Cybersecurity Where You Are (video)

Center for Internet Security

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. Episode 178: Appropriate Defense to Iranian Threat Activity

    HACE 3 DÍAS · VIDEO

    Episode 178: Appropriate Defense to Iranian Threat Activity

    In episode 178 of Cybersecurity Where You Are, Sean Atkinson sits down with Theodore "TJ" Sayers, Senior Director of Threat Intelligence at the Center for Internet Security® (CIS®). Together, they discuss how to mount an appropriate defense to Iranian threat activity observed in February and March 2026. Here are some highlights from our episode: 00:58. Iran's historical tit-for-tat style of cyber operations02:50. Regional targets: A primary focus of Iran's state-sponsored threat actors04:05. What the CIS Cyber Threat Intelligence (CTI) team is watching for05:19. Contextualizing a drop in precursor-related threat activity from Iran06:59. Sectors directly and indirectly affected by observed Iranian threat activity09:12. Password spraying, data wipers, and more: Common TTPs of Iranian threat groups11:50. The importance of cybersecurity awareness training in countering TTPs that still work16:07. Advice to SOC managers: How to detect what CIS CTI is expecting the most21:25. NASCIO's Top 10 Priorities as a guide for framing strategic risk of Iran's threat activity26:39. What an effective threat intel team does and does not do29:29. Community defense for U.S. State, Local, Tribal, and Territorial (SLTT) organizationsResources Multi-State Information Sharing and Analysis Center®Snap Call: Public Sector Threat Update Amid Conflict in IranHow to Defend Against Iran's Cyber Retaliation PlaybookCloudflare | Traffic in IranEpisode 143: Iran's Growing Multidimensional Threat ActivityEpisode 142: SLTTs and Their Nuanced Cybersecurity NeedsMS-ISAC Guide to DDoS AttacksExploited Protocols: Remote Desktop Protocol (RDP)Commonly Exploited Protocols: Server Message Block (SMB)State CIO Top Ten Policy and Technology Priorities for 2026If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  2. Episode 177: Power of Community-Developed Security Content

    4 MAR · VIDEO

    Episode 177: Power of Community-Developed Security Content

    In episode 177 of Cybersecurity Where You Are, Tony Sager sits down with Bob Gendler, IT Specialist at the National Institute of Standards and Technology (NIST), and Edward Byrd, Senior Cybersecurity Engineer of the CIS Benchmarks® at the Center for Internet Security® (CIS®). Together, they use the open-source macOS Security Compliance Project to discuss the power of community-developed security content. Here are some highlights from our episode: 01:15. Introductions to Bob and Edward along with their first Mac devices03:24. Why CIS Benchmarks are needed for macOS05:49. The need to make security guidance a collaborative, ongoing exercise11:06. Inside the expanding community supporting the macOS Security Compliance Project16:59. A practical win: making daily security operations easier to manage21:40. An operational feedback loop of improving the CIS Benchmarks25:25. The implications of compliance pointing to assurance, not security30:53. Advice on how to prepare for an audit using the CIS Benchmarks34:18. The importance of rationale in defining reasonable cybersecurity behavior35:30. A teaser of upcoming changes and how to get involvedResources CIS Benchmarks ListMapping and Compliance with the CIS BenchmarksApple macOSCIS WorkBenchCIS CommunitiesEpisode 156: How CIS Uses CIS Products and ServicesReasonable CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 min
  3. Episode 176: A Cybersecurity Journey of Incremental Wins

    25 FEB · VIDEO

    Episode 176: A Cybersecurity Journey of Incremental Wins

    In episode 176 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member, and Maureen Kunac, Senior Product Manager at the Center for Internet Security® (CIS®). Together, they discuss Brock's story of using incremental wins to advance his organization on its cybersecurity journey. Here are some highlights from our episode: 02:10. Getting started making the largest measurable impact with CIS-CAT® Pro Assessor03:52. Implementation Group 1: A filter for prioritizing secure configuration management efforts09:16. The use of essential cyber hygiene to build an on-ramp to a security controls program11:18. Navigating breakage, dependency, and other principles of change management13:37. Lessons learned from beta testing and enterprise rollout of security changes22:24. Advice: How to start on a journey of system hardening with measurable impactResources Episode 163: K-12 Cybersecurity Made PracticalFormalizing K-12 Cybersecurity Policies in Less TimeCIS-CAT® Pro AssessorCIS-CAT Pro Results Focus on CIS Controls IG1CIS Critical Security Controls®Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1What SLTTs Should Know About the FREE CIS SecureSuite MembershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    36 min
  4. Episode 175: Practically Solving Cyber Problems at Scale

    18 FEB · VIDEO

    Episode 175: Practically Solving Cyber Problems at Scale

    In episode 175 of Cybersecurity Where You Are, Tony Sager sits down with Phil Reitinger, Chair and Senior Advisor of Global Cyber Alliance. Together, they look back on Phil's career and his dedication to exploring how to practically solve cyber problems at scale. Here are some highlights from our episode: 00:57. How Phil got started in cybersecurity during the "infosec" era04:51. Old wine in new bottles: trust exploitation, authentication failures, and update challenges06:14. The lack of political will, not technology, in solving fundamental cyber problems07:33. How industry and government share similar challenges in cybersecurity10:09. The importance of metrics in incentivizing the right actions12:33. Scale: the biggest obstacle to collective cyber defense there ever was or will be22:50. The Global Cyber Alliance and a focus on practically solving cyber problems at scaleResources Episode 30: Solving Cybersecurity at Scale with NonprofitsEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 80: Advancing Common Good in Cybersecurity – Part 2Quad9If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  5. Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    11 FEB · VIDEO

    Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 02:00. How cross-platform campaigns are becoming the norm03:09. Threat actors' use of generative artificial intelligence (GenAI) to expand their attacks and gain efficiencies05:08. The blurring line of what separates today's script kiddies from nation-state threat actors07:47. Fully autonomous malware: in the realm of possibility but not here yet13:19. How specialization in the criminal ecosystem requires us to rethink analysis itself16:07. Shrinking dwell time: a product of the democratization of complex tools' availability18:02. The effective use of social engineering to lower threat actors' operational costs19:20. Malware's increasing use of trusted infrastructure to thwart cyber defenses20:25. The use of behavioral analysis to apply bottleneck security mechanisms22:40. Evolving threat actors' tradecraft: pseudo-random subdomains, GenAI models, and SEO poisoning26:39. What trust looks like today: something that's dynamic and negotiated at a moment's notice31:25. Supply chain attackers' pivot to edge device vendors and security appliance makers33:43. The ongoing work of CIS to support state and local governments' cybersecurity effortsResources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1The Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeSurge of QakBot Activity Using Malspam, Malicious XLSB FilesActive Lumma Stealer Campaign Impacting U.S. SLTTsEpisode 173: Scammer Jousting as Human Risk ManagementClickFix: An Adaptive Social Engineering TechniqueImpact of Federal Funding Cuts to the Value of MS-ISAC CTIEpisode 157: How a Modern, Mission-Driven CIRT OperatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 min
  6. Episode 173: Scammer Jousting as Human Risk Management

    4 FEB · VIDEO

    Episode 173: Scammer Jousting as Human Risk Management

    In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing. Here are some highlights from our episode: 01:05. How simulated phishing and scammer jousting manage human risk03:48. The shift in perception of security awareness training over the past 20 years06:19. The need for testing to build capability and resiliency amongst employees09:27. The many faces of phishing attacks and the impact of generative artificial intelligence15:00. How gamification is proven to help users learn more in their cybersecurity training16:57. How data empowers organizations to communicate the potential impact of a phish19:57. The use of behavior engineering to foster a stronger security culture23:56. The value of customer feedback in continuously enhancing phishing training29:52. Continuous and hyper-personalized training as the future of spammer joustingResources Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  7. Episode 172: Helping CISOs as a CIS Controls Ambassador

    28 ENE · VIDEO

    Episode 172: Helping CISOs as a CIS Controls Ambassador

    In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs. Here are some highlights from our episode: 00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResources CIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  8. Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    21 ENE · VIDEO

    Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption. Here are some highlights from our episode: 00:50. Introduction to Soledad02:48. How the convergence of informational technology (IT) and operational technology (OT) has created bigger attack surfaces04:10. The proliferation of threat actors targeting critical infrastructure sectors07:24. The challenge of legacy systems for U.S. SLTT owners of CNI08:13. Alert fatigue, limited visibility, and other challenges facing OT networks13:22. The value of automated cyber threat intelligence (CTI)24:46. Building strategic AI implementation around human in the loop (HITL)33:17. U.S. SLTTs' use of the cloud to test and build trust for securing CNIResources The Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    37 min
Ver todo (178)

Acerca de

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Información

También te podría interesar