This week, we welcome Doug Landoll, CEO at Lantego, to talk about CMMC Program and the DIB Preparation! Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks...

This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at NTIA, to discuss SBOM!   What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO?   Show Notes: https://securityweekly.com/scw74 Segment Resources: https://ntia.gov/SBOM   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.   Show Notes: https://securityweekly.com/scw73 Segment Resources: ...

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now. Chris Pin, VP of Security and Privacy at PKWARE, will be discussing: • How Virginia’s law differs from CCPA and GDPR and the key points companies need to know • Where and how companies may need to...

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your security posture. -Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the controls they have in place.   Show Notes:...

This week, we welcome Chris Hughes, Principal Cybersecurity Engineer at Rise8, to talk about Compliance Innovations in the Cloud. Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this session we will dive into many of the headaches and pain points traditionally associated with compliance, explaining how leveraging cloud can improve both compliance and security.   Show Notes:...

Today we are going to take a look at security awareness training programs in organizations. We are joined to day by Kelley Bray and Stephanie Pratt who will help facilitate the discussion. We'll start with the history and evolution of security awareness programs; what has worked, or more precisely what hasn't worked. We'll also touch on how most security awareness programs stem from compliance requirements but could be doing so much more. We continue the discussion about the importance of...

Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he was the service provider behind the Financial Services ISAC, then a subscriber and ISAC member for 13 years in the banking and finance sector.   Show Notes: https://securityweekly.com/scw68 Segment Resources: Errol's Testimony Before the House Financial Services Subcommittee Transcript - ...

The SCW hosts discuss Rafal Los' recent blog post "Vulnerability Management is Still a Mess" ( https://blogwh1t3rabbit.medium.com/vulnerability-management-is-still-a-mess-27519ffcecc0 ). In the first segment, we will learn all about Rafal's cybersecurity background and why vulnerability management has not evolved in line with the technology. In the second segment, the SCW hosts will continue the discussion with Raf and hopefully come up with some guidance on what can be done to make...

This week, Jeff, Liam Downward, Scott, & Josh talk PCI with Dan DeCloss and Shawn Scott from PlexTrac!   Show Notes: https://securityweekly.com/scw66 Visit https://securityweekly.com/plextrac to learn more!   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

We're excited to have Priya Chaudry with us today, so we are going to focus our discussion on news and events with legal implications (or the legal implications of news and events)!   For starters, the U.S. Cyber Command recently held a virtual edition of its 2021 Legal Conference. The annual conference explores current law and policy issues related to offensive and defensive cyberspace operations.   Show Notes: https://securityweekly.com/scw65 Visit https://www.securityweekly.com/scw...

This week, we welcome Jim Gilsinn, Principal Industrial Consultant at Dragos, to discuss ICS/OT Regulation! Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but how those industries handle the potential cybersecurity risks varies greatly depending on the regulation that has been applied. The US Government has declared many different industries as critical infrastructures with different...

This week, we welcome Albert "Nickel" Lietzau, V and Mike Volk from PSA Insurance & Financial Services! Nickel Lietzau and Mike Volk have heard that we are not huge fans of cyber insurance on SCW, and they have graciously agreed to subject themselves to our scrutiny. In the first segment we'll touch on common myths and misconceptions about Cyber Insurance and let Nickel and Mike set us straight. Assuming Nickel and Mike survived the first segment, we're asking them for practical advice in...

This week, we welcome John Threat, Hacker at Mediathreat, followed by Chris Cochran and Ronald Eddings from Hacker Valley Media! Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker. The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat?   Show Notes: https://securityweekly.com/scw62 Visit...

This week, our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more! We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topics.   Show Notes: https://securityweekly.com/scw61 Visit https://www.securityweekly.com/scw for all the latest...

This week, we welcome Wendy Nather, Head of Advisory CISOs at Duo Security at Cisco, to discuss The Security Poverty Line! Securing an organization means more than just spending money. For those that fall below the "security poverty line," many other dynamics come into play that make it harder for them to accomplish even the basics. How do we help them rather than scolding them?   Show Notes: https://securityweekly.com/scw60 Visit https://www.securityweekly.com/scw for all the latest...

This week, we welcome Anthony Palmeri, Enterprise Account Executive at Ekran System, to talk Insider Threats! Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little...

This week, we welcome Jim McKee, Founder & CEO at Red Sky Alliance for an interview!We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep coming up in the news - attribution, conspiracy theories, implications, consequences, and so forth.   In the second segment, we will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be...

This week, we start the new year off with a roundtable discussion amongst the hosts looking back on the highs and lows of 2020! We don't want to have the typical "predictions" episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)? Looking back: -Solarwinds (not in depth but just as part of the year) -Covid-19 -Working from home -Conferences shut down -Travel gone -The new normal of zoom calls -Kids at...

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching "PCI" context to this discussion. We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI...

This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about The Cyber Risk/Compliance Transformation Solution! We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick "Flee" Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square. We'll spend some time getting to know Flee and his background, pepper him with questions,...

This week, we're going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He's also co-founder and CEO of a company called ByteChek whose tagline is "We Make...

This week, we welcome Zulfikar Ramzan, Ph.D., Chief Digital Officer at RSA Security, to talk about how Zero Trust Intersects XDR in Today’s Digital Era! In the second segment, the SCW crew and Dr. Ramzan talk about Cyber Credit Score Industry! Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we'd bring it up as a compliance topic. We'll define what we're talking about when it comes to Cyber Credit Scores - what they...

This week, we have the pleasure of welcoming the newest member of the CRA/Security Weekly family, Adrian Sanabria! What is his role at Security Weekly, and what is the plan for rolling things out over the next 12-18 months? We'll continue the discussion with Adrian Sanabria and explore if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience!   Show Notes: https://wiki.securityweekly.com/scw52 Visit https://www.securityweekly.com/scw for all...

This week, we welcome back Liam Downward, CEO at CYRISMA, to talk about Data, Data, Data! You've scanned your data to uncover risks and vulnerabilities and assigned accountability through mitigation plans to meet compliance mandates. Now you must classify, rank, prioritize and score your data to track efforts and stay organized.   Show Notes: https://wiki.securityweekly.com/scw51 Visit https://securityweekly.com/cyrisma to learn more about them!   Visit https://www.securityweekly.com/scw...