silent-sector-us

The Cyber Rants Podcast

Bringing you cybersecurity insider tips, guidance, news, and rants!

apple-logo-white      podcast-icons-google-podcasts     spotify-podcasts     podcast-iheartradio

Episode #99 - Penetration Testing: When we show up at your door...

We’ve covered various forms of remote penetration testing, so in this episode we get up close and personal. On-site penetration testing has its own benefits, risks, and nuances. This week, the guys discuss activities such as Wireless Network Penetration Testing and Physical Security Assessments that are conducted on-site. This is “the fun stuff” and you don’t want to miss this episode!

Open Episode

Episode #98 - Network Penetration Testing 101

This week, the guys discuss network penetration testing which is a critical aspect of cyber risk management. They share how internal and external network pen testing validates the effectiveness of the controls you have in place and helps you find exploitable vulnerabilities before the cyber criminals do. They discuss the differences between Black Box and Grey Box penetration testing, Red Team and Blue Team approaches, the intricacies of internal network pen testing, and compliance considerations.

Open Episode

Episode #97 - How to Prepare for Your SOC 2 Audit - Part 5

This week, the guys reach the epic conclusion of the SOC 2 audit preparation series. They finish the Security Trust Services Criteria, discussing Control Categories 7,8, & 9. They also share tips and tricks to succeed with your SOC 2 audit.

Open Episode

Episode #96 - SOC 2 Readiness Part 4

This week, the guys return to helping you prepare for your SOC 2 audit. This time, they discuss Control Categories 5 and 6 in the Security Trust Services Criteria. They cover risk management controls and answer the question, "How does hosting in the cloud help with the audit?"

Open Episode

Episode #95 - The Legal Side of Cyber Protection

We all know that data breaches are nightmares and the legal ramifications can be far worse than the breach itself. So what can we do to protect ourselves? This week, Zach and Mike welcome attorney John Gray, Chair of Data Privacy and Cybersecurity of Lewis Roca, who specializes in Data Privacy law. He shares how companies can prepare in advance to reduce the legal ramifications often associated with cyber attacks. He also covers issues around nation-state threat actors and various malicious activities in today's environment.

Open Episode

Episode #94 - Web Application Penetration Testing 101

Web applications are drastically different and like anything, are prone to vulnerabilities. Application penetration tests come in all shapes and sizes, some good, some bad, and some are not even penetration tests at all. This week, the guys share their insights about Web Application Penetration Testing and get what you need out of your next test! Do not miss this episode if you are planning a web application penetration test for the first time! 

Open Episode

Episode #93 - SOC 2 Readiness - Part 3

As we get deeper into the SOC 2 Preparation series, the guys discuss the controls around monitoring activities, tracking deficiencies, and assessing results (CC 4). If a SOC 2 audit is in your future, be sure to catch all the SOC 2 audit readiness episodes! 

Open Episode

Episode #92 - How to Prepare for Your SOC 2 Audit (Part 2)

This week, the guys continue their series on how to prepare for your SOC 2 audit by discussing controls in Section 3 of the Security Trust Services Criteria. If your organization is about to undergo a SOC 2 audit or looking into it, be sure to catch all the SOC 2 audit readiness episodes! 

Open Episode

Episode #91 - How to Prepare for Your SOC 2 Audit (Part 1)

Planning to go through your very first SOC 2 audit? If so, this series will be a binge worthy and enlightening adventure! This week, the guys walk you through the first few SOC 2 audit requirements with a step-by-step approach. They share what your auditor will be looking for, tips to prepare, and the pitfalls that might catch you off guard.

Open Episode

Episode #89 - The Cybersecurity Committee

The development of a cybersecurity committee will accelerate your company's alignment to a cybersecurity framework and compliance requirements. 

This week, the guys discuss why you may need a committee for your cybersecurity framework adoption, instead of leaving one person to lead the job. 

They also cover operational tempo with a 12-month calendar example to accelerate your progress and maintain compliance. 

Open Episode