Cybersecurity Where You Are (video)

Center for Internet Security

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. Episode 188: DBIR 2026 Insights and Collaboration with CIS

    -1 ДН. ·  ВИДЕО

    Episode 188: DBIR 2026 Insights and Collaboration with CIS

    In episode 188 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Philippe "Phil" Langlois, Data Breach Investigations Report (DBIR) Author at Verizon; and Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®). Together, they discuss some of the top insights of the 2026 DBIR and how CIS contributed to the publication. Here are some highlights from our episode: 00:50. Introductions to Phil and Charity02:46. Vulnerability exploitation as the most common attack vector05:25. The role of artificial intelligence (AI) in threat actors' natural system thinking07:03. The need for clear governance and responsibility around vulnerability management08:58. Insight into the types of techniques threat actors research using frontier AI models13:43. A trending drop in ransomware payouts and organizations willing to pay attackers14:59. Why a healthy dose of distrust goes a long way in assessing attackers' claims of victims16:24. How two ransomware groups stand out above the norm17:49. The ongoing risk surrounding vendor, supplier, and other third party exposure22:34. The need for governance in managing data issues involving the use of AI27:14. Three ways in which CIS contributed to the 2026 DBIR34:02. How the 2026 DBIR informs the CIS Controls and parting actionable stepsResources 2026 Data Breach Investigations ReportCIS Critical Security Controls®Episode 87: Marking 11 Years as a Verizon DBIR ContributorMythos AI: What Actually Matters for Cybersecurity LeadersApplying the CIS Controls to Real‑World AI EnvironmentsCIS Community Defense Model 2.0The Conti Leaks: A Case of Cybercrime’s CommercializationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 мин.
  2. Episode 187: The Role of a CISO as a Strategic Storyteller

    13 МАЯ ·  ВИДЕО

    Episode 187: The Role of a CISO as a Strategic Storyteller

    In episode 187 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager discuss how the role of a CISO functions as a strategic storyteller of cyber risk while keeping the bigger picture in mind. Here are some highlights from our episode: 00:51. Framing the conversation around CISOs' efforts to communicate with the business02:01. Translation: A nuanced practice of simplifying the story while still telling the truth02:41. The need for a CISO to bridge their organization's respective "culture gap(s)"04:13. Collaborative and dictatorial: Two different ways CISOs talk to a business06:07. The work of translation in motivating and informing action around perceived risk07:03. Security sampling: A story from Tony that reminds CISOs of the bigger picture09:55. Fewer wizards and more mechanics: What the cybersecurity industry needs today12:20. Two factors to consider: Politicking and the need to provide an accessible narrative15:49. Rapport and tradecraft as two critical tools supporting the role of a CISO18:09. Technical competence as a prerequisite for confidence in risk conversations19:20. The false sense of security from relying on comparative data with competitors22:14. The CISO as a strategic storyteller who helps the business make decisions27:03. The need for machinery to constantly rediscover and recreate trust30:15. A call to action for Boards: Build vernacular in cybersecurity risk space35:03. CISO as a strategic storyteller vs. CISO as an enforcerResources CIS Critical Security Controls®CIS Community Defense Model 2.0Episode 183: The Role of CISO in Supporting Risk TranslationEpisode 166: Foundations of Actuarial Science in Cyber RiskEpisode 121: The Economics of Cybersecurity Decision-MakingNICE Workforce Framework for Cybersecurity (NICE Framework)If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    40 мин.
  3. Episode 186: Strong Cyber Defense Starts with IT Operations

    6 МАЯ ·  ВИДЕО

    Episode 186: Strong Cyber Defense Starts with IT Operations

    In episode 186 of Cybersecurity Where You Are, Tony Sager sits down with Tony Krzyzewski, a CIS Critical Security Controls® (CIS Controls®) Ambassador for the Center for Internet Security® (CIS®). Together, they discuss how strong cyber defense starts with the fundamentals of IT operations. Here are some highlights from our episode: 00:45. Introductions to Tony Krzyzewski and his background02:19. Tony Krzyzewski's first interaction with the CIS Controls03:47. IT operations: The foundation that makes strong cyber defense possible06:20. How an increasingly connected world makes the CIS Controls essential to cybersecurity09:56. The need for operations people to realize they're part of the cybersecurity solution13:11. The use of Implementation Groups to reduce overload on IT and security teams16:52. How the CIS Controls differ from "umbrella frameworks" like NIST CSF and ISO 2700118:25. CIS Controls mappings and how they help to simplify a surplus of good guidance20:35. How the CIS Controls support improvement programs and Board-level conversations25:38. Tony Krzyzewski's work in creating the CIS Controls Ambassador program27:02. Why a deep view of what's happening at CIS supports Tony Krzyzewski's efforts30:11. Growing international promotion of the CIS Controls and "doing the basics well"Resources CIS Critical Security Controls®CIS Controls Ambassador Spotlight: Tony KrzyzewskiEpisode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasEpisode 172: Helping CISOs as a CIS Controls AmbassadorEpisode 181: Supply and Demand of Cybersecurity EcosystemsGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1Reasonable CybersecurityMappings to Security FrameworksTranslationsPolicy TemplatesSecuring the AI Ecosystem Begins at the Model LayerIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 мин.
  4. Episode 185: AI Prompt Injection from a Risk Perspective

    29 АПР. ·  ВИДЕО

    Episode 185: AI Prompt Injection from a Risk Perspective

    In episode 185 of Cybersecurity Where You Are, Sean Atkinson sits down with Brian Calkin, Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®); Theodore "TJ" Sayers, Senior Director of Threat Intelligence at CIS; and Kyle Leonard, Cyber Threat Intelligence Analyst at CIS. Together, they use a risk perspective to discuss artificial intelligence (AI) prompt injection and how to defend against it. Here are some highlights from our episode: 00:49. A definition of AI prompt injection for businesses and executives02:16. Brian on his role of guiding AI implementation at CIS03:12. Understanding the urgency surrounding AI prompt injection as a security risk05:32. Signals and trends indicative of threat actors attempting to weaponize prompt injection07:10. How AI prompt injection differs from traditional input validation vulnerabilities11:13. Early indicators that cyber threat intelligence (CTI) teams can monitor15:00. The need to treat AI as a new identity in any enterprise implementation strategy17:10. Understanding the difference: AI safety vs. AI security20:36. Foundational, practical AI security that extends across all sectors24:55. How CIS manages risk and supports the opportunity around the use of AI28:25. The long-term promise of AI-driven vulnerability discovery grounded in fundamentals34:48. Recommendations for piercing through the marketing hype surrounding AIResources Prompt Injections: The Inherent Threat to Generative AINew CIS Report Warns Prompt Injection Attacks Pose Growing Risk to Generative AIEpisode 182: Striking a Balance on an AI Adoption JourneyEpisode 120: How Contextual Awareness Drives AI GovernanceMythos AI: What Actually Matters for Cybersecurity LeadersApplying the CIS Controls to Real‑World AI EnvironmentsAn Examination of Generative AI and Physical Threat PlanningAI Playbooks for SLTT Cybersecurity LeadersIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 мин.
  5. Episode 184: Cybersecurity Policy Development as a Journey

    22 АПР. ·  ВИДЕО

    Episode 184: Cybersecurity Policy Development as a Journey

    In episode 184 of Cybersecurity Where You Are, Sean Atkinson sits down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member. Together, they discuss how Brock approaches cybersecurity policy development as a journey at his school. Here are some highlights from our episode: 01:21. Brock's first attempt at drafting an IT security policy manual04:17. Fact or fiction? How the best "written" security program doesn't always translate06:35. A starting policy landscape of creating baselines for cybersecurity, ticketing, and more08:40. How Brock learned about a roadmap for his school at ISAC Annual Meeting 202311:07. Lean and to the point: The second draft of Brock's IT security policy manual12:37. The use of Center for Internet Security® (CIS®) policy templates to write procedures19:34. How Brock used regular updates about his policy manual to secure stakeholder buy-in28:42. Openness, willingness to fail, and adaptability as strengths of the community31:49. Approaching cybersecurity policy development as an ever-changing journeyResources CIS Critical Security Controls®Policy TemplatesFormalizing K-12 Cybersecurity Policies in Less TimeEpisode 163: K-12 Cybersecurity Made PracticalEpisode 176: A Cybersecurity Journey of Incremental WinsGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1CIS SecureSuite® MembershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 мин.
  6. Episode 183: The Role of CISO in Supporting Risk Translation

    15 АПР. ·  ВИДЕО

    Episode 183: The Role of CISO in Supporting Risk Translation

    In episode 183 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager discuss how the role of CISO supports risk translation across all levels of an organization. Here are some highlights from our episode: 01:52. Describing the role of CISO in a single sentence03:43. The importance of storytelling in risk translation for an organization07:56. The need for CISOs to meet members of an organization where they are10:47. Why the function of translating risk matters more than sharing it14:41. The misnomer of "soft skills" and why they're a crucial part of professional life15:50. Tony's experience with cultivating "soft skills" and working with trusted truth tellers21:01. The importance of contextualization when framing risk to a Board of Directors24:20. How teaching and communicating differ25:05. Humility and empathy: Crucial skills in understanding another person's world26:34. How communication and public speaking can help to advance a mission29:08. The use of teaching to build mastery and writing to understand what we teach32:35. Public speaking tip: Don't let the first time you hear your words aloud be onstage36:10. Tony's "superpower" of geeky sincerityResources Episode 88: The Evolution of the Role of a CISOEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 166: Foundations of Actuarial Science in Cyber RiskCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    40 мин.
  7. Episode 182: Striking a Balance on an AI Adoption Journey

    8 АПР. ·  ВИДЕО

    Episode 182: Striking a Balance on an AI Adoption Journey

    In episode 182 of Cybersecurity Where You Are, Sean Atkinson sits down with Brian Calkin, Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®). Together, they discuss how organizations can strike a balance on their journeys of artificial intelligence (AI) adoption. Here are some highlights from our episode: 00:39. Introductions to Brian01:06. The risk of overbuilding governance when introducing an AI strategy02:36. Unknowns, data concerns, and other commonalities between AI and cloud adoption04:27. The utility of AI frameworks: General purpose recommendations as a starting point06:58. The importance of leading employees in getting the tools they need to be successful10:42. Listening as a key method for strategic leaders to remove roadblocks to AI adoption13:47. Final say as a means to make a strategic business decision and adapt as necessary17:35. AI as artificial intelligence and the role of humans as sources of actual intelligence19:56. Being a good Googler: An analogy for asking the right questions with AI prompting23:46. The increasing volume and velocity of cyber attacks leveraging AI24:00. The need to enhance defenders' skillsets using AI27:08. An invitation to play with AI capability and see what it can do for youResources Episode 120: How Contextual Awareness Drives AI GovernanceAI Playbooks for SLTT Cybersecurity LeadersEpisode 95: AI Augmentation and Its Impact on Cyber DefenseOWASP Top 10 for Large Language Model ApplicationsAn Examination of Generative AI and Physical Threat PlanningPrompt Injections: The Inherent Threat to Generative AIDisrupting the first reported AI-orchestrated cyber espionage campaignIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 мин.
  8. Episode 181: Supply and Demand of Cybersecurity Ecosystems

    1 АПР. ·  ВИДЕО

    Episode 181: Supply and Demand of Cybersecurity Ecosystems

    In episode 181 of Cybersecurity Where You Are, Tony Sager sits down with Vilius Benetis, Director of NRD Cyber Security. Together, they discuss how Vilius applies his expertise as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help to cultivate supply and demand for growing cybersecurity ecosystems around the world. Here are some highlights from our episode: 01:11. Introductions to Vilius and recollections of how he met Tony for the first time02:06. The CIS Controls as a reasonable, logical approach that avoids generic language04:11. How the CIS Controls shaped Vilius' cybersecurity conversations with the World Bank05:26. A clear connection between knowing what you have and recovering from an incident07:55. A strategic look at how to build cybersecurity programs that will grow and evolve12:18. How the CIS Controls help to clarify reasonable cybersecurity and avoid victim blaming18:07. An encouraging sign: Governments enabling businesses, not competing with them21:13. Transportation: A lens for understanding how security culture and expectations change28:11. A brief look at how to make progress on operationalizing security31:54. The supply and demand forces that help to create cybersecurity ecosystems38:13. An opportunity for helping organizations to simplify governance42:02. Parting thoughts and thanksResources CIS Critical Security Controls®CIS Controls Ambassador Spotlight: Vilius BenetisEpisode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasEpisode 172: Helping CISOs as a CIS Controls AmbassadorReasonable CybersecurityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1The Cost of Cyber Defense: CIS Controls IG1CIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    46 мин.
См. все (188)

Об этом подкасте

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Информация

  • Автор
    Center for Internet Security
  • Годы выхода
    2021 - 2026
  • Выпуски
    188
  • Ограничения
    Без ненормативной лексики
  • Авторские права
    © 2025
  • Сайт подкаста
    Cybersecurity Where You Are (video)

Вам может также понравиться