Cybersecurity Where You Are (video)

Center for Internet Security
  • 5.0 (13)
  • TECHNOLOGY
  • UPDATED WEEKLY

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    3D AGO · VIDEO

    Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2

    In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 02:00. How cross-platform campaigns are becoming the norm03:09. Threat actors' use of generative artificial intelligence (GenAI) to expand their attacks and gain efficiencies05:08. The blurring line of what separates today's script kiddies from nation-state threat actors07:47. Fully autonomous malware: in the realm of possibility but not here yet13:19. How specialization in the criminal ecosystem requires us to rethink analysis itself16:07. Shrinking dwell time: a product of the democratization of complex tools' availability18:02. The effective use of social engineering to lower threat actors' operational costs19:20. Malware's increasing use of trusted infrastructure to thwart cyber defenses20:25. The use of behavioral analysis to apply bottleneck security mechanisms22:40. Evolving threat actors' tradecraft: pseudo-random subdomains, GenAI models, and SEO poisoning26:39. What trust looks like today: something that's dynamic and negotiated at a moment's notice31:25. Supply chain attackers' pivot to edge device vendors and security appliance makers33:43. The ongoing work of CIS to support state and local governments' cybersecurity effortsResources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1The Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeSurge of QakBot Activity Using Malspam, Malicious XLSB FilesActive Lumma Stealer Campaign Impacting U.S. SLTTsEpisode 173: Scammer Jousting as Human Risk ManagementClickFix: An Adaptive Social Engineering TechniqueImpact of Federal Funding Cuts to the Value of MS-ISAC CTIEpisode 157: How a Modern, Mission-Driven CIRT OperatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    39 min
  2. Episode 173: Scammer Jousting as Human Risk Management

    FEB 4 · VIDEO

    Episode 173: Scammer Jousting as Human Risk Management

    In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing. Here are some highlights from our episode: 01:05. How simulated phishing and scammer jousting manage human risk03:48. The shift in perception of security awareness training over the past 20 years06:19. The need for testing to build capability and resiliency amongst employees09:27. The many faces of phishing attacks and the impact of generative artificial intelligence15:00. How gamification is proven to help users learn more in their cybersecurity training16:57. How data empowers organizations to communicate the potential impact of a phish19:57. The use of behavior engineering to foster a stronger security culture23:56. The value of customer feedback in continuously enhancing phishing training29:52. Continuous and hyper-personalized training as the future of spammer joustingResources Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  3. Episode 172: Helping CISOs as a CIS Controls Ambassador

    JAN 28 · VIDEO

    Episode 172: Helping CISOs as a CIS Controls Ambassador

    In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs. Here are some highlights from our episode: 00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResources CIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    34 min
  4. Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    JAN 21 · VIDEO

    Episode 171: Securing CNI in U.S. SLTTs through AI Adoption

    In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption. Here are some highlights from our episode: 00:50. Introduction to Soledad02:48. How the convergence of informational technology (IT) and operational technology (OT) has created bigger attack surfaces04:10. The proliferation of threat actors targeting critical infrastructure sectors07:24. The challenge of legacy systems for U.S. SLTT owners of CNI08:13. Alert fatigue, limited visibility, and other challenges facing OT networks13:22. The value of automated cyber threat intelligence (CTI)24:46. Building strategic AI implementation around human in the loop (HITL)33:17. U.S. SLTTs' use of the cloud to test and build trust for securing CNIResources The Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    37 min
  5. Episode 170: Visibility for SLTTs in Blocking Typhoon APTs

    JAN 14 · VIDEO

    Episode 170: Visibility for SLTTs in Blocking Typhoon APTs

    In Episode 170 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Douglas Holland, Senior Solutions Engineer at Akamai Technologies. Together, they discuss how U.S. State, Local, Tribal, and Territorial (SLTT) government organizations can increase their visibility to obstruct the attack attempts of Typhoon advanced persistent threat (APT) groups. Here are some highlights from our episode: 00:49. Introduction to Douglas02:16. How Typhoon APTs are using trusted tools to target critical infrastructure08:30. Professionalism as a tell of sophisticated nation-state threat actors09:15. How U.S. SLTTs come up with creative solutions despite budgeting and staffing limits14:14. The "big credential playground" that is U.S. SLTTs' expanded attack surface16:46. Visibility into network activity as a way to continuously build defensive capability19:11. The use of context to connect technical visibility to defensive action23:20. Identity as the new perimeter, cloud and SaaS posture, and micro-segmentation29:18. One piece of advice: assume an attacker is already in the network or will beResources Malicious Domain Blocking and Reporting (MDBR)Living off the Land: The Power Behind PowerShellCybersecurity for Critical InfrastructureBuild a Zero Trust Roadmap for FinServ with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    35 min
  6. Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1

    JAN 7 · VIDEO

    Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1

    In Episode 169 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager begin their discussion of 2026 cybersecurity predictions from seven experts at the Center for Internet Security® (CIS®), as shared on the CIS website. Here are some highlights from our episode: 01:05. The impact and promise of artificial intelligence on cyber defense05:37. Collective action as an answer to the constraints facing the "cyber-underserved"12:52. Zero trust and security best practices as functions of managing cycles of time21:22. How tailored threat intelligence can help to frame cybersecurity around mission31:18. The convergence of cybersecurity and privacy as a necessity for governanceResources An Introduction to Artificial IntelligenceCybersecurity for Critical InfrastructureEpisode 144: Carrying on the MS-ISAC's Character and CultureEpisode 142: SLTTs and Their Nuanced Cybersecurity NeedsCollective SLTT Cyber DefenseGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1Episode 90: Migrating to the Cloud with Control ContinuityBuild a Zero Trust Roadmap for FinServ with CIS SecureSuiteSecure by Design: A Guide to Assessing Software Security PracticesEpisode 110: How Security Culture and Corporate Culture MeshEpisode 147: Actualizing Threat Intel for Effective DefenseLaw EnforcementReasonable Cybersecurity GuideNIST SP 800-207: Zero Trust ArchitectureEpisode 74: The Nexus of Cybersecurity & Privacy LegislationMapping and Compliance with the CIS ControlsMapping and Compliance with the CIS BenchmarksIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    40 min
  7. Episode 168: Institutionalizing Good Cybersecurity Ideas

    12/31/2025 · VIDEO

    Episode 168: Institutionalizing Good Cybersecurity Ideas

    In Episode 168 of Cybersecurity Where You Are, Tony Sager sits down with Tony Rutkowski, one of the CIS Critical Security Controls® (CIS Controls®) Ambassadors of the Center for Internet Security® (CIS®). Together, they discuss what Tony Rutkowski has learned in his efforts to institutionalize good cybersecurity ideas like the CIS Controls. Here are some highlights from our episode: 01:48. Introductions to Tony Rutkowski and his career in technology06:06. The evolution of the CIS Controls and how Tony Rutkowski came to advocate for them12:50. The "Fog of More" as a metaphor to focus attention, not create new solutions17:50. How institutionalizing good cybersecurity ideas is like conducting an orchestra21:44. The use of timing and the right security content to help people clarify their intentions24:25. The value of industry mappings in reducing duplicate implementation efforts26:41. Secure by design: a 2025 example of creating a new formal global technical standardResources Episode 160: Championing SME Security with the CIS ControlsEpisode 167: Volunteers as a Critical Cybersecurity ResourceReasonable Cybersecurity GuideCybersecurity at Scale: Piercing the Fog of MoreMapping and Compliance with the CIS ControlsSecure by Design: A Guide to Assessing Software Security PracticesEpisode 164: Secure by Design in Software DevelopmentCIS Critical Security Controls Implementation GroupsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    38 min
  8. Episode 167: Volunteers as a Critical Cybersecurity Resource

    12/24/2025 · VIDEO

    Episode 167: Volunteers as a Critical Cybersecurity Resource

    In Episode 167 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kelley Misata, Ph.D., Chief Trailblazer and Founder at Sightline Security. Together, they discuss how volunteers constitute a critical cybersecurity resource for the Center for Internet Security® (CIS®). Along the way, they explore the nature of volunteerism, the role of volunteers at CIS, and how CIS is looking to mature its engagement with volunteers going forward. Here are some highlights from our episode: 01:37. Introductions to Kelley and her experience with cybersecurity volunteers03:09. Kelley's use of research, expertise, and an open mind to check in with CIS volunteers04:50. How volunteers have deepened their passion and dedication with CIS for 25 years06:55. Volunteers as a critical cybersecurity resource for "One CIS" going forward10:51. Commitment, conflict resolution, and openness to formal process in CIS Communities14:39. The use of directionality and accolades to encourage different types of contributors19:43. The importance of flexibility in management to meet volunteers where they are20:30. Leadership, storytelling, and recruitment as opportunities for volunteerism at CIS24:37. The risk of volunteer burnout and how to protect against it26:00. Collaboration with employers to treat volunteerism as a growth experience30:09. A balancing act of making volunteers useful without depleting the mission34:51. Sean's take: volunteer management as the original Large Language Model (LLM)38:32. Other observations and final thoughtsResources 25 Years of Creating Confidence in the Connected WorldCIS CommunitiesEpisode 160: Championing SME Security with the CIS ControlsStoryCorpsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    42 min
See All (174)

Ratings & Reviews

5
out of 5
13 Ratings

About

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Information

You Might Also Like