Information Security Podcast Information Security Summit

Title: Migrating to the Public Cloud...so, What’s the Big Deal?
Description:
This episode of the Information Security Podcast features a keynote from the Information Security Summit 2019 by Grant Asplund @gasplund from Check Point Software @CheckPointSW “Migrating to the Public Cloud...so, What’s the Big Deal?”.  The presentation is both enlightening and entertaining while examining the many factors an organization should consider when migrating to the Public Cloud.
Key Discussion Points and Actionable Items:
Parallels between the Mainframe in the past and the Public Cloud today
Recognition that knowledge from the past of operating and securing On Premise environments don’t directly translate to the Public Cloud
Importance of an organization asking the basic question “Am I using the Public Cloud securely?”
The paradigm shift when having an “always connected resource” that must be managed 7x24x365 and the demands it places on IT and Security Teams
The requirement to “re-tool” the solutions supporting an organization in the Public Cloud especially when using technologies such as Kubernetes and microservices
Benefits of leveraging the Public Cloud when designed, implemented, and operated properly.
Special Notice to our Faithful Listeners:
The Information Security Podcast will be transitioning to a monthly schedule following this episode.
Thank you for all your support and check back with us in about a month.
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!
If you enjoyed Grant’s keynote, check out Grant’s podcast, Talking Cloud, featuring interviews regarding secure migration strategies to the public cloud.

Title: Top Cyber Security Issues when Migrating to the Cloud
Description:
This episode of the Information Security Podcast features a keynote from the Information Security Summit 2019 by Bob Kalka @bobkalka ‏from IBM @IBM entitled “Top Cyber Security Issues when Migrating to the Cloud”.  The presentation examines the many factors that impact an organization as it prepares, migrates, and operates in “the Cloud”.
Key Discussion Points and Actionable Items:
Recognition that any IT, Security, or Application issues that exist prior to a Cloud migration are going to be further extenuated once migrated to the Cloud
The concept of security “For, From, and In” the Cloud
Understanding the difference between a Risk vs. Compliance posture by a Security Team
Importance of avoiding the pitfalls of “under-deployed” software investments
Being aware of the assumptions organizations make regarding the “shared responsibility model” between a customer and a cloud service provider and the potential pitfalls that could impact an organization
Review the proper controls for a cloud migration including the identification of all critical data and properly protecting it before a cloud migration
Preparation for appropriate incident response tactics
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!
 

Title: Delivering Trust and Confidence
Description:
This episode of the Information Security Podcast features a conversation with Kurt Van Etten @kurtvanetten from RedSeal and host Rob Nettgen (@Robert_Nettgen).  This episode discusses the process of enabling a Security Team with the capability of “Delivering Trust and Confidence” within their organizations.
Key Discussion Points and Actionable Items:
Recognition that a Security Team has a requirement to establish credibility within their respective organizations
Requirement to establish metrics, via frameworks, so benchmarks can be used to validate the activities of the Security Team
Importance of managing expectations and communicating across the organization
Communicating to establish the level of risk, via the Executive Management Team, an organization is willing to assume to guide investments in security
How critical it is to establish the threat landscape of your organization
Leveraging tabletop exercises to establish the capability to effectively respond to an incident.
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Title: Demystifying Industrial Control System Cyber Risk
Description:
This episode of the Information Security Podcast features a conversation with Mike Radigan @RadiganatBOS from Capgemini @Capgemini and host Rob Nettgen (@Robert_Nettgen).  This episode discusses the process of “Demystifying Industrial Control System Cyber Risk”.
Key Discussion Points and Actionable Items:
Defining the various types of Industrial Control Systems and how they support a Plant’s Operation
The inter-relationship of Industrial Control Systems, Information Technology, and Cyber Security
How Industrial Control Systems have evolved over time and why integrations exist with the balance of an organization’s Information Technology infrastructure
The role of a Plant Manager and how they assess risk in a Plant’s Operation comparing Cyber Risk and Manufacturing Operations
The difference between Cyber Risks and Cyber Threats
Methods to equate, quantify, and explain Operational Risk to Cyber Risk
Importance of understanding Cyber Risk at the Board level and making educated business decisions
The impact of regulations and compliance in assessing and managing Cyber Risk.
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Title: Building a Cyber Security Team
Description:
This episode of the Information Security Podcast features a returning guest and alumni of the Information Security Podcast, Kevin Baker, with host Rob Nettgen (@Robert_Nettgen).  This episode discusses the approach to “Building a Cyber Security Team”.
Key Discussion Points and Actionable Items:
The value and importance of maintaining relationships between both the C-Suite and the team executing an organization’s security program
Recognizing the role of the CISO / security leader to be the “glue” of an organization’s overall security program by being an effective conduit and facilitator within an organization
Leveraging a full “suite” of skills to be an effective leader to deliver value as part of an organization’s investment in security and business
The importance of accepting and acknowledging the dependency between Information Technology and Security to complement each other’s respective roles
Gaining an understanding of the evolving threat landscape and the motivation behind the risks to an organization.
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Title: Incident Response under the Microscope
Description:
This episode of the Information Security Podcast features an interview with Eric Vanderburg @evanderburg from TCDi @tcdi with host Rob Nettgen (@Robert_Nettgen).  This episode discusses the details surrounding effective “Incident Response”.
Key Discussion Points and Actionable Items:
Benefits an organization can realize with a defined “Incident Response Program”
Importance of an organization knowing its environment including IT assets, applications, and where its data resides before an “Incident” takes place
Requirements to “train” and prepare employees before an “Incident” takes place so the response is well executed vs. a reaction
Awareness of an organization’s contractual or compliance requirements to have a defined “Incident Response Program”
Recognizing that “Incident Response” is a cross-organizational responsibility.
Sponsored By:
ASMGi (@ASMGi_CLE) and https://www.asmgi.com/
Briteskies (@NoBrownCow) and https://www.briteskies.com/
Recorded and Production By:
Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).
Additional Information and Resources:
For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!