Podcast appearances and mentions of phyllis lee

In episode 113 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security® (CIS®); Adam Bobrow, Co-Founder and President of Veribo Analytics; and Sridevi Joshi, Co-Founder and CEO of Veribo Analytics. Together, they discuss how the Business Impact Analysis tool created by CIS and Veribo Analytics empowers individuals and organizations to use cyber risk prioritization as a basis for their ransomware defense strategy.Here are some highlights from our episode:04:35. Background on the impetus for the tool's development07:57. How our understanding of cybersecurity risk differs from other areas of risk12:21. Insight into Sridevi's learning process about cyber risk prioritization as a technologist18:23. How the development process of the Business Impact Analysis tool got underway21:05. What went into the process of translating the goal into tooling31:34. Reflections on the tool's reception and what's nextResourcesCIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0CIS Controls Self Assessment Tool (CIS CSAT)SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies4.3 Establish a Bureau of Cyber StatisticsFAIR: A Framework for Revolutionizing Your Risk AnalysisReasonable CybersecurityHow to Measure Anything in CybersecurityEpisode 107: Continuous Improvement via Secure by DesignEpisode 105: Context in Cyber Risk QuantificationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Ep 247 Paul Jones Career Deep Dive Paul Jones started his career in Steve Nelson's United Shoot Wrestling Federation. Heath Herring, Evan Tanner and Ali Elias are a few of the names that he worked out with on his way to fighting in the UFC. Paul's career has some of the most stringent MMA experts debating exactly how good he was.; an alternate Olympic wrestler and a world champion Sambo player it comes with no surprise that he has dominant wins over Erik Paulson, Heath Herring and  Sanae Kikuta. Paul Jones life, career and mindset are all on display with this interview. Ep 247 Paul Jones Career Deep Dive 0:00 Lytes out intro0:19 guest introduction0:32 interview start 0:34 overall fight record 1:01 fighting Heath Herring in tournament finals4:47 Early beginnings in MMA 6:42 Boys Ranch Texas high school11:45 Paul Jones vs Steve Faulkner “canceled bout” 14:55 Dealings with John Perretti 16:12 transitioning to full time fighter 17:38 Paul Jones vs Jeff Zastro 20:14 Paul Jones vs Erik Paulson22:25 getting invited to compete on TUF 424:17 expectations going into Erik Paulson fight 26:58 experience with Evan Tanner 28:32 leg lock defense during Erik Paulson fight 30:04 training with Ali Elias31:56 avoiding injuries during fight career 32:41 Paul Jones vs Erik Paulson in Japan 34:23 Paul Jones vs Juan Mott 35:49 USWF outdrawing the UFC 37:58 going on the Jerry Springer show 39:15 Paul Jones vs Sanae Kikuta42:22 Phyllis Lee 42:44 Paul Jones vs Larry Parker43:09 Paul Jones vs Flavio Luiz Moura46:21 Paul Jones vs Chuck Lidell50:26 being accepted as a fighter by friends and family 52:07 career highlights 53:53 favorite career moment 55:29 finishing off fight career 57:51 regrets during fight career 1:00:14 current life 1:02:32 first and last time drinking Alcohol1:07:15 Igor Zinoviev 1:08:19 scouting talent at the boys ranch 1:10:28 Coach Craig Kimberland arrested for murder 1:12:13 Andy Anderson 1:12:49 interview wrap up 1:13:05 outro/ final thoughts Subscribe to the Lytes Out Podcast:https://www.youtube.com/@LytesOutClipsSocials: Facebook -https://www.facebook.com/groups/1027449255187255/?mibextid=oMANbwInstagram - https://www.instagram.com/lytesoutpodcast/iTunes - https://podcasts.apple.com/us/podcast/lytes-out-podcast/id1568575809 Spotify - https://open.spotify.com/show/3q8KsfqrSQSjkdPLkdtNWb Mike - The MMA Detective - @mikedavis632 Cash App - $mikedavis1231Venmo - Mike-Davis-63ZELLE: Cutthroatmma@gmail.com / ph#: 773-491-5052 Follow the #LOP team on Instagram: Chris - Founder/Owner - @chrislightsoutlytle Mike - MMA Detective - @mikedavis632 Joey - Assistant - @aj_ventitreTyson - Producer - @ty.green.weldingAndrew - Timestamps - @ambidexstressAndy - Social Media Manager - @martial_mindset_Outro song: Power - https://tunetank.com/t/2gji/1458-power#MMA #UFC #NHB #LytesOutPodcast #LytesOut #MixedMartialArts #ChrisLytle #MMADetective #MikeDavis #MMAHistory #OldSchoolMMA #FiftyFightClub #MMAPodcast #FightPodcastSupport the show

With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function.Co-hosts:Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Brian Blakely: https://www.linkedin.com/in/bblakley/Eric Woodard: https://www.linkedin.com/in/eric-woodard/Sponsored by Right of Boom cybersecurity conference: https://www.rightofboom.com/

EP 223 Adrian Serrano Before the UFCAdrian Serrano is a legend within the early No Holds Barres era of MMA. With almost 150 fights, Adrian Serrano recalls traveling all over the world fighting  under a limited rule set. Special Thank You to Jake Klipp for connecting us and helping preserve this very important piece of Mixed Martial Arts history Adrian Serrano BEFORE the UFC Ep 2230:00 Lytes out intro0:19 guest introduction0:35 interview start 0:40 plugs/ promotions1:30 beginnings in MMA3:07 learning the history of Sambo 4:28 Ron Tripp 5:26 Adrian Serrano vs Ray Brinzer 8:28 Igor Zinoviev vs Mario Sperry 10:17 fights missing from record 12:04 Adrian Serrano vs Roger Mendosa15:47 pay for Roger Mendosa fight18:13 early training partners 23:15 training Greta Hicks24:01 cornering Rob Smith25:21 thoughts on Rampage Jackson 25:50 Cancelled bout with Jason Guida 29:57 story about a show at the Silver Slipper33:37 building a team 34:12 getting a call from Monty Cox 35:40 competing in a 4 man tournament 36:40 Adrian Serrano vs Dennis Reed37:37 locker room during 199738:52 4 man tournament that took 2 days 42:02 Adrian Serrano vs Dave Strasser43:09 training with Marc Laimon 49:29 Dave Strasser rematch49:59 getting invited to compete in ADCC53:49 training with Fabiano Iha 54:25 Adrian Serrano vs Dave Menne 59:03 Adrian Serrano vs Kiuma Kunioku1:00:34 getting mistaken for Bas Rutten 1:03:02 Adrian Serrano vs Ikuhisa Minowa1:03:29 Jason DeLucia1:04:53 experience with Phyllis Lee 1:06:57 United Shoot Fighting 8 man tournament 1:09:05 Adrian Serrano vs Bart Guyer1:09:25 Adrian Serrano vs Wanderlay Silva1:10:38 experience fighting in Brazil1:12:11 Brian Madden1:12:54 Adrian Serrano vs Jermaine Andre1:14:00 Duke Roufus comments 1:17:06 Arian Serrano vs Toby Imada1:20:14 Adrian Serrano vs Keith Wisniewski1:20:57 Adrian Serrano vs Jim Theobald1:21:50 getting the call from the UFC1:22:14 Adrian Serrano vs Shonie Carter1:23:42 thoughts on John Perretti as a match maker 1:25:53 Reese Shaner1:26:04 Ron Faircloth 1:26:50 having a skin eating disease1:28:31 reason for not competing in shooto tournaments 1:30:50 Adrian Serrano vs Joe Doerkson1:31:18 Adrian Serrano vs Mauricio Zingano1:32:37 career highlights 1:35:24 promoter Jason Steele1:36:44 Travis Fulton 1:38:04 Henry Matamoros1:39:11 Rich Kostuck1:39:31 Eric Snyder1:39:44 Brian Fowler1:40:23 Jordan Griffin1:40:35 Bob Schemer fight rumor 1:40:53 Adrian Serrano vs Carlson Gracie Jr1:41:24 interview wrap up 1:48:06 not fighting Shonie Carter at the Tropicana 1:57:20 outro/ final thoughts Subscribe to the Lytes Out Podcast:https://www.youtube.com/@LytesOutClipsSocials: Facebook -https://www.facebook.com/groups/1027449255187255/?mibextid=oMANbwInstagram - https://www.instagram.com/lytesoutpodcast/iTunes - https://podcasts.apple.com/us/podcast/lytes-out-podcast/id1568575809 Spotify - https://open.spotify.com/show/3q8KsfqrSQSjkdPLkdtNWb Mike - The MMA Detective - @mikedavis632 Cash App - $mikedavis1231Venmo - Mike-Davis-63ZELLE: Cutthroatmma@gmail.com / ph#: 773-491-5052 Follow the #LOP team on Instagram: Chris - Founder/Owner - @chrislightsoutlytle Mike - MMA Detective - @mikedavis632 Joey - Assistant - @aj_ventitreTyson - Producer - @ty.green.weldingAndrew - Timestamps - @ambidexstressOutro song: Power - https://tunetank.com/t/2gji/1458-power#MMA #USupport the Show.

In episode 84 of Cybersecurity Where You Are, co-host Tony Sager is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss the notion of reasonable cybersecurity. They begin by providing some background about reasonableness in cybersecurity and identifying the problem we need to solve — namely, the lack of a definition of reasonableness around which organizations can build their cybersecurity program. They then discuss how a definition for reasonable cybersecurity needs to include security best practices that are doable. They conclude by exploring how CIS's work around this topic may influence its content development going forward.ResourcesFollow Brian and Phyllis on LinkedInReasonable Cybersecurity GuideReasonable CybersecurityCIS Critical Security ControlsCIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those recordings to reflect on IT operational challenges and the need to balance different interests in education organizations, including K-12 schools and higher education institutions. They also highlight commonalities that present not only opportunities for collaboration in the education sector but also instances where CIS can help advance cybersecurity in education through the content it produces.ResourcesFollow Phyllis on LinkedInCybersecurity for Educational InstitutionsEpisode 71: Advancing K-12 Cybersecurity Through CommunityThe Cost of Cyber Defense: CIS Controls IG1CIS Critical Security Controls Version 8U.S. Cyber ChallengeIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing  is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other.Sponsored by: Hacket Cyber and post game interview with Founder James Carroll.  Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels.  https://hacketcyber.com/partner/James Carroll LinkedIn: https://www.linkedin.com/in/jchax/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they've had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.Our sponsor: Exigence (https://www.exigence.io) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops. The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. ​ It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time.Contact Noam here: noam@exigence.io Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data.  NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.**Jim Manico at minute 52:40 - do not miss!!**Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here: https://manicode.com/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training.

Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8.  This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of  continuous improvement  that involves people, process, and technology.  Service providers  need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks.

Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization's network infrastructure.  Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers.MSPs should ensure that their teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure.

This week, Xavier Salinas, CTO, and David Rushmer, Director of Threat Research, welcome Phyllis Lee, Senior Director of Controls at the Center of Internet Security. Phyllis talks about the Center's mission to provide best security practices for small, medium, and large organizations and to serve the underserved. Phyllis discusses the details of working with small and medium enterprises, and the amazing response the Center has had from the community. She talks with them about the misconceptions about security industries, and why we need to set standards across the board for organizations to integrate globally. Phyllis gives her thoughts on indicators of compromise vs. behavior, and why it's so crucial for people to focus on the intent.  

Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes.  Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11Prioritize your data and come up with a data recovery plan.Protect your backed up data. (See Control 3: Data Protection.)Practice and Test restoring your data.Restore your data after any compromise. 

Abstract: With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients.   Malware defenses must be able to operate in a dynamic environment through automation, timely and rapid updating, and integrate with other processes like vulnerability management and incident response.  Anti-Malware technologies have become an after thought in many organizations, a technology that they've always had, always used, and never really thought about.  Effective malware protection includes traditional endpoint malware prevention and detection suites, along with enrichment from vendor, vulnerability or threat data. 

This week's show is entitled, "Marketing in a Crypto World" and my guest is Phyllis Lee, SVP, Marketing at Manifold Group Tune in to hear more about navigating marketing experiences in a crypto world, while learning about: The differences and implications between B2B Marketing in Web2 vs. Web3 How blockchain technology affects digital advertising and go-to-market standpoints Bridging the gap between web2 users and web3 during a transition How privacy plays a role in the crypto world Listen in now for this and MORE, watch the video or read the transcript on the Heinz Marketing blog starting 4/11/22 - 6am PST (search "Phyllis Lee").  Sales Pipeline Radio is produced by Heinz Marketing. I interview the best and brightest minds in sales and Marketing.  If you would like to be a guest on Sales Pipeline Radio send an email to Sheena@heinzmarketing.com. For sponsorship opportunities, contact Cherie@heinzmarketing.com 

Abstract: Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization.  Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to your MSP or client's business.  Since email and web are the main means that users interact with external and untrusted users and environments, these are prime targets for both malicious code and social engineering.

Abstract: Log collection and analysis is critical for an organization's ability to detect malicious activity quickly.  Sometimes audit logs are the only evidence of a successful attack.  Attackers know that many organizations keep audit logs for compliance purposes, but rarely analyze them.   Due to poor log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing.  In this episode, learn about using logs in incident management, analyzing what to log and the numerous factors to establish a successful audit log management process.Sponsor: Blackpoint Cyber interview with Travis Brittain, Director of Product Enablement. Logging & Compliance: https://blackpointcyber.com/logic/Travis Brittain: https://www.linkedin.com/in/tbrittain/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Note we discuss Log4j as this is a very timely topic to this control. Abstract: Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources. Sponsor: CyberCNS interview with Shiva Shankar, CTO & Founder at minute 45:22.Learn more here: https://www.cybercns.com/ (free trial)Shiva Shankar: https://www.linkedin.com/in/shivashankarj/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment.  There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the organization, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as the one they use for an online account which was compromised in a public password dump.  Listen as our hosts break down the people, process and technology to implement effective and secure account management.Sponsor: Appgate interview with Tina Gravel, SVP Channels and Alliances at minute 37:20. Learn more here: https://www.appgate.com/ Tina Gravel: https://www.linkedin.com/in/tinagravel/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded  in applications for scripts, a user having the same password  as one they used for an online account.  Learn how CIS Control 5 can mitigate some of the most common ways  credentials are compromised.Sponsor: Keeper Security interview with Marcia Dempster, Sr. Director of Channel Sales at minute 48:21.  Learn more here: https://www.keepersecurity.com/Marcia Dempster: https://www.linkedin.com/in/marcia-dempster-03280914/Sponsor: CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite)Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract:  Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vulnerability, they quote: "Database exposures have become alarmingly common in recent years as more companies move to the cloud, and the culprit is usually a misconfiguration in the customer's environment."   https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databasesSponsor: ThreatLocker interview with CEO, Danny Jenkins at minute 31:58.  Learn more here: https://www.threatlocker.com/Sponsor: CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite)Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

In this episode, I was joined by Andrew Morgan, founder at The Cyber Nation, and Rachel Rovegno, sales business development manager at Cisco. The Cyber Nation is a community built specifically for MSPs and MSSPs. Andrew is a cybersecurity focused solution strategist who has worked previously at ConnectWise, Logic Monitor and TruMethods. Rachel is responsible for leading the global orchestration and execution of Cisco's partner managed services and security go to market strategy. We talked about the current cybersecurity market for MSPs, and the two types of MSP Andrew has identified. Rachel explained how Cisco work to keep their clients safe, and the importance of community. We also discussed the way cybersecurity has changed in recent years, the questions MSPs should ask their vendor partners, and what opportunities cybersecurity presents to MSPs. Mentioned in This Episode https://www.thecybernation.com/feed (The Cyber Nation) https://www.cisco.com/ (Cisco) The CyberCall https://www.thecybercast.com/ (The CyberCast) https://www.crowdcast.io/e/threat-modeling-workshop (Threat Modeling Workshop) https://wildwesthackinfest.com/antisyphon// (Black Hills Information Security Training) https://www.linkedin.com/in/wesspencer/ (Wes Spencer) https://www.linkedin.com/in/ryanweeks/ (Ryan Weeks) https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ (Phyllis Lee) https://www.linkedin.com/in/kelvintegelaar/ (Kelvin Tigelaar) https://www.linkedin.com/in/johnhammond010/ (John Hammond)

Dr. Vicki Fishlock Ph.D. is a Resident Scientist, at The Amboseli Trust for Elephants (https://www.elephanttrust.org/), an organization that aims to ensure the long-term conservation and welfare of Africa's elephants in the context of human needs and pressures, through scientific research, training, community outreach, public awareness and advocacy, and which is involved in the longest-running study of wild elephants in the world. Dr. Fishlock joined The Amboseli Trust for Elephants (ATE) in January 2011 to study social disruption and recovery in elephant families after the terrible 2009 drought. Her work focuses on leadership and negotiation in the face of risk, as well as the very long-term social dynamics. Prior to working at ATE in Kenya, Dr. Fishlock studied Western gorillas and forest elephants in the Republic of Congo, where she earned her Ph.D. under the supervision of Prof. Phyllis Lee, examining the use of forest clearings as social arenas for elephants. Dr. Fishlock previously graduated with first class honors in Zoology from the University of Edinburgh. After graduation, she worked as a research assistant at Chester Zoo on behavioral and hormonal indicators of welfare in captive orangutans. Dr. Fishlock is also an Honorary Research Fellow at the University of Exeter.

Abstract: There is a cybersecurity saying; “you can't protect what you don't know about.”  Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any strategy for protection would be inherently incomplete and ineffective.Note sponsors are at the end at minute 28:30 The Why might an MSP want to listen?  Most MSPs only capture 50% of the assets on a client's network.Min 2:30 - 8:46 (Ryan Weeks, CISO of Datto discusses)Importance of asset management.What defines an asset.What defines good asset management.What are common assets missed in an MSPs inventory.Min 8:47 - 16:06  (Wes Spencer, CISO of Perch Security)The repercussions of poor asset management.Importance of Asset Management, as it pertains to Incident Response.How asset management help with IR plans & Tabletops.Min 16:08 - 23:05 (Brian Blakely, Fractional CISO of Cosant Cybersecurity)What your policy statement should include.Learn the importance of Data Flow Diagrams (DFDs).Control objectives and standards MSPs need to consider.Asset considerations on the Right & Left side of "Boom".Min 23:06 - 28:30 (Phyllis Lee, Sr. Director of Controls for CIS)Why CIS and most frameworks start with asset management.The progression of sub-controls as an organization moves from IG1 - IG3 in CIS.What actionable steps should MSPs take to successfully implement Control 1 & 2.Sponsors:Center for Internet Security:  Phyllis Lee (28:30 - 30:58)CSAT Pro - learn more here: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/Netalytics Security:Shiva Shankar (31:00 - 38:50)CyberCNS: https://www.cybercns.com/

Resources:What are the CIS ControlsLearn more about CIS Controls v8Free Webinar | May 18, 2021: Sign up to hear about all the changes to the CIS ControlsFrequently Asked QuestionsIn this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Randy Marchany and Phyllis Lee. Marchany is the Chief Information Security Officer (CISO) at Virginia Tech, and Lee serves as Senior Director of the CIS Controls. The connection between the two guests is the CIS Controls – a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.Highlights:History of the CIS ControlsGuiding principles for CIS Controls v8CIS Controls ecosystemPractical implications for the Controls and real-world applicationsCIS Controls life cycleRemember to subscribe to get the latest cybersecurity news and updates to Start Secure and Stay Secure.

Google reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based.In this episode, learn how MFA maps to the different security frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Note: Sponsors Cisco Duo and Center for Internet Security (CIS) are at the end of the episode starting at minute 26:00.msp@duo.com to sign up for Duo NFR.https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/andrew@thecybernation.com - Andrew Morgan (host)Co-hosts: Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/ Brian Blakely: https://www.linkedin.com/in/bblakley/Consant Cybersecurity: https://cosant.com/

Professor Phyllis Lee is the director of science for the Amboseli Elephant Research Project, which was started in 1972 by Cynthia Moss and is the longest running study of wild elephants anywhere in the world. Phyllis has been carrying out field research on animal behavior since 1975 and has been studying the elephants of Amboseli since1982. She has collaborated with a number of researchers working on forest and Asian elephants as well as primates from around the world and she is the author of over 80 journal publications. In this episode we speak about what has been learned through this long-term study of individual wild elephants and what is still unknown. We speak extensively about the wide range of behaviors elephants engage in that highlights the unique personalities of each individual animal. We also speak about the different modalities of elephant communication, the dynamics of elephant social structure, the phenomena of “Musth” in bull elephants, and the challenges mother elephants face raising their young in the wilderness of Kenya.  Links for Episode Amboseli Elephant Trust Professor Phyllis Lee  Collaring Wild Elephants  Wildlife Warriors Episode (Amboseli Elephants) Rescuing Baby Elephant Stuck in Mud

På vej ud af Det Hvide Hus er Donald Trump blevet smidt ind i en rigsretssag – igen. En beslutning, som understreger den kaos, splittelse og mistillid, som han har været med til at skabe som præsident.Men hvor efterlader rigsretssagen Donald Trumps muligheder i amerikansk politik? Og hvor efterlader han USA? Vi spørger Anne Alling, LOUD's korrespondent i USA. Medvirkende: Brian og Phyllis Lee, Trump-vælgere i Georgia.Rebecca Fuller, uafhængig vælger i Georgia. Vært og tilrettelægger: Sofie Ørts.Redaktør: Pola Rojan Bagger.

Redefining Security | On ITSPmagazine Conversations At the Intersection of Technology, Cybersecurity, and Society. Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Join us as we explore how visionary leaders are Redefining Security. This Episode: A Business Program Or A Security Program | How Do You Employ The CIS Critical Security Controls? Host: Sean Martin Guests: - Claire Davis - Phyllis Lee - CIS - Larry Whiteside Jr. - Christian Toon A framework is a framework is a framework. Or is it? The reality is, a framework is only as good as the process, data, and effort you put into it coupled with the support of the organization you receive to make it work based on business needs. In today's episode, we bring together 2 guests from a medium-sized company that has implemented the CIS Critical Security Controls, a guest representing an MSSP that leverages the CIS Controls for consistency, transparency, and repeatability across clients, and a guest representing CIS and the framework itself to provide an even broader view surrounding the successful use of this widely-recognized controls framework. So, what's the trick? As Christian Toon, CISO at Pinsent Masons, states: "Firstly, this is a business program. It's not a security program. Once that is understood, the team can begin to tackle the selection and implementation of a framework. As Christian noted prior to recording this episode: "For me/us it’s about finding a framework that works best for you. There are many, and in my opinion, many that don’t quite cut it. Bringing the people together to unite under a common banner was important. This was our journey." And a journey it was, and still is. It's a similar, yet different, journey for Larry Whiteside Jr., Chief Technology Officer at CyberClan, where he and his team see varying cybersecurity and risk maturity levels - each company has its own unique challenges and requirements - the framework helps Larry's organization bring clarity to the risk, the controls, and the process overall. It's also a journey for the framework itself, as Phyllis Lee, Senior Director for Controls at Center for Internet Security, points out that ongoing revisions help organizations map the controls in meaningful ways, pointing to the recent changes made to map the sub-controls to MITRE ATT&CK. The star of this show, as you'll hear in this conversation, however, is the champion. In this story, that champion is Claire Davis, program manager at Pinsent Masons. With so many moving parts—the networks, systems, applications, teams, operational infrastructure, colleagues in risk and privacy, the infosec function, etc.—you can't just think you're going to crack this out and deal with it as a side project. Where do you start? How do you make progress? How do you know you're succeeding? Whatever your journey looks like, every program looks identical at one point: the start. This is the point at which you begin the journey. From there, it can be focused or chaotic. The choice is yours. Now, it's time to start your journey by listening to this conversation. Ready? Set. Go! __________________________________ Learn more about this column's sponsors: - Nintex: itspm.ag/itspntweb __________________________________ Listen to more Episodes of Redefining Security here: www.itspmagazine.com/redefining-security __________________________________ Interested in sponsoring an ITSPmagazine talk show? www.itspmagazine.com/talk-show-sponsorships

Tim Birkhead and Phyllis Lee explore long-lived animal species and their survival strategies. If the modern world is obsessed with short term success, could animals offer a better understanding of the long term state of our planet? Want to sample the health of our oceans? Ask a migratory bird. Or the advantage of becoming a mother later in life? Ask an elephant. Free Thinking presenter Rana Mitter hears how their lives have shaped the minds and emotions of the field scientists who study them over decades. Professor Tim Birkhead is 45 years into his study of the guillemots of Skomer Island. He began his academic career at Newcastle University. A Fellow of the Royal Society he is now based at Sheffield University and specialises in researching the behaviour of birds. His books include Bird Sense: What it is like to Be a Bird and The Most Perfect Thing: the Inside (and Outside) of a Bird's Egg. Professor Phyllis Lee has worked for 35 years on the world's longest-running elephant study in Kenya's Amboseli National Park. An award-winning evolutionary psychologist, she is now based at the University of Stirling, and continues to work on a number of research projects on forest and Asian elephants as well as primates from around the world. She has published widely on this, on conservation attitudes as well as on human-wildlife interactions. Recorded as part of Radio 3's Free Thinking Festival in front of an audience at Sage Gateshead. Producer: Jacqueline Smith

Humans have a complex relationship and checkered history with elephants. Once the revered subjects of myths and legends, elephants have increasingly become the objects of economic greed and the victims of habitat loss. Episode 32 – Nature’s Greatest Masterpiece-An interview with Phyllis Lee   In this episode of Naturally Speaking Shorts, Laurie Baker (@llbaker1707) is joined by elephant […]

On this edition of No Holds Barred, host Eddie Goldman once again spoke with lifelong martial artist, former UFC and Battlecade Extreme Fighting matchmaker, TV commentator, and our senior correspondent, John Perretti. Our main subject was a sad one, the passing of one of the true pioneers in the sport once known as no-holds-barred fighting (NHB) and now known as mixed martial arts, Phyllis Lee. But we also used this occasion to celebrate her remarkable life. Coming from a background as a pro wrestler, Phyllis Lee was one of the first fight managers in the earliest days of MMA. All over the world, she was known as the First Lady of NHB. Besides getting fighters in North American organizations such as UFC and Battlecade Extreme Fighting, she had a particularly close relationship for many years with the Pancrase organization of Japan. After a bout with pneumonia, Phyllis Lee passed away January 18, 2015, at age 76, while in her sleep and hospitalized. A memorial service was held January 31, at her church in West Unity, Ohio. We spoke with John Perretti, who is now in Japan, by phone Monday (Sunday New York time). He decried what he called attempts for the history of MMA to be "backfilled" by people who were "not there" in the 1990s and early 2000s when Phyllis Lee was particularly prominent in the sport. Calling Phyllis Lee "a great human being", he said she "has to be remembered for her devotion to, whatever, one almost-sport and two, three real sports. She did incredible things as a woman, and she did incredible things as an individual, and she was usually a joy to be with. And I'll miss her tremendously." We discussed some of the highlights of her life, but also how some fighters whom she represented were accused of breaking their contracts with her. He said, "I don't understand why people did what they did to her." We also discussed what he called a "unique time" in the formative days of modern MMA, why "the time was about camaraderie", some of our experiences involving the April 1996 arrests of eight participants at Battlecade Extreme Fighting 2 (including John Perretti) in Montreal, and much more. The No Holds Barred theme song is called "The Heist", which is also available on iTunes by composer Ian Snow. No Holds Barred is free to listen to and is sponsored by: American Top Team. Whether you're a beginner or a champion, train with the champions in Brazilian Jiu-Jitsu, boxing, wrestling, grappling, and mixed martial arts at American Top Team. Check out their web site at AmericanTopTeam.com. Defense Soap, an effective, deep penetrating body soap with natural antifungal, antiviral, and antibacterial soap ingredients. Defense Soap is the best cleansing body soap for men and women athletes who are involved in contact sports such as MMA, wrestling, grappling, jiu-jitsu, and judo, to help their antifungal, anti-ringworm, anti-jock itch strategy. Check out their web site, at DefenseSoap.com. Payleg.com, which gives you the tools to develop a full-time income by building a home-based business. Teaching success in the home-based business industry since 1988, Payleg.com is available in 190 countries. For more information, go to Payleg.com. Takedown Wrestling Media, America's wrestling TV and radio shows, which are hosted by founder Scott Casber, and have been airing on radio and Internet for over 17 years. Takedown Media produces a weekly TV program seen in 54 million homes in the U.S. on DirecTV, Dish Network, and cable affiliates around the country, called Takedown TV. Takedown Media also produces the weekly USA Wrestling TV show for the governing body of the sport, USA Wrestling. For more information, go to TakedownRadio.com. Thanks, Eddie Goldman EddieGoldman.com

On this edition of No Holds Barred, host Eddie Goldman presents a tribute to one of the true pioneers in the sport once known as no-holds-barred fighting (NHB) and now known as mixed martial arts, Phyllis Lee. Coming from a background as a pro wrestler, she was one of the first fight managers in the earliest days of MMA, representing numerous fighters including Dan Severn, Ron Waterman, Gary Myers, Chris Lytle, Nathan Marquardt, Shane Carwin, Carlos Condit, and many others. Besides getting fighters in North American organizations such as UFC and Battlecade Extreme Fighting, she had a particularly close relationship for many years with the Pancrase organization of Japan. All over the world Phyllis Lee was known as the First Lady of NHB. After a bout with pneumonia, Phyllis Lee passed away Sunday, January 18, 2015, at age 76, while in her sleep and hospitalized. A memorial service for family and friends will be held Saturday, January 31, at her church in West Unity, Ohio. As a tribute to her, we are reposting an interview conducted with her in June 2006. In it, she explained how she got involved with MMA; why this grandmother from the Toledo, Ohio, area, had such a passion for the combat sports and the people involved in it; her connections with Pancrase and Karl Gotch; pro and amateur wrestling; some of the events which took place and fighters who fought at the time of this interview; and much more. The No Holds Barred theme song is called "The Heist", which is also available on iTunes by composer Ian Snow. No Holds Barred is free to listen to and is sponsored by: American Top Team. Whether you're a beginner or a champion, train with the champions in Brazilian Jiu-Jitsu, boxing, wrestling, grappling, and mixed martial arts at American Top Team. Check out their web site at AmericanTopTeam.com. Defense Soap, an effective, deep penetrating body soap with natural antifungal, antiviral, and antibacterial soap ingredients. Defense Soap is the best cleansing body soap for men and women athletes who are involved in contact sports such as MMA, wrestling, grappling, jiu-jitsu, and judo, to help their antifungal, anti-ringworm, anti-jock itch strategy. Check out their web site, at DefenseSoap.com. Payleg.com, which gives you the tools to develop a full-time income by building a home-based business. Teaching success in the home-based business industry since 1988, Payleg.com is available in 190 countries. For more information, go to Payleg.com. Takedown Wrestling Media, America's wrestling TV and radio shows, which are hosted by founder Scott Casber, and have been airing on radio and Internet for over 17 years. Takedown Media produces a weekly TV program seen in 54 million homes in the U.S. on DirecTV, Dish Network, and cable affiliates around the country, called Takedown TV. Takedown Media also produces the weekly USA Wrestling TV show for the governing body of the sport, USA Wrestling. For more information, go to TakedownRadio.com. Thanks, Eddie Goldman EddieGoldman.com

What do elephants, snapping turtles and guillemots have in common? They are all examples of 'long-lived' animals with some species living longer than the careers of the scientists who study them. In this episode of Shared Planet Monty Don talks to Tim Birkhead and Phyllis Lee, both scientists who have studied the behaviour of long-lived species and both argue that you discover insights into long-lived animals can will help their conservation and our ability to share the planet with them. Presented by Monty Don. Produced by Mary Colwell.

Andrew Marr talks to the human rights lawyer, Peter Harris, who represented the ANC when apartheid in South Africa was at its height. He discusses how the law was always seen to be done, even when justice was denied. Richard Susskind wants to revolutionise the justice system: as the new President of the Society for Computers and Law he sees technology as the answer to today's problems. Australia has been the recent victim of natural disasters - floods, storms and wild fires - and the country's leading conservationist, Tim Flannery, puts forward his views on the future of the planet. And as the longest running study of elephants in the wild turns 40, Phyllis Lee, explains what they've learnt about, what John Donne called, "Nature's great masterpiece". Producer: Katy Hickman.