Cybersecurity Where You Are (video)

Center for Internet Security

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. Episode 181: Supply and Demand of Cybersecurity Ecosystems

    4D AGO ·  VIDEO

    Episode 181: Supply and Demand of Cybersecurity Ecosystems

    In episode 181 of Cybersecurity Where You Are, Tony Sager sits down with Vilius Benetis, Director of NRD Cyber Security. Together, they discuss how Vilius applies his expertise as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help to cultivate supply and demand for growing cybersecurity ecosystems around the world. Here are some highlights from our episode: 01:11. Introductions to Vilius and recollections of how he met Tony for the first time02:06. The CIS Controls as a reasonable, logical approach that avoids generic language04:11. How the CIS Controls shaped Vilius' cybersecurity conversations with the World Bank05:26. A clear connection between knowing what you have and recovering from an incident07:55. A strategic look at how to build cybersecurity programs that will grow and evolve12:18. How the CIS Controls help to clarify reasonable cybersecurity and avoid victim blaming18:07. An encouraging sign: Governments enabling businesses, not competing with them21:13. Transportation: A lens for understanding how security culture and expectations change28:11. A brief look at how to make progress on operationalizing security31:54. The supply and demand forces that help to create cybersecurity ecosystems38:13. An opportunity for helping organizations to simplify governance42:02. Parting thoughts and thanksResources CIS Critical Security Controls®CIS Controls Ambassador Spotlight: Vilius BenetisEpisode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasEpisode 172: Helping CISOs as a CIS Controls AmbassadorReasonable CybersecurityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1The Cost of Cyber Defense: CIS Controls IG1CIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    46 min
  2. Episode 180: Secure by Design Fused to Operational Practices

    MAR 25 ·  VIDEO

    Episode 180: Secure by Design Fused to Operational Practices

    In episode 180 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Stephen Thomas, SVP of Sales and Business Services at the Center for Internet Security® (CIS®), and Nick Rust, Director of Distribution at CIS. Together, they discuss how CIS supports secure by design by integrating it into operational practices. Here are some highlights from our episode: 00:48. Introductions to Stephen and Nick02:20. The need to connect development and operational environments07:31. How CIS security best practices make cybersecurity standard and repeatable09:19. Navigating the complexity the cloud adds to secure by design11:44. The importance of removing guesswork for operating partners and development teams14:21. How CIS provides the professional infrastructure for collective action in cybersecurity16:00. Good configuration management: The bedrock of every successful security program17:29. The use of a common language to communicate security across an organization23:59. Shared responsibility, not shared accountability, in the cloud27:21. A look back at how CIS did secure by design using a projectized approach32:21. Conveying confidence around cybersecurity and compliance in the connected world36:16. Parting pieces of advice for organizations just getting startedResources Secure by DesignSecure by Design: A Guide to Assessing Software Security PracticesEpisode 164: Secure by Design in Software DevelopmentCIS SecureSuite® MembershipCIS SecureSuite® Product Vendor MembersCIS Critical Security Controls®CIS Benchmarks® ListCIS Hardened Images®Meet the Shared Responsibility Model with New CIS ResourcesCloud Companion Guide for CIS Controls v8.1Security in the Cloud with More AutomationImplementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    40 min
  3. Episode 179: 2026 Cybersecurity Predictions from CIS — Pt 3

    MAR 18 ·  VIDEO

    Episode 179: 2026 Cybersecurity Predictions from CIS — Pt 3

    In episode 179 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager conclude their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 01:09. How threat actors' adoption of Agentic AI is reshaping the defender's dilemma06:28. Public confidence: The primary focus for attackers seeking to undermine U.S. elections10:43. The surge in threat actors targeting operational technology and critical infrastructure12:29. Responsibility and the cost of fixing flawed things instead of secure by design16:29. Secure by design: An invitation to rethink architecture and plan for future adaptability17:24. Meeting cloud service prioritization with a foundation of defense for all things25:44. Supporting state and local cybersecurity maturity with both competence and character41:00. Feedback: The key to adapting security controls to evolving threats and technology use50:23. Embedding security into the heart of a businessResources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2Multi-State Information Sharing and Analysis Center®CIS Critical Security Controls®How to Defend Against Iran's Cyber Retaliation PlaybookEpisode 178: Appropriate Defense to Iranian Threat ActivitySecure by DesignCollective SLTT Cyber DefenseEpisode 144: Carrying on the MS-ISAC's Character and CultureMonitoring and Support During the CrowdStrike Falcon OutageEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    54 min
  4. Episode 178: Appropriate Defense to Iranian Threat Activity

    MAR 11 ·  VIDEO

    Episode 178: Appropriate Defense to Iranian Threat Activity

    In episode 178 of Cybersecurity Where You Are, Sean Atkinson sits down with Theodore "TJ" Sayers, Senior Director of Threat Intelligence at the Center for Internet Security® (CIS®). Together, they discuss how to mount an appropriate defense to Iranian threat activity observed in February and March 2026. Here are some highlights from our episode: 00:58. Iran's historical tit-for-tat style of cyber operations02:50. Regional targets: A primary focus of Iran's state-sponsored threat actors04:05. What the CIS Cyber Threat Intelligence (CTI) team is watching for05:19. Contextualizing a drop in precursor-related threat activity from Iran06:59. Sectors directly and indirectly affected by observed Iranian threat activity09:12. Password spraying, data wipers, and more: Common TTPs of Iranian threat groups11:50. The importance of cybersecurity awareness training in countering TTPs that still work16:07. Advice to SOC managers: How to detect what CIS CTI is expecting the most21:25. NASCIO's Top 10 Priorities as a guide for framing strategic risk of Iran's threat activity26:39. What an effective threat intel team does and does not do29:29. Community defense for U.S. State, Local, Tribal, and Territorial (SLTT) organizationsResources Multi-State Information Sharing and Analysis Center®Snap Call: Public Sector Threat Update Amid Conflict in IranHow to Defend Against Iran's Cyber Retaliation PlaybookCloudflare | Traffic in IranEpisode 143: Iran's Growing Multidimensional Threat ActivityEpisode 142: SLTTs and Their Nuanced Cybersecurity NeedsMS-ISAC Guide to DDoS AttacksExploited Protocols: Remote Desktop Protocol (RDP)Commonly Exploited Protocols: Server Message Block (SMB)State CIO Top Ten Policy and Technology Priorities for 2026If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  5. Episode 177: Power of Community-Developed Security Content

    MAR 4 ·  VIDEO

    Episode 177: Power of Community-Developed Security Content

    In episode 177 of Cybersecurity Where You Are, Tony Sager sits down with Bob Gendler, IT Specialist at the National Institute of Standards and Technology (NIST), and Edward Byrd, Senior Cybersecurity Engineer of the CIS Benchmarks® at the Center for Internet Security® (CIS®). Together, they use the open-source macOS Security Compliance Project to discuss the power of community-developed security content. Here are some highlights from our episode: 01:15. Introductions to Bob and Edward along with their first Mac devices03:24. Why CIS Benchmarks are needed for macOS05:49. The need to make security guidance a collaborative, ongoing exercise11:06. Inside the expanding community supporting the macOS Security Compliance Project16:59. A practical win: making daily security operations easier to manage21:40. An operational feedback loop of improving the CIS Benchmarks25:25. The implications of compliance pointing to assurance, not security30:53. Advice on how to prepare for an audit using the CIS Benchmarks34:18. The importance of rationale in defining reasonable cybersecurity behavior35:30. A teaser of upcoming changes and how to get involvedResources CIS Benchmarks ListMapping and Compliance with the CIS BenchmarksApple macOSCIS WorkBenchCIS CommunitiesEpisode 156: How CIS Uses CIS Products and ServicesReasonable CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 min
  6. Episode 176: A Cybersecurity Journey of Incremental Wins

    FEB 25 ·  VIDEO

    Episode 176: A Cybersecurity Journey of Incremental Wins

    In episode 176 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member, and Maureen Kunac, Senior Product Manager at the Center for Internet Security® (CIS®). Together, they discuss Brock's story of using incremental wins to advance his organization on its cybersecurity journey. Here are some highlights from our episode: 02:10. Getting started making the largest measurable impact with CIS-CAT® Pro Assessor03:52. Implementation Group 1: A filter for prioritizing secure configuration management efforts09:16. The use of essential cyber hygiene to build an on-ramp to a security controls program11:18. Navigating breakage, dependency, and other principles of change management13:37. Lessons learned from beta testing and enterprise rollout of security changes22:24. Advice: How to start on a journey of system hardening with measurable impactResources Episode 163: K-12 Cybersecurity Made PracticalFormalizing K-12 Cybersecurity Policies in Less TimeCIS-CAT® Pro AssessorCIS-CAT Pro Results Focus on CIS Controls IG1CIS Critical Security Controls®Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1What SLTTs Should Know About the FREE CIS SecureSuite MembershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    36 min
  7. Episode 175: Practically Solving Cyber Problems at Scale

    FEB 18 ·  VIDEO

    Episode 175: Practically Solving Cyber Problems at Scale

    In episode 175 of Cybersecurity Where You Are, Tony Sager sits down with Phil Reitinger, Chair and Senior Advisor of Global Cyber Alliance. Together, they look back on Phil's career and his dedication to exploring how to practically solve cyber problems at scale. Here are some highlights from our episode: 00:57. How Phil got started in cybersecurity during the "infosec" era04:51. Old wine in new bottles: trust exploitation, authentication failures, and update challenges06:14. The lack of political will, not technology, in solving fundamental cyber problems07:33. How industry and government share similar challenges in cybersecurity10:09. The importance of metrics in incentivizing the right actions12:33. Scale: the biggest obstacle to collective cyber defense there ever was or will be22:50. The Global Cyber Alliance and a focus on practically solving cyber problems at scaleResources Episode 30: Solving Cybersecurity at Scale with NonprofitsEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 80: Advancing Common Good in Cybersecurity – Part 2Quad9If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  8. Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    FEB 11 ·  VIDEO

    Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 02:00. How cross-platform campaigns are becoming the norm03:09. Threat actors' use of generative artificial intelligence (GenAI) to expand their attacks and gain efficiencies05:08. The blurring line of what separates today's script kiddies from nation-state threat actors07:47. Fully autonomous malware: in the realm of possibility but not here yet13:19. How specialization in the criminal ecosystem requires us to rethink analysis itself16:07. Shrinking dwell time: a product of the democratization of complex tools' availability18:02. The effective use of social engineering to lower threat actors' operational costs19:20. Malware's increasing use of trusted infrastructure to thwart cyber defenses20:25. The use of behavioral analysis to apply bottleneck security mechanisms22:40. Evolving threat actors' tradecraft: pseudo-random subdomains, GenAI models, and SEO poisoning26:39. What trust looks like today: something that's dynamic and negotiated at a moment's notice31:25. Supply chain attackers' pivot to edge device vendors and security appliance makers33:43. The ongoing work of CIS to support state and local governments' cybersecurity effortsResources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1The Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeSurge of QakBot Activity Using Malspam, Malicious XLSB FilesActive Lumma Stealer Campaign Impacting U.S. SLTTsEpisode 173: Scammer Jousting as Human Risk ManagementClickFix: An Adaptive Social Engineering TechniqueImpact of Federal Funding Cuts to the Value of MS-ISAC CTIEpisode 157: How a Modern, Mission-Driven CIRT OperatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 min
See All (181)

Ratings & Reviews

5
out of 5
13 Ratings

About

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Information

You Might Also Like