Cybersecurity Where You Are (video)

Center for Internet Security
  • 5.0 (13)
  • TECHNOLOGY
  • UPDATED WEEKLY

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

  1. 2D AGO · VIDEO

    Episode 154: Integration of Incident Response into DevSecOps

    In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode: 01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResources Cloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  2. SEP 17 · VIDEO

    Episode 153: Advice for Newcomers to IT and Cybersecurity

    In episode 153 of Cybersecurity Where You Are, Sean Atkinson is joined by Jason Ashong, IT Support Specialist at the Center for Internet Security® (CIS®). Jason shares his journey from tinkering with tech as a kid to working in IT and pursuing cybersecurity research. The conversation covers education, mentorship, hands-on experience, and advice for newcomers entering the field. Here are some highlights from our episode: 01:10. Jason’s early days in IT of fixing devices and breaking things to learn02:14. First professional IT/helpdesk experience at Dutchess Community College03:48. The importance of mentors pushing you to grow06:02. Jason’s advice to students of understanding foundational computing knowledge08:45. The value of technical skills in networking, cryptography, and coding11:00. Hands-on experience through labs, competitions, and research projects16:08. Self-confidence, practice, and dedicated time as tips for navigating the job market19:29. The role of attitude in opening up new opportunities24:40. Jason flips the script and interviews SeanMistakes to avoid when entering the field: imposter syndrome and perfectionismCybersecurity as a path of continuous learningOpportunities for newcomers with experience in artificial intelligence and data scienceResources Episode 129: Embedding Cybersecurity in Project ManagementEpisode 95: AI Augmentation and Its Impact on Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndTryHackMeHack The BoxIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    37 min

  3. SEP 10 · VIDEO

    Episode 152: Driving Response Time While Enriching Telemetry

    In episode 152 of Cybersecurity Where You Are, Sean Atkinson is joined by Cliff Moten, Manager, Cybersecurity Solutions Engineering at the Center for Internet Security® (CIS®); and Richard Vargas, Security Operations Center Manager at CIS. Together, they discuss how the 24x7x365 CIS Security Operations Center (SOC) and CIS Managed Detection and Response™ (CIS MDR™) work together to accelerate response time while enriching telemetry. Here are some highlights from our episode: 01:40. Demystifying SOCs and MDR as cybersecurity concepts02:52. How the CIS SOC works to provide information, context, and next steps for an event05:04. Artificial intelligence and automation as ways to accelerate response time10:20. Real-world instances where a fast response time made a difference13:10. What it means to support underfunded organizations with the resources they need17:22. The role of contextual cyber threat intelligence in accelerating response times19:01. The value of security orchestration, automation, and response (SOAR) in helping defenders move quickly27:33. Lessons that organizations can use to cut down on their incident response timesResources The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksEpisode 144: Carrying on the MS-ISAC's Character and CultureEpisode 137: National Cybersecurity Through SLTT ResilienceCombatting RansomwareEstablishing Essential Cyber HygieneCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  4. SEP 3 · VIDEO

    Episode 151: 2025 Cybersecurity Predictions H2 Review — Pt 2

    In episode 151 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager conclude their mid-year review of 12 Center for Internet Security® (CIS®) experts' cybersecurity predictions for 2025. Here are some highlights from our episode: 01:12. The importance of consolidating security operations and using what already exists03:18. The promise of generative artificial intelligence (GenAI) in relieving grunt work08:26. The great responsibility and burden of integrating GenAI into business operations10:53. How control and inspection generate trust in systems17:57. Post-quantum cryptography, IoT in edge computing, and GenAI's sociopolitical risks30:21. The need for a more holistic understanding of compliance33:34. Why zero trust doesn't mean "no trust"36:56. The need for AI as an element of critical security control41:33. The dynamic challenge of protecting all assets with varying levels of securityResources 12 CIS Experts' Cybersecurity Predictions for 2025Episode 145: 2025 Cybersecurity Predictions H2 Review — Pt 1Episode 135: Five Lightning Chats at RSAC Conference 2025Establishing Essential Cyber HygieneEpisode 95: AI Augmentation and Its Impact on Cyber DefenseGuide to Asset Classes: CIS Critical Security Controls v8.1An Examination of How Cyber Threat Actors Can Leverage Generative AI PlatformsAn Introduction to Artificial IntelligenceEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 118: Preparing for Post-Quantum CryptographyEpisode 63: Building Capability and Integration with SBOMsEpisode 99: How Cyber-Informed Engineering Builds ResilienceMapping and Compliance with the CIS ControlsMapping and Compliance with the CIS BenchmarksCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    47 min

  5. AUG 27 · VIDEO

    Episode 150: A Roundtable Chat to Celebrate 150 Episodes

    In episode 150 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Chad Rogers, Sr. Manager, Digital Media Services, at the Center for Internet Security® (CIS®); Rudy Uhde, Video Editor at CIS; and David Bisson, Sr. Content Strategist at CIS. Together, they use a roundtable chat to celebrate 150 episodes of Cybersecurity Where You Are. Here are some highlights from our episode: 01:33. How the cybersecurity landscape and podcast have changed since Episode 10005:40. The "labor of love" that goes into editing and preparing an episode for publication12:13. Memorable guests and moments that changed the team's thinking about cybersecurity25:45. How the larger podcast team drives continuous improvement and innovation30:13. Parting thoughts for the audienceResources Episode 100: Celebrating 100 Episodes and Looking AheadEpisode 149: Human Error, AI Missteps, and Other VM RisksEpisode 9: Mitigating Risk: Information Security GovernanceEpisode 96: Making Continuous Compliance Actionable for SMBsEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 114: 3 Board Chairs Reflect on 25 Years of CommunityEpisode 136: How WiCyS Advances Women in CybersecurityEpisode 120: How Contextual Awareness Drives AI GovernanceEpisode 116: AI-Enhanced Ransomware and Defending Against ItEpisode 146: What Security Looks Like for a Security CompanyEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  6. AUG 20 · VIDEO

    Episode 149: Human Error, AI Missteps, and Other VM Risks

    In episode 149 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris McCullar, Director of Sales, Cloud Security, at the Center for Internet Security® (CIS®); and Mishal Makshood, Sr. Cloud Security Account Executive at CIS. Together, they discuss how to navigate human error, artificial intelligence (AI) missteps, and other landmarks in a new frontier of virtual machine (VM) risks. Here are some highlights from our episode: 00:50. Introductions with Chris and Mishal02:20. The ongoing need to address the risk of human error when configuring VMs04:55. The value of building trusted security into a VM image by design07:28. A reality check of what the shared responsibility model means to an organization13:06. How the integration of AI into DevOps accelerates both automation and mistakes15:21. The importance of a secure foundation in the cloud on which you can build with AI18:19. Automated enforcement and AI's role in complementing human judgment21:03. Two examples how CIS resources can drive governance and policy integration28:05. Cybersecurity as a community-driven team sport30:33. Lifecycle management as a way of addressing organizations' security needsResources Keep the Cloud Secure with CIS after Migrating to the CloudAutomated Compliance: The Byproduct of Holistic HardeningMeet the Shared Responsibility Model with New CIS ResourcesEpisode 135: Five Lightning Chats at RSAC Conference 20252025 Data Breach Investigations ReportIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    33 min

  7. AUG 13 · VIDEO

    Episode 148: How MDR Helps Shine a Light on Zero-Day Attacks

    In episode 148 of Cybersecurity Where You Are, Sean Atkinson is joined by Rob Reese, Cyber Incident Response Team Manager at the Center for Internet Security® (CIS®); Dustin Cox, Cyber Incident Response Team Analyst at CIS; and Cliff Moten, Manager, Cybersecurity Solutions Engineering at CIS. Together, they discuss how organizations can use Managed Detection and Response (MDR) tools to help defend against zero-day attacks. Here are some highlights from our episode: 01.06. Demystifying zero-day vulnerabilities with a definition02:36. Why zero-day attacks are some of the most serious threats facing organizations today04:19. Examples of zero-day exploits and how these threats affect Incident Response (IR)10:06. The importance of understanding your environment and patch management13:58. How MDR assists with behavioral analysis, assembling holistic inventories, and IR20:02. The role of asset inventories in determining scope and containing a zero-day incident24:08. Why it's important to have humans managing and monitoring an MDR solution27:11. MDR as a means of centralizing evidence of a zero-day attack30:05. Parting thoughts for those concerned with their endpoint security postureResources CIS Managed Detection and Response™ (CIS MDR)Multi-State Information Sharing and Analysis Center®CIS Critical Security Control 1: Inventory and Control of Enterprise AssetsCIS Critical Security Control 2: Inventory and Control of Software AssetsThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityReal-Time Indicator FeedsIncident Response Policy Template for CIS Control 17If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    32 min

  8. AUG 6 · VIDEO

    Episode 147: Actualizing Threat Intel for Effective Defense

    In episode 147 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security® (CIS®); and Kaitlin Drape, Hybrid Threat Intelligence Analyst at CIS. Together, they discuss how to actualize threat intel for the purpose of building effective defense programs and operational response plans. Here are some highlights from our episode: 01:27. Which two questions you want to answer when providing intelligence on a threat05:19. How to avoid underutilizing or misunderstanding the utility of threat intel13.18. A real-life story from John of when intelligence made a difference in a security incident17:05. The foundation and building blocks of maturing your threat intelligence program22:14. The value of working with non-intelligence groups to formulate effective response plans24:22. CIS's ongoing work to help organizations proactively ingest and use threat intel28:24. How cross-collaboration across an organization brings threat intel into a lifecycle31:01. Kaitlin's work as an exemplar of how to make threat intelligence operational36:20. The ongoing evolution of hybrid threat intel to inform meaningful operational responsesResources ThreatWA™How Threat Modeling, Actor Attribution Grow Cyber DefensesCountering Multidimensional Threats: Lessons Learned from the 2024 ElectionEpisode 119: Multidimensional Threat Defense at Large EventsSinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ saysIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

    43 min
See All (154)

Ratings & Reviews

5
out of 5
13 Ratings

About

Welcome to video version of “Cybersecurity Where You Are,” the podcast of the Center for Internet Security® (CIS®). Cybersecurity affects us all — whether we’re online at home, managing a company, supporting clients, or running a state or local government. Join us on Wednesdays as Sean Atkinson, CISO at CIS, and Tony Sager, SVP & Chief Evangelist at CIS, discuss trends and threats, explore security best practices, and interview experts in the industry. Together, we’ll clarify these issues, creating confidence in the connected world. Subscribe to the audio version of our podcast here: https://fast.wistia.net/embed/channel/wbyhaw35xf?wchannelid=wbyhaw35xf.

Information

You Might Also Like