Podcasts about issa journal

This week on Ask A CISSP, we have an interview with Kayne McGladrey, Field CISO at Hyperproof. In this very entertaining episode, we'll learn Kayne's amazing cybersecurity "origin story" and discuss the need for more diversity of culture and thought within cybersecurity. We'll also go into upcoming Federal and State policy and how he and his team have developed the tools necessary to keep up with the future of Governance, Risk, and Compliance. Don't miss out! Please LISTEN

Stepping into an executive leadership role, in a male-dominated field, and scaling to a 400+ employee organization is no easy feat that comes with incredible lessons. In this episode, Claudio and Bernadette welcome Avani Desai, CEO at Shellman, the largest niche CPA firm in the world that focuses on technology and security assessments, and discuss the invaluable wisdom gained over the years regarding leadership and managing scale and growth. Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance, and privacy. Avani's primary focus is on emerging healthcare issues and privacy concerns for organizations. Named one of the 2017 Global Leaders in Consulting by Consulting Magazine, she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more publications.Connect with Avani:Website: https://www.schellman.com/LinkedIn: https://www.linkedin.com/in/avani-d-596366/Twitter: https://twitter.com/AvaniDeWatch this episode on YouTube: https://www.youtube.com/watch?v=y1J-XJaaHQoThis episode is sponsored by GFG Solutions. Follow GFG Solutions: https://www.instagram.com/gfgsolutions/Follow Bernadette: https://www.instagram.com/the.band.tee.ceo/

Keyaan J. Williams is the Founder and Managing Director of CLASS-LLC, a professional services firm that delivers governance, risk, privacy, and cybersecurity solutions to critical industries and government agencies throughout the world. Prior to CLASS-LLC, he managed large security programs at the U.S. Centers for Disease Control and Prevention (CDC). A founding member of the Private Directors Association Association Atlanta Chapter, he currently serves as the chair of the Cyber Strategy Retreat Advisory Board, chair of risk committee for a global non-profit, and strategic advisor for start-ups and early-stage organizations. In addition to public speaking and standup comedy, his insights are documented in the Certified CISO Body of Knowledge, The Language of Cybersecurity, Using Security Metrics to Drive Action, CISO Magazine, the ISSA Journal, and the Crisis Response Journal. Tune in to hear Keyaan answer these questions: You said, "most people are doing cybersecurity wrong." What is the right way to do cybersecurity and what should people focus on? What is the #1 cybersecurity concern that businesses should address? Is cyber insurance a good tool to protect the business from data breaches and security incidents? The news talks about cyber threats related to the war in Ukraine. Does this affect us here in the United States? What should I do if I am affected by ransomware in my personal life or my business? Full Show Notes: https://www.epresence.me/what-are-cyber-attacks-and-how-can-you-protect-your-business

What You’ll Learn From This Episode: Why investing in security is a MUST How to make sure not to focus on compliance but on good practice Why leadership and governance are the solution to most security problems Related Links and Resources: My free gift is a community gift. There is an organization called 'The Center for Internet Security', they're a global organization, they have well-defined practices, it’s www.cisecurity.org. To get to me directly, they can email me at keyaan.williams@class-llc.com or you can go to the website www.class-llc.com Summary: Keyaan Williams is the Founder and Managing Director of Cyber Leadership and Strategy Solutions (CLASS-LLC), a professional services firm that helps global clients with cybersecurity strategy risk management, and workforce development. His reputation for leadership was established when he led the operational transformation of the Information Systems Security Association (ISSA) as the President of the International Board of Directors, and he has also been recognized for his service in the U.S. Army Chemical Corps. Keyaan has contributed to many books and publications including The Language of Cybersecurity, Using Security Metrics to Drive Action, CISO Magazine, the ISSA Journal, and the Crisis Response Journal. Here are the highlights of this episode: 1:32 Keyaan’s ideal Client: You read my bio, and it sounds like we're only working with very large companies but my ideal client really is small to medium size business. 66% of SMBs fail after having a data breach or a cyber-attack. So, my personal preferences are to work with those smaller businesses to help them stay in business. 2:03 Problem Keyaan helps solve: All businesses struggle understanding what security means, part of that is the security industry. People in this profession talk in technical terms and they have a hard time transitioning or translating that information into a business decision. So, one of the things that I help do is, it goes back to the old school decision support systems; where I tell people what they need to know so that they can make an inform decisions as one to benefit your organization and lead them to success. 2:51 Typical symptoms that clients do before reaching out to Keyaan: What's interesting is that, industry research says that it takes 9 months, 270 days for a mature organization to determine or to identify that they have a breach, or that they have some kind of cyber-attack. Because the attackers are very stealthy and their intention is not to get caught unless you're dealing with ransom lawyer. The objective of the business owner, regardless of the size of the business, is to make sure that they don't focus on compliance but they focus on good practices that are going to protect the organization. And then they invest in 'incident response' so that when a problem is found, they fix it as quickly as possible and get back to normal. 3:45 What are some of the common mistakes that folks make before finding Keyaan and his solution: There's two categories that answers the question. If the company is investing in security, most companies only invest in obligations that are define by a regulation or a contract. If you go back two years, 90% of the data breaches that have happened where in companies that were compliant with their regulations. So, it highlights the compliance is not the answer to the problem, it's the bear minimal. The other problem is that some companies don't invest in security or whatsoever. The National Association Corporate Directors identified that 61% of corporate executives will ignore security concerns to achieve a business outcome. But security concerns and failures in that area put 66% of companies out of business, so there's a mismatch between what's driving the business owner and the things they need to put in place to stay in business. 4:53 Keyaan’s Valuable Free Action (VFA): One of the best things that you can do is understand your envir...

What You'll Learn From This Episode: Why investing in security is a MUST How to make sure not to focus on compliance but on good practice Why leadership and governance are the solution to most security problems Related Links and Resources: My free gift is a community gift. There is an organization called 'The Center for Internet Security', they're a global organization, they have well-defined practices, it's www.cisecurity.org. To get to me directly, they can email me at keyaan.williams@class-llc.com or you can go to the website www.class-llc.com Summary: Keyaan Williams is the Founder and Managing Director of Cyber Leadership and Strategy Solutions (CLASS-LLC), a professional services firm that helps global clients with cybersecurity strategy risk management, and workforce development. His reputation for leadership was established when he led the operational transformation of the Information Systems Security Association (ISSA) as the President of the International Board of Directors, and he has also been recognized for his service in the U.S. Army Chemical Corps. Keyaan has contributed to many books and publications including The Language of Cybersecurity, Using Security Metrics to Drive Action, CISO Magazine, the ISSA Journal, and the Crisis Response Journal. Here are the highlights of this episode: 1:32 Keyaan's ideal Client: You read my bio, and it sounds like we're only working with very large companies but my ideal client really is small to medium size business. 66% of SMBs fail after having a data breach or a cyber-attack. So, my personal preferences are to work with those smaller businesses to help them stay in business. 2:03 Problem Keyaan helps solve: All businesses struggle understanding what security means, part of that is the security industry. People in this profession talk in technical terms and they have a hard time transitioning or translating that information into a business decision. So, one of the things that I help do is, it goes back to the old school decision support systems; where I tell people what they need to know so that they can make an inform decisions as one to benefit your organization and lead them to success. 2:51 Typical symptoms that clients do before reaching out to Keyaan: What's interesting is that, industry research says that it takes 9 months, 270 days for a mature organization to determine or to identify that they have a breach, or that they have some kind of cyber-attack. Because the attackers are very stealthy and their intention is not to get caught unless you're dealing with ransom lawyer. The objective of the business owner, regardless of the size of the business, is to make sure that they don't focus on compliance but they focus on good practices that are going to protect the organization. And then they invest in 'incident response' so that when a problem is found, they fix it as quickly as possible and get back to normal. 3:45 What are some of the common mistakes that folks make before finding Keyaan and his solution: There's two categories that answers the question. If the company is investing in security, most companies only invest in obligations that are define by a regulation or a contract. If you go back two years, 90% of the data breaches that have happened where in companies that were compliant with their regulations. So, it highlights the compliance is not the answer to the problem, it's the bear minimal. The other problem is that some companies don't invest in security or whatsoever. The National Association Corporate Directors identified that 61% of corporate executives will ignore security concerns to achieve a business outcome. But security concerns and failures in that area put 66% of companies out of business, so there's a mismatch between what's driving the business owner and the things they need to put in place to stay in business. 4:53 Keyaan's Valuable Free Action (VFA): One of the best things that you can do is understand your envir...

In a dynamic conversation with two thought-leading guests, Mamady Konneh and Chip Harris — this episode covers how to stay cyber defended while working remotely because of the COVID-19 pandemic. We review our article published by the ISSA Journal which covered 6 key cyberlearning from 2019. We talk at length about media disinformation identification and avoidance tips, ransomware avoidance tips, cyber hygiene education, IAM best practices in the increased work from home context, CIO/CISO strategy, and supply chain and vendor cyber risk management — in the context of cyber or health disaster planning and response. Mamady Konneh is a senior information security professional, speaker and mentor with 10+ years of relevant experience in security, risk management, and project management in the healthcare, finance, and retail industries. He is a dynamic team player who leads by taking initiatives in developing efficient risk mitigation and situational awareness tactics. He is proficient at assessing the needs of the business and providing the tools to resolve challenges by enhancing the business process. He holds an MSST (Master of Science in Security Technologies) degree from the U of MN where he researched global I.D. card best practices for the country of Guinea. Chip Harris has an extensive background in government and business InfoSec engineering and red team planning and operations — with over 25 years of experience designing and managing IT systems. His expertise is in identifying and solving problems by delivering projects and solutions. His experience includes serving as the IT lead and project manager within the business unit, evaluating system performance, helping business leaders and non-technical clients understand how technology can improve workflow, developing and enforcing standard IT practices, and ensuring IT compliance with regulations such as NERC CIP, PCI, GDPR, HIPAA, and SOX. He has a Ph.D. in Cyber Security and Cyber Operations from the United States War College, a Masters in Cyber Security and Cyber Crime from the United States War College, and a Bachelors in Computer Science and Animation from Memphis College of Art. He has the following certifications: MCE, MCSE, NCE, MCSA, MCM, MCT, Security +, SUSE Novell Linux, Open SUSE Enterprise, Ubuntu Server Admin, PICK WMS, Backtrack 5, Netools 5, Dell Kace 3000 and 1000, IBM Q-Radar, Carbon Black, Tenable Security Suite, Dark Trace, Q-Radar, IBM Guardium, OWASP, Check Point, RHL, Kali Linux Certified, C|EH, C|PT, C|HFI, CCE, GIAC Rated, Barracuda, and he is even Tripwire Certified. More information on Abstract Forward Consulting can be found here. Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.

In this episode: Cam Williams, Founder & CTO at OverWatchID is our guest this week. News from: Google, Xactly, Gates, Red Canary, LogRhythm and a lot more! Colorado = Security is always a bull market Google is hiring in Colorado (Xactly too). In the blockchain Colorado trusts. Time to mentor. Gates IPO went pretty well. Red Canary's founder hits Forbes. A blog from LogRhythm. And a spotlight on our friend Gail Coury. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Did you catch our trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Google to hire thousands in 9 states (including Colorado) Colorado eyes blockchain to secure government data, legal pot New Cybersecurity Bill - "CONCERNING THE USE OF CYBER CODING CRYPTOLOGY FOR STATE RECORDS" Invest in You: Are you ready to be a mentor? Silicon Valley software firm Xactly expands in Denver Gates says IPO raised nearly $800 million As Featured in Forbes: CEO Brian Beyer on 2018 Cyber Security Trends Integrating Threat Intelligence to Keep up with Today’s Cyberthreats Gail Coury featured in ISSA Journal this month (page 12) Job Openings: Holland & Hart - Information Security Officer BP - Security Architect Arrow - Security Architect - Applications QEP Resources - IT Security Analyst Red Sky Solutions - Senior Systems Engineer Burwood Group - Sr. Network Security Consultant Kivu - Associate Director Kivu - Analyst SecureSet - Vice President of Educational Products and Programming Optiv - Director Content Strategy CyberGRX - Content Marketing Manager Upcoming Events: This Week and Next: Nederland Library - Cyber Security for the Individual - 2/13 ISSA Denver - February Chapter Meetings - 2/13-14 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 2/15 DenSec - North Meetup - 2/15 ISACA - February Meeting - Active Defense: Why Duck when you can Hit back? - 2/15 OWASP Boulder - Automating Offensive and Defensive CyberOps with John Grigg - 2/15 ISSA COS - Mini seminar - 2/17 CSA - February Meeting - 2/20 ISSA COS - February Meetings - 2/20-21 ISSA Denver - Happy Hour - 2/21 CTA - Day at the Capital - 2/21 Other Notable Upcoming Events SnowFROC - 3/8 C-Level @ Mile High - 3/15 Rocky Mountain Information Security Conference - 5/8-10 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Jack Freund, the guest of my latest podcast, is the co-author of a book with Jack Jones on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach). This book was inducted into the Cybersecurity Canon in 2016. The Cyber Security Canon is a Hall of Fame for IT Security books. The founder Rick Howard has been a previous guest on this podcast. Some of the links that I really like from this episode are Jack’s presentation called “Assessing Quality in Cyber Risk Forecasting”, his most recent article in the ISSA Journal that I love called “Using Data Breach Reports to Assess Risk Analysis Quality”. You will be able to find all links and show notes at redzonetech.net/podcast This episode is sponsored by the CIO Scoreboard Major take-aways from this episode are: 1. Elevate Your IT Security Risk Communication Game using Data Breach reports to Inspire Action in the Business 2. How to use Risk Data so that the business becomes more comfortable with uncertainty 3. New Refreshing perspectives on presenting IT Security Risk to the business 4. Predicting and Forecasting likelihood and frequency of events happening into your risk analysis 5. How to Use External Data Breach Sources of competitors and non-competitors to build your risk cases. About Jack Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups. Jack has been awarded a Doctorate in Information Systems, Masters in Telecom and Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations. Jack's academic credentials include being named a Senior Member of the ISSA, IEEE, and ACM, a Visiting Professor, and an Academic Advisory Board member. Find transcript here How to get in touch with Jack Freund LinkedIn profile Twitter Key Resources: Jack’s personal blog and website The Risk Doctor Books/Publications Jack’s book Measuring and Managing Information Risk: A FAIR Approach inducted into the Cyber Security Canon Hall of Fame – Books every cyber security professional should read ISSA Journal Article , Feb 2016, that has links to important external data sources for risk analysis: (see page 21) Assessing Quality in Cyber Risk Forecasting Presentation  Article in ISACA  “Cloudy with a chance of risk” This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

Shmoocon - if you go, say hi to Anatoly and DougYes this is Episode #40 - #39 will be part of the 'lost episodes' special sometime in the future!TJX data breach doubles from 45.6MM to 94MM accountsPandemic wargame exposes gaps in financial service firms' disasterPhishing scheme cons grocery chain out of $10MM, lawsuit revealsEuropean banks remain complacent about compliance and security, surveySwitzerland Tells Antipiracy Group Tactics Violate LawAnalysis: Rogue Trader at Societe Generale Leads to $7 Billion Fraud-Related LossMan Files Patent For Taser-Proof Clothing ISSA JournalHostsGene Naftulyev, CISSPDoug Landoll, CISSP