Hashtag Realtalk with Aaron Bregg
103 episodes - English - Latest episode: about 2 months ago -Welcome to my little corner of the Internet!
In this channel I give 'real talk' about information security and technologies that impact both your business and personal lives. I try and focus on issues and items that can help you become more 'security curious'. The ultimate goal of help protect your personal and professional well being.
Employer Disclaimer - The opinions and views expressed in the podcast are not necessarily the views of my current employer, Corewell Health.
Legal Disclaimer - All of the security advice that I give is 'as is' and does not constitute real paid professional advice. As with everything security related, please seek second opinions from paid professionals. Photo by
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Episode 101 - Talking AI Threat Intelligence Insights from the IBM X-Force Report
March 01, 2024 13:00 - 47 minutes - 32.4 MBIn this episode I had a chance to have a candid conversation with Charles Henderson. Charles is a global managing partner at IBM and also happens to be the head of the X-Force team. IBM recently released the X-Force Threat Intelligence Index report for 2024. While the report is delves into many different areas of Threat Intelligence, we concentrated on several key areas focused primarily on artificial intelligence: Pronounced increase in Identity attacks Understanding how more 'business-l...
Episode 100 - Understanding Your Personal Risk Tolerance
February 14, 2024 12:00 - 46 minutes - 32.1 MBIn this episode I had a chance to sit down in person with the always insightful and never dull cybersecurity leader, Jim Kuiphof. Jim is the Deputy Chief Information Security Officer at Corewell Health. The topic for this casual conversation is Understanding Your Personal Risk Tolerance. More specifically, it speaks to understanding the different between your own risk tolerance and the business's risk tolerance. Jim has talked on this recently at events like Cloud Con and the Digital Servic...
Episode 99 - Simplifying and Securing Multi-Cloud Networking
January 24, 2024 12:00 - 43 minutes - 29.9 MBIn this episode I had a chance to speak with Bryan 'Woody' Woodworth around simplifying and securing multi-cloud networking. Bryan is the Director of Solution Strategy for Aviatrix. As we are a few weeks into 2024 and the importance of understanding and utilizing multi-cloud strategies is becoming more and more apparent. Talking Points: What are the current trends in the industry pertaining to multi-cloud? Skills Gaps - More pronounced in Multi-Clouds, FinTech and Banking industries will...
Episode 98 - 'Real' Use Cases for Artitificial Intelligence Security in 2024
December 21, 2023 12:00 - 50 minutes - 34.5 MBIn this special episode we celebrate the 4th annual holiday fundraiser podcast. It is already a blessing to raise money for great causes all while raising security awareness for small and medium sized businesses. The topic for this episode is one that is super relevant for this day and age of Digital Transformation. However, in keeping with the format of #RealTalk, we are going to explore some 'real world' use cases for using Artificial Intelligence in Security in 2024. The have two special...
Episode 97 - The 'Ins' and 'Outs' of Trying to Break into the Cybersecurity Field
November 29, 2023 12:00 - 49 minutes - 34.3 MBHave you ever wondered what it takes to get into the information security field? Have you thought how hard could it be? What about all of the big money I hear people make in this space? Well in this episode I talk with Mattalynn Darden and Esther Muchai about how hard it really is to break in. If you are wondering how these two talented young women know, here is a little background on what they are currently doing and why it is relevant to the this episode's topic. Mattalynn is an Informat...
Episode 96 - The 'Unnatural' Side of Security Sales - Buyers Beware!
November 15, 2023 12:00 - 40 minutes - 27.8 MB*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers. In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location. Matt is a Senior Security Architect for Guidepoint Security. The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone. Talking Points Include: Ineffective Bad Behavior - You are doing you and yo...
Episode 95 - A Closer Look at the CIS Security Controls
October 31, 2023 11:00 - 42 minutes - 29.3 MBIn this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter. Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter. Talking Points: How can the CIS 18 help an SMB build your security program? How can the CIS 18 help mature a security program? Which controls should a company start with? And ma...
Episode 94 - Where Do You Start Your Security Journey as an SMB?
October 11, 2023 11:00 - 42 minutes - 29.3 MBIn this episode I had a chance to speak with Chris Jordan and Al Wissigner about where a small and medium sized business (SMB) should start their security journey. This is especially important in this day and age of the ever expanding cloud infrastructure and Software as a Service (SaaS) models. Both of these fine gentlemen work for Fluency and have a TON of experience working SMBs. Talking Points: The idea of bridging the gap between what they want to do and what they can afford to do? ...
Episode 93 - Securing Your Digital Employee Experience
September 27, 2023 11:00 - 39 minutes - 26.9 MBDespite the recent push by some old school (re: outdated) leaders to force employees to return the office, remote work is here to stay. While we all talk about the importance of making remote work secure, there isn't much talk about how the experience for the end-users. Fortunately, there are some companies out there that are understanding the need to balance security, business and end user needs. In this episode I talk with Melinda Ann O'Neill about Digital Employee Experience (DEX). Melin...
Episode 92 - Let's Talk Network Segmentation in 2023
September 06, 2023 11:00 - 39 minutes - 27.1 MBIn this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams. Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health. Talking Points: How has Network Segmentation changed in 2023? Who is responsible? Is that team being supported enough? How are you compartmentalizing things? Should you separate your IT and your OT? Does network segmentation make it...
Episode 91 - Rethinking DEI: Latinas In Cybersecurity
August 16, 2023 11:00 - 55 minutes - 38.3 MBA few years ago, the topic for the 3rd episode for the #RealTalk with Aaron Bregg podcast about Diversity And Inclusion in the Cybersecurity Industry. To this date it is one of the most downloaded episodes. Since that episode was publish a LOT has changed in the world. I felt that it was time to revisit the topic but with a little bit of a twist. The need for a twist comes from the fact that DEI in cybersecurity still where it needs to be. As luck would have it I had met Angela Hill a few...
Episode 90 - Getting Multi Cloud Compliant
August 02, 2023 11:00 - 35 minutes - 24.5 MBIn this episode I had a chance to dive into a topic that is ripped straight from my day job. Multi Cloud Compliance. My guest for this episode is Mike Roman. Mike is a Senior Security Sales Engineer for Orca Security, which happens to be the company that just won the 'Best Swag' award at Cloud Con last week! In all seriousness though, more and more companies are having to rely on multi-cloud environments in order to keep the lights on. You may be a Amazon AWS shop but you may use Snowflake...
Episode 89 - CISO Insights: A Call To Action
July 12, 2023 11:00 - 54 minutes - 37.7 MBIn this episode I break from the norm a little bit in order to delve into the minds of security leadership. These insights come from a recent Grand Valley State University Cybersecurity Masters Graduate, Isaac Beasley. As part Isaac's Master's project, he interviewed 10 different cybersecurity leaders in the West Michigan area about a variety of different topics. For the sake of time, I concentrated on talking to the following key data points: Hiring, Retention, & Advancement 80% reported...
Episode 88 - Rethinking Pentesting and Moving Towards Attack Surface Management
June 28, 2023 11:00 - 37 minutes - 26 MBWhile PenTesting (i.e. hacking) may be the most visible part of Information Security, it is sometimes can lead to a false sense of security. In this episode I had a chance to talk with Nabil Hannan about rethinking your penetration testing strategy and moving towards Attack Surface Management. Nabil is the Field Chief Information Security Officer for NetSPI and has a ton of useful information to share about starting this journey. Talking points include: What are the biggest misconceptions...
Episode 87 - What The Heck is Asset Intelligence
June 14, 2023 11:00 - 38 minutes - 26.6 MBEarlier this year Cloud Security Alliance covered the big debate around should you buy or build for your Cyber Asset Attack Surface Management (CAASM) solution. As luck would have it, Ken Liao recently reached out to me regarding the new company that he works for who handles this very topic. In this episode I had a chance to talk with Sevco Security's Chief Strategy Officer, Brian Contos, on this very topic. The timeliness is very apt, as Gartner recently named CAASM as an emerging technol...
Episode 86 - What Artificial Intelligence is and What it is Not
May 31, 2023 11:00 - 50 minutes - 34.8 MBI know some of you are thinking, "Ugh another podcast on artificial intelligence!", to which I say, "Nope". Originally this was supposed to be a two-part series with the first episode focusing on high level AI talk. The second episode that drills down into how to actually come up with AI/ML policies and standards. However, like all things related to the podcast, we are going to mix it up a little. In this episode I have a non-security co-host, Brian Carlson and a security guest, Tim O'Conno...
Episode 85 - Are You REALLY Protecting Your C-Suite and Board Well?
May 17, 2023 11:00 - 42 minutes - 29.1 MBIn this episode I go outside of the topics and talk about one that I think is definitely underrated, Protecting Your Executives. I sometime forget how lucky my healthcare organization is very forward thinking when it comes to security. However, not all companies have the luxury of having a full team to protect VIPs. I had a chance to have an in-depth conversation with Daniel Floyd around this very subject. Daniel is the Chief Information Security Officer for BLACKCLOAK. BLACKCLOAK was one o...
Episode 84 - Changing the Way You Looked at Managed Security Operations
May 03, 2023 11:00 - 47 minutes - 32.5 MBIn a recent episode Matt Nelson from Guidepoint was talking about how he is seeing a trend with medium-sized companies moving away from the idea of building out or building up a security team. There were several reasons including budget constraints and an experienced talent shortage. So I reached out to Bill Bernard about having a deeper discussion on how revisiting the topic of using a #managedsecurityoperations company. Talking Points: What is Managed Detection and Response? Because of ...
Episode 83 - Zero Trust is not a Product. It is a Mindset
April 26, 2023 12:00 - 47 minutes - 32.4 MBIn this episode I had a chance to talk with Todd Brockdorf and Chris Lawrence about Zero Trust. Todd is a Senior Sales Engineer and Chris is a Customer Success Engineer. Nowadays it is hard to sift through all of the security vendor marketing chaff to get #RealTalk about Zero Trust. Talking Points: What is the biggest misconception around Zero Trust that is happening right now? What about thinking of the cloud as a segmented network? How are upcoming government regulations, how do compan...
Episode 82 - What the Heck is Wrong with Security (Updated)
April 05, 2023 18:00 - 44 minutes - 30.5 MB4.6.23 Update: If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up! *Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer. Additionally, this episode is not sponsored and therefore is not influenced ...
Episode 81 - How are you securing your hybrid cloud environment?
March 22, 2023 11:00 - 47 minutes - 32.7 MBIn this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3. We took the time to break down several different issues that are happening right now across multiple industries. Talking Points: How do you build a solution agnostic environment? How can we learn from the recent issues with Southwest to help going forward? How do you marry up your resiliency goals...
Episode 81 - How are you are securing that hybrid cloud environments?
March 22, 2023 11:00 - 47 minutes - 32.7 MBIn this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3. We took the time to break down several different issues that are happening right now across multiple industries. Talking Points: How do you build a solution agnostic environment? How can we learn from the recent issues with Southwest to help going forward? How do you marry up your resiliency goals...
Episode 80 - The Future of Medical and IoT Device Security
March 15, 2023 11:00 - 54 minutes - 37.2 MBIn the episode I had a chance to talk to not one, not two but THREE talented gents about the future of medical and IoT device security. Nathanael Dick, Russ Ramsay and Dan Rittersdorf all work for a great, and local, embedded systems engineering company called DornerWorks. I was fortunate enough to do the podcast prep meeting in person and was able to tour their very cool West Michigan offices. Obviously, medical device security is very important to me considering I work in healthcare. Howe...
Episode 79 - Rethinking Your Secure Software Development Lifecycle Strategy
March 08, 2023 12:00 - 37 minutes - 25.8 MBIn this episode I get a chance to talk with Liav Caspi about rethinking how you do your Secure Software Development Lifecycle. Liav is one of the co-founders of Legit Security and got his start in the Israel Intelligence (Unit 800) scene many years ago. He and his other co-founders worked for a well known Static Application Security Testing (SAST) company I know very well. They then branched off a few years back to form what is now called Legit Security. Talking Points Why your current Sec...
Episode 78 - Advancing Your SIEM: Tales from the Trenches
February 15, 2023 12:00 - 40 minutes - 27.8 MBIn this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kas...
Episode 77 - Your Data Classification and Governance Journey Begins
February 01, 2023 12:00 - 38 minutes - 26.2 MBIn this episode I get to talk with Daniel Post about data classification and data governance. Dan is a Senior Sales Engineer for Varonis. He has been in the industry for a while and has knowledge that we break down into 'bite sized' chunks to make it easier for your staff to consume. Talking Points: Where does a company first start their Data Classification and Governance journey? What are some of the challenges that a company can expect when it comes to data classification? What are you...
Episode 76 - Why Your Business Needs Data Visualization
January 18, 2023 12:00 - 30 minutes - 21 MBIn this episode I had a chance to talk to Lisa Jones-Huff about the importance of data visualization and how it can help both security AND the business. Lisa is the Senior Director of Global Security Specialists for Elastic. Talking Points: Some basic steps for understanding how to interpret your data: What is the very first thing you should do on your data visualization journey? What type of data do you have? What is the value of that data? What types of use cases provide the most 'Co...
Episode 75 - Where are My Logs at? Rethinking Loggin in 2023
December 21, 2022 12:00 - 49 minutes - 33.7 MBIn this the 3rd annual holiday fundraiser podcast episode, I talk with Kam Amir and Brenden Morgenthaler about what enterprise logging will look like in 2023. Kam is the Director of Technical Alliances for Cribl. Brenden is an Enterprise Architect for CDW. Talking Points: Kam has developed a formula for getting the most value from your setup using the three 'Vs': Variety Value Velocity This allows for you to get more freedom to get valuable data into your platform. Brenden talks to re...
Episode 74 - Let's Talk Advanced Email Security
November 30, 2022 12:00 - 45 minutes - 31.1 MBIn this episode I have a 1 on 1 conversation with the one and only Brian 'Schneebs' Schneble about Advanced Email Security. Brian is a Senior Enterprise Account Executive for Abnormal Security. Brian is not only an active member of the Michigan cybersecurity community but he has extensive knowledge of the automotive industry. Talking Points: In a break from the traditional talking points, for this episode we break down a real world use case where a company was hit by a very creative 'doub...
Episode 73 - Thinking Differently About Privacy
November 23, 2022 12:00 - 38 minutes - 26.6 MBIn this episode I sit down with Paul McManus about all things Privacy. Paul is a Senior Information Governance Analyst for Corewell Health Corporate. I have had the distinct pleasure of working with Paul on several different privacy related engagements over the years. Talking Points: What are some of the challenge you are seeing in privacy space right now? Integration Who watches the watcher? As more and more things are outsourced, how do you this with digital assets? Do people real...
Episode 72 - Human Factors in Cybersecurity
November 09, 2022 12:00 - 54 minutes - 37.2 MBIn this special episode I had the honor of MC'ing a Security Awareness Month online panel for Cadre Information Security and the topic was Human Factors in Cybersecurity. The panelists were Phil Swaim, Mike Davenport, Tim O'Connor and Mike Peterson. We not only had great discussions on how to build your Security Awareness Program but actions steps you can take right now to create 'Security Champions' in your organization. Talking Points: So how is a Security Awareness Program different f...
Episode 71 - Looking at Vulnerability Management
October 12, 2022 11:00 - 31 minutes - 21.8 MBIn this episode I talk with Rob Walk about looking at vulnerability management differently. As recently as last week I have seen a shift is how people are thinking about the topic. Some range from the talk of how it needs to fit in with business needs all of the way to 'CVSS is Dead!'. Rob is a Senior Engineer from Tenable and shares from valuable insight on how thinking differently can be accomplished heading into 2023. Talking Points: What do you fix when there are some many vulnerabi...
Episode 70 - Secure Email - What the Heck is DMARC?
September 28, 2022 11:00 - 30 minutes - 20.9 MBIn this episode I talk with Rob Bowker about securing your email using DMARC. Rob is the Sales Director for EasyDMARC. Besides the high level explanation of what DMARC is, we delve deeper into the following topics. Talking Points: Why is there slow global adoption of DMARC? Are cyber insurance companies interested in a customer is using DMARC? Why your marketing team should care if you use DMARC? What is the value of aggregating sender reports? What does the future look like? I am ...
Episode 69 - The State of Cyberinsurance in 2022
July 20, 2022 11:00 - 39 minutes - 26.9 MBIn this special Pre-Cloud Con episode we mix things up a little. Rather than joining me as a co-host, the Cloud Security Alliance of West Michigan's own Anthony Coggins, sits on the other side of the mic. He along with the ever knowledgeable Tim O'Connor, discuss the current state of cybersecurity insurance in 2022. Anthony is the Senior Manager of the Security Operations Team at Grand Rapid's own rocket ship insurance company, Acrisure. Tim is the Manager of Knowledge Services at Cadre I...
Episode 68 - Network Observability in a Hyrid Cloud World
July 06, 2022 11:00 - 38 minutes - 26.2 MBIn this episode I get a chance to talk to Kevin Peterson about Network Observability in a Hybrid Cloud World. Kevin is great information security evangelist who works for Arista. One of the many challenges that I face in the healthcare industry is handling devices that live On-Prem and send data to multiple cloud environments. Kevin and I talk about some very common use cases and the challenges that come along with it. We also tag about how to handle segmentation across multiple domains. ...
Episode 67 - Let's Talk Cloud Security Certifications
May 18, 2022 13:00 - 37 minutes - 26.1 MBIn this special episode I speak with Peter HJ van Eijk about the CCSK and CCAK cloud security certifications from the Cloud Security Alliance. Peter is the owner of Club Cloud Computing and an authorized CCSK and CCAK trainer. I have personally taken his training course and thought it was one of the best ones out there. He also offers free refresher courses and online focus sessions. If you want to learn more about CSA certifications, then definitely listen in!
Episode 66 - Let's Talk Medical Device Security
May 04, 2022 11:00 - 33 minutes - 23.4 MBIn this episode I had the pleasure of talking with Jonathan Jesse about medical device security. Jonathan is a Senior Systems Engineer for Forescout. In fact, he has been working for the same information security company for over 6 years! That is pretty unheard of nowadays in the security vendor space. What prompted this interesting discussion you say? Well Forescout recently acquired CyberMDX. They are company that specializes in medical device security protection. Since I have to wor...
Episode 65 - A Deeper Look at Mobile Security
April 20, 2022 11:00 - 37 minutes - 25.6 MBIn this episode I talk with Richard Melick about mobile security. Richard is the Director of Threat Reporting for Zimperium, so he knows a thing or two about what is happening out in the mobile world right now. We definitely took a deeper look at the current state of mobile security and the talking points cover a bunch of key areas. Talking Points: What is more important and more secure to have, your wallet or your phone? Mobile threats can happen when you least expect it or in the last ...
Episode 64 - Let's Talk Cloud Identity
March 30, 2022 11:00 - 35 minutes - 24.5 MBIn this episode I had a chance to talk with Rebecca Harvey about Cloud Identity. Rebecca does regional sales for SailPoint and she is also a co-founder of the Women's Security Alliance (WomSA). Her and I talked about why companies are still getting Cloud Identity wrong. We also did a deeper dive into cutting edge items like Robot Identity and Robotic Process Automation. Episode Sponsor: This episode was sponsored by SailPoint. SailPoint is an Identity Security Solutions Provider that is...
Episode 63 - Let's Talk 5G Security
March 16, 2022 11:00 - 44 minutes - 30.4 MBIn this episode I had a chance to talk with Brian Philips about 5G security. Brian is the Chief Solutions Architect for NetScout. We had a chance to dive into various parts of 5G and what does it mean for the future of the 'Mobile Office'. We also talked about future use cases that are not as far as away as you think. How is 5G going to impact security? 5G Internet to home isn't 'private' yet Cellular security is wider than it needs to be right now How companies like Amazon could utili...
Episode 62 - Rethinking 'Trust' in the New Digital Transformation Age
February 09, 2022 12:00 - 42 minutes - 29.4 MBIn this episode I had a chance to talk with Brian Schneble, Claudio Catti and Chuck Chessor about mobile security and rethinking 'trust' in the new Digital Transformation age. This was a more detailed discussion from the holiday fundraiser episode and has some great real world examples. Talking Points: As WFH becomes permanent, do we need to rethink 'trust' in the digital transformation age? How many companies are well verse in SASE philosophy? General Motors CEO asked her employees to t...
Episode 61 - A Closer Look at Digital Forensics
January 25, 2022 22:00 - 50 minutes - 34.8 MBIn this first episode of 2022 I am reaching into my distance security past and invited a former colleague, Mike Ahrendt, to join Natasha Young and myself to take a close look at digital forensics. Mike has worn many security hats, including recent leadership roles, but his heart lies in the SOC. Mike shares some insightful stories and answers from tough questions from Natasha! Talking Points: What is the difference between Public Sector vs Private Sector? How come some companies don't p...
Episode 60 - Lookalike Domain Email Attack
December 29, 2021 16:00 - 11 minutes - 7.77 MBIn this brief end of the year episode I talk about a recent phishing attack on a 3rd party vendor that was compromised via email in a very unique way. I reveal how it happened and why defense in depth in so important. Talking Points: What is a lookalike domain? The importance of having a defensive domain strategy How bad guys used an operating system and email applications default behavior against the user
Episode 59 - Preparing for a Ransomware Attack
December 22, 2021 12:00 - 59 minutes - 41 MBIn this episode I had a chance to talk with Israel Barak about a listener submitting topic, 'How do I prepare for a ransomware attack?'. Israel is the CISO for Cybereason and has intricate knowledge of ransomware and cybersecurity dating back to his days in the Israeli Defense Force. Using his extensive knowledge we talked through his concept of having different security 'pillars' to help navigate the lifecycle of ransomware: Security Hygiene - Checklists are in security hygiene - you don...
Episode 58 - Advanced Social Engineering with Mobile Hacking
December 16, 2021 03:00 - 57 minutes - 39.8 MBIn this special holiday fundraising episode I have not one but two special guests joining a small panel to discuss the current state of mobile security and the pitfalls of social engineering. Mike Jones is a former Anonymous hacker and founder of the Haunted Hacker security podcast and magazine. Jonathan Scott is a Mobile Security Researcher and the author of the Pegasus ID software. I was also joined by Jim Kuiphof, Director of Information Security for Spectrum Health, Richard Melick from...
Episode 57 - A Look Back at Cybersecurity in 2021
December 08, 2021 12:00 - 49 minutes - 34.1 MBIn this episode I sit down with Lloyd Guyot, Mike Peterson and Steve Barnes to discuss the state of cybersecurity in 2021. Lloyd is a Client Solutions Advisor for Optiv, Mike is a Cybersecurity Consultant for Cadre and Steve is a Systems Engineer for Fortinet. Talking Points: How do we secure the new hybrid workforce? Is SASE where is needs to be going into 2022? Do you think there is ransomware fatigue? How is Social Engineering just security marketing hype? We cover a veritable corn...
Episode 56 - A Passwordless Future: Insights from a CISO
November 24, 2021 12:00 - 41 minutes - 28.7 MBIn this episode I have a special guest joining me to talk about a 'Passwordless Future'. Jorel VanOs is the Chief Information Security Officer for the insurance company that is taking off like a rocket ship, Acrisure. This is continuing a great conversation that was discussed in the Security Leadership panel at this year's C3 Tech Advisors IT Summit. Talking Points: What are companies not understanding about Multi Factor Authentication (MFA)? Why do banks use Email/SMS in this age of ba...
Episode 55 - Mentoring Women in Security: A Look Back
November 10, 2021 12:00 - 46 minutes - 32.2 MBIn this episode we are going to do things a little different. I am very to have Rebecca Harvey take over the hosting duties. She will be interviewing myself and my awesome mentee, Natasha Young, about the last 6 months of our participation in WomSA mentorship program. If you are interested in becoming either a mentor or a mentee, I highly encourage you to set aside sometime to listen to this episodes. Kudos to Rebecca for being a great guest host and to Natasha for being a great mentee!
Episode 54 - Security Posture Management as a Service
October 27, 2021 11:00 - 42 minutes - 29.3 MBIn this episode I talked with Dave Golding about Security Posture Management as a Service. What the heck is it? Are misconfigurations just FUD from vendor marketing teams? Dave is a Sales Executive for AppOmni. Talking Points: What the heck is Security Posture Management anyways? What is your CASB not doing (not in a bad way)? What is the biggest problem with default configuration that you are seeing with customers? What is one of the biggest surprises that you are seeing in the indus...
Episode 53 - How to Mature Your Security Awareness Program
October 13, 2021 11:00 - 53 minutes - 37 MBIn this episode I sit down with Corwin Tobias, to take a deeper dive into maturing a Security Awareness program. Corwin is the Information Security Awareness Ambassador for Blue Yonder. I had the pleasure of working with Corwin when he was working on the Information Security Training Team for Spectrum Health. Talking Points: How to quip your staff to identify key risks Does an employee know what to do when they make a mistake? A Human Firewall sounds good but doesn't always work in rea...