In episode 82 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by John Gilligan, President and CEO at the Center for Internet Security® (CIS®); and Gina Chapman, Chief Operating Officer at CIS. Together, they discuss the importance of in-person team building events. They use the pandemic as a frame to understand how events such as the 2024 Annual Full Staff Meeting preserve and cultivate CIS's workplace culture. They also look to other ongoing initiatives at...

In episode 81 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Daniel McIntyre, Identity and Access Management (IAM) Manager at the Center for Internet Security® (CIS®). Together, they acknowledge Identity Management Day 2024 with a discussion of IAM. They begin by looking at how IAM as a concept has changed over the years. They then explore current challenges in the modern environment and strategies for IAM to keep up with emerging threats. After emphasizing the importance...

In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber. Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation...

In episode 79 of Cybersecurity Where You Are, co-host Tony Sager is joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they discuss the Common Good Cyber cybersecurity initiative. Tony and Philip begin by sharing the paths that brought them to the nonprofit sector. From there, Philip recounts the events and needs that led to the formation of Common Good Cyber. They end the first part of their conversation by exploring the nature of "common good" in relation to...

In episode 78 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Lisa Young, Senior Metrics Engineer at Netflix. Lisa is a long-time practitioner in the cybersecurity risk, risk quantification, and metrics field. She has a rich career and experience of putting resources towards practices that will protect, sustain, make organizations resilient over time. In her current role, Lisa helps Netflix measure what works, what doesn't work, and how to optimize...

In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept...

In episode 76 of Cybersecurity Where You Are, co-host Tony Sager is joined by Julie Morris, CEO and Co-Founder of Persona Media. Together, they discuss the role of thought leadership in cybersecurity. They begin by discussing misconceptions surrounding the notion of thought leadership. Next, they explore what thought leadership looks like in the context of an industry like cybersecurity and a company like the Center for Internet Security® (CIS®). Their conversation concludes with some advice...

In episode 75 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager discuss how generative artificial intelligence (GenAI) continues to reshape cybersecurity. They begin by using Episodes 48, 49, and 56 to consider the ongoing impact of GenAI on confidence, trust, and consistency as elements of a mature cybersecurity program. After reflecting on how confidence has shaped the work of the Center for Internet Security® (CIS®) more generally, Sean and Tony conclude by revisiting...

In episode 74 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Brian de Vallance, Senior Advisor at Cambridge Global Advisors; and Carlos Kizzee, Senior Vice President (SVP) for Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®). In recognition of Data Privacy Week on January 21-27, 2024, they discuss the nexus of cybersecurity and privacy legislation in the United States. They begin by reviewing...

In episode 73 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager use our 2023 cybersecurity predictions to understand how the industry changed last year. They discuss progress and challenges around Artificial Intelligence (AI), zero trust, and other key trends they and others brought up in our blog post, "Our Experts' Top Cybersecurity Predictions for 2023." They also promise a similar year in review (YIR) for our 2024 cybersecurity predictions, for which 17 experts at the...

In episode 72 of Cybersecurity Where You Are, co-host Tony Sager is joined by Phyllis Lee, VP of Security Best Practices (SBP) Content Development at the Center for Internet Security® (CIS®). Together, they discuss "Cybersecurity: Practice What, and While, We Teach," a keynote panel where they discussed cybersecurity in education during Tech Tactics in Education: Data and IT Security in the New Now. Throughout this episode, they pull in recorded snippets from their panel. They use those...

In episode 71 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Carlos Kizzee, SVP for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & Plans at the Center for Internet Security® (CIS®); Dr. Bhargav Vyas, Assistant Superintendent for Compliance and Information Systems as well as Data Protection Officer at Monroe-Woodbury Central School District; and Terry Loftus, Assistant Superintendent & Chief Information Officer of...

In episode 70 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Mathew Schwartz, Executive Editor for DataBreachToday & Europe at the Information Security Media Group (ISMG). Together, they discuss the media's role in shaping public understanding and perception of infosec. They begin by considering the idea of media channels helping to educate the public about cybersecurity matters, including data breaches and digital threats. From there, they go on to talk about how the...

In episode 69 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Tyler Scarlotta, Manager of Member Programs at the Center for Internet Security (CIS). Together, they discuss how the Nationwide Cybersecurity Review (NCSR) helps U.S. State, Local, Tribal, and Territorial (SLTT) government organizations evaluate their cyber maturity. They begin by reviewing what the NCSR assessment program entails and identifying trends from previous years. They then explore the lessons learned...

In episode 68 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by James Yeager, VP of Public Sector and Healthcare at CrowdStrike. Together, they discuss designing cyber defense as a partnership effort. They begin by reflecting on the ongoing work of CIS and CrowdStrike to advance cyber defense together. After touching on some of the biggest trends they've seen in the threat landscape, they note how giving advice to customers around cyber defense requires...

In episode 67 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Stephanie Gass, Director of Governance, Risk, and Compliance at the Center for Internet Security (CIS). Together, they discuss how to seize the moment once you've completed a cybersecurity audit. They explore the types of questions that you need to think about and the challenges you might encounter when acting upon a cybersecurity audit's findings. Additionally, they walk through a few examples of how you might...

In episode 66 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Mike Garcia, Senior Cybersecurity Advisor at the Center for Internet Security (CIS), and Jared Dearing, Sr. Director of Elections Best Practices at CIS. Together, they discuss the Rapid Architecture-Based Election Technology Verification (RABET-V) program. They begin by noting how the lack of a standardized verification process for non-voting election systems warranted the creation of a holistic...

In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and...

In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types...

In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.

In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving...

In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on...

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a...

In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests...