page are from The Journal From Rockwell Automation and Our PartnerNetwork, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this episode, The Journal's Digital Editor Maggie MacHale brings the written word to life by reading the article, “5 Strategies to Strengthen Industrial Cybersecurity.” It's written by Kamil Karmali, Senior Global Commercial Manager of Cybersecurity Services at Rockwell Automation. You'll learn how a three-phase protection strategy and mandatory regulatory reporting requirements can help safeguard manufacturing systems from evolving cyber threats. Resources from this episode: Read the article online: “5 Strategies to Strengthen Industrial Cybersecurity.” Subscribe to our 4 digital magazines and monthly e-newsletter at http://rok.auto/thejournal-subscribe. Please share this episode with someone else who would benefit from the information. And kindly give us a 5-star rating and a review. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on YouTube. Find us on LinkedIn. Find us on Facebook. Got a topic you want us to cover? Questions or comments? Email Executive Editor Theresa Houck at thouck@endeavorb2b.com. ** Named “Best Podcast” for 3 Consecutive Years! 2022 - 2024 Apex Awards of Publication Excellence.
“Silent Breach offers cybersecurity services for MSPs to augment their offer and allow MSPs to sell more cybersecurity services and products”, says Marc Castejon of Silent Breach. “Things like penetration testing or compliance, like if your customers want to be SOC 2 compliant, ISO compliant. We can help you help your customers by providing these wide-labeled services to augment your offer. And it's a win-win for both of us, MSPs, and customers. For more information, just scan the QR code. More than happy to answer any questions. Thank you very much.” www.silentbreach.com
This is a special encore presentation of our #2 most popular episode of 2024 in our “best of” series! In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Dave Kang, Advisory Solutions Architect at Dragos and Kamil Karmali, Senior Global Commercial Manager, Cybersecurity Services at Rockwell Automation. Get nuts-and-bolts, practical information about strengthening cybersecurity for industrial networks and systems, including: How ransomware attacks have evolved over the past year. Steps you can take to prepare for — and recover from — an attack. Common governance models and decision-making structures. 3 key considerations for developing a unified IT and OT strategy. Workforce needs for an effective cybersecurity strategy. How effective cyber hygiene and risk posture helps reduce risk of cyber incidents. Cybersecurity-related compliance requirements in North America and around the world. Why it's vital for manufacturers to have a business continuity plan. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Blog: 6 Steps to Reduce Industrial Cybersecurity Risks. Q&A with Executive Editor Theresa Houck: Understanding the OT Threat Landscape Helps Manufacturers Improve Cybersecurity Rockwell Automation Manufacturing Industry Cybersecurity web page. Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at n You can also watch their discussion on YouTube at https://youtu.be/8Pm670QAO9E. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on YouTube. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe to “Automation Chat" and give us a 5-star rating and a review.
In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of Business Ninjas, host Andrew Lippman interviews Mark Burnette, Chief Growth Officer at LBMC, a top 40 professional services firm in the U.S. Mark takes us through LBMC's impressive growth journey, from its early beginnings in Nashville to becoming a national leader in accounting, advisory, and cybersecurity services. He shares how the firm has stayed true to its people-first approach, which was key during the pandemic, helping them retain top talent, strengthen client relationships, and offer innovative solutions across a variety of industries.Join us as Mark reveals his journey from cybersecurity expert to growth leadership and explains how LBMC differentiates itself with a personalized approach to client success. If you're interested in business growth, leadership, or how to thrive in professional services, this episode is packed with valuable insights.Make sure to like, comment, and subscribe to Business Ninjas for more engaging conversations with leaders from a wide range of industries!To learn more about LBMC and their services, visit lbmc.com.Want to be interviewed on our Business Ninjas podcast? Schedule time with us now, and we'll make it happen right away! Check out WriteForMe, more than just a Content Agency! See the Faces Behind The Voices on our YouTube Channel!
FREE CMMC gap assessments!! FREE penetration tests!! FREE SOC & incident response!!This is a hidden CMMC treasure that no one's talking about!In this episode, I speak with Darren Mott about the FREE cybersecurity services offered to the DIB by the National Cybersecurity Operations Center!Here are some of the FREE services they offer:CMMC gap assessmentsPenetration testingSOC & Incident responseForensic analysisThreat intelligenceI had no idea the National CSOC existed! This is an AMAZING opportunity that small defense contractors should take advantage of quickly before they reach capacity!On another note, I actually listened to Darren's podcast when it first came out. I never thought I'd actually host a podcast let alone speak with him!Follow Darren on LinkedIn: https://www.linkedin.com/in/darrenmott/The CyBUr Guy Podcast: https://podcasts.apple.com/us/podcast/the-cybur-guy-podcast/id1526491250National CSOC Website: https://nationalcsoc.com/-----------Thanks to our sponsor Vanta!Want to save time filling out security questionnaires?Register for Vanta's webinar on Questionnaire Automation here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e34&utm_campaign=courses
E&I Host: David Manz, Business Partnerships Manager, Facilities & InteriorsGuest: Brian Kirk, Vice President, Cybersecurity Services, Strata Information Group (SIG)Join Brian Kirk from Strata Information Group (SIG) to discuss the crucial elements of incident response planning in higher education. Discover the essentials of crafting an effective Incident Response Plan (IRP) and how compliance with GLBA requirements can protect student data. Brian also highlights the importance of proactive cybersecurity measures and the benefits of tabletop exercises in preparing your institution for potential threats. Tune in for expert insights on strengthening your cybersecurity strategy. Relevant Links:E&I SIG ContractSIG Cyber SolutionsSIG WebsiteCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.
Send us a Text Message.When I was a kid, we always looked forward to my dad's work picnic. He was a tool and dye maker for a leading caster manufacturer that would rent out a local park, make a ton of food and put on various games and activities for the families. One of the highlights of this day was a softball game pitting the office versus the shop.The good-natured shots that were fired across the dugouts of this summer classic reminds me of the challenges we see in industrial cybersecurity when it comes to bringing OT and IT teams together. While great strides have been made and numerous lessons learned on why these groups need to sync up, the reality is that we still have a long way to go. Over the last couple of months we've had some interesting takes on how to realize this need, so let's revisit the following thoughts on the IT-OT working relationship from:Kris Lovejoy, Global Security and Resilience Leader at Kyndryl.John Cusimano, VP of OT Security at Armexa.Josh Williams, Strategic Account Manager at IriusRisk.Rod Locke, director of project management at Fortinet. Our guests have also weighed in on some of the more challenging dynamics of improving the IT-OT relationship. These have included:Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation.Riley Groves, an engineer from Auvesy-MDT.Theo Zafirakos, Cyber Risk and Information Security Expert at Fortra.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Podcast: Left to Our Own DevicesEpisode: Robert Putman: From PlayStation to ABBPub date: 2024-08-13In this episode of Left to Our Own Devices, Rob Putman, Global Manager of Cybersecurity Services at ABB, shares his journey from Sony PlayStation to leading cybersecurity in industrial automation. Tune in for insights on product security and industrial control challenges.The podcast and artwork embedded on this page are from Cybellum Technologies LTD, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Dave Kang, Advisory Solutions Architect at Dragos and Kamil Karmali, Senior Global Commercial Manager, Cybersecurity Services at Rockwell Automation. Get nuts-and-bolts, practical information about strengthening cybersecurity for industrial networks and systems, including: How ransomware attacks have evolved over the past year. Steps you can take to prepare for — and recover from — an attack. Common governance models and decision-making structures. 3 key considerations for developing a unified IT and OT strategy. Workforce needs for an effective cybersecurity strategy. How effective cyber hygiene and risk posture helps reduce risk of cyber incidents. Cybersecurity-related compliance requirements in North America and around the world. Why it's vital for manufacturers to have a business continuity plan. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Blog: 6 Steps to Reduce Industrial Cybersecurity Risks. Q&A with Executive Editor Theresa Houck: Understanding the OT Threat Landscape Helps Manufacturers Improve Cybersecurity Rockwell Automation Manufacturing Industry Cybersecurity web page. Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8Pm670QAO9E. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe to "Automation Chat" and give us a 5-star rating and a review. ** Named “Best Podcast” 3 Consecutive Years! 2022-2024 Apex Award of Publication Excellence.
In this episode of Left to Our Own Devices, Rob Putman, Global Manager of Cybersecurity Services at ABB, shares his journey from Sony PlayStation to leading cybersecurity in industrial automation. Tune in for insights on product security and industrial control challenges.
Podcast: Automation Chat (LS 26 · TOP 10% what is this?)Episode: Practical Steps for Protecting IT & OT Systems from Ransomware AttacksPub date: 2024-08-13In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Dave Kang, Advisory Solutions Architect at Dragos and Kamil Karmali, Senior Global Commercial Manager, Cybersecurity Services at Rockwell Automation. Get nuts-and-bolts, practical information about strengthening cybersecurity for industrial networks and systems, including: How ransomware attacks have evolved over the past year. Steps you can take to prepare for — and recover from — an attack. Common governance models and decision-making structures. 3 key considerations for developing a unified IT and OT strategy. Workforce needs for an effective cybersecurity strategy. How effective cyber hygiene and risk posture helps reduce risk of cyber incidents. Cybersecurity-related compliance requirements in North America and around the world. Why it's vital for manufacturers to have a business continuity plan. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Blog: 6 Steps to Reduce Industrial Cybersecurity Risks. Q&A with Executive Editor Theresa Houck: Understanding the OT Threat Landscape Helps Manufacturers Improve Cybersecurity Rockwell Automation Manufacturing Industry Cybersecurity web page. Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8Pm670QAO9E. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe to "Automation Chat" and give us a 5-star rating and a review. ** Named “Best Podcast” 3 Consecutive Years! 2022-2024 Apex Award of Publication Excellence.The podcast and artwork embedded on this page are from The Journal From Rockwell Automation and Our PartnerNetwork, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Automation Chat (LS 26 · TOP 10% what is this?)Episode: How to Maintain Business Continuity with IT/OT Synergies in Your Cybersecurity StrategyPub date: 2024-07-23In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them. Also learn why it's vital to do cybersecurity assessments in real time and why you can't integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Cybersecurity Preparedness Assessment. Rockwell Automation Industrial Cybersecurity Solutions. Blog: Improving Critical Infrastructure Cybersecurity (includes NIST explanation). Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe and give us a 5-star rating and a review. ** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.The podcast and artwork embedded on this page are from The Journal From Rockwell Automation and Our PartnerNetwork, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In #50, Michael Sikand (@michaelsikand) and Simran Sandhu (@simmy) dive into the booming cybersecurity market, highlighting recent incidents and opportunities. They discuss the CrowdStrike internal error that impacted major companies and the potential $23 billion acquisition of Wiz by Google. The hosts emphasize the financial potential in cybersecurity, noting the industry's growth from $182 billion in 2023 to an expected $314 billion by 2028. They explore various business ideas, including incident response services, consumer-focused cyber products, and identity verification solutions like Footprint. The episode also touches on the rapid growth of companies like Drada and Vanta, and the potential for ClEAR to have an "Nvidia moment" in the future. The hosts conclude by encouraging listeners to consider opportunities in cybersecurity, a field they believe is as lucrative as AI. 05:30 - CrowdStrike Incident and Market Impact 10:00 - Rise in Cyber Attacks and Ransomware 15:00 - Potential in Cybersecurity Services and Insurance 20:00 - Ashley Madison Hack Documentary 25:00 - Identity Verification and Biometric Security 30:00 - Footprint: Apple Pay for Identity 35:00 - Wiz Acquisition by Google 40:00 - Clear's Potential in Identity Verification 45:00 - Consumer-Based Cybersecurity Products #Cybersecurity #TechTrends #StartupStories Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them. Also learn why it's vital to do cybersecurity assessments in real time and why you can't integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Cybersecurity Preparedness Assessment. Rockwell Automation Industrial Cybersecurity Solutions. Blog: Improving Critical Infrastructure Cybersecurity (includes NIST explanation). Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe and give us a 5-star rating and a review. ** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.
This week on Ameritocracy, Troy is joined in Washington D.C. by IBM's Federal Cybersecurity Services Leader Alice Fakir. They talk about their roles at IBM, focusing on the intersection of supply chain and cybersecurity. Alice discusses how AI is transforming cyber defense strategies and explains the concept and purpose of a "cyber range" and how it is used for training cybersecurity professionals. Lastly, Alice and Troy break down the policy role of the White House and the Department of Commerce and the importance of the National Institute of Standards and Technology, better known as NIST. Alice provides a great overview of the careers available in cybersecurity and discusses the potential opportunities for our US veterans. Ameritocracy™ is produced by Prospect House Media and recorded in studio locations in Los Angeles and Washington D.C.
The Biden administration says large tech companies will offer free and discounted cybersecurity services to small and rural hospitals.
The White House says rural hospitals could soon get some help with cybersecurity. Federal officials struck a deal with Google and Microsoft to offer free and discounted services.
Was macht Glöckler in Schottland? Und Pip in Luxemburg? Was glaubt Pip passiert mit dem Short Term Rental Markt? Wie läuft eigentlich eine Hauptversammlung ab? Werbung: Informiere dich über die Cybersecurity Services und Pen-Tests der Public Cloud Group auf: hs.pcg.io/de/pen-test Philipp Glöckler und Philipp Klöckner sprechen heute über: 00:00:00 Intro 00:06:45 Hauptversammlung 00:16:00 AirBnb Verbote 00:26:00 AI Musik Udio 00:34:45 OpenAI x News Unternehmen 00:51:20 Elons xAI 01:08:45 Softbank 01:10:00 Helsing AI Shownotes: Will I Am Insider: Youtube xAI: Techcrunch Redstone: LinkedIn Outro heute: Nino auf Discord Helsing: Tech.eu Softbank: FT Chauffeur Meme: Knowyourmeme
This week, we're sharing two conversations from State of the Net that discuss the importance of responsible product design and ethical red teaming for AI. First, we chatted with Aishwarya Vardhana. As a full stack product designer, she designs innovative interfaces and experiences with safety, privacy, and other human rights considerations baked into the product. At State of the Net, when this conversation was recorded, she shared how she thinks about building ethical, inclusive and responsible technology, and how she prioritizes user needs to help keep people safe online. Then, we sat down with Harley Geiger, Counsel on Cybersecurity Services at Venable, about ethical AI redteaming. What is ethical AI redteaming? And how are redteamers protected under the law when they test out vulnerabilities of AI models? We get into that and much more the conversation with Harley, Foundry fellow Sasa Jovanovic and me during State of the Net. DISCLAIMER: Daniela, Evan, Sasa, Harley and Aishwarya engaged with this episode by the Internet Law & Policy Foundry voluntarily and in their personal capacity. The views and opinions expressed on this show do not reflect the organizations and institutions they are affiliated with.
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [March 25, 2024] 00:00 - Intro 00:18 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:48 - Ransomware: No Code of Conduct 06:50 - Education 07:52 - Policies 09:17 - Protection 10:14 - Backup Plan 11:05 - Gone Phishin' 12:50 - Verify, Verify, Verify 14:26 - If You See Something, Say Something - FTC Website: reportfraud.ftc.gov 15:32 - Reach Out 15:54 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org Find us online - Chris Hadnagy - Twitter: @humanhacker - LinkedIn: linkedin.com/in/christopherhadnagy
Insurers and MGAs are increasingly moving into cybersecurity services—could this be the solution for comprehensive security in the marketplace?Converge CEO Thomas Kang provides his insights, thoughts, and concerns around these developments, offering a unique perspective on how companies can navigate this complex terrain. He also shares his expertise on other hot topics like underwriting, risk assessment, and the use of technology to enhance insurance products.You'll learn:1. The strategic value of integrating cybersecurity with insurance2. Insights into Converge's unique underwriting and risk assessment process3. How technology and data are reshaping the cyber insurance landscape4. The challenges of scaling an insure-tech startup in a competitive market5. The role of AI in driving operational efficiencies within cyber insurance___________Get in touch with Thomas on LinkedIn: https://www.linkedin.com/in/thomas-kang-1a142667/___________Details about Converge:Website: https://www.convergeins.com/Industry: InsuranceSize: 11-50 employeesYear: 2022___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, where they enable their clients to respond to cyber incidents quickly and effectively. Anthony is originally from the US, but lives in Europe now with his wife and two children. Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com___________Thanks to our friends at SAWOO for producing this episode with us!
The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it's these things that get overlooked and then exploited by hackers. It's the evolution of these little things that our guest for today's show likes to emphasize in helping to keep the OT environment secure. Watch/listen as Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation offers perspective on topics that include:How increased coverage and awareness of industrial cybersecurity has helped improve OT visibility, and incited more manufacturers to take real action.Why constantly evolving simple cyber strategies, like frameworks, segmentation and access hygiene are essential.What video gamers can teach us about finding OT security expertise.The status of IT-OT convergence.The attack from which some manufacturers will never recover.The positive impacts of supply chain vulnerabilities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Guest: Ari Schwartz, Managing Director of Cybersecurity Services and Policy at Venable LLP [@VenableLLP]On Linkedin | https://www.linkedin.com/in/ari-schwartz-484a297a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin speaks with Ari Schwartz about the momentum to ban ransomware payments and the path to achieve it. Schwartz, a cybersecurity expert with three decades of experience, discusses his recently published blog post titled "The Path to Banning Ransomware Payments", and unpacks the ways not just businesses, but also governments can respond to this growing threat.Martin and Schwartz delve into significant issues, including the moral, national security, and economic imperatives for banning these payments. The duo further discuss four potential strategies to make not paying ransoms the rational thing to do: requiring victims to report ransom payments, to submit to oversight by a government regulator, to pay fines or face potential criminal charges for refusing to comply.Addressing the practicalities of such a ban, Schwartz believes it's likely to happen within the next 3 to 5 years but notes the need for passing laws to successfully enforce it. He also examines the critical role of insurance in this scenario and emphasizes the importance of risk mitigation strategies and robust cybersecurity measures.The episode also explores potential exceptions to the ban like potential life-or-death situations or major economic harm, and the need for government intervention during ransom situations. Lastly, they discuss how targeting ransomware can help internal corporate security teams highlight the threats to their leadership and drive investment in robust cybersecurity.Top Questions Addressed:How can we effectively move towards the banning of ransomware payments?How does insurance play a role in this scenario and what should we prepare for in that regard?What are potential exceptions to the ban and how could a government intervene during ransomware situations?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Ari Schwartz, Managing Director of Cybersecurity Services and Policy at Venable LLP [@VenableLLP]On Linkedin | https://www.linkedin.com/in/ari-schwartz-484a297a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin speaks with Ari Schwartz about the momentum to ban ransomware payments and the path to achieve it. Schwartz, a cybersecurity expert with three decades of experience, discusses his recently published blog post titled "The Path to Banning Ransomware Payments", and unpacks the ways not just businesses, but also governments can respond to this growing threat.Martin and Schwartz delve into significant issues, including the moral, national security, and economic imperatives for banning these payments. The duo further discuss four potential strategies to make not paying ransoms the rational thing to do: requiring victims to report ransom payments, to submit to oversight by a government regulator, to pay fines or face potential criminal charges for refusing to comply.Addressing the practicalities of such a ban, Schwartz believes it's likely to happen within the next 3 to 5 years but notes the need for passing laws to successfully enforce it. He also examines the critical role of insurance in this scenario and emphasizes the importance of risk mitigation strategies and robust cybersecurity measures.The episode also explores potential exceptions to the ban like potential life-or-death situations or major economic harm, and the need for government intervention during ransom situations. Lastly, they discuss how targeting ransomware can help internal corporate security teams highlight the threats to their leadership and drive investment in robust cybersecurity.Top Questions Addressed:How can we effectively move towards the banning of ransomware payments?How does insurance play a role in this scenario and what should we prepare for in that regard?What are potential exceptions to the ban and how could a government intervene during ransomware situations?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
I have heard MSPs say, "we just eat the cost for some services." Whether they are services you have implemented internally are not, it doesn't mean you shouldn't sell those services. Liste to Bill Mulcahey of M6 Technology share his challenges and opportunities. Remember forward progress is good progress! --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
Cybersecurity and IT Strategies for Small Businesses, with Chris Noles, Beyond Computer Solutions (North Fulton Business Radio, Episode 739) On this episode of North Fulton Business Radio, John Ray spoke with Chris Noles, Owner and President of Beyond Computer Solutions. Chris discussed the importance of cybersecurity in the current digital era, especially for small businesses, explaining […] The post Cybersecurity and IT Strategies for Small Businesses, with Chris Noles, Beyond Computer Solutions appeared first on Business RadioX ®.
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. Today Chris and Patrick are joined by Shelby Dacko. Shelby is a Human Risk Analyst with Social‐Engineer, LLC. Her specialties include vishing, OSINT work, educational material production, and public speaking. Notably, she has made over 20,000 vishing calls in her career. She holds a Certified Ethical Social Engineer (CESE) certification and has spoken for Fortune 500 companies. Coming from a background that includes teaching English, and interpreting American Sign Language, Shelby has always had an interest in communication. That interest led her to the Foundational Application of Social Engineering (FASE) class, which she now co-teaches with Christopher Hadnagy. On her days off, Shelby enjoys volunteering for the Innocent Lives Foundation and painting. [Dec 26, 2023] 00:00 - Intro 00:17 - Patrick Laverty Intro 01:09 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:56 - Shelby Dacko Intro 04:18 - Today's Topic: Telling Stories with Shelby 04:59 - Something In The Water 07:02 - OSINT in the Jungle 10:11 - Get Out of Jail Free Card 13:19 - Golden Ticket 16:20 - Busted! 19:30 - Droning On and On 23:21 - On-Site OSINT 24:11 - Over the River... 28:02 -...and Through the Woods 30:03 - Killroy Was Here 32:01 - Nobody Watching 34:23 - Teamwork 36:31 - Mind the Gap 38:46 - Game On! 40:29 - Got the Keys 44:13 - Full Circle 45:37 - Part 2??? 46:36 - Next Month 47:02 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org Find us online - Chris Hadnagy - Twitter: @humanhacker - LinkedIn: linkedin.com/in/christopherhadnagy - Patrick Laverty - Twitter: @plaverty9 - LinkedIn: linkedin.com/in/plaverty9 - Shelby Dacko - Twitter: @scarylilhuman - LinkedIn: linkedin.com/in/shelbydacko
Oren Wortman, VP of Cybersecurity Services, NA at Sygnia shares invaluable insights on the pitfalls of incident response and the importance of preparation. He emphasizes the adversarial mindset, where understanding and simulating potential attackers' moves is crucial for robust cybersecurity. The conversation touches on the sophistication of cybercriminal organizations and the potential impacts of AI in cybersecurity, both as a tool for defenders and a weapon for attackers.
In this episode, Steve Fretzin and Justin Neagle discuss:Living a life of continuous improvement. Scaling and improving through processes. Documenting and delegating appropriately. Missing processes in people, sales, organization, and technology. Key Takeaways:When you're going through an identity shift, keep pushing forward. It will be strange at first, but things will settle when you push through your tipping point. Being really smart does not mean you automatically have every skill set. Without following a process (particularly in sales) you don't know where it may have failed, or where you can improve. Put the right people, in the right seat, and let them do the thing they're good at. Giving them freedom and support, that is where scale will come. "If you're not trying to up-skill your people, you're doing it wrong." — Justin Neagle Get a free copy of Steve's book “Sales-Free Selling” here: www.fretzin.com/sales-free-selling Thank you to our Sponsors!Get Staffed Up: https://getstaffedup.com/bethatlawyer/Overture: https://overture.law/Get Visible: https://www.getvisible.com/ Episode References: The Daily Stoic Podcast - https://dailystoic.com/podcast/10 Microsoft Power Automate Workflows Every Small Business Needs - https://spotmigration.com/blog/10-microsoft-power-automate-workflows-every-small-business-needs/ About Justin Neagle: Say hello to Justin Neagle, the Chief Storyteller at Spot Migration and Co-host of the Building Scale Podcast! Justin is one of the unstoppable leaders behind Spot Migration, a leading authority in the realm of IT and Cybersecurity Services. From strategy to implementation, Spot Migration's core focus is to create peace of mind by making technology reliable for their clients. Check out their site for more information - spotmigration.com Separately, Justin has the privilege of interviewing business leaders on his podcast, Building Scale. (buildingscale.net) With an in-depth understanding of storytelling and a purpose-driven mindset, he has been able to interview some amazing CEO and owners who have scaled their businesses with the use of three pillars of scaling - people, processes, and technology. Justin is a leader who loves seeing companies grow and learn. He strongly believes that the secret recipe for successful businesses is a culture that values its people and has a meaningful purpose. Justin has set an ambitious goal for himself. He's on a mission to guide 1000 companies to find and use their unique core purposes. This way, they can have a positive impact on the world, and everyone involved can experience joy and fulfillment while increasing their earnings. Sounds pretty cool, right? Connect with Justin Neagle: Website: https://spotmigration.com/ Email: justinn@spotmigration.comPodcast: https://buildingscale.net/LinkedIn: https://www.linkedin.com/in/justneagle/LinkedIn: https://www.linkedin.com/company/spot-migration/Twitter: https://twitter.com/JustNeagleFacebook: https://www.facebook.com/justin.neagle/Facebook: https://www.facebook.com/spotmigration Connect with Steve Fretzin:LinkedIn: Steve FretzinTwitter: @stevefretzinInstagram: @fretzinsteveFacebook: Fretzin, Inc.Website: Fretzin.comEmail: Steve@Fretzin.comBook: Legal Business Development Isn't Rocket Science and more!YouTube: Steve FretzinCall Steve directly at 847-602-6911 Show notes by Podcastologist Chelsea Taylor-Sturkie Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [Oct 23, 2023] 00:00 - Intro 00:19 - Patrick Laverty Intro 01:10 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:51 - Intro Chat: MGM Breach 11:30 - Todays Topic: Preparing for a Red Team or SE Teaming Job 12:44 - Team Colors 14:10 - Always OSINT 18:43 - Prepping for the Client 20:42 - Cold Open 22:11 - Law Enforcement 25:14 - Planning Goals 30:50 - It's the Little Things 33:46 - The Facade of Security 36:02 - Check the Backups 39:01 - Respect the Badge 41:32 - Using the Right Tools 45:40 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org 47:07 - Next Month: Online Scams Find us online - Chris Hadnagy - Twitter: @humanhacker - LinkedIn: linkedin.com/in/christopherhadnagy - Patrick Laverty - Twitter: @plaverty9 - LinkedIn: linkedin.com/in/plaverty9
In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.Key Topics00:03:59 Increased consequences led to rise of cybersecurity00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden00:09:53 Snowden challenges legality of government surveillance00:15:00 Adversary gains access, steals information, demands ransom00:19:19 Different levels of readiness present challenges00:23:15 Helping clients & coalitions for cybersecurity policy00:24:58 Consistency in technology and cybersecurity under past presidents00:27:47 Cybersecurity is like warfare or terrorism00:32:30 AI tools and data drive persuasive information00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses00:42:40 Diversity of experiences leads to career growth00:44:01 Adaptive, willing, and able to learnIntroduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About CybersecurityGrant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About CybersecurityAccording to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring ProcessGrant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.Nation-State Actors Planting Individuals Within the CommunityHe mentions the...
This week on episode 339, we interviewed Oren Wortman, VP of Cybersecurity Services, Sygnia, Trevor Rodrigues Templar, CEO of Aviso AI and Catalina Daniels & James Sherman, authors of Smart Startups: What Every Entrepreneur Needs To Know—Advice from 18 Harvard Business School Founders. DisrupTV is a weekly podcast with hosts R “Ray” Wang and Vala Afshar. The show airs live at 11:00 a.m. PT/ 2:00 p.m. ET every Friday. Brought to you by Constellation Executive Network: constellationr.com/CEN.
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 94: Exploring Cybersecurity and Beyond: The Remarkable Journey of Robert PutmanPub date: 2023-08-29Step into the cybersecurity world alongside Derek today as he brings you another riveting discussion with an esteemed expert! Rob Putman is the Global Manager of Cybersecurity Services at ABB Process Automation. At the core of his journey lies an unquenchable thirst for understanding that has fueled his prowess within the cybersecurity world and beyond. Apart from his impressive professional portfolio, his life encompasses interwoven threads of diverse experiences. He is a US Army veteran, a devoted father, a relentless technologist, a car enthusiast, an intrepid skier, adaring rock climber, and a masterful team builder. With Rob hailing from the scenic Bainbridge Island in Washington State, just beyond the heart of Seattle, his insatiable curiosity about the mechanics of the world ignited his trailblazing path. With a penchant for dismantling and deciphering, he embarked on a lifelong mission to unravel the inner workings of things, often charting unorthodox courses to unveil hidden truths. Rob's curiosity and unyielding quest for understanding demonstrate the boundless possibilities that emerge when dedication intersects with ingenuity. Join Derek in witnessing the blend of expertise and passion embodied by Rob's exceptional journey as he peels back the layers of his life and work. This episode will enrich your understanding of cybersecurity and illuminate the transformative power of unbridled curiosity and purpose-driven endeavors! Stay tuned for more!Show highlights:Rob shares his superhero backstory.The jobs Rob did early in his career.How Rob transitioned into the tech world.The benefits of being opportunistic.How Rob managed to stay connected with interesting people as they moved around.How did he get into industrial control?The importance of having a diverse workforce to protect critical and control systems.Building trust and building bridges within a company.The challenges Rob faces and something he has to think about continuously in his current role. Some sage advice from Rob.Links and resources:(CS)²AI Derek Harp on LinkedInRob Putman on LinkedInABB ProcessAutomationThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Step into the cybersecurity world alongside Derek today as he brings you another riveting discussion with an esteemed expert! Rob Putman is the Global Manager of Cybersecurity Services at ABB Process Automation. At the core of his journey lies an unquenchable thirst for understanding that has fueled his prowess within the cybersecurity world and beyond. Apart from his impressive professional portfolio, his life encompasses interwoven threads of diverse experiences. He is a US Army veteran, a devoted father, a relentless technologist, a car enthusiast, an intrepid skier, adaring rock climber, and a masterful team builder. With Rob hailing from the scenic Bainbridge Island in Washington State, just beyond the heart of Seattle, his insatiable curiosity about the mechanics of the world ignited his trailblazing path. With a penchant for dismantling and deciphering, he embarked on a lifelong mission to unravel the inner workings of things, often charting unorthodox courses to unveil hidden truths. Rob's curiosity and unyielding quest for understanding demonstrate the boundless possibilities that emerge when dedication intersects with ingenuity. Join Derek in witnessing the blend of expertise and passion embodied by Rob's exceptional journey as he peels back the layers of his life and work. This episode will enrich your understanding of cybersecurity and illuminate the transformative power of unbridled curiosity and purpose-driven endeavors! Stay tuned for more!Show highlights:Rob shares his superhero backstory.The jobs Rob did early in his career.How Rob transitioned into the tech world.The benefits of being opportunistic.How Rob managed to stay connected with interesting people as they moved around.How did he get into industrial control?The importance of having a diverse workforce to protect critical and control systems.Building trust and building bridges within a company.The challenges Rob faces and something he has to think about continuously in his current role. Some sage advice from Rob.Links and resources:(CS)²AI Derek Harp on LinkedInRob Putman on LinkedInABB ProcessAutomation
Join Max, one of our resident Business Ninjas, speak with Ephraim Ebstein, CEO and Co-Founder of FIT Solutions. In this episode, Ephraim talks about the importance of finding the right motivation when it comes to starting a business.FIT Solutions is a leading provider of IT services and solutions. They specialize in Managed IT, Enterprise IT, Cybersecurity, Cloud Services, IT Projects, and Healthcare IT. FIT Solutions understands that IT is constantly evolving, and staying ahead of the curve can be a challenge. That's why FIT Solution's team of certified professionals is dedicated to keeping up wit the latest technologies and trends so they can provide the best solutions for each client.Learn more about each of the individual IT and managed cybersecurity services that FIT Solutions offers here: https://fitsolutions.biz/-----Do you want to be interviewed for your business? Schedule time with us, and we'll create a podcast like this for your business: https://www.WriteForMe.io/-----https://www.facebook.com/writeforme.iohttps://www.instagram.com/writeforme.io/https://twitter.com/writeformeiohttps://www.linkedin.com/company/writeforme/https://www.pinterest.com/andysteuer/Want to be interviewed on our Business Ninjas podcast? Schedule time with us now, and we'll make it happen right away! Check out WriteForMe, more than just a Content Agency! See the Faces Behind The Voices on our YouTube Channel!
A new program at UC Berkeley this Fall will teach students how to protect non-profits from hackers. For more, Pat Thurston spoke with Bloomberg News Cyber Reporter Margi Murphy.
Deborah Galea is the Director of Product Marketing at Orca Security, a leading cloud security platform. She is a proficient marketing professional with more than 20 years of experience marketing B2B software and SaaS solutions. Her previous positions include marketing work with Ascend Analytics, OPSWAT, and even co-founding Red Earth Software. Deborah's specialties include product marketing, SEO, content creation, social media, lead generation, and public relations. In this episode… Cybersecurity is a difficult field for marketing. Many companies that need the service most are loath to improve their protection, leaving them vulnerable to attacks. Even competent companies can fail to see the need for greater defenses and suffer as a result. This means that some of the best marketers for cybersecurity are the ones that understand the customer's hesitations and needs. Deborah Galea understands this dynamic, now leading product marketing for cloud security. She founded her own business in the field, learning directly from her own clients and now uses that information for marketing purposes. So what are her most salient recommendations? Alex Gluz invites Deborah Galea, the Director of Product Marketing at Orca Security, onto the Revenue Engine Podcast to talk about marketing for cybersecurity and cloud services. They break down her early career and some of the key lessons she learned. They also talk about balancing marketing priorities, valuable strategies to stay ahead of the curve, and the impact of AI on marketing.
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 77: ABB Ransom-Aware OT Defense Virtual Summit Keynote Preview with Derek HarpPub date: 2023-04-14This special edition of the CS2AI podcast features the highlights of a recent interview with Derek, broadcast on the ABB Energy Pod podcast. In this episode, Patrik Boo, the Portfolio Manager for Cybersecurity Services at ABB Process Automation, interviews Derek Harp, the Founder and Chairman of CS2AI, about his upcoming keynote presentation that will open the OT Cybersecurity Leaders Virtual Summit on ransomware, which will take place on April 19th, 2023. Stay tuned to hear what Derek will cover in his keynote presentation at the OT Cybersecurity Leaders Virtual Summit. The summit is hosted by ABB in collaboration with other sponsors.Show highlights:Derek discusses his main takeaways from the 2022 report.Who are the greatest threat actors?Derek dives into the need for OT cyber-informed training within the operating environment.How ransomware is on the rise in all the different sectors.The link between various groups of cyber criminals and the sharp increase in ransomware.Who is at risk?Other topics that will also be covered at the summit.Links and resources:(CS)²AI Derek Harp on LinkedInMentioned in this episode:Join CS2AIJoin the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. Preroll MembershipOur Sponsors:We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG CyberThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
This special edition of the CS2AI podcast features the highlights of a recent interview with Derek, broadcast on the ABB Energy Pod podcast. In this episode, Patrik Boo, the Portfolio Manager for Cybersecurity Services at ABB Process Automation, interviews Derek Harp, the Founder and Chairman of CS2AI, about his upcoming keynote presentation that will open the OT Cybersecurity Leaders Virtual Summit on ransomware, which will take place on April 19th, 2023. Stay tuned to hear what Derek will cover in his keynote presentation at the OT Cybersecurity Leaders Virtual Summit. The summit is hosted by ABB in collaboration with other sponsors.Show highlights:Derek discusses his main takeaways from the 2022 report.Who are the greatest threat actors?Derek dives into the need for OT cyber-informed training within the operating environment.How ransomware is on the rise in all the different sectors.The link between various groups of cyber criminals and the sharp increase in ransomware.Who is at risk?Other topics that will also be covered at the summit.Links and resources:(CS)²AI Derek Harp on LinkedIn
Podcast: The Sustainability Podcast (LS 27 · TOP 10% what is this?)Episode: Addressing Today's and Tomorrow's Industrial Cybersecurity Challenges with Mary Beth Connolly and Jay Abdallah of Schneider ElectricPub date: 2023-03-29Schneider Electric executives Mary Beth Connolly, VP Strategy, Process Automation and Jay Abdallah, VP Cybersecurity Services join Sid Snitkin, VP Cybersecurity Advisory Services in a discussion of how industrial companies can meet the challenges they face in ensuring the cybersecurity of their facilities and critical infrastructure. This includes dealing with the today's increased risks of ransomware and nation state attacks, as well the people, process, and technology changes that companies should be considering to enable secure digitalization. --------------------------------------------------------------------------Would you like to be a guest on our growing podcast? If you have an intriguing, thought provoking topic you'd like to discuss on our podcast, please contact our host Jim Frazer View all the episodes here: https://thesustainabilitypodcast.buzzsprout.comThe podcast and artwork embedded on this page are from The Sustainability Team at ARC Advisory Group , which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Schneider Electric executives Mary Beth Connolly, VP Strategy, Process Automation and Jay Abdallah, VP Cybersecurity Services join Sid Snitkin, VP Cybersecurity Advisory Services in a discussion of how industrial companies can meet the challenges they face in ensuring the cybersecurity of their facilities and critical infrastructure. This includes dealing with the today's increased risks of ransomware and nation state attacks, as well the people, process, and technology changes that companies should be considering to enable secure digitalization. Would you like to be a guest on our growing podcast? If you have an intriguing, thought provoking topic you'd like to discuss on our podcast, please contact our host Jim Frazer View all the episodes here: https://thesustainabilitypodcast.buzzsprout.com
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald meets up with John Banghart, Senior Director for Cybersecurity Services at Venable LLP, a law firm that provides cybersecurity and privacy risk management advisory to clients of all shapes and sizes across a wide variety of sectors. Venable also runs a nonprofit organization called the Center for Cybersecurity Policy & Law that connects private-sector companies with government organizations to discuss policy and standards issues. John Banghart has nearly 30 years of federal government and private sector experience in cybersecurity. These days, he focuses mostly on the healthcare sector with an emphasis on cloud computing and information sharing. Together, Eric and John review the Biden Administration's National Cybersecurity Strategy and what it means for software makers and the liability they may face for their creations. They also examine how the Strategy builds upon Executive Order 14028 and the CMMC (Cybersecurity Maturity Model Certification), and whether the reference to DoJ's Civil Cyber-Fraud Initiative is likely to make companies more careful about what they attest to in their first-party attestations. Interview with John Banghart Prior to joining Venable in 2016, John served in a variety of roles spanning risk management, government policy, standards and regulatory compliance, and incident management at Microsoft, the White House National Security Council, and the National Institute of Standards and Technology. In this episode, Eric and John discuss: Takeaways and conclusions from the Biden Administration's National Cybersecurity Strategy The shifting of cybersecurity liability to software makers and the struggle to enact effective cybersecurity rules How the National Cybersecurity Strategy builds upon Executive Order 14028 and the CMMC How tech companies may approach new cybersecurity regulation (and the safe harbor it may offer) Whether the Strategy's invocation of DoJ's Civil Cyber-Fraud Initiative will compel software vendors to put more scrutiny and time into their cybersecurity attestations Find John on LinkedIn: John Banghart: https://www.linkedin.com/in/john-banghart-b43b6a/ Learn more about Venable, LLP: https://www.linkedin.com/company/venablellp/ Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems. If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast. To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/
This week our guest is Heather West, Silicon Valley rock star and Senior Director of Cybersecurity Services at Venable LLP. We explore artificial intelligence (AI) and chatbots, such as ChatGPT, and discuss what these technologies can do, who will be early adopters and beneficiaries of AI, whether articles or answers generated by AI can be trusted, and look at some of the privacy and security risks associated with AI. Heather is policy and tech translator, product consultant, and long-term Internet strategies working at the intersection of emerging technologies, culture, governments, and policy. Prior to joining Venable, Heather had stints at Meta and Mozilla.
Lyn Brown sits down with Kristina Walter, Chief of the Defense Industrial Base Cybersecurity within the National Security Agency's Cybersecurity Collaboration Center, and Ben Kastan who is the Associate General Counsel for Cybersecurity at NSA to discuss an exciting new program NSA has launched to help companies in the defense industrial base combat cyber threats in real time. Do you want to know how NSA can help companies protect DOD information on their networks? Interested in how adversaries target the DIB to steal intellectual property and how NSA can help defense contractors large and small protect the valuable information from cyber threats and ransomware attacks? NSA is offering several cybersecurity services at no cost to any company with a DoD contract and access to DoD information. NSA can also provide defense contractors with real time threat intelligence. Learn more about NSA's services to protect the defense industrial base and the legal basis for them by listening to our new podcast with senior NSA officials.
In this episode of ALPS In Brief, Mark and the founders of Sensei Enterprises discuss cybersecurity options and support for solo and small law firms. Somebody's got to take care of you and that's just what they do. Transcript: MARK BASSINGTHWAIGHTE: Hello, I am Mark Bassingthwaighte, the risk manager here at ALPS, and welcome to ALPS In Brief, the podcast that comes to you from the historic Florence Building in beautiful downtown Missoula, Montana. I am back from a trip into the home office in Missoula, and back in the satellite office here in Florida, and have with me two folks that I've just had the joy and pleasure of getting to know over the years, and the privilege to work with a few times over the years at various ABA events, and it's just been a lot of fun. MARK: Please help me in welcoming Sharon Nelson and John Simek. Sharon and John are President and Vice President of Sensei Enterprises, which is really the heart of the topic we're going to talk about today. Before we jump into some of the questions and things I'd like us to visit about Sharon and John, may I have each of you take a couple of minutes and share whatever you'd like to share about yourselves? What would help our listeners get to know you a bit better? SHARON NELSON: I'll start, and then I'll turn it over to John. What we do at Sensei Enterprise is managed information technology, managed cybersecurity services, and digital forensics. We have three branches, and that means we're running a fire station without a Dalmatian here, so there's always emergencies. It gets very difficult to keep all the balls in the air. We are also married with six children and 10 grandchildren. We're together all day and all night too. MARK: I love it. JOHN SIMEK: You didn't tell [inaudible 00:01:53], you're a lawyer though. SHARON: Oh well. JOHN: Do they care? SHARON: Maybe. John is the veteran technologist and I am the lawyer, and that's why we decided to work together when we started the company some 25 years ago, more than that now, just a little bit. John was the talent and I was the lawyer/marketer who could sell ice cubes to Eskimos, so that worked out really well for us both. JOHN: I'm not a lawyer, as you can probably tell. I'm an engineer by degree, and been involved in technology informally even before the internet. I remember that presidential candidate that was trying to create [inaudible 00:02:40]. Whatever, but back in the days of the modems and all that stuff. But I have a lot of technical certifications, formal training as well. I guess a lot of people think that I should be wearing a pocket protector and have a propeller head. But yeah, as Sharon said, I do the technology stuff, testifying expert as well, because of the forensics and all that. I just got done with a deposition a couple weeks ago that was really entertaining, at least to me, but not for the other attorney. SHARON: That's how it's always supposed to turn out. I forgot to say Mark, that I was the President of the Virginia State Bar a few years ago. That was [inaudible 00:03:25]. JOHN: That's how we ended up in Montana one year. SHARON: Yeah, that's how we ended up coming to see you folks out in Montana. MARK: Indeed. That's right. That was a good time. SHARON: It was a wonderful time. JOHN: I did go fishing when we were out there. MARK: There we go. Boy, there's no place better. You want to talk about some quiet country time on the river with a fly? A lot of fun. One of the things that I've never really visited with you guys about, I'm genuinely very interested. Sharon, you've talked, years ago, you've been a lawyer for quite some time. How did you make this jump? Was that always the plan to go into this Sensei Enterprise type business, the alternative practice, a non-traditional track if you will? How did this all come about? SHARON: Life is full of accidents. As I was a young [inaudible 00:04:22]. JOHN: We're experts at that. SHARON: Oh yeah. When my first child was born, her condition required me to stay home through several surgeries and several years. She's fine, but I ended up working from home as a lawyer. And then, later on after I had been a lawyer and been seriously involved in the Bar Association, I had this very nice man who taught technology to anyone at colleges, and he was helping me computerize my law practice back in the '80s. I was pretty wired up for a solo. But then, he got relocated because of his job, and I said, "What am I going to do without you?" And he said, "Well, I've got this friend down the street, and he's really brilliant, but he's a pain in the butt." And he said, "But I'll set up a lunch, and if you can stand him, then he could do a better job even than me." SHARON: I met him for lunch, I could stand him, and so, we started out with him helping me with my law practice technology. Ultimately, he had always wanted his own company, and he just looked at me one day and said, "You know, I could be the talent of a company, and you're a lawyer, and you can sell anybody anything, so why don't we hook up and form a company?" And that's how we got started. MARK: Wow. That's awesome. I love that. I love that. Oh my. Can you tell me a little bit about the types of services? You can a little highlight or overview, but can we dig in a little bit in terms of the types of services that you offer? I'm also interested, how would you describe your typical client? I know that you do a lot of work I think with businesses that are not just... You're not limiting your services in other words to law firms. Is what you have to offer, would it be useful, beneficial to solo small firm lawyers around the country? SHARON: We actually are devoted to solo small firm lawyers, not that they are an exclusive client roster. We have a client that has over a thousand people. JOHN: Not a legal entity. SHARON: No, not a legal entity. But in any event, we do all sizes. But we have a special feeling in our hearts for the needs of the solo small, because most companies are not interested in them. They don't really want them, because they can't get much of a profit out of them. JOHN: They might have some minimum. Unless you've got 10 bodies or more, they're not interested to even talk to you. SHARON: And so, somebody has got to take care of these people, so we really specialize in finding cost-effective things that they can use to do what they need to do. That's been something that we've been celebrated for, is that we do take care of solo and smalls along with the bigger firms. It's been a mix, Mark, and I really feel strongly about that because I was a solo myself, and I know how hard it was to get competent help and to get things that you could afford. And now that cybersecurity is so important, it's really critical that the solo and small firms have people to guide them in a way that's budget-friendly, because this stuff can be really expensive. MARK: Yeah, I'm well aware. What types of services can you help? If I'm just a solo stuck here in Florida, or Montana, or Iowa, what can you do for me? JOHN: Basically, we do an assessment, an initial assessment, come in there to see what you've got going, and is it appropriate? Should we forklift some things? Are you in the Cloud even? Because today, it's so much more affordable and flexible to be in the Cloud. SHARON: And secure, more secure. JOHN: Maybe you should be considering that. We do have some clients that are remote, up in Massachusetts as well as down the coast, and we can do a lot of things remotely. Sometimes though, you do have to have boots on the ground, and some folks might have a local person if they need hands-on to something. But generally no, we can get equipment, we can figure it, we can ship it, do all that. But essentially, get you in a position where you're a heck of a lot more secure with your technology. SHARON: And you're getting good recommendations from us about what [inaudible 00:09:08]. JOHN: Stability, backup. SHARON: Practice management systems, document management. We can help them work with the companies who have appropriate pricing for solo and small. That's really our niche, is to be able to do that for those people. The solo and smalls are really neglected. JOHN: But it really is a unique thing though, because there's not a template. You can't go to the green drawer and pull out a system for a solo. SHARON: No. I mean, they all have different needs. JOHN: They've got different needs, different things that are important to them, different types of practice, their workflows are different. We really do try to, as Sharon said, customize and make sure that they do have a cost-effective solution. The other advantage I think we have is that we know a lot about the law, and a lot about what lawyers' responsibilities are, and what their- SHARON: And what's ethical. And what's ethical has changed, Mark. In today's world, you have to take reasonable measures to protect client data and confidential data. These days, we have gotten to the point where one reasonable measure is having two-factor authentication, because it's almost always free. It comes with Office 365, which so many solo smalls use. You just have to turn it on. That's where of course the problem comes. JOHN: That's got to be really hard. SHARON: It's the convenience factor, though. They want to get right in. They don't want to have to get a text on their phone, or push a button on their phone. JOHN: Type a code. SHARON: Type a code, and whatever it is. There's all kinds of two-factor authentication obviously, and you have to help them get past the I don't want the extra step to, I have to have the extra step, because ethics demands this of me, because multifactor authentication stops almost 100% of credential-based account attacks. You don't get us that much better than that. JOHN: Especially not when it's free. SHARON: Yes, especially when it's free to do. You just have to put up with one little annoying thing that you have to do. JOHN: You can trust devices too, so it's not every time. You don't have to do this 30 days, or whatever it is, whatever the period of time is. A lot of folks I don't think realize that. They think when they hear this, they go, "No, I'm not going to do this every darn time I connect." You don't have to. SHARON: You said, tell a story. Here's a story. We've been able to successfully convince most of our law firm clients that they must ethically do this. There were several who protested, and they dragged their feet, and they dragged their feet, and then one of them got hit by ransomware. That's what happens when you don't take some advice. First thing they said was, "Okay, we got hit. We were attacked. I guess you were right about that 2FA thing, so could you come back and fix that for us now?" MARK: Hard lesson learned, but boy is it a good lesson once they understand it. I'm hearing you can do lots of advising and guidance on terms of how to become secure, taking into consideration regulations we're subject to, the ethical rules, et cetera. I just had somebody call me up yesterday about, they were talking about some other things, and a side question came out. It's a solo setting up her own firm, and she's interested, are there services and people out there that can help monitor the systems to give you a heads up? Her question was, how do I know if I'm breached? Can you help them answer that, or help them deal with that risk? SHARON: You have today an ethical obligation to monitor for a breach. That's pretty much been established. Now that you know you have to monitor, that's one reason why we are a managed service provider, because we have all sorts of alarms, and alerts, and we check things like backups to make sure everything is going the way it should. JOHN: There's a lot of automation. SHARON: There's a lot of automation. The thing is, when something goes wrong, we'll get a notice, so the lawyer is protected by having the managed services and the alerts that will go to their provider. That way, they know right away, they can usually fix it right away, or if the power is out or something like that, they have to wait until power comes back obviously. But that's why you want someone watching over all of this for you, because the average lawyer has no idea what any of these alerts mean. These things go off, and they're clueless. You want that in the hands of a professional, and it's not very expensive to get it. And so, this idea of endpoint detection and response, this is another thing that we would say is reasonably required in order for you to monitor for those breaches. JOHN: It's not just monitoring, it's also- SHARON: React. JOHN: Yeah, it reacts to it. Artificial intelligence is a part of what the tool uses, in conjunction with human beings in a security operation center. If you get a ransomware attack as an example, or there's some rogue process that comes and starts and the system sees that, wait a minute, this is outside of baseline operation, and it can even automatically take the device off the wire, off the network. But they have, at least the solutions that we're implementing for our clients, it has a rollback capability. If it's got a problem, and you say, "Shoot, you know what? Let's go back to 30 minutes ago," and put your system back into a state before this happened, and we've got that ability. SHARON: It's really kind of magic to lawyers. As much as we try to explain it, and John did in fairly simple terms, they really don't get it. They just get that the magic works. MARK: Right. That's okay. They don't need to get it. If they have somebody like you behind the scenes taking care of it, they just need to make sure these kinds of things are in play or in place. May I also assume that if I have, I do stupid on my laptop, and I get hit with something that we talk about ransomware as a classic example, are you also offering services to help me address and deal with these kinds of breaches? SHARON: Absolutely. That's what you do. JOHN: I do want to point out though Mark, all the technology and things that we do do, you cannot fix a human being. MARK: Right. Oh boy. SHARON: Who clicks on a phishing email or a phishing text? JOHN: Sharon talked about a story. We had a story from... What's today? Thursday. I think it was either Friday, or it was no longer than a week ago. We've got all these things in place, the software, [inaudible 00:16:33], whatever, and yet we've got a lawyer that gets this message, and then he actually initiates a phone call- SHARON: To the bad guys. JOHN: To the bad guys, and then is carrying on this conversation, and under his own ID, he's opening up his machine to this caller, and I'm going, "I can't stop that." SHARON: They finally asked him to enter some bank information- JOHN: And he got suspicious. SHARON: Then he finally got suspicious and severed the connection. JOHN: He called us and we said, "Whoa, hold on." SHARON: But that kind of thing happens a whole lot. People do stupid stuff, and of course now everybody is on their phone a lot, and so the phishing via text has become a big deal. They call that smishing. People will fall for that. They'll get something that says, "You just made a purchase for $500, and if you didn't make this purchase, you've got to do this, or call there." JOHN: Click here or whatever. SHARON: Whatever. Don't click. Don't call. People are not thinking. MARK: I'm hearing we have full service, which I'm not surprised, but I just want to underscore all of this. John, you raised a very, very good point. I'm often writing and lecturing about some similar things. Regardless of what IT does, we still have to deal with the reality of the human factor. You can't patch that. You can't. We have to do some training here. Is that something you guys do as well? Are there any training resources available for solo small firms? SHARON: The best training resource I know of is somebody who is not in your own company, in your own law firm. It's somebody from the outside who carries a bigger bat and has a reputation. That's why we started out long ago doing cybersecurity awareness training for law firm employees, and we do it remotely, which of course people have gotten used to that now. We have a PowerPoint, and we talk through the PowerPoint. We only charge $500 for an hour. Trust me, they can't absorb more than one hour, because this stuff is complicated, and they have to pay attention. An hour is about right. You might want to do it more than once a year. You might want to do it twice a year. At $500, most law firms can afford that, even the solos and the small firms, because it's a whole firm price. We're there for an hour, and we answer questions as we go along, but we can show them the phishing emails and all the stuff. We talk about social engineering, and all the stupid stuff they do, like sharing and reusing passwords. JOHN: The latest attacks. SHARON: The latest attacks. We [inaudible 00:19:30] the latest information. Nonetheless, people forget. The stat that's most interesting to me, Mark, is that over 80% of successful attacks involve a human in some way or another. MARK: Right. Good stuff. One of the reasons I really was excited about visiting with the two of you again, is to try to find or create awareness about resources that are out there, because there are so many places where there is, if you will, nothing locally. When you talk about this preventative educational piece, just as an example, at $500 a pop, I sit here and say, as a risk guy, two or three times a year? That's chump change, and absolutely essential to do in my mind, when I compare the potential loss of time, worry, money, data, all kinds of things, if somebody just does something stupid and clicks on the wrong thing, and we get hit with ransomware, and it's all gone, locked up. JOHN: I think the other requirements you're going to have Mark too though, and what we're seeing a lot of, is that the cyberinsurance carriers are now in their renewals and in their applications, they want to know, are you getting training for your employees? SHARON: That's one of the questions, and they don't want to hear no, or they might charge you more, or they might offer you less coverage. We've seen it all. Cyberinsurance is driving the solo and small firms crazy. MARK: Here's one as a side comment following up on that, please folks, if you're filling out these applications, don't lie. If you say you're doing something, and a policy is issued based on those representations, it's just the same as malpractice insurance or anything else. If it turns out you aren't having these trainings and you don't do these other things that you say you are doing or have in place, that's going to jeopardize coverage. Just a little side note there, be very careful and honest about answering this. I don't want to keep you too much longer, and I really, really appreciate you taking some time today. Could we close maybe with some thoughts about what are the top two or three things that you think lawyers in this space need to be concerned about, focused on perhaps, and/or a tip or two to address these kinds of things? Just a quick wrap. SHARON: Are you talking about cybersecurity in particular, Mark? MARK: Yes. JOHN: I think Sharon has talked about the things that certainly are really high on my list, and that's the multifactor authentication, the EDR systems, endpoint detection response. SHARON: And an incident response plan, which only 36% of attorneys have an incident response plan, and it is so critical, because if you fail to plan, you plan to fail. That's an old chestnut of a line, but it's really true. You have got to have a plan, and you probably need somebody to consult with you a little bit, because there's no absolute template out there that fits everybody. You can start with one, but you really need to have somebody who knows what they're doing help you out with developing a plan. It's not all that hard, it's just that people don't do it. And then, if they do do it, then they leave it to molder, and of course nothing stays the same in this world, especially cybersecurity. In a year, if you haven't looked at it and done anything with it, some portion of it is probably quite obsolete. JOHN: But I think the critical foundation for that whole thing, before you even get down to saying, how am I going to respond, what does my IRP look like, is inventorying your assets and your data. If you don't know you have it, you can't protect it. MARK: That is an excellent point. Yes. That's absolutely an excellent point. I appreciate your time here. Before we wrap it up, I do want to give you a moment to share. If any of our listeners have a need and desire to reach out to you to discuss the kinds of things that you can help them out with, how can they get a hold of you guys? SHARON: Our phone number is 703-359-0700, and our website is senseient.com, or of course you could search Sensei Enterprises. We have all different kinds of folks in the office, and we'll funnel you to the right people. Very happy to do that, and always happy to have a no-cost consult if people have some questions they'd like to ask. We do a lot of that at the beginning, and then it turns out that they do in fact have a need, which is harmonious for us both. But if it doesn't work out, at least we've tried to help. And so, we would encourage that, Mark. I hope that's helpful. MARK: Yes, it is very much so. To those of you listening, I hope you found something of value out of today's podcast. My intent again today, I just am trying to find solutions. I get so many calls of, who do I turn to? This is a rough space at times, and lawyers just feel left out and unsure who to reach to. I assure you, these two and the business they have, these are good folk, and it's a great business. I would not hesitate reaching out at any time. John, Sharon, thank you very much for joining me today. John, good fishing, and hope you guys take care of those grandkids and kids. Boy, that's a busy, crazy life, but I'm sure it's exciting. That's just awesome. I'll let you get back to it, guys. Thank you for listening. Bye-bye, all. SHARON: Thank you very much. JOHN: Bye-bye. MARK: Bye-bye.
Data breaches are becoming increasingly common, and the threat of cybercrime is something that we have to be constantly aware of - especially as many of us are now working from home. But are you proactive or reactive when it comes to safeguarding yours or your company's IT infrastructure?Join us on a special show, as we speak to Dr Saiyid Abdallah Syahir Al-Edrus, the General Manager of Cybersecurity Services at TM One, to find out just how important it is to be proactive.
An organization's intellectual property, trade secrets, and any proprietary information that requires protection are considered crown jewel data. Managing this data can be as crucial to the organization as the data itself. Trip Hillman, Director of Cybersecurity Services at Weaver, and Hunter Sundbeck, a Privacy Lead for IT Advisory Services at Weaver, checked in with Beyond the Number's Tyler Kern to provide insights and strategies for managing essential company data. “Often, an organization doesn't know what it has,” Hillman said. “So, for these types of data, this crown jewel data, the key that we're looking at, the valuable sense of this data, we want to make sure we have a method to protect it.” Companies must create a plan to identify the data and assign the proper security for data access. Recognizing the need to manage data and robust data management is different. One of the challenges for organizations is properly defining their data into the proper classifications. Sundbeck said companies must identify what those crown jewel data assets are, which are top secret, and what data people can access. “I've done a couple of discovery audits where we're figuring out what exactly you have, what your key processes are, what data feeds those key processes, and how that data is protected.” Through this discovery process, companies may realize they have hidden or ‘dark' data they'd forgotten. Some of this data could be critical or not. “There is a point where maybe you're collecting data you don't need,” Sundbeck said. Identifying valued data from bad helps companies put security and controls around the right data sets and clean up the rest.
Karl Sharman is the Head of Cybersecurity Services & Solutions recruiting at Stott & May. Karl and I discuss: Why do reporting lines matter less than authority & access for a CISO How Karl prepares and educates a company that's looking for a new CISO Assessing the capabilities of a prospective CISO Setting up a new CISO for success
Hear from Ari Schwartz, Managing Director for Cybersecurity Services at Venable and former Senior Director for Cybersecurity for the White House National Security Council about what is happening at the Federal level around cybersecurity legislation as well as an update on the national cyber threat landscape. The Iowa Tech Policy Podcast is proudly presented by SHAZAM, with additional support provided by Dentons Davis Brown.
About Episode: Meet Cyber Security expert, Eric Cole. Eric joins us today to share his experience in the Cyber field and how he has conquered it. Learn how his work with the CIA, Fortune 500 companies, and top international banks have contributed to his expertise and passion.We Meet: Dr. Eric Cole, CEO/Founder of Secure AnchorEpisode References: T-Mobile breach - https://www.t-mobile.com/brand/data-breach-2021Dark Web - https://en.wikipedia.org/wiki/Dark_webCyberCrime documentary - https://www.imdb.com/title/tt10704280/?ref_=nm_knf_t2McDonalds - https://www.imdb.com/title/tt10704280/?ref_=nm_knf_t2Five Guys - http://www.fiveguys.com/Kaseya - https://kaseya.comElon Musk - https://en.wikipedia.org/wiki/Elon_MuskAudi - https://www.audiusa.com/us/web/en.htmlAston - https://www.astonmartin.com/en-us/BMW - https://www.bmw.com/en/index.htmlThomas Edison - https://en.wikipedia.org/wiki/Thomas_EdisonConnect:Connect with Rick: https://linktr.ee/mrrickjordanConnect with Eric: https://secure-anchor.com/Universal Rate and Review: https://lovethepodcast.com/allinwithrickjordanSubscribe and Review to ALL IN with Rick Jordan on YouTube: https://www.youtube.com/c/RickJordanALLINAbout Eric Cole:With more than 30 years of network security experience, Dr. Eric Cole is a distinguished cybersecurity expert and keynote speaker who helps organizations curtail the risk of cyber-threats. Dr. Cole has worked with a variety of clients ranging from Fortune 500 companies, to top international banks to the CIA. He has been the featured speaker at many security events and also has been interviewed by several chief media outlets such as CNN, CBS News, FOX News, and 60 Minutes.
In 2006 the major card brands formed the PCI Security Standards Council (SSC) with the goal of managing the evolution of the Data Security Standard (DSS). Today that has expanded to several other standards and compliance programs. As part of the DSS compliance program the PCI SSC certifies Qualified Security Assessor (QSA) companies to perform independent audits of merchants and service providers related to the PCI DSS.So, as a go-to firm for PCI DSS compliance, how does Weaver help clients understand what they need to know?On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cybersecurity Services at Weaver, and Kyle Morris, Senior Manager in IT Advisory Services at Weaver. The trio dug into insights from Weaver's cyber and QSA team and explored how Weaver advises clients on how to handle PCI DSS assessments and compliance.PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Kyle and Trip look at PCI DSS as an opportunity for these companies to use compliance as a competitive advantage. Kyle is a QSA and explained that the Council establishes PCI DSS criteria and dictates what a QSA does for testing. Then organizations determine how they meet the criteria. There are over 250 requirements with PCI DSS, so depending on a company's needs and capabilities, the organization can conduct an annual self-assessment or bring in an independent QSA to do a full-blown audit report on compliance.Kyle and Trip discuss some of the main challenges that companies face with PCI DSS, including scoping, maintaining compliance and identifying the appropriate internal champions. They also share tips on how to prepare for compliance and define common acronyms: SAQ, ROC and AOC.Tune in to hear why the Weaver team enjoys helping clients fit their unique environment into the complex PCI DSS framework.“We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Kyle said.
Jeffrey Ziplow, Business Risk and Cybersecurity Services, Principal, CLA West Hartford. Time to talk about Cybersecurity, October is Cybersecurity Awareness Month. See omnystudio.com/listener for privacy information.
October is Cybersecurity Awareness Month, but the importance of cybersecurity has quickly become a quintessential part of today's business strategy. More than 50% of businesses have been the victim of a cyberattack, and as many as 60% of those hacked businesses end up going out of business. How can you keep your organization protected? Eide Bailly's Director of Cybersecurity Services, Michael Nouguier, joins the EB & Flow podcast to talk about current trends in cybersecurity and the fundamentals of a good cybersecurity strategy. “When we talk about our expanding attack surface, knowing what assets you have in your environment is right up there with multifactor authentication and probably even higher. Knowing what assets you have to protect is critical. If you don't know what's in your environment and you don't know what to protect, you're not going to. So a detailed asset management program and software solution is necessary in order to protect your environment.“ – Michael Nouguier, Director of Cybersecurity Services Contact us if you have any questions about the topic of this episode or to inquire about any business challenges you are experiencing. It's critical to create a culture of cybersecurity in your organization and develop a strategy to protect your data. A cyber attack has the ability to freeze your operations and potentially shut it down permanently. If you don't know where to start the cybersecurity strategy process, our team of cybersecurity advisors are here to help. https://www.eidebailly.com/services/cybersecurity#chatForm
Steven Bohling is the founder and current CEO of eFence Security, a Cybersecurity Services company located in Wichita, KS. During this episode, Steven discusses all things cybersecurity from hackers and their alarming exploitation methods, how to protect your own personal data, and even how to start a career in the cybersecurity world.
In this episode, your host speaks with Single Point of Contact's Fernando Leon about cybersecurity and IT services, PPC (pay per click) and SEO (search engine optimization), the challenges around security in businesses, compliance, and more. Check out Single Point of Contact at https://singlepointoc.com/.
Constellations, a New Space and Satellite Innovation Podcast
In this Constellations Podcast episode, we'll discuss what the Cybersecurity Maturity Model Certification, otherwise known as CMMC, is and how it will change the requirements for contracting with the DoD. The recent spate of data breaches affecting both government and commercial organizations underscores the need for more robust security measures to protect critical information. For DoD, this means increased protection of FCI and CUI data. CMMC will be a critical component of heightened security as all companies will need to pass strict CMMC security assessments before being awarded DoD contracts. During this episode, Justin Padilla, Director, Cybersecurity Services, Kratos will explain what CUI, FCI mean and how they will all be affected by CMMC. He'll discuss how companies will need to be assessed by a Third-Party Assessment Organization – a C3PAO.
In this episode, Ross B. Nodurft, Senior Director of Cybersecurity Services at Venable LLP, Alexander Botting, Senior Director of International Cybersecurity Services at Venable LLP, and Amy Mahn, an international policy specialist in the United States Department of Commerce National Institute of Standards and Technology (NIST) Applied Cybersecurity Division, discuss cybersecurity risk management, especially in relation to standards-setting. They begin by describing their work, including an ongoing series of public events organized by NIST and the Center for Cybersecurity Policy and Law, bringing together cybersecurity professionals to discuss needs and best practices in managing cybersecurity risk. They explain how NIST develops standards for managing cybersecurity risk, and why those standards have been successful. And they reflect on the future of the standards-setting process. Nodurft is on Twitter at @RossNodurft, Botting is at @alexbotting, and NIST is at @NIST.The NIST Cybersecurity Framework is available here. You can sign up for the Cybersecurity Risk Management Virtual Event Series here. And you can watch an event titled "Promoting Interoperability through Standards & Frameworks" here.This episode was hosted by Brian L. Frye, Spears-Gilbert Professor of Law at the University of Kentucky College of Law. Frye is on Twitter at @brianlfrye. See acast.com/privacy for privacy and opt-out information.
Updates on JEDI cloud contract and litigation Joe Jordan, Chief Executive Officer of Actuparo, discusses the latest on the Joint Enterprise Defense Infrastructure cloud computing contract Implementing cybersecurity executive order across agencies Ari Schwartz, Managing Director of Cybersecurity Services at Venable, provides updates on actions agencies are taking as deadlines from the cyber executive order approach Reviewing fund cancellations across government agencies Jeff Arkin, Acting Director of Strategic Issues at the Government Accountability Office, goes over the work his team did on examining cancelled appropriations on a government-wide basis
Perspective and priority matters. If you use CVSS or an equivalent technical metric alone as the core data point for vulnerability ranking in a hospital setting, up to 80% of the vulnerabilities identified might be inappropriately prioritized.Specific examples include network infrastructure being under and clinical devices being over ranked at scale once clinical workflow context is factored in. When analyzing risk and taking mitigating action, what's the difference between an insulin pump in/on a patient, an imaging system in the emergency room department, and a networking device sitting in a lab closet? What you think matters may be up for discussion — so might be the health ecosystem and the patients that utilize it.Put simply, the consequences of perspectives can have profound impacts on healthcare CISOs and the executive-level perception of risk status and the effectiveness of purely technically based vulnerability management programs.The consequences of decisions made could have an even more profound impact on the patients' wellbeing on a grander scale.When assessing cyber risk, perspective and priority matter — a lot.GuestDr. Saif Abed, Medical Doctor | Cybersecurity Expert | Director of Cybersecurity Services, The AbedGraham Group | European Commission | World Health Organisation (@Saif_Abed on Twitter)This Episode's SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegwebResourcesInspiration for this conversation: https://www.linkedin.com/posts/activity-6775767919851790336-QjwXTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships
In this episode, Holly sits down with Shauni - our Marketing Manager - to discuss how she promotes technical services to a non-technical audience. Marketers in the security industry have a pretty big task on their hands; as technical people - cybersecurity is our passion (hence last week's 55 minute rant about security policies), but how do you create content that appeals to CEOs and other non-technical decision makers? Over the course of the conversation, we discuss Shauni's journey from fashion marketing to cybersecurity, what she has in common with a lot of penetration testers, and how much marketing fluff is too much. 1:30 How did you get into cybersecurity? 4:30 What's the goal of a marketer? 6:00 Do you consider yourself to be technical? 12:15 Is cybersecurity an intimidating industry? 14:30 Sharing knowledge 18:45 Are InfoSec marketers and penetration testers that different? 25:50 Making content accessible 30:40 You've gotta start somewhere Listening time: 32 minutes Host: Holly Grace Williams, MD at Secarma Guest: Shauni Adekoya, Marketing Manager at Secarma Tweet us: www.twitter.com/Secarma Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455 Blogs: www.secarma.com/blog News: www.secarma.com/news
As the world becomes more digital, you can be sure that cyber criminals are not slowing down. Today, we celebrate National Cyber Security Awareness Month with Shawn Richardson, Principal and Director of Cybersecurity Services at Rea & Associates, and Conner Mundy, Associate at Rea & Associates, to share the importance of cybersecurity and why you should be implementing these resources into your organization. Listen to this episode of unsuitable to learn: What cybersecurity can do for your business How to keep remote workers safe The top 5 steps to a safer network Learn more about this topic: Read: https://www.reacpa.com/insight/protect-your-business-from-covid-19-cyber-attacks-in-3-steps/ (Protect Your Business From COVID-19 Cyber Attacks In 3 Steps) Read: https://www.reacpa.com/insight/one-wrong-click-can-spell-danger/ (Cyber Criminals Go Digital | Ransomware Attacks Local Business) Listen: https://www.reacpa.com/insight/episode-238-cybersecurity-post-covid-re-entry-survival/ (Cybersecurity & Post-COVID Re-Entry Concerns) If you like this episode of unsuitable on Rea Radio, hit the like button or share it on social media. You can also use https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_url-3Fq-3Dhttps-3A__www.google.com_url-3Fq-253Dhttps-3A__soundcloud.com_tags_ReaRadio-2526amp-3Bsa-253DD-2526amp-3Bust-253D1495715306637000-2526amp-3Busg-253DAFQjCNEO7cuFlEr4TprDlXnPLFfc9-2Dgibw-26sa-3DD-26ust-3D1495715306647000-26usg-3DAFQjCNEzY2V0AC9u7-5FBmQFuJKyVAvJyQeg&d=DQMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=k7LfU80KH4iNnyPfAqQ-rX5QpCf0a3QOjTYt0O4ZNmU&m=T1q209PKwbilMnNtQPiJxrBmabVSEA0vG_jEl1oE1Fg&s=2nQGrmKAd8X40UODzRu5Qf8X4SHKpfADfpIyDje_vsE&e= (#ReaRadio) to join the conversation. You can also watch the podcast in action on the https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_channel_UC-5FeV4nJToshDK5yNISpZH1w&d=DQMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=k7LfU80KH4iNnyPfAqQ-rX5QpCf0a3QOjTYt0O4ZNmU&m=nPEHxkyMiraiLhboRvg_aol6-fqT9JdWkaDW1OWOlxw&s=HoyT0c7uSAdLfAmwU0Ps8RC4nUbrxhjRpa5Cx18qNlA&e= (Rea & Associates YouTube channel) and access additional resources at http://www.reacpa.com/podcast (www.reacpa.com/podcast).
Schneider Electric Vice President of Cybersecurity Services, Jay Abdallah talks about cybersecurity implications during the global pandemic.
Welcome to the Third episode of The Cybrary Battle Royale Podcast Series lead by Atlantic Data Forensics CEO Brian Dykstra. Speaking with Brian is, Jeff DeFrancesca the Director of Cybersecurity Services at Sayers, Joey Johnson the CISO Premise Health, and Mike Finkel the CEO of Sparksoft. Brian leads this All-Star live discussion recorded during an event at RSA about how skipping the showroom floor has become normal along with the expense of showing at a con and the importance of making sure you actually set up the tools that you're purchasing.
North Fulton Business Radio, Episode 192: Jeff Brown, Smith & Howard With cybercrime such as ransomware affecting a wide range of businesses, large and small, Jeff Brown, Smith & Howard, joined this edition of “North Fulton Business Radio” to address how businesses can protect themselves and much more. “North Fulton Business Radio” is hosted by […] The post Jeff Brown, Smith & Howard appeared first on Business RadioX ®.