POPULARITY
Insightful coaching session with Brian Doyle from VCIO Toolbox, listeners are introduced to the concept of "Governance as a Service" and how it can significantly impact and enhance the Managed Service Provider ecosphere. Brian explains the importance of governance in the security and compliance sectors, particularly in building a cybersecurity culture that increases cyber insurance viability and meets regulatory requirements. With the rising attention to governance in updates from frameworks like NIST CSF and CIS, organizations need a structured approach to ensuring cybersecurity and compliance efficacy. Throughout the episode, Brian discusses the essential components of an effective governance service including policy development, risk management, compliance monitoring, and data governance. He accentuates the role of MSPs in facilitating these processes, helping clients navigate regulatory landscapes such as CMMC, HIPAA, and ISO standards. Listeners will learn valuable strategies for enhancing client MSP relationships through stakeholder engagement, training, and continuous improvement, ultimately driving new recurring revenue streams for their business. Tools like VCIO Toolbox's Cybranch GRC platform are highlighted for their efficacy in supporting these initiatives. Key Takeaways: Governance as a Critical Component: Governance plays a crucial role in cybersecurity, facilitating compliance, reducing audit workloads, and mitigating security risks, making it a valuable service offering for Managed Service Providers (MSPs). Evolving Regulatory Landscape:** Frameworks like NIST CSF 2.0 and CIS have shifted focus heavily towards governance, underscoring the importance of having robust governance systems to adhere to compliance requirements. Continuous Improvement and Client Engagement: Proactively maintaining policies, engaging with multiple stakeholders, and fostering a cybersecurity culture can streamline governance processes and strengthen client relationships. Maximizing MSP Tools and Resources: Utilizing technologies and frameworks effectively can help ensure clients meet their cybersecurity objectives with increased efficiency. Emerging Opportunities in Vendor Management: MSPs can further integrate governance services by managing vendor and supplier risks, providing comprehensive security and compliance solutions to clients. Show Website: https://mspbusinessschool.com/ Host Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/ Sponsor vCIOToolbox: https://vciotoolbox.com
Show Website: https://mspbusinessschool.com/ Welcome to another engaging episode of MSP Business School, where your host Brian Doyle dives into the pressing issue of cyber insurance claims, which shockingly sees over 40% rejected, posing significant threats to businesses. In this fireside chat, Brian navigates through the core challenges MSPs face when dealing with cyber programs for their customers, urging them to build robust security and governance frameworks to minimize risks and ensure their claims are payable during security incidents. In this episode, the transcript illuminates how MSPs can enhance their cybersecurity offerings by focusing on accurate application processes, comprehensive policies, and improved risk management strategies. By implementing frameworks like NIST CSF or CIS, MSPs can better serve clients, ensuring that gaps are identified, and risks mitigated effectively. Brian stresses the value of multifaceted cybersecurity programs, from human capital considerations to architecture, tools, and advisory services, offering insightful strategies to build resilient client partnerships and establish themselves as trusted advisors in the C-suite. Key Takeaways: Cyber insurance claims see a 40% rejection rate, often due to inaccuracies in insurance applications. Creating a culture of cybersecurity through detailed policies, user training, and risk assessment is crucial for businesses. MSPs are encouraged to adopt a governance layer, leveraging frameworks like NIST CSF, to facilitate comprehensive risk management profiles. Emphasizing the role of VCISO, MSPs should assist clients in developing strategic cyber programs addressing architecture, tools, training, and compliance. Ensuring robust incident management and cybersecurity defense programs can safeguard against both immediate threats and long-term reputational damage. Host Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/ Sponsor vCIOToolbox: https://vciotoolbox.com
Cos'è il NIST Cybersecurity Framework e perchè è importante conoscerne le linee guida? Quali sono le novità introdotte con l'ultima versione? In che modo il whitepaper AWS può aiutare a navigare il NIST CSF? Oggi ne parliamo con due colleghi di AWS, Carmela Gambardella (Senior Solutions Architect) e Francesco Grande (Partner Solutions Architect).Link utili:- Aligning to the NIST Cybersecurity Framework in the AWS Cloud
Shay Colson is a Co-founder and Managing Partner at Intentional Cybersecurity, a risk assessment and strategic advisory firm. After spending his early career as a security engineer for the US Government, he worked for a global consulting firm. In this episode… The evolving cyber landscape constantly presents new challenges that require businesses to elevate their cybersecurity posture. With the release of NIST CSF 2.0, organizations now have a stronger framework to guide their approach, focusing on governance as a critical function. This addition emphasizes the importance of integrating cybersecurity as a core business function rather than treating it as a siloed IT function. How can organizations adapt to this evolving landscape while improving resilience and reducing risk? Governance now leads NIST CSF 2.0 as the primary function, emphasizing the importance for organizations to clearly define cybersecurity ownership, responsibilities, and decision-making processes. Organizations need to move beyond treating cybersecurity as a technical issue to recognizing it as a core business function. And, as threat actors become more sophisticated and leverage AI to accelerate cyber attacks, businesses need to adopt governance models that promote agility, resilience, and proactive risk management. This means integrating security and privacy frameworks into business operations. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Shay Colson, Managing Partner and Co-founder of Intentional Cybersecurity, about the critical role governance plays in building cyber resilience. Shay explains how companies can use frameworks like NIST CSF 2.0 to implement scalable cybersecurity strategies without overextending their resources. He also shares insights on the intersection of security and privacy, AI-driven risk assessments, and why focusing on the basics is essential before adopting advanced solutions.
In this weeks episode brought to you by Smithtek, we're joined by Gavin Dilworth, a leader in cybersecurity at Assessment Plus who provides valuable insights into protecting critical infrastructure from cyber attacks, the importance of the Purdue model, and the impact of sophisticated industrial malware. Learn about cybersecurity standards like IEC 62443 and NIST CSF, and why effective risk management is crucial. This episode covers practical strategies for OT and IT collaboration, password management, and future trends involving AI and machine learning. ------ 00:00 Introduction to Unplugged: An IIoT Podcast 00:30 Meet Gavin Dilworth: Cybersecurity Expert 01:41 Challenges of Adhering to IEC 62443 04:52 Alternative Frameworks: NIST CSF for Beginners 07:05 Importance of Cross-Departmental Collaboration 10:14 Cybersecurity Gaps Among Process Engineers 12:36 Real-World Vulnerabilities and Examples 15:42 The "When, Not If" Approach to Cybersecurity 18:29 Cybersecurity Trends in Different Regions 20:44 OT vs. IT: Shifting from Isolation to Connectivity 23:12 Evolution of the Purdue Model in Network Security 26:18 Understanding Public Key Infrastructure in OT 28:46 Challenges of Implementing Security Controls in OT 32:15 The Role of AI and ML in Cybersecurity 36:08 Importance of Resiliency and Redundancy 39:21 Real-World Attack Examples and Lessons Learned 42:37 Positive Changes and Ongoing Challenges in Cybersecurity 45:18 Engaging OT Engineers in Cybersecurity Processes 48:05 Practical Solutions for Improving Industrial Cybersecurity 51:26 Final Thoughts on Cybersecurity Best Practices ------------------------------- This Episode Is Brought To You By Smithtek. Smithtek provides turn-key hardware and software for remote monitoring and control, supporting a wide range of industrial protocols and offering a web-based SCADA system. Designed and built in Perth, Western Australia, their solutions make asset management easy for industries like agriculture, mining, and automation, ensuring reliable and real time control. Smithtek is committed to providing reliable, Australian-made solutions for remote asset management. Our systems are designed to be intuitive and adaptable, making integration with existing infrastructure straightforward. We prioritize simplicity in user experience, ensuring that our technology is accessible for all levels of technical expertise. For more information, visit http://www.smithtek.com.au. ----------------- Connect with Gavin on LinkedIn: https://www.linkedin.com/in/gavin-dilworth/ Connect with Phil on LinkedIn: https://www.linkedin.com/in/phil-seboa/ Connect with Ed on LinkedIn: https://www.linkedin.com/in/ed-fuentes-2046121a/ About Industry Sage Media: Industry Sage Media is your backstage pass to industry experts and the conversations that are shaping the future of the manufacturing industry. Learn more at: http://www.industrysagemedia.com
Navigating FTC compliance can be a daunting task which C3 Complete can help you through. Jonathan Cox, VP of Information Security can guide you on building a cybersecurity program that aligns with the latest FTC mandates while providing guidance for creating templates for policies, procedures, and controls that align with both FTC requirements and NIST CSF. Speak to Jonathan further via C3-Complete.com.
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising. Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs. Guest Socials: Lukasz's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:00) A bit about Lukasz (04:32) Security Challenges for Tech First advertising company (05:16) Security Challenges for Retail Industry (06:00) Difference between the two industries (07:01) Best way to build Cybersecurity Program (09:44) NIST CSF 2.0 (13:02) Why go with a framework? (16:26) Which framework to start with for your cybersecurity program? (18:33) Technical CISO vs Non Technical CISO (25:37) The Fun Section Resources spoken about during the interview: NIST CSF 2.0 CIS Benchmark ASD Essential Eight Mapping between the frameworks https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0 https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight Verizon Data Breach Investigations Report (DBIR) Lukasz Woodwork Channel BSides Melbourne
Emily speaks with cybersecurity expert Terry Zimniak about balancing security spending with business development and the importance of penetration testing and backup plans. Terry shares insights from his shift from technical roles to overseeing security, including how strategic partnerships like Ascension Health's acquisition come with risks. They also discuss the role of frameworks like NIST CSF and the growing threat of AI in phishing and deepfake scams.Links Mentioned:Terry Zimniak's WebsiteCybersecurity Frameworks and Guides: ◦ NIST Cybersecurity Framework ◦ FTC Cybersecurity Guidance for Small BusinessesClarity Call with EmilyFree Resources:Strategic Planning Checklist Chief of Staff Skills Assessment ChecklistA Day in the Life of a Chief of StaffChief of Staff ToolkitGet in touch with Emily:Connect on LinkedInFollow on YouTubeLearn more about coaching Sign up for the newsletterClarity Call with Emily Who Am I?If we haven't yet before - Hi
Today, we will dive into the next episode of the Navigating Cybersecurity Series, explaining the NIST Cybersecurity Framework 2.0 step by step. Listen to experts Larry Zorio and Jeramy Cooper-Leavitt as they explore the third core function of the NIST CSF: Protect. The Protect core function supports an organization's ability to secure its assets by reducing the likelihood and impact of adverse events while increasing its ability to take advantage of opportunities successfully.
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.
Guest: Justin Daniels, WSJ & USA Today Best Selling Author, Shareholder/Corporate M&A and Tech Transactions Attorney, Baker Donaldson [@Baker_Donelson]LinkedIn: https://www.linkedin.com/in/justinsdaniels/Host: Dr. Rebecca WynnOn ITSPmagazine
Life changing books, defining your core problems, the Apple updates, and much more... ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
On today's episode, we return to the IJIS Cybersecurity Working Group for their next installment of the Navigating Cybersecurity Series. We're excited to welcome back Larry Zorio, Chair of the Working Group and valued Working Group member Jeramy Cooper-Leavitt, as they explore the second core function of the NIST CSF framework, identify. The Identify Core Function is the foundational step designed to help organizations develop an understanding of their cybersecurity risk management processes, assets, data, capabilities, and risk appetite. Let's hear from Larry and Jeramy as they lay the groundwork for effective cybersecurity risk management.
In episode 91 of Cybersecurity Where You Are, Sean Atkinson is joined by Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®).Together, they discuss what you need to know about the release of CIS Controls v8.1.Here are some highlights from our episode:01:17. What you can expect to see in version 8.1 of the Controls06:19. How CIS Controls v8.1 helps you to integrate other governance structures09:23. How version 8.0 and version 8.1 of the Controls differ14:19. What goes into creating a new version of the Controls21:06. Which resources you can use to guide your implementation plan26:39. A sneak peek into the development of version 9.0ResourcesFollow Charity on LinkedInCIS Critical Security Controls v8.1CIS Critical Security Controls v8.1 Change LogHow to Construct a Sustainable GRC Program in 8 StepsCIS Controls v8.1 Mapping to NIST CSF 2.0CIS Critical Security Controls NavigatorEpisode 87: Marking 11 Years as a Verizon DBIR ContributorCybersecurity at Scale: Piercing the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
On this episode of Compliance Unfiltered - It's finally here! NIST Cybersecurity Framework 2.0 has finally been released and the CU guys are going to give you the full breakdown. What's new? What's different? What is going to make the biggest difference in the way you approach NIST CSF? All these answers and more on this week's Compliance Unfiltered!
The NIS2 implementation deadline is upon us. Next October, the member states of the European Union and the organizations operating within their territories will need to adapt to this directive. If you work in cybersecurity and still don't know how to start this adaptation process or what needs to be taken into account to meet the deadline, don't worry. We've gathered three specialists to guide us through the process. Throughout this episode, Morten Eeg Ejrnæs Nielsen, Wathagi Ndungu, and Gennady Kreukniet engage in a dialogue with our host Matt Beran about NIS2 implementation and its primary challenges. Morten Eeg Ejrnæs Nielsen is an Advisor and Public Speaker on Information Security and Compliance. He currently serves as Security Advisor at Globeteam, where he does maturity assessments using NIST CSF, risk assessments based on the ISO27005 methodology, NIS2 implementation, GDPR counseling, auditing data processors, and internal audits. He has also worked teaching in NIS2 and GDPR. Wathagi Ndungu is the Security Expert Group Manager within ZEISS Group, which includes driving & enabling ZEISS-wide implementation for the European Union NIS2 Directive. She also served as a Responsible AI Consultant and Data Protection expert at the same company. Prior to this, she worked in Data Protection Compliance at Engel & Völkers Technology GmbH. Gennady Kreukniet is the CISO & Senior OT Security Consultant at Applied Risk (a DNV Company). Before this, he served first as Digital Innovation Consultant and then Senior Consultant at DNV.
In this episode, Ryan Williams Sr. demonstrates how to build a GPT (Genitive Pre-trained Transformer) using OpenAI's ChatGPT. He walks through the four steps of creating a GPT and shows how to optimize it. The GPT is designed to review test guidance, generate questions and examples for each use case, and provide feedback on evidence provided by the user. Ryan also discusses the cost of using OpenAI's API and the different subscription options available. 1.0 Instructions This GPT will review the attached guidance. It will then read each of the capabilities and generate questions with examples for each use case-specific guidance to test if the organization meets all TIC 3.0 guidance. Expect the input to be the title of the capability, and you will provide example questions as the output. 1.1 Instructions 1. This GPT will review the attached guidance. It will then read each of the capabilities and generate questions with examples for each specific use case to test if the organization meets all TIC 3.0 guidance. Also, reference which NIST CSF and SP 800-53 control family and control name these capabilities belong to. Expect the input to be the title of the capability, and you will provide example questions as the output. In addition to your response, also provide your output in the form of an Excel spreadsheet. 2. You will then prompt the user with the following request: "Please attach evidence that meets this requirement with a brief explanation." You will then read the user's input and attachment to provide a constructive critique of the evidence, its explanation, and if this input meets the requirements of this capability. Please LISTEN
On today's episode, we welcome back Larry Zorio, Chair of the IJIS Cybersecurity Working Group, and introduce the newly appointed Working Group Vice-Chair, Major Brendan Hooke, from Fairfax County Police Department. For the second episode of the Navigating Cybersecurity series, Larry and Major Hooke will discuss the first core function of the NIST CSF framework entitled “Govern”. They will provide a deep dive into the importance for agencies to develop risk management strategies and craft, communicate, and monitor effective policies. Learn about the best practices and how to combat the ongoing barrage of cyber-related issues.
Guest: Rick Howard, Chief Security Officer for N2K, Chief Analyst and Senior Fellow for The CyberwireOn LinkedIn | https://www.linkedin.com/in/rickhoward/Website | https://thecyberwire.com/YouTube | https://www.youtube.com/channel/UCIC1L2vbbyotqEF0ZLhaOdwHost: Dr. Rebecca WynnOn ITSPmagazine
It is always a pleasure when we get to sit down with Jax Scott. This time we talk about cybersecurity trends and how businesses can improve their security posture. Jack also discusses the impact of AI on cybersecurity and how organizations can protect themselves. She also highlights the importance of cybersecurity frameworks like NIST CSF and how they can help businesses improve their security. Connect with Jax: https://www.linkedin.com/in/iamjax/ Visit Outpost Gray: https://outpostgray.com/ Read about The Jax Act: https://soaa.org/jax-act-speaker-johnson/ Check out 2 Cyber Chicks: https://www.youtube.com/playlist?list=PL4Q-ttyNIRAoh9knXDoS-8BzjYyA5r3yP Visit Shortarms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter/X: https://twitter.com/ShortArmSAS
It is always a pleasure when we get to sit down with Jax Scott. This time we talk about cybersecurity trends and how businesses can improve their security posture. Jack also discusses the impact of AI on cybersecurity and how organizations can protect themselves. She also highlights the importance of cybersecurity frameworks like NIST CSF and how they can help businesses improve their security. Connect with Jax: https://www.linkedin.com/in/iamjax/ Visit Outpost Gray: https://outpostgray.com/ Read about The Jax Act: https://soaa.org/jax-act-speaker-johnson/ Check out 2 Cyber Chicks: https://www.youtube.com/playlist?list=PL4Q-ttyNIRAoh9knXDoS-8BzjYyA5r3yP Visit Shortarms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter/X: https://twitter.com/ShortArmSAS
Guest: Mike Shanko, Former Chief Information OfficerOn LinkedIn | https://www.linkedin.com/in/shanko/Host: Dr. Rebecca WynnOn ITSPmagazine
The National Institute of Standards and Technology, or NIST, just issued version 2.0 of its Cybersecurity Framework (CSF), which emphasizes supply chain risk management and puts the C-Suite at the heart of cybersecurity management activities with the new “Govern” function.Today's guest, Cy Sturdivant, cybersecurity expert, certified information systems auditor and director at FORVIS Consulting, will help us get a handle on the important changes and their impact on businesses.The NIST CSF 2.0 signals big shifts in cybersecurity, so you'll want to stick around and learn what it means for you!Learn how Overwatch Managed Cybersecurity Services keeps you ahead of cyberthreats: https://www.highwirenetworks.com/services/managed-cybersecurity/Interested in NIST CSF 2.0? Learn more: https://www.nist.gov/cyberframework To get more cybersecurity news from High Wire Networks, visit: https://www.highwirenetworks.com/news-events/ To learn more about the Cybersecurity Simplified Podcast and to browse previous episodes, visit:https://www.highwirenetworks.com/cybersecurity-podcasts/Have an inquiry or topic request, reach out to: podcast@highwirenetworks.com#nistcsf #cybersecurity #cybersecurityframework
Dive into the tech industry with The TechTual Talks latest episode, "How to GET into TECH as FAST as POSSIBLE with no EXPERIENCE." Host Henri and tech expert Markeisha unlock the secrets to forging a successful tech career from scratch in this engaging 2-hour guide.Loaded with SEO-rich content, this episode cuts through the noise and offers actionable advice on breaking into fields like cybersecurity, data analytics, and product management. Whether you aim to master certifications, climb the networking ladder, or pivot from help desk to network security, Techtual Chatter is your go-to resource.We delve into data analytics skills, the value of Sec Plus in government roles, and innovative uses for AI scripting tools. Discover career paths in enterprise security, vulnerability management, and more, with a special focus on certifications like NIST CSF and the Blue Team Level One.Find out how positioning your LinkedIn profile can catch a recruiter's eye, negotiate salaries like a pro, and why internships can make all the difference. Hear true stories about tech bootcamps, resume pitfalls, and the importance of soft skills—all tailored for those new to the tech scene.Join Henri and Markeisha as they explore the tech job market, stressing hands-on experience, continuous learning, and personal branding. Techtual Chatter is where tech curiosity meets expert knowledge, helping you pick the right stepping stones toward your tech career.Subscribe to Techtual Chatter on your favorite podcast platform for weekly insights that equip you to break into tech. Turn your commute into a lesson in tech mastery today! #TechPodcast #TechCareer #Cybersecurity #DataAnalytics #CloudComputing #TechtualChatterConnect with MarKeisha: https://www.linkedin.com/in/markeishasnaith?UDeserveIT Consulting https://udeserveitconsulting.com/utm_source=share&utm_campaign=share_via&utm_content=profile&utm_medium=ios_appJoin my mailing List: https://mailchi.mp/techualconsulting.com/sign-upGet my Breaking into cybersecurity ebook: https://techualconsulting.com/digitalproductsSupport the showIf you enjoyed the show don't forget to leave us a 5 star review, to help with the algorithm :) Email: henridavis@thetechtualtalk.com➡️ Need coaching help then go here (ask about our financing)⬇️https://techualconsulting.com/offerings➡️ Want to land your first IT Job? Then check out the IT course from Course careers use my link and code Techtual50 to get $50 off your course ⬇️https://account.coursecareers.com/ref/50932/➡️ Need help getting into Cybersecurity for a low price then check out Josh Madakor's Cybersecurity course at Leveld Careers and use my code TechTual10 to get 10%off your course. ⬇️https://www.leveldcareers.com/a/2147530874/RuqjrBGjIf you want a high paying role in the cloud then click here⬇️https://Levelupintech.com/techStop data brokers from exposing your information with Aura!Click the link below to try out Aura's FREE 14 day trial and see if your personal information has been compromised
Mark Sangster, cybersecurity author and expert, is the Chief of Strategy at Adlumin. In this episode, he joins host Heather Engel to discuss the latest updates and advancements in cybersecurity frameworks and best practices, focusing on the recently released Version 2.0 of the widely adopted NIST Cybersecurity Framework, or CSF. Cyber Tide is a Cybercrime Magazine podcast series brought to you by Adlumin. Working to revolutionize the way organizations secure sensitive data, Adlumin finds the newest cracks being exploited and shines a light on correcting the issue in real-time, with expert guidance. To learn more about our sponsor, visit https://adlumin.com
Guest: Jo Peterson, VP of Cloud and Security Services for Clarify360 [@Clarify360]On LinkedIn | https://www.linkedin.com/in/jopeterson1 Host: Dr. Rebecca WynnOn ITSPmagazine
Craig Petronella, CEO of Petronella Technology Group dives into the complexities of the Cybersecurity Maturity Model Certification (CMMC). We discuss the inception and necessity of CMMC within the defense sector, its evolution from NIST standards, and the challenges of self-attestation. The conversation also touches on the financial aspects of compliance, strategies for efficient adherence, and the potential role of AI. Additionally, Petronella offers valuable insights for cybersecurity aspirants and resources for navigating CMMC compliance.
Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/ In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-351
Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/ In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-351
In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Show Notes: https://securityweekly.com/esw-351
In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components) Nevada AG trying to get messaging decrypted for children, to "protect them" Kelly Shortridge's response to CISA's secure development RFI OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity Instacart spews out crappy AI recipes and photos Show Notes: https://securityweekly.com/esw-351
Today's Friday Op-Ed is my opinion on this week's release of the NIST Cyber Security Framework v2.0. Needless to say, I have some thoughts. And I placed many of them in this article on my substack: https://cyburguy.substack.com/p/nists-cyber-security-framework-v20. Please subscribe or find me on LinkedIN. I am open to dissenting opinions. Have a good weekend.
Guest: Bob Chaput, Founder and Executive Chairman of the Board of Clearwater SecurityOn LinkedIn | https://www.linkedin.com/in/bobchaputWebsite | https://clearwatersecurity.com/Host: Dr. Rebecca WynnOn ITSPmagazine
In this edition of The Future of Cybersecurity Newsletter, we explore how CISOs can enhance their cybersecurity strategies by adopting aviation survivability fundamentals. This approach offers a fresh perspective on risk assessment, system resilience, and continuous improvement, drawing parallels between the structured rigor of aviation safety and the dynamic field of cybersecurity.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.
About this episode In this episode, Kip Boyle and Jason Dion discuss the importance of cybersecurity in the current digital landscape and focus on comparing two different standards: The NIST Cybersecurity Framework and the CIS Top 18. The NIST Framework was created to assist organizations in becoming cyber resilient and offers an adaptable and comprehensive approach to cyber risks. The CIS Top 18, on the other hand, provides an actionable and practical checklist of controls that is prioritized and sequenced. Both of these frameworks provide us with cybersecurity measures that can be used for different applications. They can be used individually, or they can work together by complementing each other in a comprehensive cybersecurity strategy. It is important to realize that the CIS Top 18 can end up being quite expensive for smaller organizations to operate, though, which is why many people are choosing the NIST CSF instead. You should always consider various factors, such as organizational size and specific needs, the type of threats faced, and the budget available for implementation when selecting the framework for your organization. Relevant websites for this episode The NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframework The 18 CIS Critical Security Controls - https://www.cisecurity.org/controls/cis-controls-list Other Relevant Episodes EP 62 – The NIST Cybersecurity Framework EP 79 – Mid-Career Transition Success Story with Steve McMichael EP 83 – Automating NIST Risk Management Frameowrk with Rebecca Onuskanich
What does good look like? ISSA Keynote by Brian Haugli, CEO, SideChannel Cybersecurity program goals are often centered around the comparison to sector peers, “best practices”, and “reasonable controls”. These terms and approaches leave much ambiguity in an industry that's seeking defined, focused expectations on outcomes. While most acknowledge the existence of frameworks like NIST CSF or CIS Controls, many programs are not actually built to them. We see them, yet we do not use them. This keynote will discuss the pragmatic approach to building frameworks backed and standards-based cybersecurity programs while not campaigning for purely compliance. It will cover the areas required to prioritize within an open framework, govern after it's implementation, and how to report its effectiveness to leadership in a way they will understand the risks addressed. Slides: https://sidechannel.com/wp-content/uploads/ISSA-Keynote-2023-Brian-Haugli.pdf --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support
Howdy, y'all, and welcome to The Cyber Ranch Podcast! Our guest is Geoff Hancock, Deputy CEO and CISO for Access Point Consulting, Former Global Director and CISO over at World Wide Technology. He's also a Senior Fellow and Adjunct Professor at George Washington University and has held various C-suite and executive roles at Verizon, CGI Federal Advanced Technology, Microsoft, and Advanced Cybersecurity Group. Yup! Another well-established guest. But wait! There's more! Geoff has been involved in the creation and maintenance of the NIST CSF – the cybersecurity framework whose current version (1.1) dictates more security programs on Planet Earth than any other framework, and whose new version (2.0) will soon be ratified and finalized. 2.0 DRAFT and request for comments have already come out and the comments period is now closed. I asked Geoff to join us here at the ‘Ranch to talk CSF 2.0 with us: Tell us about your history and relationship with NIST CSF Let's talk briefly about the role of frameworks in cybersecurity. I'm thinking of the “compliance != security” mantra here. 0 vs 1.1 – what are the highlights? GV (Govern) Function added Implementation Examples (Long overdue IMHO!) What else? Changes to categories – 2 less overall, but other changes as well… I was glad to see supply chain called out in specific. That was overdue. What else was overdue? What should have been in there that is not? Describe the process if you would for generating a CSF – we have already seen draft and call for public feedback. What's next? Y'all be good now!
Navigating the Cybersecurity Seas: Why a Strong Baseline is Your Best Compass in Highly Regulated IndustriesIn highly regulated industries, cybersecurity isn't just a practice, it's a necessity. My new blog explores how frameworks like NIST CSF, ISO, and OWASP can be game-changers.Diving into the CISO Mindmap - A series providing increased clarity into the role of a CISOI wanted to pay homage to the work of **Rafeeq Rehman** and the CISO Mind Map https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/ so with the approval of Rafeeq; I will take an overview or summary of the different areas.Posted: https://substack.cpf-coaching.com/p/diving-into-the-ciso-mindmapFollow https://substack.cpf-coaching.com for more our the CISO Mind Map SeriesSponsored by CPF Coaching LLC - http://cpf-coaching.comMentioned in this episode:Thank you to CPF Coaching for SponsoringThank you to CPF Coaching for Sponsoring
Howdy, y'all, and welcome to The Cyber Ranch Podcast! We're joined today by Jacqueline (AKA “Jack”) Powell, CISO at Allianz Life and former Deputy CISO at Hanes. She has also consulted, and has worked at Chevron, General Dynamics, and SACI. Jack has an illustrious career! Jack is here today talking with Allan about the new SEC regulations about cybersecurity. For our listeners, the final version of the SEC ruling came out in late July, and publicly traded companies in America have 5 months to comply. Mid-December is when the switch gets thrown… Topics covered in this show: The new ruling and tell me its highlights Disclosure Risk Management Board expertise What are the implications of the disclosure rules? What are the challenges businesses face? What tools can be leveraged? It seems that “materiality” is the key term upon which all of this pivots. That term has definition and precedence in financial circles, but how is a cybersecurity professional to interpret it? What are the implications of the Risk Management rule? If you work with a cybersecurity framework like NIST CSF, for example, you've already got at least the basics in place? And now we get to Board Expertise… CISOs are all anticipating getting board roles overnight, but it's not that easy. NACD in conjunction with CISA put some material together. How should CISOS prepare themselves to be ready for a possible board role?
Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
What's going to be in version 2 of the NIST Cybersecurity Framework? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
The 2020 Armenian war with Azerbaijan called into action over 100 volunteer incident responders from across the country (and the globe) into action. Our guest for this segment was one of the leads during the 40-day conflict and helped organize teams that responded to everything from websites being attacked and country-wide Internet outages. In the Security News: You should read the NIST CSF, JTAG hacking the original Xbox, tricked into sharing your password, attacking power management software, the vulnerability is in the SDK, tearing apart printers to find vulnerabilities, a pain in the NAS, urllib.parse is vulnerable, hacking the subway, again, how not to implement encryption from OSDP, Intel does a good job with security, and hacking card shuffling machines! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-795
In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-316
Guest: Ryan Leirvik, CEO of Neuvik [@Neuvik]On LinkedIn | https://www.linkedin.com/in/leirvik/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity podcast, host Sean Martin discusses the fundamentals of risk management in cybersecurity with Ryan Leirvik, author of "Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program." The conversation centers around the importance of understanding risk management in cybersecurity, categorizing assets, and identifying what's important to the business versus what's important to the individual. They also discuss the need to use frameworks like NIST-CSF to define and categorize risks and the importance of responding quickly to active threats and having a plan in place for recovery. Sean and Ryan provide practical advice for creating a sustainable cyber program that prioritizes risk management and explain how to set the stage for conversations about cybersecurity with stakeholders. Overall, the episode provides valuable insights into risk management in cybersecurity and how to prioritize and protect critical assets.ABOUT THE BOOKWhen it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner's guide lays down those foundational components, with real client examples and pitfalls to avoid.A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.Who This Book Is ForCISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: