Cybersecurity Where You Are (audio)

• Episode 141: A Human-Centered Take on Password Policies

  In episode 141 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security®(CIS®); and Julie Haney, Computer Scientist & Human-Centered Cybersecurity Researcher at the National Institute of Standards and Technology (NIST). Together, they use a human-centered understanding of security to discuss password policies, including their benefits, drawbacks, and efficacy. Here are some highlights from our episode:01:03. Introductions to Phyllis and Julie03:34. How "human-centered cybersecurity" goes beyond just usability05:35. The use of NIST and other authoritative sources to dispel confusion in cybersecurity09:09. How password policies positively and negatively impact human behavior15:06. Three anecdotes that showcase the importance of context when enacting security policy21:49. The process of using NIST SP 800-63 to recommend password security best practices27:11. Our changing understanding of "the human element"29:23. The need to do cybersecurity awareness training "right" and measure its effectiveness31:30. Recognition of the absence of natural systems thinking in cybersecurity33:14. Psychological safety, feedback, and trust as foundations of security culture39:03. Human touchpoints as a starting point to help usability and security work togetherResourcesCIS Password Policy GuideNIST SP 800-63 Digital Identity GuidelinesEpisode 98: Transparency as a Tool to Combat Insider ThreatsEpisode 110: How Security Culture and Corporate Culture MeshWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

  --------  

  43:18
• Episode 140: Threat-Informed Travel Safety Tips

  In episode 140 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security®(CIS®). Together, they discuss travel safety tips informed by today's evolving multidimensional threat environment. Here are some highlights from our episode:01:30. The most overlooked security risks we need to take seriously whenever we travel03:42. How threat actors can exploit our tendency to overshare online07:25. Top security practices you can use to safely plan your next trip12:28. The value of playing out your travels' worst-case scenario before you leave16:02. The benefits and drawbacks of using electronic navigations systems while traveling18:00. Videos as a means of attuning to the "flow" of a different place and/or culture24:10. Which types of people make attractive targets for foreign intelligence services25:05. Honeypot operations in the physical and digital worlds27:24. Opportunities to protect the technology on which we relyResourcesThreatWA™Travel.State.GovA Short Guide for Spotting Phishing Attempts8 Security Essentials for Managing Your Online PresenceElection Security Spotlight – Social EngineeringIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

  --------  

  34:28
• Episode 139: Community Building for the Cyber-Underserved

  In episode 139 of Cybersecurity Where You Are, Tony Sager is joined by Amelia Gifford, Sr. Manager, Administration, at the Center for Internet Security®(CIS®); and George Bailey, Director of Purdue cyberTAP. Together, they discuss how the 2025 grant from the Alan Paller Laureate Program will support Purdue cyberTAP's mission of community building for the cyber-underserved. Here are some highlights from our episode:01:02. Honoring a legacy of making cybersecurity practical and accessible03:34. The business of giving products away to benefit the cybersecurity community05:00. The use of the CIS Critical Security Controls (CIS Controls) to help rural electricity cooperatives in Indiana11:00. Methodology, tooling, and repeatability as part of a lifecycle of realizing a good idea11:56. Cross-Mapping as a means to help people live with so many security frameworks12:59. Accountability and re-assessment as methods for measuring program success14:59. The power of community in prioritizing the CIS Controls16:38. Community building as a way to navigate the cybersecurity business together17:42. A controlled Controls experiment to generate data, learn lessons, and create feedback19:03. Progress reporting as a way to foster connections24:39. Feedback on the Alan Paller Laureate Program application process26:30. Focus on cybersecurity community impact as a consideration for future applicants30:31. Parting thoughts about the grant program and an invitation to reach out to GeorgeResourcesCenter for Internet Security Awards Nearly $250,000 to Purdue University’s Technical Assistance ProgramEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 97: How Far We've Come preceding CIS's 25th BirthdayCIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideSEC366: CIS Implementation Group 1™How to Plan a Cybersecurity Roadmap in 4 StepsCIS SecureSuite® MembershipMapping and Compliance with the CIS ControlsReasonable Cybersecurity GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

  --------  

  34:46
• Episode 138: The Use of GenAI to Refine Your TTX Development

  In episode 138 of Cybersecurity Where You Are, Sean Atkinson is joined by Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at the Center for Internet Security®(CIS®). Together, they discuss how organizations can use Generative Artificial Intelligence (GenAI) to refine how they develop Tabletop Exercises (TTXs). Here are some highlights from our episode:01:49. Why TTXs function as a "blue sky" opportunity for crisis management and preparedness04:33. A quick recap of how GenAI stands apart from traditional AI06:19. The direct relationship between input and output when measuring GenAI content quality07:36. TTXs as a use case for GenAI to help the "cyber-underserved"10:14. How GenAI can quickly customize TTXs for different organizations and threat models13:56. The use of GenAI to improve TTX facilitation, regularity, and cost17:22. GenAI as an inspiration to act on the findings of a simulation18:26. Risks and ethical concerns to keep in mind for GenAI-enhanced TTX development24:46. Where humans can still play a part in augmented exercises30:08. Closing thoughts about the future of GenAIResourcesLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentEpisode 134: How GenAI Lowers Bar for Cyber Threat ActorsEpisode 89: How Threat Actors Are Using GenAI as an EnablerDeepSeek: A New Player in the Global AI RaceMulti-State Information Sharing and Analysis Center®If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

  --------  

  34:36
• Episode 137: National Cybersecurity Through SLTT Resilience

  In episode 137 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Terry Loftus, Assistant Superintendent (Chief Information Officer) of Integrated Technology Services at the San Diego County Office of Education (SDCOE); and Netta Squires, President of Government Affairs, Cybersecurity, & Resilience at Open District Solutions (ODS). Together, they discuss how the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) functions as a space for U.S. State, Local, Tribal, and Territorial (SLTT) entities to collectively strengthen their cyber resilience in support of U.S. national cybersecurity. Here are some highlights from our episode:01:15. A study to understand the cybersecurity perspectives of the MS-ISAC community03:24. The need for sustained cyber defense accelerators to drive U.S. SLTT resilience07:31. How surveys and focus groups uncovered U.S. SLTT cybersecurity funding, staffing, and governance challenges13:06. The superpower of cyber threat intelligence driven, tailored, and provided via community17:41. Trust as a foundation for building relationships among MS-ISAC members and partners21:26. How the MS-ISAC moved community cyber defense from conversational to operational22:22. The role of trust in making membership affordable and solutions at scale possible25:00. Opportunities for relationship building, training, and access to services in the MS-ISAC30:00. Examples of MS-ISAC success stories and the need to share them33:40. The MS-ISAC as a space to craft a strategic path for national cybersecurity36:29. Closing thoughts on how members value and can get involved in the MS-ISACResourcesStrengthening Critical Infrastructure: SLTT Progress & PrioritiesMalicious Domain Blocking and Reporting (MDBR)Episode 126: A Day in the Life of a CTI AnalystWhy Whole-of-State Cybersecurity Is the Way ForwardMS-ISAC: Defending America’s Critical InfrastructureIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

  --------  

  42:01

Weitere Wirtschaft Podcasts

Trending Wirtschaft Podcasts

Über Cybersecurity Where You Are (audio)