POPULARITY
In this Brand Story episode, Sean Martin and Marco Ciappelli explore how Guardz is transforming cybersecurity for Managed Service Providers (MSPs) and small to medium-sized businesses (SMBs). The discussion features insights from Sarah Lampert, Customer Success Manager, and William Barr, Account Executive at Guardz, who shed light on the company's innovative approach to simplifying and optimizing cybersecurity solutions.Bridging the Gap for SMBsSmall to medium-sized businesses often lack dedicated IT or security teams, leaving them vulnerable to cyber threats. William Barr emphasizes how Guardz fills this gap by providing MSPs with tools tailored for SMBs. These tools simplify security management, offering MSPs a unified platform that addresses complex needs without requiring a patchwork of expensive, disparate solutions.Ease of Use and FlexibilityGuardz stands out by offering a user-friendly, AI-powered platform that integrates seamlessly into MSPs' existing workflows. Sarah Lampert highlights the platform's simplicity, enabling even small MSPs to onboard quickly and manage cybersecurity effectively. The product's flexibility allows MSPs to scale their offerings, catering to clients with varying security needs while keeping costs manageable.Key features include:Unified detection and response capabilities.Customizable security controls for different client environments.User-based pricing models that eliminate device-based cost complexities.Support Beyond TechnologyGuardz doesn't stop at providing a robust platform—it empowers MSPs through comprehensive support. Sarah Lampert explains how the Customer Success team aids MSPs with onboarding, marketing materials, and strategic advice, ensuring they position Guardz as a core component of their service stack. The company also facilitates continued learning through webinars, hands-on trials, and direct communication channels.Innovative AI IntegrationAI plays a pivotal role in Guardz's ability to streamline cybersecurity. By analyzing patterns and predicting risks, the platform helps MSPs preempt threats and respond efficiently. William Barr underscores AI's potential to reduce manual effort while enhancing security accuracy, making advanced protection accessible to smaller organizations.Cyber Insurance: A Competitive EdgeGuardz takes its commitment a step further by integrating cyber insurance into its offerings. Qualified clients can access affordable coverage directly through Guardz, ensuring SMBs meet evolving security and compliance standards. This feature not only protects businesses but also equips MSPs with a unique selling point.The Future of GuardzAs Guardz continues to evolve, its focus remains on simplifying cybersecurity for MSPs while providing scalable, cost-effective solutions for SMBs. The team's proactive approach, coupled with constant feedback integration, ensures the platform stays relevant in a dynamic cybersecurity landscape.MSPs looking to streamline their operations and enhance client security are encouraged to explore how Guardz can help achieve these goals. For more information, connect with the Guardz team or visit their platform for a trial.Learn more about Guardz: https://itspm.ag/guardzrgigNote: This story contains promotional content. Learn more.Guests:Sarah Lampert, Customer Success Manager, Guardz [@GuardzCyber]On LinkedIn | https://www.linkedin.com/in/sarlampert/William Barr, Account Executive, Guardz [@GuardzCyber]On LinkedIn | https://www.linkedin.com/in/william-barr-a447541ab/ResourcesLearn more and catch more stories from Guardz: https://www.itspmagazine.com/directory/guardzFor a free 14 day trial of Guardz's platform please visit https://itspm.ag/guardzgvu3 .Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Episode, we dive deep into the concept of Layering Security Controls, one of the most effective strategies to enhance your cybersecurity defense. Whether you're an IT professional or a cybersecurity enthusiast, understanding how to layer security controls can greatly improve your organization's protection against cyber threats.
In this Episode, we dive deep into Security Controls, exploring what they are, why they're critical for cyber defense, and how they help safeguard sensitive information. Whether you're new to cybersecurity or looking to strengthen your understanding, this comprehensive guide covers all the essential security control types: preventive, detective, and corrective controls.
Fraudology is presented by Sardine.In this episode of Fraudology, host Karisse Hendrick is joined by Rajesh Melappalayam, former senior manager of digital fraud and compliance at Cisco, to delve into the intricate world of online fraud targeting Cisco's systems. They explore how fraudsters obtained Cisco serial numbers via social engineering and bot attacks, leading to significant financial losses through fraudulent RMAs (Return Merchandise Authorizations). Rajesh shares insights into the broader impacts of these frauds, including insider threats, the misuse of service contracts, and sophisticated operations involving fake user IDs. The conversation illuminates Cisco's challenges in fraud detection and the innovative strategies Rajesh implemented to bolster fraud prevention efforts.Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast semi weekly, on Tuesdays and Thursdays.
Send us a textEver wondered about the real difference between a data leak and a data breach? Join me, Sean Gerber, on the latest episode of the CISSP Cyber Training Podcast as we unpack the nuances between these two critical cybersecurity concepts. Learn how data leaks often result from human mistakes like weak passwords, while data breaches involve deliberate cyber attacks. We'll walk through different types of sensitive data—including PII, financial information, PHI, and intellectual property—and emphasize the need for precise language to help cybersecurity leaders communicate more effectively and avoid unnecessary panic. Plus, get a sneak peek into a CISSP exam question focusing on the stringent security controls required for data in use.Choosing the right Data Loss Prevention (DLP) solution doesn't have to be a headache. In this episode, we tackle cost-effectiveness and real-world challenges that come with selecting DLP solutions. Hear about the compatibility hurdles of Digital Rights Management (DRM) solutions, including the struggles between Adobe and Microsoft's products. Discover how DLP and DRM technologies sometimes clash, and learn what to look for to ensure seamless integration. Don't miss these invaluable insights designed to sharpen your cybersecurity acumen and prep you for the CISSP exam.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Send us a textEver wondered how a TI-84 calculator can be transformed into a powerful tool for ChatGPT? Join me, Sean Gerber, on this thrilling episode of the CISSP Cyber Training Podcast as we uncover this fascinating tale and explore the evolving landscape of data security. We'll dissect the crucial elements of Domain 2.6 of the CISSP exam, from protecting data-at-rest to data-in-motion, and delve into the significance of Digital Rights Management (DRM) and Data Loss Prevention (DLP). This episode promises to enlighten you on the challenges and solutions of safeguarding data in today's tech-driven world.Next, we'll explore the meticulous process of establishing a robust labeling schema for data within an organization. Learn how to effectively implement physical and digital labels—such as unclassified, secret, top secret, and confidential—using color coding for easy identification. We'll stress the importance of consistent terminology, well-documented procedures, and controlled access to data classification changes. Discover how to tailor security controls to fit various organizational needs and the pivotal role of IT security leaders in guiding departments to enhance their security measures.Finally, we address the critical task of aligning IT security controls with an organization's risk tolerance and operational needs. Understand how focusing on critical assets can optimize data protection without spreading resources too thin. We'll highlight the importance of adhering to security frameworks like NIST, GDPR, or PCI DSS, and the role DRM and DLP play in preventing unauthorized data exfiltration. Plus, we'll introduce Cloud Access Security Brokers (CASBs) and discuss their crucial function in enforcing security policies between organizational networks and cloud service providers. This episode is packed with invaluable insights to prepare you for the CISSP exam and elevate your cybersecurity knowledge.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.On LinkedIn | https://www.linkedin.com/in/kpapapan/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesCybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.Furthermore, Kostas points out that regulations like the FDA's post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.On LinkedIn | https://www.linkedin.com/in/kpapapan/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesCybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.Furthermore, Kostas points out that regulations like the FDA's post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
This is a sponsored Soap Box edition of the Risky Business podcast. Abhishek Agrawal is the CEO and co-founder of Material Security, an email security company that locks down cloud email archives. Attackers have been raiding mailspools since hacking has existed, and with those mailspools now in the cloud with services like o365 and Google Workspace, guess where the attackers are going? Material built a product that helps you lock up your email data, to archive and redact sensitive information. The idea is to really just limit what an attacker can do with email data if they pop an account. Abhishek joined me to talk about a few things, like how non phishing resistant MFA is basically dead, how email content is very useful to security programs, and about how the gen AI won't really change much on the defensive control side.
Understanding Security Controls for Cyber Insurance with Experts Joe and AbeJoin us for a special podcast episode where we delve into the critical security controls for cyber insurance. Featuring expert guests Joe from C3 Insurance and Abe Gibson, this discussion helps businesses understand the essential controls needed for obtaining cyber insurance and how to leverage managed security service providers. Learn about the importance of MFA, backups, EDR/MDR, and email security, and discover how you can get the best insurance rates. This insightful conversation is a must-watch for anyone looking to protect their organization from cyber threats.00:00 Introduction to Cyber Insurance Podcast00:16 Meet the Experts: Joe and Abe01:35 Joe's Insight: Real-Life Cyber Insurance Case04:04 Abe's Perspective: Understanding Cyber Insurance04:53 Key Security Controls for Cyber Insurance08:40 Trends and Challenges in Cyber Insurance15:20 The Role of MSPs in Cyber Insurance19:31 Exclusive Programs for MSPs24:42 Final Thoughts and Contact InformationThis podcast runs on listener support and funding. Consider supporting this podcast:https://breaking-into-cybersecurity.captivate.fm/supportCheck out our books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/_________________________________________About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at [magnetichiring.com/book](http://magnetichiring.com/book)Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching at https://www.cpf-coaching.com- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/- Twitter: https://twitter.com/BreakintoCyber- Twitch: https://www.twitch.tv/breakingintocybersecurityMentioned in this episode:Thank you to CPF Coaching for SponsoringThank you to CPF Coaching for Sponsoring
Dive into the essential world of cybersecurity with our exclusive 2-day masterclass, "Unleashing the Power of Security Controls and Risk Management." This comprehensive workshop is tailored for IT professionals, security managers, and anyone passionate about fortifying their organization's defense systems. #SecurityControls #RiskManagement #CybersecurityTraining #Authentication #AccessControl #Cybersecurity2024 #infosectrain #SecurityMasterclass #ITSecurity #CyberRiskManagement
Dive into the essential world of cybersecurity with our exclusive 2-day masterclass, "Unleashing the Power of Security Controls and Risk Management." This comprehensive workshop is tailored for IT professionals, security managers, and anyone passionate about fortifying their organization's defense systems.
Guests: Jim Reavis, CEO at Cloud Security Alliance [@cloudsa]On LinkedIn | https://www.linkedin.com/in/jimreavis/Illena Armstrong, President at at Cloud Security Alliance [@cloudsa]On LinkedIn | https://www.linkedin.com/in/illenaarmstrong/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesJoin Sean Martin as he hosts an in-depth discussion with Illena Armstrong, President of Cloud Security Alliance, and Jim Reavis, CEO and Founder. Illena shares her excitement for celebrating the 15th anniversary of the organization while highlighting the industry's shift towards cloud adoption and AI technology. She emphasizes the importance of maintaining security controls, especially in the context of regulatory compliance and cloud provider obligations. The conversation also touches on the rising trend of zero trust security frameworks and the global perspective on AI integration in cybersecurity practices.Jim Reavis adds valuable insights into the intersection of AI and cloud security, highlighting the need for a holistic approach that combines human intelligence with AI capabilities. He emphasizes the role of security as a catalyst for innovation and business transformation, citing examples of innovative approaches taken by European banks. The discussion also covers thesignificance of shared responsibility in cybersecurity and the collaborative efforts required to address evolving threats.The CSA AI Summit promises an engaging lineup of speakers, including industry leaders from Google, Microsoft, and Zscaler, who will shed light on key topics such as incident response, secure development, and business transformation. The full-day event, which kicks off the week at RSA Conference, aims to bring together a diverse audience, ranging from C-suite executives to developers and compliance professionals, fostering meaningful discussions and knowledge sharing. Attendees can expect thought-provoking sessions that explore the intersection of AI and cybersecurity, providing valuable insights for enhancing security practices in the digital age.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:
Guests: Jim Reavis, CEO at Cloud Security Alliance [@cloudsa]On LinkedIn | https://www.linkedin.com/in/jimreavis/Illena Armstrong, President at at Cloud Security Alliance [@cloudsa]On LinkedIn | https://www.linkedin.com/in/illenaarmstrong/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesJoin Sean Martin as he hosts an in-depth discussion with Illena Armstrong, President of Cloud Security Alliance, and Jim Reavis, CEO and Founder. Illena shares her excitement for celebrating the 15th anniversary of the organization while highlighting the industry's shift towards cloud adoption and AI technology. She emphasizes the importance of maintaining security controls, especially in the context of regulatory compliance and cloud provider obligations. The conversation also touches on the rising trend of zero trust security frameworks and the global perspective on AI integration in cybersecurity practices.Jim Reavis adds valuable insights into the intersection of AI and cloud security, highlighting the need for a holistic approach that combines human intelligence with AI capabilities. He emphasizes the role of security as a catalyst for innovation and business transformation, citing examples of innovative approaches taken by European banks. The discussion also covers thesignificance of shared responsibility in cybersecurity and the collaborative efforts required to address evolving threats.The CSA AI Summit promises an engaging lineup of speakers, including industry leaders from Google, Microsoft, and Zscaler, who will shed light on key topics such as incident response, secure development, and business transformation. The full-day event, which kicks off the week at RSA Conference, aims to bring together a diverse audience, ranging from C-suite executives to developers and compliance professionals, fostering meaningful discussions and knowledge sharing. Attendees can expect thought-provoking sessions that explore the intersection of AI and cybersecurity, providing valuable insights for enhancing security practices in the digital age.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:
Sometimes organizations know they need to do something to improve their cybersecurity posture … or, in some cases, something more, something different. They know there is a disconnect between cybersecurity and the business — they just don't know how to get started or transition to get the best results, given their unique environments and operating processes. What's truly innovative about RockCyber's cybersecurity assessments is how they intertwine cybersecurity strategies directly with business alignment and outcomes. This is not just about securing IT assets; it's about shaping cybersecurity as a strategic advantage that supports overall business goals. The service is tailored for organizations that need a cybersecurity approach that is not only robust but also aligned with their business objectives, enhancing both security and business performance.This approach solves the key problem of the disconnect between cybersecurity practices and business objectives, which many companies struggle with. The RockCyber vCISO and cybersecurity assessment services are particularly valuable for organizations where security must be a driver of cyber resiliency and growth, not just a protective measure.Let's talk about how this changes the future for our customers. Traditionally, cybersecurity has often been a siloed IT function, reactive and disconnected from core business functions. RockCyber's assessments transform this by integrating cybersecurity with business strategy, making it a cornerstone of business planning and execution.Imagine a before scenario where a company's cybersecurity efforts are technically adequate but not aligned with the strategic business initiatives, leading to inefficiencies and missed opportunities. After a RockCyber assessment, this company strengthens its security and aligns its cybersecurity strategy with business objectives, ensuring that every security investment directly supports business growth and resilience.With the assessment in place, RockCyber clients typically lean in on the virtual CISO services where the RockCyber team can take the knowledge we have in the field — both figuratively and literally — to establish a strategy that will begin the process of maturity and lead the organization down a path of cyber sustainability.For example, with one recent oil and gas client, the cybersecurity program the RockCyber created not only reduces cyber risk and improves the ability of the organization to handle and manage a potential cyber incident, but it aligns directly with the organization's key objectives:Maintain operating reliabilityDrive positive impact on revenue and profitEnsure digital and physical safetyTo achieve this, the team at RockCyber kept the big business picture in mind while focusing on breaking down the problem into smaller projects that be accomplished successfully, building on the past to continue to improve the future.The RockCyber cybersecurity assessment and vCISO services provide the following benefits:Establish a business-aligned strategic vision while bringing the skills, experience, and technology needed to execute tactically.Helping the organization to identify key challenges in security operations, staffing, training, execution, and communication and to help them overcome these challenges with confidence, giving them peace of mind to know we are there by their side every step of the way.Rock invites you all to connect with him via LinkedIn where you can find some of his musings on this topic and so many more. If you have questions about getting started and/or transforming your program in a meaningful way, you can reach out to Rock and the team directly at info@rockcyber.com.Learn more about RockCyber: https://itspm.ag/rockcyber-3gq7Note: This story contains promotional content. Learn more.Guest: Rock LambrosCEO and founder of RockCyber [@RockCyberLLC]On LinkedIn | https://www.linkedin.com/in/rocklambros/On Twitter | https://twitter.com/rocklambrosResourcesLearn more and catch more stories from RockCyber: https://www.itspmagazine.com/directory/rockcyberLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Sometimes organizations know they need to do something to improve their cybersecurity posture … or, in some cases, something more, something different. They know there is a disconnect between cybersecurity and the business — they just don't know how to get started or transition to get the best results, given their unique environments and operating processes. What's truly innovative about RockCyber's cybersecurity assessments is how they intertwine cybersecurity strategies directly with business alignment and outcomes. This is not just about securing IT assets; it's about shaping cybersecurity as a strategic advantage that supports overall business goals. The service is tailored for organizations that need a cybersecurity approach that is not only robust but also aligned with their business objectives, enhancing both security and business performance.This approach solves the key problem of the disconnect between cybersecurity practices and business objectives, which many companies struggle with. The RockCyber vCISO and cybersecurity assessment services are particularly valuable for organizations where security must be a driver of cyber resiliency and growth, not just a protective measure.Let's talk about how this changes the future for our customers. Traditionally, cybersecurity has often been a siloed IT function, reactive and disconnected from core business functions. RockCyber's assessments transform this by integrating cybersecurity with business strategy, making it a cornerstone of business planning and execution.Imagine a before scenario where a company's cybersecurity efforts are technically adequate but not aligned with the strategic business initiatives, leading to inefficiencies and missed opportunities. After a RockCyber assessment, this company strengthens its security and aligns its cybersecurity strategy with business objectives, ensuring that every security investment directly supports business growth and resilience.With the assessment in place, RockCyber clients typically lean in on the virtual CISO services where the RockCyber team can take the knowledge we have in the field — both figuratively and literally — to establish a strategy that will begin the process of maturity and lead the organization down a path of cyber sustainability.For example, with one recent oil and gas client, the cybersecurity program the RockCyber created not only reduces cyber risk and improves the ability of the organization to handle and manage a potential cyber incident, but it aligns directly with the organization's key objectives:Maintain operating reliabilityDrive positive impact on revenue and profitEnsure digital and physical safetyTo achieve this, the team at RockCyber kept the big business picture in mind while focusing on breaking down the problem into smaller projects that be accomplished successfully, building on the past to continue to improve the future.The RockCyber cybersecurity assessment and vCISO services provide the following benefits:Establish a business-aligned strategic vision while bringing the skills, experience, and technology needed to execute tactically.Helping the organization to identify key challenges in security operations, staffing, training, execution, and communication and to help them overcome these challenges with confidence, giving them peace of mind to know we are there by their side every step of the way.Rock invites you all to connect with him via LinkedIn where you can find some of his musings on this topic and so many more. If you have questions about getting started and/or transforming your program in a meaningful way, you can reach out to Rock and the team directly at info@rockcyber.com.Learn more about RockCyber: https://itspm.ag/rockcyber-3gq7Note: This story contains promotional content. Learn more.Guest: Rock LambrosCEO and founder of RockCyber [@RockCyberLLC]On LinkedIn | https://www.linkedin.com/in/rocklambros/On Twitter | https://twitter.com/rocklambrosResourcesLearn more and catch more stories from RockCyber: https://www.itspmagazine.com/directory/rockcyberLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Confront the cyber siege that has the healthcare industry on high alert; this episode sees me, Sean Gerber, dissecting the harrowing United Healthcare ransomware crisis that's rocked our nation. We're not just crunching numbers here—$22 million in ransom to Black Cat hackers signifies more than a hefty payout, it's a stark reminder of our critical infrastructure's fragility in the face of cyber threats. The recent episodes have armed us with knowledge, and now, it's time to put that to the test with CISSP Question Thursday, giving you the tactical edge to conquer the CISSP exam and fortify your cybersecurity defenses.As we navigate the Cybersecurity Concepts and Questions segment, prepare for a thorough breakdown of the digital security toolkit—from honeypots that dupe attackers to the emerging realm of Post-Quantum Cryptography. We'll unravel the essentials of digital signatures with RSA, scrutinize the steadfastness of SIEM systems, and demystify access control models that stand guard over our data. By the end of our journey, you'll not only be versed in preventing cross-site scripting catastrophes but also equipped with a CISSP Blueprint for Success, your very own strategic study companion stocked with invaluable resources to guide you through the certification labyrinth. Join me, and together let's transform these insights into an unbreachable cybersecurity stronghold.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
Welcome to another episode of "Reimagining Cyber." In this session, Rob and Stan dive into the critical role of IT auditors, a perspective rarely explored on the show. Their guest, Veronica Rose, brings extensive experience in shaping risk-based information security audit programs. She emphasizes the evolving nature of the IT audit environment and urges IT auditors to prioritize upskilling as technology and controls advance.Veronica highlights the significance of professional communities, recommending affiliation with bodies like NACD and ISACA. Engaging in these communities not only provides access to valuable resources but also fosters global connections with like-minded professionals.The discussion shifts to well-being, a crucial aspect often overlooked in the demanding field of IT audit. Veronica stresses the importance of mental health, exercise, and unplugging to maintain a clear mindset.The conversation wraps up by addressing the career paths of IT auditors. Veronica encourages a mindset shift for those considering a transition, emphasizing the value of certifications and continuous upskilling.Tune in to gain insights into the evolving world of IT audit, professional development, and holistic well-being.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Free, ungated access to all 300+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to
In this Brand Story episode, hosts Marco Ciappelli and Sean Martin engage in a thought-provoking conversation with Ben Fitzpatrick from Cymulate. The discussion explores the innovative approaches to cybersecurity that can help regions advance beyond their current situation.Fitzpatrick shares his insights on the lifecycle of security and technology, emphasizing the critical role of continuous monitoring and understanding the attack path for staying ahead of potential threats. He elaborates on Cymulate's use of cutting-edge tools and methods like automation, AI, and TTP to simulate high-level intrusion attacks without causing damage, providing a non-disruptive method for businesses to validate their security controls.An important aspect of the conversation revolves around risk prioritization. Fitzpatrick expresses the necessity for businesses, particularly CISOs, to conduct regular—even continuous—testing of all components of their infrastructure and applications. This approach allows for a comprehensive understanding of potential risks and the ability to prioritize their mitigation.Fitzpatrick also digs into the concept of response. He asserts that many companies are only at the cusp of realizing its significance in their cybersecurity strategy. He underscores the need to stay ahead of the curve, tackling the most important threats and adversaries, and minimizing the risk window.The episode concludes with Fitzpatrick discussing Cymulate's role in helping businesses understand their most critical threats and adversaries, and how they can best respond to them. He emphasizes that Cymulate is not just about ticking boxes; it's about understanding the business, managing risks, and staying ahead of the curve. This episode promises to offer listeners a unique perspective on proactive, intelligent cybersecurity strategies and their role in business resilience.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Ben Fitzpatrick, VP of Sales, Asia Pacific (APAC)On LinkedIn | https://www.linkedin.com/in/befitzpatrick/ResourcesCymulate Expands Sales Leadership Team to Drive Growth in EMEA & APAC Global Markets: https://cymulate.com/news/cymulate-expands-sales-leadership-team-to-drive-growth-in-emea-apac-global-markets/Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya: https://redefining-cybersecurity.simplecast.com/episodes/security-analytics-for-continuous-threat-exposure-management-making-better-it-decisions-through-the-lens-of-an-attacker-a-company-briefing-from-infosecurity-europe-2023-london-england-a-cymulate-company-briefing-story-with-nir-loya____________________________Catch more stories from Cymulate: https://itspm.ag/cymulate-ltd--s2k4Are you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast
In this Brand Story episode, hosts Marco Ciappelli and Sean Martin engage in a thought-provoking conversation with Ben Fitzpatrick from Cymulate. The discussion explores the innovative approaches to cybersecurity that can help regions advance beyond their current situation.Fitzpatrick shares his insights on the lifecycle of security and technology, emphasizing the critical role of continuous monitoring and understanding the attack path for staying ahead of potential threats. He elaborates on Cymulate's use of cutting-edge tools and methods like automation, AI, and TTP to simulate high-level intrusion attacks without causing damage, providing a non-disruptive method for businesses to validate their security controls.An important aspect of the conversation revolves around risk prioritization. Fitzpatrick expresses the necessity for businesses, particularly CISOs, to conduct regular—even continuous—testing of all components of their infrastructure and applications. This approach allows for a comprehensive understanding of potential risks and the ability to prioritize their mitigation.Fitzpatrick also digs into the concept of response. He asserts that many companies are only at the cusp of realizing its significance in their cybersecurity strategy. He underscores the need to stay ahead of the curve, tackling the most important threats and adversaries, and minimizing the risk window.The episode concludes with Fitzpatrick discussing Cymulate's role in helping businesses understand their most critical threats and adversaries, and how they can best respond to them. He emphasizes that Cymulate is not just about ticking boxes; it's about understanding the business, managing risks, and staying ahead of the curve. This episode promises to offer listeners a unique perspective on proactive, intelligent cybersecurity strategies and their role in business resilience.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Ben Fitzpatrick, VP of Sales, Asia Pacific (APAC)On LinkedIn | https://www.linkedin.com/in/befitzpatrick/ResourcesCymulate Expands Sales Leadership Team to Drive Growth in EMEA & APAC Global Markets: https://cymulate.com/news/cymulate-expands-sales-leadership-team-to-drive-growth-in-emea-apac-global-markets/Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya: https://redefining-cybersecurity.simplecast.com/episodes/security-analytics-for-continuous-threat-exposure-management-making-better-it-decisions-through-the-lens-of-an-attacker-a-company-briefing-from-infosecurity-europe-2023-london-england-a-cymulate-company-briefing-story-with-nir-loya____________________________Catch more stories from Cymulate: https://itspm.ag/cymulate-ltd--s2k4Are you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast
As technology rapidly innovates, it is essential we talk about technology policy. What better way to get in the know than to have an expert break it down for us? Meet Ross Nodurft, the Executive Director of the Alliance for Digital Innovation. Ross dives in, explaining the evolution of FedRAMP controls and the recent, giant, AI Executive Order (EO) from the White House. Listen in to find out what this EO means for the government, the industry and the workforce as the U.S. attempts to implement policy ahead of AI innovation.Key Topics04:25 Increasing security controls for cloud migration07:51 Discussion about customer feedback and cloud migration.12:17 Encouraging commercial solutions into federal government securely.15:39 Artificial intelligence shaping policy for future technology.16:54 AI EO covers critical infrastructure, AI, data, immigration.22:34 Guidance on AI impact assessment and testing.27:02 AI tools adoption must not be delayed.30:03 Ensure AI technologies have fail-safe mechanisms.32:08 Concern over rapid pace of technological advances.34:29 AI and technology advancing, policy aims control.39:37 Fascinating book on technology and chip history.The Future of Government Technology: Shifting to FedRAMP High and Accelerating Cloud AdoptionShift from FedRAMP Moderate to High for Sensitive WorkloadsWhen FedRAMP was established over a decade ago, the focus was on managing the accreditation of emerging cloud infrastructure providers to support the initial migration of workloads. The baseline standard was FedRAMP Moderate, which addressed a "good amount" of security controls for less risky systems. However, Ross explains that increasing volumes of more sensitive workloads have moved to the cloud over time - including mission-critical systems and personal data. Consequently, agencies want to step up from moderate to the more stringent requirements of FedRAMP High to protect higher-risk systems. This includes only allowing High-cloud services to interact with other High-cloud applications.The Evolution of Cloud Computing: "So right now, we're at the point where people are existing in thin clients that have access to targeted applications, but the back end compute power is kept somewhere else. It's just a completely different world that we're in architecturally." — Ross NodurftThe Future of Government Technology: Streamlining FedRAMP for the SaaS-Powered EnterpriseAccording to Ross, the COVID-19 pandemic massively accelerated enterprise cloud adoption and consumption of SaaS applications. With the abrupt shift to remote work, organizations rapidly deployed commercial solutions to meet new demands. In the federal government, this hastened the transition from earlier focus on cloud platforms to widespread use of SaaS. Ross argues that FedRAMP has not evolved at pace to address the volume and type of SaaS solutions now prevalent across agencies. There is a need to streamline authorization pathways attuned to this expanding ecosystem of applications relying on standardized baseline security controls.High-level Security Controls for Sensitive Data in the CloudAddressing Data Related to Students and ConstituentsRoss states that as agencies move more sensitive workloads to the cloud, they are stepping up security controls from FedRAMP Moderate to FedRAMP High. Sensitive data includes things like personal HR data or data that could impact markets, as with some of the work USDA does. Willie gives the example of the Department of Education or Federal Student Aid, which may have sensitive data on students that could warrant higher security controls when moved to the cloud.Ross confirms that is absolutely the case - the trend is for agencies to increase security as they shift more...
In this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter. Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter.Talking Points:How can the CIS 18 help an SMB build your security program?How can the CIS 18 help mature a security program?Which controls should a company start with?And many more!Episode Sponsor:Grand Rapids ISSA Chapter (with special thanks to Optiv). The GR-ISSA is the local chapter of the Information Systems Security Association.Episode Charity:The charity for the month of November is the Corewell Health Foundation. More specifically, the money will be going to assist children with various mental health challenges.
Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
NCSAM Week 4- Utilizing Complex Passwords and Key Cyber Security Controls in Public Entities
Guest: Ryan Leirvik, CEO of Neuvik [@Neuvik]On LinkedIn | https://www.linkedin.com/in/leirvik/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity podcast, host Sean Martin discusses the fundamentals of risk management in cybersecurity with Ryan Leirvik, author of "Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program." The conversation centers around the importance of understanding risk management in cybersecurity, categorizing assets, and identifying what's important to the business versus what's important to the individual. They also discuss the need to use frameworks like NIST-CSF to define and categorize risks and the importance of responding quickly to active threats and having a plan in place for recovery. Sean and Ryan provide practical advice for creating a sustainable cyber program that prioritizes risk management and explain how to set the stage for conversations about cybersecurity with stakeholders. Overall, the episode provides valuable insights into risk management in cybersecurity and how to prioritize and protect critical assets.ABOUT THE BOOKWhen it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner's guide lays down those foundational components, with real client examples and pitfalls to avoid.A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.Who This Book Is ForCISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Ryan Leirvik, CEO of Neuvik [@Neuvik]On LinkedIn | https://www.linkedin.com/in/leirvik/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity podcast, host Sean Martin discusses the fundamentals of risk management in cybersecurity with Ryan Leirvik, author of "Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program." The conversation centers around the importance of understanding risk management in cybersecurity, categorizing assets, and identifying what's important to the business versus what's important to the individual. They also discuss the need to use frameworks like NIST-CSF to define and categorize risks and the importance of responding quickly to active threats and having a plan in place for recovery. Sean and Ryan provide practical advice for creating a sustainable cyber program that prioritizes risk management and explain how to set the stage for conversations about cybersecurity with stakeholders. Overall, the episode provides valuable insights into risk management in cybersecurity and how to prioritize and protect critical assets.ABOUT THE BOOKWhen it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner's guide lays down those foundational components, with real client examples and pitfalls to avoid.A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.Who This Book Is ForCISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
This audit determined whether selected state agencies and school districts adequately complied with certain IT security standards and best practices. State agencies must follow state IT security standards to protect sensitive information against data loss and theft. Local entities are not required to follow the state's policies. 9 of 15 entities we audited did not substantively comply with IT standards and best practices in at least 2 of 3 subject areas we evaluated. Specifically, 8 of 15 entities did not substantively comply with selected security awareness training controls. 10 of 15 entities did not substantively comply with selected account security controls. Lastly, 8 of 15 did not substantively comply with selected incident response controls. The findings demonstrate a poor "tone at the top" at many entities--meaning lack of top management oversight and supervision.
In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Episode 33 of Barclay Damon Live: Cyber Sip™, with host Kevin Szczepanski, looks at five security controls you need to know about. Kevin talks with guest Dean Mechlowitz of TEKRiSQ about the importance and challenges of establishing security controls within your company, regardless of size or sector. TEKRiSQ is in the business of examining cyber wellness, and as co-founder, Dean has a good handle on the issue. Especially for smaller companies, but also for companies of other sizes, he and Kevin review what can be done to avoid cyber criminals' crosshairs—and to become insurable. Hot topics include data privacy, passwords, multifactor authentication (Kevin's favorite!), and everyone's worry, employee vulnerability. Listen in for more.
Shon Gerber from CISSPCyberTraining.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career. Shon utilizes his expansive knowledge in cybersecurity from being a Red Team Squadron Commander; Chief Information Security Officer (CISO); and Adjunct Professor providing superior training from his years of experience in educating people in cybersecurity. In this episode, Shon will talk about the following items that are included within Domain 4 (Communication and Network Security) of the CISSP Exam:In this episode, Shon will talk about the following items that are included within Domain 8 - Software Development Security of the CISSP Exam:CISSP / Cybersecurity Integration – Software Development Life CycleCISSP Training – Integrate Security in the Software Development Life Cycle (Domain 8)CISSP Exam Question – Development Security / SDLCBTW - Get access to all my Training Courses here at: https://www.cisspcybertraining.comWant to find Shon Gerber / CISSP Cyber Training elsewhere on the internet?LinkedIn – www.linkedin.com/in/shongerberCISSPCyberTraining.com - https://www.cisspcybertraining.com/Facebook - https://www.facebook.com/CyberRiskReduced/LINKS: ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Infosec Industry https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/software-development-security/#gref OWASP https://www.owasp.org/index.php/Top_10-2017_What%27s_Next_for_Developers file:///C:/Users/gerbersa/Downloads/SAMM_Core_V1-1-Final-1page.pdfSYNK.IO https://snyk.io/blog/ten-git-hub-security-best-practicesNational Cyber Security Centre https://www.ncsc.gov.uk/guidance/secure-your-development-environmentGain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
We completed 21 audits on 16 agencies and 4 school districts between CY 2020 and 2022 (1 entity was audited twice during this time period). This summary report shows 10 of the 21 entities did not substantially comply with applicable IT security standards and best practices. Entities struggled with properly scanning and patching their computers. Entities also had compliance problems because they did not create, maintain, or test incident response plans or continuity of operations plans. Other significant issues included poor security awareness training or failed social engineering tests. Almost half the entities had significant management, contract, or policy-related weaknesses. Additional security weaknesses included inadequate account security controls, poor encryption, back up, or destruction processes of sensitive data. We also noted several entities had inadequate network boundary protection or had poor access or environmental controls for their data centers. Lastly, we identified significant security issues within agencies' specific IT systems. The findings in this report are similar to those in previous summary IT reports. The main reasons for compliance problems across the 20 entities included insufficient top management attention and inadequate resources.
We're in the process of implementing the CIS controls. This will take time. We're also very busy. Are there any gaping security holes that we need to fix? Do we have any security controls in place? Can we wait to implement the CIS controls?LINKS1. runZero - Active discovery tool for asset inventory2. Enterprise Asset Management Policy TemplateFIND US ON1. Twitter - DamienHull2. YouTube
Threat trends: mapping your organisation's cyber-risk profile against new and emerging exploitsThreat modelling: do your controls mitigate the impact of new and emerging exploits ?Turning reactive security into a proactive methodology
The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure and has played a huge part in elevating the industry standard for security. They bring together top developers, end-users, and vendors, and also run the world's largest open source developer conferences. Today on the show we're thrilled to welcome Emily Fox, a Security Engineer, who also serves as the co-chair of the CNCF Technical Oversight Committee (TOC), and is involved in a variety of open source communities. In our conversation with Emily, we unpack the intricacies of Open Source security and vulnerabilities, as well as what she's learned during her time with the CNCF. We discuss what participants can expect from the Global Security Vulnerability Summit, how you can get involved, and the project that Emily is most excited about. Finally, Emily shares her passion for ensuring that women join the technology sector and breaks down the crucial steps that will get us there. Tune in for a fascinating conversation on open source securities, vulnerabilities, and more!
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks. AA22-137A Alert, Technical Details, and Mitigations White House Executive Order on Improving the Nation's Cybersecurity NCSC-NL Factsheet: Prepare for Zero Trust NCSC-NL Guide to Cyber Security Measures N-able Blog: Intrusion Detection System (IDS): Signature vs. Anomaly-Based NCSC-NL Guide to Cyber Security Measures National Institute of Standards and Technology SP 800-123 – Keeping Servers Secured NCSC-UK Guidance – Phishing Attacks: Defending Your Organisation Open Web Application Security Project (OWASP) Proactive Controls: Enforce Access Controls All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks. AA22-137A Alert, Technical Details, and Mitigations White House Executive Order on Improving the Nation's Cybersecurity NCSC-NL Factsheet: Prepare for Zero Trust NCSC-NL Guide to Cyber Security Measures N-able Blog: Intrusion Detection System (IDS): Signature vs. Anomaly-Based NCSC-NL Guide to Cyber Security Measures National Institute of Standards and Technology SP 800-123 – Keeping Servers Secured NCSC-UK Guidance – Phishing Attacks: Defending Your Organisation Open Web Application Security Project (OWASP) Proactive Controls: Enforce Access Controls All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
This episode reports on data breaches, a new trick by a hacker and GitHub's determination to get developers to use two-factor authentication
Avishai Avivi is the Chief Information Security Officer (CISO) at SafeBreach. In this episode of The Modern Security Architecture, Avi joins host Zack Hack to talk about testing the efficacy of your security controls, how to prioritize future security investments, and more. Safebreach provides a breach and attack simulation platform that identifies vulnerabilities in cybersecurity environments by mimicking the likely attack paths and techniques used by malicious actors. To learn more about our sponsor, visit https://safebreach.com
This week the guys discuss physical security controls (and lasers) to ensure that your organization is both secure and compliant! Cybersecurity doesn't stop at technology implementation. If you follow NIST 800-171, CMMC, PCI-DSS, or a number of other compliance requirements, you'll need to physically secure your premises to protect systems and data. Hear what the guys have to say about implementing physical security controls.Pick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe!