Podcast appearances and mentions of dan lohrmann

As we continue with Cybersecurity Awareness Month, we've got Dan Lohrmann, Field Chief Information Officer at Presidio on this week's episode of Paychex THRIVE, a Business Podcast. Tune in to hear him chat with host Gene Marks about the services Presidio offers, as well as why businesses of all sizes need to be prepared for cyber-attacks, what they can do, the added risk brought on by remote workers, how major attacks happen, and much more. Topics Include: 00:00 – Episode preview 01:00 – Welcome, Dan Lohrmann 01:32 – Introduction to Presidio 02:49 – What services Presidio perform 05:52 – Common findings from assessments 06:29 – SaaS security 08:03 – Why care about security? 11:44 – The importance of being prepared 13:14 – The security concerns over remote workers 16:06 – How major cyber attacks happen 17:24 – Diving into Dan Lohrmann's book 23:16 – Not just a big business problem 24:36 – Protecting your business 27:35 – Deep fake and AI 31:53 – Wrap up Learn more about the importance of cyber security: https://bit.ly/46qaWfX Find out more about cyber liability insurance: https://bit.ly/452RtAR DISCLAIMER: The information presented in this podcast, and that is further provided by the presenter, should not be considered legal or accounting advice, and should not substitute for legal, accounting, or other professional advice in which the facts and circumstances may warrant. We encourage you to consult legal counsel as it pertains to your own unique situation(s) and/or with any specific legal questions you may have.

Would you pay the ransom if you were hit with ransomware? Leaders and their companies are targets. Cyberthreats are on the rise and many companies have fallen victim. They can actually reflect what our weaknesses are when it comes to leading people and how you react under pressure. For most people, this is a really stressful time but it can also be a great opportunity to see how you handle difficult situations.I host Dan Lohrmann, Field CISO for Presidio, who shares a vital strategy for how to respond to a cyber ransom threat.Presideo is a global digital solutions and services provider delivering software-defined cloud, collaboration and security solutions to customers.Dan started his career at the National Security Agency (NSA), and has over 30 years of professional experience – including Chief Security Officer and Chief Technology Officer roles.He's also an award winning blogger and global speaker on a wide range of technology and cybersecurity topics. Best selling author of “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” LinkedIn Profile https://www.linkedin.com/in/danlohrmann/Company Link: https://www.presidio.com/Link to Dan's Book: “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” https://www.amazon.com/Cyber-Mayday-Day-After-Disruptions/dp/1119835305 What You'll Discover in this Episode:The story of the turning point of his career.How he accelerated his learning as a writer.A vital cybersecurity tip for leaders.How to be prepared for AI and cyber risks.The first step you should take if you receive a cyber ransom note.The role of cybersecurity for the next five years.What happened with the $28.75M ransom note.-----Connect with the Host, #1 bestselling author Ben FanningSpeaking and Training inquiresSubscribe to my Youtube channelLinkedInInstagramTwitter

In this episode, Presidio's CISOs Dave Trader and Dan Lohrmann predict the cybersecurity trends of the coming year. Using insights from 2022, they map out which threats to look out for and how to avoid common attacks used by hackers.Join us as we discuss:A recession in cyber talentCyber crime and insuranceHacktivism and foreign threatsTo learn more about these predictions, visit the following links:https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-23-security-predictions-for-2023-part-1 https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-23-security-predictions-for-2023-part-2

We're back with a second helping of wisdom about building a successful career in Cybersecurity! On this episode, we have another of Cybercrime Magazine's top Cybersecurity professionals to follow in 2022. Dan Lohrmann is an internationally recognized Cybersecurity leader who has advised and been a trusted resource for the White House, the U.S. Department of Home Land Security, and the National Governor's Association, as well as multiple Fortune 500 companies. He's authored or co-authored multiple books and contributed to several articles on Cybersecurity in distinguished publications like Forbes and the Huffington Post. He'll be joining Mark to continue the conversation about becoming the Cybersecurity expert the companies of the world need today! Check out some of his latest articles on Cybersecurity: 7 reasons Security Pros Fail and Security Pros Need a Mentor

What were the biggest cybersecurity trends of 2022, and which types of threats do experts predict we should prepare for in 2023? Dan Lohrmann, Field CISO with Presidio, returns to the 401 Access Denied Podcast to provide a consolidated perspective on all the trends from an eventful year. From the war in Ukraine to the rise in cyber mercenary attacks, hacktivism, cloud hacks, and deepfakes, we're welcoming 2023 with a careful review of all the most memorable topics! Read Dan's article on "The Top 23 Security Predictions for 2023" ~The Top 23 Security Predictions for 2023 Part 1  Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!

The United States' Cybersecurity & Infrastructure Security Agency is implementing a series of regulations regarding asset vulnerability and scanning to advance their leadership within the cybersecurity landscape. In this episode, Andy Richter and Dan Lohrmann close out Cyber Security Awareness month by discussing how this will affect actors in the private sector, local and state governments.  Once you're done listening to the episode, you can follow these links to learn more specifics about the mandates and their implementation:   https://www.govtech.com/blogs/lohrmann-on-cybersecurity/three-cybersecurity-surprises-from-state-security-chiefs  https://www.cisa.gov/binding-operational-directive-23-01  https://www.cybersecuritydive.com/news/cisa-mandates-agencies-software-vulnerabilities/633274/  https://www.theregister.com/2022/10/04/cisa_software_vulnerability_directive/  https://www.gsa.gov/cdnstatic/Vulnerability-Management-Process-%5BCIO-IT-Security-17-80-Rev-2%5D-12-30-2021docx.pdf  https://www.fedramp.gov/assets/resources/documents/CSP_Vulnerability_Scanning_Requirements.pdf 

This year has seen several significant shifts within the security space. World events have left tensions high. This has been a stress-test for many security systems as bad actors take advantage of any cracks that have formed.   In this episode, Dave Trader, Field CISO at Presidio, and Dan Lohrmann, Field Chi ef Information Security Officer, share their insights into how the recent conflicts abroad have shaped global security. He also shares his predictions of how ransomware and cyber attacks may evolve in the last quarter of this year.   Join us as we discuss - Zero-trust authentication systems - An uptick in malicious DDoS events - Possible effects of an incoming recession   To hear more interviews like this one, subscribe to The Digital Decode Podcast on Apple Podcasts,Spotify, or your preferred podcast platform.  To look back on the 2022 predictions for cybersecurity, read The Top 22 Security Predictions for 2022.

Dan Lohrmann, award-winning CISO, keynote speaker, mentor, columnist, and bestselling co-author of the book Cyber Mayday and the Day After joins us this week to talk about cybersecurity roles in the public and private sectors, checklists for dealing with disruptions to your business, what organizations can learn from breaches, and much more including a lesson from a blackout on how tabletop exercises should be conducted. Tune in to this episode of Ask A CISO to hear:

On this episode of Cloud Counsel, host Wendy Pfeiffer is joined by industry experts Gautum Roy, Jason Stump, and Dan Lohrmann to discuss how they're helping their businesses tackle IT and cloud challenges.

This episode begins with a short excerpt from Cyber Mayday and the Day After on a real ransomware negotiation with cyber-criminals. Then Nancy Rainosek, chief information security officer of Texas, and Dan Lohrmann, field CISO of Presidio speak on how local government can better plan, respond, and recover from ransomware attacks, as well as how to best coordinate with state or regional-level resources. Then we answer audience questions, including:If it happens, should we pay or not?What do the stats say on release rates?Our city manager is non-technical and IT is limited, who should be in charge of cybersecurity?What are best practices for involving law enforcement? And does it even help?When a serious attack is reported, should we power off all devices? (Spoiler: No. But disconnect from the internet, WiFi, and Bluetooth.)This episode is brought to you by our sponsor, OpenGov.Resources:Download free e-books from OpenGov: The Strategic Planning Guide for Local Government and 10 Tips for Success with ARPA Reporting.

As cybersecurity teams seek to enhance their defenses in the wake of worldwide ransomware attacks and the spread of wiper malware in Ukraine, what predictions can we make about the evolution of global information wars? Acclaimed security leader and Field CISO at Presidio, Dan Lohrmann, discusses emerging trends in cyber insurance, cyber incident reporting, and incident response planning. Learn more about the potential impact of the Shields Up advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Amidst growing risk and uncertainty, hear Dan's advice on how you can develop best practices for training and preparing your security team. Connect with Dan! ~ LinkedIn  ~ Twitter  Check out Dan's Book:  ~Cyber Mayday and the Day After  Read Dan's Blog Post on Cyber Insurance:  ~Where Next for Government in the Cyber Insurance Market?  Read More on Cybersecurity and the Invasion of Ukraine: ~What the Newly Signed US Cyber-Incident Law Means for Security  ~‘For the first time in history anyone can join a war': Volunteers join Russia-Ukraine cyber fight  Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn

2021 was the year of ransomware and cyber security breaches were at an all time high. In the Episode we talk with Dan Lohrmann award-winning CISO and author about his article "The Top 22 Security Predictions for 2022." Dan's Book Co-Authored with Shamane Tan Cyber Mayday and the Day After: A Leader's Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions

Ransomware, attacks using machine learning — 2021 was a bad year for cybersecurity. Sadly, the predictions have the trends accelerating in 2022. But if you know what's coming, it's easier to be prepared. To help you do just that, in this episode Dave Trader is joined by Dan Lohrmann, Field Chief Information Security Officer (CISO) for Public Sector at Presidio, to go over 2022's cyber-forecast and the steps you should take to protect yourself. Join us as we discuss: The ongoing ransomware trend Bad actors using machine learning and AI to conduct attacks Security concerns for crypto and blockchain  To hear more interviews like this one, subscribe to The Digital Decode Podcast on Apple Podcasts, Spotify, or your preferred podcast platform. 

The shift in the workforce landscape has made upgrading and improving network infrastructure a necessity. In a new podcast, Cisco and Presidio discuss how state and local agencies confront the digital divide across communities in the U.S. and ensure constituents can access resources with reliable broadband connectivity. Guests: Meghan Steele, Senior Director, U.S. Public Sector East, Cisco and Dan Lohrmann, Field CISO, Public Sector, Presidio Look for more coverage of “IT Modernization in Government” on www.statescoop.com/listen

Digital transformation is taking place at unprecedented levels across the globe throughout many industries. The inevitable digital disruption is something organizations can prepare for. Let's hear some stories from two authors — Dan Lohrmann and Shamane Tan — as they describe their conversations with some of those organizations and their leaders in their book, Cyber Mayday and the Day After.Book AbstractDigital transformation and cyber insecurity are two global trends that converged in 2020. The COVID-19 pandemic has accelerated these global challenges into paradigm-changing realities that threaten to destroy every company, government, network, and individual. But what can be done to embrace the accelerating digital disruption and at the same time manage the explosion of vulnerabilities, cyber threats, and business risks? What strategies are enabling technology leaders to thrive in this fast-changing landscape and stay calm in the midst of a world filled with ransomware, online deception, and nation-state hackers?Cyber Mayday and the Day After is a business book, a communication toolkit offering stories, strategies, tactics, and outlook with key extracts and lessons learned from top C-executive leaders around the world. Some of these insights come from former FBIs, NASA agents, government CISOs, and high-profile CxOs, offering practical examples and workable solutions for leaders to succeed in the 21st century. This book unpacks key learnings on leadership and influence. It equips listeners with the mastery of their stakeholders and explores how to effect a cultural change within organizations.____________________________GuestsDan LohrmannOn LinkedIn | https://www.linkedin.com/in/danlohrmann/On Twitter | https://twitter.com/govcsoShamane TanOn LinkedIn | https://www.linkedin.com/in/shamane/On Twitter | https://twitter.com/ShamaneTan____________________________ResourcesBook: Cyber Mayday & The Day After - https://www.amazon.com/Cyber-Mayday-Day-After-Disruptions/dp/B09LFPTR8W/____________________________This Episode's SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-societyAre you interested in sponsoring an ITSPmagazine Channel?

This episode features an interview with Dan Lohrmann, Field CISO of Presidio, a global digital services and solutions provider accelerating business transformation through secured technology modernization. Dan has more than 30 years of experience in the computer industry and is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.On this episode, Dan covers why every security leader needs to check out his new book, the biggest vulnerability that the government potentially isn't aware of, and his top advice for a 1st-time CISO.   -------------------“The idea here is to marry up three parts: before, during and after an incident. So what can you do before, four chapters of the book is about, preparing everything from having playbooks and doing exercises, tabletop exercises, real true stories, what people learned and the good, the bad ugly. Then during incidents in the middle, real stories about that. And then at the end, what about afterwards? What, like the last chapter is turning cyber lemons into organizational lemonade. So really the idea of how can we take what we learned and then roll it back into our plan, into our playbooks, in our scenarios, and to get better and improve.” — Dan Lohrmann-------------------Episode Timestamps:*(2:54) - Dan's first job in security*(4:42) - Dan's current role as Field CISO of Presidio *(5:44) - Dan's perspective on the changing speed of the government*(7:19) - The biggest vulnerability that the government potentially isn't aware of *(11:43) - Segment: The Deep Dive*(25:44) - Dan's predictions for the future*(30:12) - Dan's favorite security domain*(34:16) - Top advice for a 1st time CISO*(37:01) - If Dan could go back in time what he'd do differently-------------------LinksConnect with Dan on LinkedInFollow Dan on TwitterCheck out Dan's new book! Jason Clark's LinkedInwww.netskope.com

We speak with authors Dan Lohrmann and Shamane Tan following the recent release of Cyber Mayday and the Day After: A Leader's Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions. Now available on Amazon - https://www.amazon.com/Cyber-Mayday-Day-After-Disruptions/dp/1119835305 From the Inside Flap Digital transformation and cyber insecurity converged spectacularly in recent years, leading to some of the highest profile network security failures in modern history. From the SolarWinds hack to the Colonial Pipeline ransomware event, these incidents dramatically highlighted the need for impactful and effective leadership through a crisis. In Cyber Mayday and the Day After, a team of veteran cybersecurity leaders delivers an incisive collection of stories, strategies, tactics, lessons, and outlooks from some of the top C-executive leaders around the world. Packed with insights from former FBI agents, NASA professionals, government Chief Information Security Officers, and high-profile executives, this book offers the practical examples and workable solutions that leaders need to succeed in the 21st century. Cyber Mayday and the Day After is a guide to the art of communication with senior stakeholders and how to effect cultural change within organizations to adapt to a new reality that includes ransomware, online deception, and nation-state hackers. You'll learn what you should know before a critical event occurs and what other executives wish they'd known before cyber crisis struck their organizations. You'll also discover how executive-level responses can make or break customer trust in your company. Finally, you'll explore how to utilize communication, coordination, and teamwork, as well as partnerships with vendors, law enforcement, and others, to tailor your crisis response for maximum damage mitigation. Cyber Mayday and the Day After is an eye-opening, need-to-read experience that's ideal for current or aspiring executives who seek to understand high-level leadership through a different lens. It's also the ideal resource for managers and other leaders who want to learn invaluable lessons in communication and leadership from veteran industry professionals. For a copy of Shamane Tan's first book - Cyber Risk Leaders - visit https://mysecuritymarketplace.com/books/cyber-risk-leaders-global-c-suite-insights-leadership-and-influence-in-the-cyber-age-by-shamane-tan/#cyberriskmeetup #cyberriskleaders #cybersecurity

This week we chat with the guy who served as the first CISO for the state of Michigan, Dan Lohrmann in May 2002. Today he serves as Chief Security Officer at Security Mentor, Inc. He has advised senior leaders at the White House, National Governors™ Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and non-profit institutions. He's a frequent author for GovTech and other blogs. Tune in to hear Dan's story of the time he nearly got fired and why his personal favourite is Yorkshire tea!  Guest Dan Lohrmann  LinkedIn: https://www.linkedin.com/in/danlohrmann/ (https://www.linkedin.com/in/danlohrmann/)  Twitter: https://twitter.com/govcso (https://twitter.com/govcso)   Highlights: 0:00 - Intros, Background & The Small Cybersecurity Family Cybersecurity is not for the feint of heart, but it's constantly fun and changing Y2K and Michigan Centralizing IT and creating the CISO role 8:09 - Applying Football to Career Siblings impact and influence Football is a lot like security Hockey analogy - Go to where the puck is going Leadership - Cuts across both personal and professional lives 14:45 - Getting "Fired" Dan was given a wifi project Staff Meeting - Dan and Teri Takai confrontation Lesson Learned: Get to YES and bring alternatives to business 22:22 - Importance of Relationships Build trust and relationships Go to lunch! Easy to say, but hard to do Have a good baseline and plan to get to goals Good leadership, relationships and partnerships are key to leadership success Final Thoughts: The Best is Yet to Come Yorkshire Tea is Dan's Favorite!

A conversation with Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc. – former CISO, CTO and CSO, State of Michigan. Dan Lohrmann is one of the brightest thought leaders when it comes to cybersecurity and government. Dan led Michigan government's cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan. During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.  

Recent events confirm that the US's critical infrastructure and supply chain are very vulnerable to ransomware attacks. What more can and should be done to keep them safe from ransomware? As NATO and the White House announce steps to crack down on bad actors, will it move the needle at all? Dan Lohrmann, CSO of Security Mentor, and formerly of State of Michigan and the NSA, joins the 401 team to discuss.

The CISO is often in a position where vulnerabilities are known and implementing a product may result in an insecure product. Should the CISO say ‘no we can't do that', or ‘figure out how to make it happen?' Join this podcast to learn how a CISO was faced with this dilemma where he was asked by the business to implement a technology, where he had stacks of whitepapers indicating the technology was insecure.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dan_Lohrmann_Article.pdf Lohrmann, D. 2019. CISOs Need to be Enablers of Business Innovation-Here Is How. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp23 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Listen in as U.S. state cybersecurity leaders discuss key topics: •  coming year priority projects •  the ransomware surge and preparing for security incidents •  their organization's security culture and training to deal with issues •  innovative, special projects they are most excited about moving forward Featured presenters on this podcast panel: •  Vinod Brahmapuram, CISO, State of Washington •  Deborah Blyth, CISO, State of Colorado •  Maria Thompson, former Chief Risk Officer, State of North Carolina •  Moderated by Dan Lohrmann, CSO, Security Mentor, and former CSO, State of Michigan Resource Links: •  Trend Micro CISO resource portal: https://www.trendmicro.com/en_us/business/campaigns/art-of-cybersecurity/ciso.html •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Our special guest this week is none other than the incredible Dan Lohrmann, Dan is an International Cybersecurity Thought leader and Industry recognized Voice, Chief Security Officer, Author, Blogger, and recently nominated as one of the Top 20 Cybersecurity Leaders of 2021.  He joins us to explain everything that happened around the Colonial pipeline Cyberattack, a brief insight into the attackers (Darkside), Ransomware as a service, how this is a taste of things to come, what the world needs to do to win the fight against Cyber Criminals.  you can read his latest blog on the topic at https://bit.ly/3yl4whV Thank you. 

All links and images for this episode can be found on CISO Series https://cisoseries.com/we-recommend-a-know-the-right-people-certification/ There are so many fantastic certifications out there for security professionals. But we've found the one certification that will really help you land the right job really quickly, is to provide proof that you know some people at our company who can vouch for you. Remember, we are a business that operates on trust, not giving people their first chances in cybersecurity. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest this week is Jesse Whaley, CISO, Amtrak Thanks to our podcast sponsor, Adaptive Shield Adaptive Shield ensures companies gain control over their SaaS app security and prevents the misconfigurations and vulnerabilities that could lead to a leak or breach. Adaptive Shield connects to any app, continuously monitors all configurations, provides a complete picture of the company's SaaS estate, and enables quick remediation of any potential threats. In this week's episode Why is everybody talking about this now? Should cybersecurity professionals fight back rather than block and tackle? former US government cyber security chief Chris Krebs, has called on law enforcement and others to fight back against ransomware attackers. Krebs, suggested posting private information of the hackers, with malicious intent, AKA doxxing. "Hacking back" is dangerous as it's hard to determine the attacker, and you're essentially taking the law into your own hands, but Chris Krebs is recommending this, seeing that ransomware is the biggest threat. Dan Lohrmann of Security Mentor shared this article from the Financial Times and it drove a lot of debate. We've heard this before, but from someone like Chris Krebs, that's astonishing. What level of fighting back should people be comfortable with? Are we having communication issues? "I push back [on vendors] because I want depth and context from first contact," said John Keenan, director of Information Security, at Memorial Hospital at Gulfport. In this post on LinkedIn he said he's annoyed with vendors' generic first outreach and when he declines their response is "Well, I had to give it a shot". If they want a real connection, include "What's In It for Me". A generic response of "I think you'll really like what we've got to show," does not qualify. Let's talk about who has ever received a first (or heck any) contact that did have depth and context and could clearly articulate the "what's in it for you" message. "What's Worse?!" This week's challenge is from Nir Rothenberg, CISO, Rapyd. How have you actually pulled this off? Hiring in cybersecurity is a bear. As we've discussed before on this show, there's actually plenty of supply and demand in cybersecurity, yet jobs are not getting filled, possibly because of unreasonable requirements. Let's talk about what percentage of all the ideal skills people are willing to accept in a new hire, and situations where someone was hired who didn't possess that must have-skill for the job. ? And also let's look at the most effective training or mentoring technique used to get employees to adopt those skills. Hey you’re a CISO. What’s your take? On Twitter, Alyssa Miller AKA @alyssaM_InfoSec asked: "You're the CISO, rank the priority of the following list from a security perspective and explain your reasons: A. A well-defined vulnerability management program B. A reliable configuration management database/Asset Inventory C. A comprehensive metrics and reporting practice. A slight majority voted BAC or asset management, vulnerability management, then metrics. But there was plenty of disagreement. Let's look at that.        

Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take today to reduce attacks, minimize damage, and decide if cyber insurance is really worth it. Resources: https://www.nomoreransom.org/ https://csrc.nist.gov/

  A discussion with Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc. – former CISO and CSO, State of Michigan. Dan Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan. During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.  

In a year unlike any other, holiday shoppers are dealing with changes as well. The tradition of a one-day Black Friday (and Cyber Monday) sale, has been replaced with a month-long drip of deals. Our guest Dan Lohrmann dubs this COVID-19-related change, "Cyber November." On this episode, Dan discusses why things have gone even more online than inline, and why that may lead to new cybersecurity concerns. He also goes over some tips for safe online shopping, and even touches on how the 2020 election went when it comes to security.You can find Dan's article on the holiday shopping season here: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/covid-19-turning-black-friday-into-cyber-november.html.And follow him on Twitter @govcso.In our Ransomware Reckoning segment, we highlight an attack against Capcom, maker of Resident Evil, Street Fighter, and more - and how the Japanese video game company made the best of a bad situation.Then, it's on to cyber news headlines, with stories on cybersecurity for tax pros & the financial sector, and even a warning about network security in space!Here are the headlines:Why Cybersecurity Should Mean Everything to Every Tax Prohttps://www.accountingtoday.com/opinion/why-cybersecurity-should-mean-everything-to-every-tax-professionalCheck Please: Adding Up the Costs of a Financial Data Breachhttps://securityboulevard.com/2020/11/check-please-adding-up-the-costs-of-a-financial-data-breach/Op-Ed: Space System Cybersecurity Challenges Ahead - Translating Policy to Practicehttps://spacenews.com/op-ed-space-system-cybersecurity-challenges-ahead-translating-policy-to-practice/And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Special guest Dan Lohrmann from Security Mentor and former advisor to the White House and Homeland Security joins Thycotic and Cybrary to talk election security. We cover topics from voting registration, mail-in voting, to in-person voting and even the fake news Americans will be bombarded with from now until election day. How do we - and more importantly, should we - feel confident in our election security?

This week, Dan Lohrmann offers an expert perspective. DAN LOHRMANN is the Chief Security Officer & Chief Strategist at Security Mentor Inc. Dan Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author. During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. Lohrmann led Michigan government's cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan. He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor's industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions. He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin and for four years as a technical director for ManTech International in a US/UK military facility. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow. He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana. Each week from his Zero Day Studios™, cybersecurity expert Scott Schober discusses the most terrifying and apocalyptic cyber scenarios including ransomware, breaches, identity theft, IoT device security and more with fellow experts to find out what keeps us up at night. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.

This week, Dan Lohrmann offers an expert perspective. DAN LOHRMANN is the Chief Security Officer & Chief Strategist at Security Mentor Inc. Dan Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author. During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. Lohrmann led Michigan government's cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan. He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor's industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions. He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin and for four years as a technical director for ManTech International in a US/UK military facility. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow. He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana. Each week from his Zero Day Studios™, cybersecurity expert Scott Schober discusses the most terrifying and apocalyptic cyber scenarios including ransomware, breaches, identity theft, IoT device security and more with fellow experts to find out what keeps us up at night. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/nytimes-critic-called-our-security-theater-unconvincing/) We tried to pull off the Hamilton of security theater and we fell short. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Shawn Bowen (@smbowen), CISO, Restaurant Brands International which handles restaurants such as Burger King, Popeye's, Tim Hortons, and Louisiana Kitchen. Thanks to this week's podcast sponsor GitGuardian. GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline. On this week's episode How CISOs are digesting the latest security news We recorded this episode on June 24th, just a five days after Trump's first rally in Oklahoma where purportedly TikTok fans en masse were able to register for Trump's rally and fool his entire staff into believing that 1 million people had registered and were planning to attend his rally. In the end, the arena was less than half full. We are all well aware that some cyber protests can cause serious damage, but does this one? Is this the kind of peaceful cyber protests that we should encourage or not encourage? Dan Lohrmann at Security Mentor posted this discussion and said no matter what political affiliation you're on this is a call for more cybersecurity because this will happen again. But is this the fault of Trump's cyber team or his social media team for not keeping an eye on TikTok? Why is everybody talking about this now? On AskNetSec on reddit, NoInterestingGuy, a college student starting his first internship at a security firm, posted he likes to participate in "extracurricular activities". He then asked, "If I were to get caught with a crime related to cyber security, would that impact my chances significantly of getting hired in the future for a security company?" The community almost resoundingly said, "Stop," but has Mike and our guest ever hired someone with a cybercrime past or caught an employee engaging in cybercrime? How did they handled it. Is there an "it depends" meter? We all do stupid stuff in college. What's Worse?! Is the unknowing always the worst? It's security awareness training time On CSO Online, J.M. Porup wrote a piece about five examples of security theater and how to spot them. Security theater refers to the practice having a show of implementing security where its effectiveness is in question. Some examples are purposefully complex passwords, checkbox compliance, and bad security awareness training. How do we spot security theater? Is there any value to security theater? What's the antidote? If it's in place, how do we eradicate it? What Is It and Why Do I Care? We played this game before and like the "What's Worse?!" game, the title pretty much explains it. I have three pitches from three different vendors who are all in the same category, Security Awareness Training. I have asked the reps to first, in 25 words or less, just explain their category. That’s the “What Is It?” and then for the “Why Do I Care?” I asked them to explain what differentiates their product or makes them unique also in 25 words or less. It is up to Mike and Shawn pick their favorite of each and explain why. I only reveal the winning contestants and their companies.

Our special 'Cyber Risk Leaders' book feature Dan Lohrmann is an ex-NSA and the first government CISO for the state of Michigan in the US. Dan also wrote the #pandemic playbook for #H1N1 back in 2009. Amongst other #CISO success and failure stories, Dan shared some learnings that can be applicable in today's COVID-19 context. Official website: https://www.cyberriskmeetup.com

Here's today's Buzz: “If you spend more on coffee than on IT security, you will be hacked…you deserve to be hacked” (Richard Clarke). “People are doing things on free Wi-Fi that are really alarming” (Doug Shadel). “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” (newton lee). “Hackers find more success with organizations where employees are under appreciated, over worked and under paid” (James Scott). “…the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided” (Art Wittman). “If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders” (Dan Farmer). We'll ask four experts about the future of Cybersecurity: George Rettas, Task Force 7 Radio; Dan Lohrmann, Security Mentor; Tom Pageler, BitGo; Andy Bonillo, Task Force 7 and Ciena. Join us for CyberSecurity Wars: Will Tech Help YOU or THEM?

Here's today's Buzz: “If you spend more on coffee than on IT security, you will be hacked…you deserve to be hacked” (Richard Clarke). “People are doing things on free Wi-Fi that are really alarming” (Doug Shadel). “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” (newton lee). “Hackers find more success with organizations where employees are under appreciated, over worked and under paid” (James Scott). “…the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided” (Art Wittman). “If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders” (Dan Farmer). We'll ask four experts about the future of Cybersecurity: George Rettas, Task Force 7 Radio; Dan Lohrmann, Security Mentor; Tom Pageler, BitGo; Andy Bonillo, Task Force 7 and Ciena. Join us for CyberSecurity Wars: Will Tech Help YOU or THEM?

All pictures and links for this episode can be found on CISO Series (https://cisoseries.com/we-take-privacy-not-our-ciso-seriously/) We're looking for the one company brave enough to say they don't care about privacy on the latest episode of CISO/Security Vendor Relationship Podcast. This episode was recorded live on June 6th at The B.O.B. in Grand Rapids, Michigan at the 2019 West Michigan IT Summit, hosted by C3 Technology Advisors. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@allanalfordinTX), principal consultant at Side Channel Security. Our guest for this special live recording is the former CISO/CSO/CTO of the state of Michigan, Dan Lohrmann (@govcso). David Spark and Allan Alford, co-hosts of Defense in Depth on the CISO Series network, and Dan Lohrmann, former CISO/CSO/CTO for the State of Michigan. Thanks to this week's podcast sponsors C3 Technology Advisors, Fuze, and Assured Data Protection. C3 Technology Advisors is a technology consulting firm that helps midsize to enterprise organizations make better technology buying decisions. With technology quickly changing, let C3 help you shift through all the disruption, noise, and sales pitches to allow you to make better technology buying decisions for your organization. Fuze is the #1 cloud communications and collaboration platform for the enterprise, combining calling, meeting, chatting, and sharing into a single, easy-to-use application. Designed for the way people work, Fuze allows the modern, mobile workforce to seamlessly communicate anytime, anywhere, across any device. Assured Data Protection provides backup and disaster recovery solutions utilizing Rubrik ‘as a Service’. They offer 24/7 global support, with expertise that truly sets them apart from other back up and DR service providers. On this week's episode Should you ignore this security advice? Yaron Levi, CISO of Blue Cross Blue Shield of Kansas City posed an interesting question, "Many people in security follow best practice without questioning them but in fact there are many BAD security best practices." Levi asks the LinkedIn community and I also ask our guests, "What do you consider a 'Bad Best Practice?'" How to become a CISO Aaron Weinberg, Kirlin Group, asks, "What would a CIO need to do to switch career tracks to being a CISO?" I'll add why would you want to do that? What's Worse?! We've got two rounds of questions and conflict on at least one of them. I tell ya, CISOs get no respect Brian Krebs of Krebs Security asked, "Why aren't CISOs often not listed on the executive page of a company website?" Krebs looked at the top 100 global companies and only found 5 that had a CISO listed. Of the NASDAQ 50, there were only three listed with a security title. But plenty had chief of human resources or chief marketing officers listed. One argument for the lack of front page visibility for CISOs is that companies value revenue centers over cost centers. Another argument is the reporting structure. That CISOs often report to CIOs. Is that why it's happening, or is it something else? Close your eyes. Breathe in. It’s time for a little security philosophy. A question on Quora asks you to participate in this little thought exercise, "If you knew all computers would be erased tomorrow by a worldwide virus, what steps would you take to protect yourself?" It's a little more involved than just unpluging your computer from the Internet. Why is this a bad pitch? I read a cringeworthy bad pitch and our CISOs respond. Listen to the end as I reveal something surprising about this very bad pitch. And now this… I burn through a stack of questions from the audience as we go into a cybersecurity speed round.

Find all the links and images on CISO Series (https://cisoseries.com/were-gonna-run-these-pen-test-exercises-until-you-turn-purple/) We learn to iterate our security stamina faster by bringing the attackers and defenders in the room together. We're seeing purple on this episode of CISO/Security Vendor Relationship Podcast. This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our guest this week is Matt Southworth (@bronx), CISO of Priceline, who was brought to us by our sponsor, Praetorian. Thanks to this week's sponsor, Praetorian As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts. Why is everybody talking about this now? Senator Elizabeth Warren's proposed bill, the Corporate Executive Accountability Act, would pave the way for criminal charges of executive wrongdoing that leads to some public harm, like a public data breach. Note, there needs to be proof of wrongdoing. This isn't designed to blame victims. Regardless, the cybercommunity lit up on this topic. Warren said that too many executives were walking away free with no penalty while the community were left to suffer. Is this the bill that's needed to put a check on breaches? Hey, you're a CISO, what's your take on this?' Priceline has been conducting purple team exercises with our sponsor Praetorian. We discuss the value in purple team efforts over all the other alternatives, like pen testing, red team/blue team exercises, and threat hunting reports. Plus, we discuss the cultural benefits of purple team exercises. What's Worse?! We get a consensus on a question about asset and risk management. How to become a CISO Question from the director of information security at a Fortune 100 company wants to know how to make the leap from his position to CISO. Pay attention, it’s security awareness training time Dan Lohrmann, CSO of Security Mentor and an upcoming guest on our live podcast we're going to be recording on June 6th in Grand Rapids, Michigan had a very interesting article on Peerlyst about avoiding the punishment angle of security training. He said his number one struggle in education is explaining how important security is at an individual level and that individuals understand the impact of their actions. At Priceline, Matt Southworth created a Security Champs program to extend the reach of his security team by training interested non-security coworkers about security. We discuss what this has done to improve culture, security, and help people understand the impact of their actions. Two-factor authentication, also called 2FA, is vital, and should be considered the default in online security, not a fancy option. In short, 2FA means that two separate identifiers are required to gain access to an account. These identifiers should come from: 1.) something only you know, like a complex password, and 2.) something physically separate that belongs to you like a phone that can receive SMS messages, a physical token, a time or location limited message, or something biometric, like a retinal scan or fingerprint. Currently the SMS message is the most popular “second factor,” but security analysts say this is still the weakest option. A better option is to use an approved app, or to partner with a cybersecurity company who can build one for you.

Dan Lohrmann, Chief Security Officer for Security Mentor appears on Episode #78 of Task Force 7 Radio to talk about his annual security predictions piece that he does every year for Government Technology Magazine. Lohrmann talks about the top ten security predictions for 2019, what predictions have already come true, and what we should expect to happen in the cyber security space moving into the future. Lohrmann also talks about what disagreements experts and vendors are having regarding the direction of cyber security into the future, what is top of mind for most public sector CIO's for 2019, and he reviews the Top Ten Priority List for the National Association of State CIO's. In the final segment, Lohrmann gives his thoughts on the cyber security talent shortage, the hardest jobs to fill, and how job seekers can obtain a position in cyber security. All this and much more on Episode #78 of Task Force 7 Radio.

Our guest today is known to many of you as “Lohrmann on Security” from his countless articles and blogs for “Government Security Magazine”. Dan which our host refers to in his introduction as “ENERGY” will impress everyone with his passion for the topic. It is easy to see why Dan was the CIO of the year during his days with the State of Michigan, and is so well known for his top followed blogging. If you are not inspired to jump into the public sector to lend a hand after hearing Dan, then probably nothing will get you excited. Dan has some great insight on ways to make local government more effective and secure, but definitely gives a positive perspective on how working for a State or local government has its perks. Visit our sponsors: Cyber Resilience Institute Internet Broadcasting Network Logic Central Online SecureSet Academy Murray Security Services

There's enormous potential using our genomes to solve medical problems. However, in order to get to that point, we need to collect our genomic data. There's a lot of opportunity, but with that comes a lot of new challenges. This time we're talking with Dan Lohrmann, an expect in cyber security. We wanted to know how our DNA data is protected, what potential threats there are if people get ahold of this data, and how we can protect and use it appropriately.

Companies that offer free services, like Facebook and Twitter, are for-profit companies. So where is the profit if the service is free?  It could be in an 'upsell' product, like LinkedIn, which means that some useful features are not available in the free version of the product and require a subscription fee to access. Another common profit model is to collect and sell your data, which is one of the ways Facebook makes money. My guest to discuss this issue, and many more, is Dan Lohrmann, Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. and an internationally recognized cybersecurity leader, technologist, keynote speaker and author. He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency.

How do we ensure that our power grids are secure? In this podcast IBM's Bob Stasio discusses this important question with industry experts Dan Lohrmann, Chief Strategist and Chief Security Officer at Security Mentor, Inc., Morgan Wright, Cyberterrorism and Cybercrime Analyst at Morgan Wright LLC, and Steven Collier, Director of Smart Grid Strategies at Milsoft Utility Solutions. Listen now to discover the challenges utilities face when trying to secure the power grid and how can they overcome them. To view a live demo on how to counter and mitigate threats more quickly, visit http://ibm.co/2nxhB2i. To read the Shamoon malware blog mentioned during the podcast, visit http://ibm.co/2mjJ3ji.

Episode 102 of our weekly live podcast is in the rear view mirror now, and even though we lost TEKSystems due to an illness, we had some seriously great conversations with our guests from Comcast and SecurityMentor.  We also got some information out about our new podcast network that launched last week, our upcoming events, what's going on with Comcast these days, how to best get people engaged about security in a way that matters, a whole variety of security related topics and stories illustrating the chaos going on nowadays and much, much more... Like we always do, our first segment dove into the news, events and stories that caught our eye over the past week.  We chatted through the really nasty exploit that showed up on Chrysler vehicles in certain years, our theory about Hulk Hogan and why certain news broke recently, the ridiculousness of the response from AshleyMadison's parent company, where LifeLock has also recently failed people, more about the OPM breach, some hilarity from Palm Beach Country where some local marijuana enthusiasts clearly don't understand how Twitter works and more. For our second segment, we dove in with Dan Lohrmann, formerly the Chief Security Officer for the State of Michigan, now with SecurityMentor.  He has some outstanding insights to share regarding the chaos with cars getting hacked, what really goes into a data breach, how people can protect themselves, what the company does in order to teach best practices in a fun and engaging manner and more. In segment three, we chatted with Michelle Gilbert, VP of Public Relations for Comcast Cable Heartland Region.  From what Comcast is doing to improve customer relations out to what's on the horizon with Comcast's services, this was a pretty good discussion if you want to hear how the company some people love to hate actually has going on that might change your opinions.  Really great talk, and super grateful that she came on the air with us. Segment four was our usual wrap up of topics from earlier in the night, a few news items we hadn't touched on yet, and a little doubling back to make sure we hit all of the topics we wanted to hit. [soundcloud url="https://api.soundcloud.com/tracks/216919864" params="color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false" width="100%" height="166" iframe="true" /] Check out SecurityMentor at http://www.securitymentor.com/ Hit up Comcast at http://www.Comcast.net As always, we can be found: On the web: http://www.ITinTheD.com On Meetup: http://www.meetup.com/ITintheD/ On LinkedIn: https://www.linkedin.com/groups?gid=91763 On Facebook: http://www.facebook.com/ITintheD  On Twitter: http://www.twitter.com/ITintheD