Cybersecurity Where You Are (video)

Center for Internet Security

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. Episode 177: Power of Community-Developed Security Content

    5H AGO · VIDEO

    Episode 177: Power of Community-Developed Security Content

    In episode 177 of Cybersecurity Where You Are, Tony Sager sits down with Bob Gendler, IT Specialist at the National Institute of Standards and Technology (NIST), and Edward Byrd, Senior Cybersecurity Engineer of the CIS Benchmarks® at the Center for Internet Security® (CIS®). Together, they use the open-source macOS Security Compliance Project to discuss the power of community-developed security content. Here are some highlights from our episode: 01:15. Introductions to Bob and Edward along with their first Mac devices03:24. Why CIS Benchmarks are needed for macOS05:49. The need to make security guidance a collaborative, ongoing exercise11:06. Inside the expanding community supporting the macOS Security Compliance Project16:59. A practical win: making daily security operations easier to manage21:40. An operational feedback loop of improving the CIS Benchmarks25:25. The implications of compliance pointing to assurance, not security30:53. Advice on how to prepare for an audit using the CIS Benchmarks34:18. The importance of rationale in defining reasonable cybersecurity behavior35:30. A teaser of upcoming changes and how to get involvedResources CIS Benchmarks ListMapping and Compliance with the CIS BenchmarksApple macOSCIS WorkBenchCIS CommunitiesEpisode 156: How CIS Uses CIS Products and ServicesReasonable CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 min
  2. Episode 176: A Cybersecurity Journey of Incremental Wins

    FEB 25 · VIDEO

    Episode 176: A Cybersecurity Journey of Incremental Wins

    In episode 176 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member, and Maureen Kunac, Senior Product Manager at the Center for Internet Security® (CIS®). Together, they discuss Brock's story of using incremental wins to advance his organization on its cybersecurity journey. Here are some highlights from our episode: 02:10. Getting started making the largest measurable impact with CIS-CAT® Pro Assessor03:52. Implementation Group 1: A filter for prioritizing secure configuration management efforts09:16. The use of essential cyber hygiene to build an on-ramp to a security controls program11:18. Navigating breakage, dependency, and other principles of change management13:37. Lessons learned from beta testing and enterprise rollout of security changes22:24. Advice: How to start on a journey of system hardening with measurable impactResources Episode 163: K-12 Cybersecurity Made PracticalFormalizing K-12 Cybersecurity Policies in Less TimeCIS-CAT® Pro AssessorCIS-CAT Pro Results Focus on CIS Controls IG1CIS Critical Security Controls®Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1What SLTTs Should Know About the FREE CIS SecureSuite MembershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    36 min
  3. Episode 175: Practically Solving Cyber Problems at Scale

    FEB 18 · VIDEO

    Episode 175: Practically Solving Cyber Problems at Scale

    In episode 175 of Cybersecurity Where You Are, Tony Sager sits down with Phil Reitinger, Chair and Senior Advisor of Global Cyber Alliance. Together, they look back on Phil's career and his dedication to exploring how to practically solve cyber problems at scale. Here are some highlights from our episode: 00:57. How Phil got started in cybersecurity during the "infosec" era04:51. Old wine in new bottles: trust exploitation, authentication failures, and update challenges06:14. The lack of political will, not technology, in solving fundamental cyber problems07:33. How industry and government share similar challenges in cybersecurity10:09. The importance of metrics in incentivizing the right actions12:33. Scale: the biggest obstacle to collective cyber defense there ever was or will be22:50. The Global Cyber Alliance and a focus on practically solving cyber problems at scaleResources Episode 30: Solving Cybersecurity at Scale with NonprofitsEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 80: Advancing Common Good in Cybersecurity – Part 2Quad9If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  4. Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    FEB 11 · VIDEO

    Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 02:00. How cross-platform campaigns are becoming the norm03:09. Threat actors' use of generative artificial intelligence (GenAI) to expand their attacks and gain efficiencies05:08. The blurring line of what separates today's script kiddies from nation-state threat actors07:47. Fully autonomous malware: in the realm of possibility but not here yet13:19. How specialization in the criminal ecosystem requires us to rethink analysis itself16:07. Shrinking dwell time: a product of the democratization of complex tools' availability18:02. The effective use of social engineering to lower threat actors' operational costs19:20. Malware's increasing use of trusted infrastructure to thwart cyber defenses20:25. The use of behavioral analysis to apply bottleneck security mechanisms22:40. Evolving threat actors' tradecraft: pseudo-random subdomains, GenAI models, and SEO poisoning26:39. What trust looks like today: something that's dynamic and negotiated at a moment's notice31:25. Supply chain attackers' pivot to edge device vendors and security appliance makers33:43. The ongoing work of CIS to support state and local governments' cybersecurity effortsResources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1The Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeSurge of QakBot Activity Using Malspam, Malicious XLSB FilesActive Lumma Stealer Campaign Impacting U.S. SLTTsEpisode 173: Scammer Jousting as Human Risk ManagementClickFix: An Adaptive Social Engineering TechniqueImpact of Federal Funding Cuts to the Value of MS-ISAC CTIEpisode 157: How a Modern, Mission-Driven CIRT OperatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 min
  5. Episode 173: Scammer Jousting as Human Risk Management

    FEB 4 · VIDEO

    Episode 173: Scammer Jousting as Human Risk Management

    In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing. Here are some highlights from our episode: 01:05. How simulated phishing and scammer jousting manage human risk03:48. The shift in perception of security awareness training over the past 20 years06:19. The need for testing to build capability and resiliency amongst employees09:27. The many faces of phishing attacks and the impact of generative artificial intelligence15:00. How gamification is proven to help users learn more in their cybersecurity training16:57. How data empowers organizations to communicate the potential impact of a phish19:57. The use of behavior engineering to foster a stronger security culture23:56. The value of customer feedback in continuously enhancing phishing training29:52. Continuous and hyper-personalized training as the future of spammer joustingResources Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  6. Episode 172: Helping CISOs as a CIS Controls Ambassador

    JAN 28 · VIDEO

    Episode 172: Helping CISOs as a CIS Controls Ambassador

    In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs. Here are some highlights from our episode: 00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResources CIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  7. Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    JAN 21 · VIDEO

    Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption. Here are some highlights from our episode: 00:50. Introduction to Soledad02:48. How the convergence of informational technology (IT) and operational technology (OT) has created bigger attack surfaces04:10. The proliferation of threat actors targeting critical infrastructure sectors07:24. The challenge of legacy systems for U.S. SLTT owners of CNI08:13. Alert fatigue, limited visibility, and other challenges facing OT networks13:22. The value of automated cyber threat intelligence (CTI)24:46. Building strategic AI implementation around human in the loop (HITL)33:17. U.S. SLTTs' use of the cloud to test and build trust for securing CNIResources The Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    37 min
  8. Episode 170: Visibility for SLTTs in Blocking Typhoon APTs

    JAN 14 · VIDEO

    Episode 170: Visibility for SLTTs in Blocking Typhoon APTs

    In Episode 170 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Douglas Holland, Senior Solutions Engineer at Akamai Technologies. Together, they discuss how U.S. State, Local, Tribal, and Territorial (SLTT) government organizations can increase their visibility to obstruct the attack attempts of Typhoon advanced persistent threat (APT) groups. Here are some highlights from our episode: 00:49. Introduction to Douglas02:16. How Typhoon APTs are using trusted tools to target critical infrastructure08:30. Professionalism as a tell of sophisticated nation-state threat actors09:15. How U.S. SLTTs come up with creative solutions despite budgeting and staffing limits14:14. The "big credential playground" that is U.S. SLTTs' expanded attack surface16:46. Visibility into network activity as a way to continuously build defensive capability19:11. The use of context to connect technical visibility to defensive action23:20. Identity as the new perimeter, cloud and SaaS posture, and micro-segmentation29:18. One piece of advice: assume an attacker is already in the network or will beResources Malicious Domain Blocking and Reporting (MDBR)Living off the Land: The Power Behind PowerShellCybersecurity for Critical InfrastructureBuild a Zero Trust Roadmap for FinServ with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    35 min
See All (177)

Ratings & Reviews

5
out of 5
13 Ratings

About

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Information

You Might Also Like