Cybersecurity Where You Are (video)

Center for Internet Security

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. 1 DAY AGO · VIDEO

    Episode 155: The Story of CIS 2.0 and Adapting to a New Era

    In episode 155 of Cybersecurity Where You Are, Tony Sager is joined by John Gilligan, President and Chief Executive Officer (CEO) of the Center for Internet Security® (CIS®). Together, they reflect on 25 years of progress for CIS and look ahead to the future. They explore the driving forces behind "CIS 2.0," including the shift toward addressing multidimensional threats, expanding CIS’s audience, and leveraging tools driven by generative artificial intelligence (GenAI). Their discussion highlights how CIS is adapting to a new era while staying true to its mission-driven roots and foundational principles. Here are some highlights from our episode: 01:11. The need for a mission-driven nonprofit to support the role of government04:28. Understanding the primary catalyst behind CIS 2.005:53. Multidimensional threats, expanded audiences, and revamped tools as adaptive opportunities12:57. The challenge of linking technology risk to operational risk13:45. How attackers tend to be more systems-level thinkers than defenders15:50. Culture as a support system for navigating the evolving skills and processes of CIS 2.022:24. Collaboration, partnerships, mission focus, and culture as foundational CIS elements31:11. How our engagement with state and local governments, thought leadership, and products and services will change going forward40:47. Parting thoughts and an important reminderResources 25 Years of Creating Confidence in the Connected WorldEpisode 119: Multidimensional Threat Defense at Large EventsStrengthening Critical Infrastructure: SLTT Progress & PrioritiesEnhanced Cyber Resilience as a Secure Cyber CityThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 115: Continuous Feedback as CIS Employee CultureEpisode 125: How Leadership Principles Influence CIS CultureCIS CultureCIS CommunitiesEpisode 97: How Far We've Come preceding CIS's 25th BirthdayWhy Whole-of-State Cybersecurity Is the Way ForwardAn Introduction to Artificial IntelligenceReasonable CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    43 min

  2. 24 SEPT · VIDEO

    Episode 154: Integration of Incident Response into DevSecOps

    In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode: 01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResources Cloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  3. 17 SEPT · VIDEO

    Episode 153: Advice for Newcomers to IT and Cybersecurity

    In episode 153 of Cybersecurity Where You Are, Sean Atkinson is joined by Jason Ashong, IT Support Specialist at the Center for Internet Security® (CIS®). Jason shares his journey from tinkering with tech as a kid to working in IT and pursuing cybersecurity research. The conversation covers education, mentorship, hands-on experience, and advice for newcomers entering the field. Here are some highlights from our episode: 01:10. Jason’s early days in IT of fixing devices and breaking things to learn02:14. First professional IT/helpdesk experience at Dutchess Community College03:48. The importance of mentors pushing you to grow06:02. Jason’s advice to students of understanding foundational computing knowledge08:45. The value of technical skills in networking, cryptography, and coding11:00. Hands-on experience through labs, competitions, and research projects16:08. Self-confidence, practice, and dedicated time as tips for navigating the job market19:29. The role of attitude in opening up new opportunities24:40. Jason flips the script and interviews SeanMistakes to avoid when entering the field: imposter syndrome and perfectionismCybersecurity as a path of continuous learningOpportunities for newcomers with experience in artificial intelligence and data scienceResources Episode 129: Embedding Cybersecurity in Project ManagementEpisode 95: AI Augmentation and Its Impact on Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndTryHackMeHack The BoxIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    37 min

  4. 10 SEPT · VIDEO

    Episode 152: Driving Response Time While Enriching Telemetry

    In episode 152 of Cybersecurity Where You Are, Sean Atkinson is joined by Cliff Moten, Manager, Cybersecurity Solutions Engineering at the Center for Internet Security® (CIS®); and Richard Vargas, Security Operations Center Manager at CIS. Together, they discuss how the 24x7x365 CIS Security Operations Center (SOC) and CIS Managed Detection and Response™ (CIS MDR™) work together to accelerate response time while enriching telemetry. Here are some highlights from our episode: 01:40. Demystifying SOCs and MDR as cybersecurity concepts02:52. How the CIS SOC works to provide information, context, and next steps for an event05:04. Artificial intelligence and automation as ways to accelerate response time10:20. Real-world instances where a fast response time made a difference13:10. What it means to support underfunded organizations with the resources they need17:22. The role of contextual cyber threat intelligence in accelerating response times19:01. The value of security orchestration, automation, and response (SOAR) in helping defenders move quickly27:33. Lessons that organizations can use to cut down on their incident response timesResources The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksEpisode 144: Carrying on the MS-ISAC's Character and CultureEpisode 137: National Cybersecurity Through SLTT ResilienceCombatting RansomwareEstablishing Essential Cyber HygieneCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  5. 3 SEPT · VIDEO

    Episode 151: 2025 Cybersecurity Predictions H2 Review — Pt 2

    In episode 151 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager conclude their mid-year review of 12 Center for Internet Security® (CIS®) experts' cybersecurity predictions for 2025. Here are some highlights from our episode: 01:12. The importance of consolidating security operations and using what already exists03:18. The promise of generative artificial intelligence (GenAI) in relieving grunt work08:26. The great responsibility and burden of integrating GenAI into business operations10:53. How control and inspection generate trust in systems17:57. Post-quantum cryptography, IoT in edge computing, and GenAI's sociopolitical risks30:21. The need for a more holistic understanding of compliance33:34. Why zero trust doesn't mean "no trust"36:56. The need for AI as an element of critical security control41:33. The dynamic challenge of protecting all assets with varying levels of securityResources 12 CIS Experts' Cybersecurity Predictions for 2025Episode 145: 2025 Cybersecurity Predictions H2 Review — Pt 1Episode 135: Five Lightning Chats at RSAC Conference 2025Establishing Essential Cyber HygieneEpisode 95: AI Augmentation and Its Impact on Cyber DefenseGuide to Asset Classes: CIS Critical Security Controls v8.1An Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsAn Introduction to Artificial IntelligenceEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 118: Preparing for Post-Quantum CryptographyEpisode 63: Building Capability and Integration with SBOMsEpisode 99: How Cyber-Informed Engineering Builds ResilienceMapping and Compliance with the CIS ControlsMapping and Compliance with the CIS BenchmarksCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    47 min

  6. 27 AUG · VIDEO

    Episode 150: A Roundtable Chat to Celebrate 150 Episodes

    In episode 150 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Chad Rogers, Sr. Manager, Digital Media Services, at the Center for Internet Security® (CIS®); Rudy Uhde, Video Editor at CIS; and David Bisson, Sr. Content Strategist at CIS. Together, they use a roundtable chat to celebrate 150 episodes of Cybersecurity Where You Are. Here are some highlights from our episode: 01:33. How the cybersecurity landscape and podcast have changed since Episode 10005:40. The "labor of love" that goes into editing and preparing an episode for publication12:13. Memorable guests and moments that changed the team's thinking about cybersecurity25:45. How the larger podcast team drives continuous improvement and innovation30:13. Parting thoughts for the audienceResources Episode 100: Celebrating 100 Episodes and Looking AheadEpisode 149: Human Error, AI Missteps, and Other VM RisksEpisode 9: Mitigating Risk: Information Security GovernanceEpisode 96: Making Continuous Compliance Actionable for SMBsEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 136: How WiCyS Advances Women in CybersecurityEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 146: What Security Looks Like for a Security CompanyEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  7. 20 AUG · VIDEO

    Episode 149: Human Error, AI Missteps, and Other VM Risks

    In episode 149 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris McCullar, Director of Sales, Cloud Security, at the Center for Internet Security® (CIS®); and Mishal Makshood, Sr. Cloud Security Account Executive at CIS. Together, they discuss how to navigate human error, artificial intelligence (AI) missteps, and other landmarks in a new frontier of virtual machine (VM) risks. Here are some highlights from our episode: 00:50. Introductions with Chris and Mishal02:20. The ongoing need to address the risk of human error when configuring VMs04:55. The value of building trusted security into a VM image by design07:28. A reality check of what the shared responsibility model means to an organization13:06. How the integration of AI into DevOps accelerates both automation and mistakes15:21. The importance of a secure foundation in the cloud on which you can build with AI18:19. Automated enforcement and AI's role in complementing human judgment21:03. Two examples how CIS resources can drive governance and policy integration28:05. Cybersecurity as a community-driven team sport30:33. Lifecycle management as a way of addressing organizations' security needsResources Keep the Cloud Secure with CIS after Migrating to the CloudAutomated Compliance: The Byproduct of Holistic HardeningMeet the Shared Responsibility Model with New CIS ResourcesEpisode 135: Five Lightning Chats at RSAC Conference 20252025 Data Breach Investigations ReportIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  8. 13 AUG · VIDEO

    Episode 148: How MDR Helps Shine a Light on Zero-Day Attacks

    In episode 148 of Cybersecurity Where You Are, Sean Atkinson is joined by Rob Reese, Cyber Incident Response Team Manager at the Center for Internet Security® (CIS®); Dustin Cox, Cyber Incident Response Team Analyst at CIS; and Cliff Moten, Manager, Cybersecurity Solutions Engineering at CIS. Together, they discuss how organizations can use Managed Detection and Response (MDR) tools to help defend against zero-day attacks. Here are some highlights from our episode: 01.06. Demystifying zero-day vulnerabilities with a definition02:36. Why zero-day attacks are some of the most serious threats facing organizations today04:19. Examples of zero-day exploits and how these threats affect Incident Response (IR)10:06. The importance of understanding your environment and patch management13:58. How MDR assists with behavioral analysis, assembling holistic inventories, and IR20:02. The role of asset inventories in determining scope and containing a zero-day incident24:08. Why it's important to have humans managing and monitoring an MDR solution27:11. MDR as a means of centralizing evidence of a zero-day attack30:05. Parting thoughts for those concerned with their endpoint security postureResources CIS Managed Detection and Response™ (CIS MDR)Multi-State Information Sharing and Analysis Center®CIS Critical Security Control 1: Inventory and Control of Enterprise AssetsCIS Critical Security Control 2: Inventory and Control of Software AssetsThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityReal-Time Indicator FeedsIncident Response Policy Template for CIS Control 17If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    32 min
See All (155)

About

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Information

You Might Also Like