Episodes

Threat modeling is an intrinsic part of information security governance and needs to be done well. However, research finds that many organizations don't do it well, some are pretty haphazard or chaotic in their approach. In this episode, Marcos Lira, …

The Cybersecurity and Infrastructure Security Agency (CISA) recently (Oct 31, 2022) released fact sheets urging all organizations to implement phishing-resistant multi-factor authentication (MFA). In this episode, George Gerchow, Chief Security Officer and Senior Vice President of IT, Sumo Logic, and …

A recent Global SMB Ransomware survey finds that nearly half of small and medium-sized businesses (SMBs) have experienced a ransomware attack, yet the majority aren't sure they are a target, and most are not confident they can fend off such …

In this episode, Kal Sambhangi, Senior Vice President, Cybersecurity Strategy and Architecture at Truist, shares his vision of the future of cyber governance. According to him, the leadership mindset needs to change whereby they are optimistic and opportunistic about cybersecurity …

Comprehensive asset discovery is foundational to robust and proactive cybersecurity governance. The Cybersecurity and Infrastructure Security Agency recently issued a directive (BOD 23-01) requiring federal enterprises (civilian executive branch) to perform automated asset discovery every 7 days. Among other things, …

In a highly engrossing and in-depth discussion, Tej Patel, Vice President, and CIO at Stevens Institute of Technology sheds light on the various information security challenges that plague academic institutions and how best to deal with them. He talks about …

As more organizations embrace cloud-based services, securely migrating to the cloud is becoming an important capability. Keith Weller, former Vice President, Enterprise Technology Services, American Cancer Society (ACS), spearheaded a highly successful migration initiative where they transitioned a 5000-square-foot donation …

Insider threats are often considered the biggest risk for organizations because they can cause the most destruction. Survey reports, and studies, have found that organizations have spent millions of dollars to recover from insider threat attacks. Proactively detecting and thwarting …

The Security Operations Center (SOC) is at the heart of an organization's cyber defense system. Highly skilled and motivated personnel must work in these centers. James Risler, Senior Manager, Cisco Learning and Certifications, discussed the roles of the security engineer …

Daniela Almeida Lourenco, Chief Information Security Officer (CISO) at Tinka, firmly believes that CISOs have the very best of intentions -- "we all mean the best; we all want to protect the organization, and that is all we want to …

With the growing move towards a hybrid and remote work environment, more and more people are relying on their smart devices to get work done. Keeping track of all of these devices, and ensuring that they are being used in …

With increasing digitization and the use of cloud-hosted assets, managing attack surfaces continues to be a major challenge. A recent survey report on the state of attack surface management (ASM) finds security teams drowning in a flood of legacy and …

"If you can plan for the zombie apocalypse, you can probably face just about anything," said Tim Callahan, Senior Vice President, and Global Chief Information Security Officer, Aflac during a talk in my Master's level class on cybersecurity readiness at …

Security Operating Center (SOC) staff members are often consumed with tedious manual tasks that lead to burnout and can cost organizations millions of dollars in losses due to human error. Thomas Kinsella, Co-Founder & Chief Operating Officer at Tines discusses …

In a recent news release, Reuters reported that "United States has offered a $15 million reward for information on Conti ransomware group. The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess …

How do you make security a first-class citizen of the software development process? According to an industry report, “many information security engineers don’t understand software development—and most software developers don’t understand security. Developers and their managers are focused on delivering …

In a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of "delivering on …

Using compelling stories and metaphors, Ted Harrington, author of Hackable: How To Do Application Security Right, and Executive Partner at Independent Security Evaluators, explains the process of hacking and the importance of being able to think like a hacker. He …

"The story of the RMS Titanic has served as a grim reminder that regulatory compliance does not guarantee safety or security. The ship was carrying 2,224 passengers and crew when it sank one April night in 1912, killing over 1,500 …

"Security experts are split on cyber insurance and its place in business, with just as many arguing that it is a useless add-on as an essential business enabler." A KPMG study indicated that these policies were not overly trusted by …

The phenomenon of cyber trauma is very real and individuals and organizations are often not adequately prepared to deal with it. Patrick Wheeler, a Luxembourg-based cybersecurity practitioner and Director of the Cyber Wayfinder program, shares his experience in dealing with …

Art Ehuan, Vice President, Palo Alto Networks, and Former FBI Special Agent, discusses at length the unfortunate evolution and escalation of ransomware attacks. He explains how the threat actors have upped their game and are now engaging in double, triple, …

Cybersecurity communication should be simple, immersive, attractive, continuous, and multi-channel, says Marcin Ganclerz, a subject matter expert. He passionately argues for creating a 'culture of enablement and not fear' so employees can play a vital role in enhancing cybersecurity communication …

In episode 18, Alan Mihalic, President IoT Security Institute, speaks to the challenges and success factors associated with securing Internet-of-Things (IoT) devices in smart supply chains. He draws upon the IoT Security Framework to share some guiding principles and practices …