The Cyber Rants Podcast

Unfortunately, there are some IT professionals who feel threatened when a 3rd party cybersecurity team is engaged. While it's the exception rather than the norm, there are both in-house and 3rd party IT professionals who become uncooperative, feeling as if security people are trying to poke holes in their work. While many IT professionals are very accepting of cybersecurity support, it should never be the case that anyone feels threatened. IT and cybersecurity are complementary disciplines. Good professionals not only strengthen the organization, they can even help each other grow in their own careers.  This week, the guys share stories about walls going up and tensions growing, how to break down emotional barriers and eliminate the fear for better collaboration, the different personality types, valid sources of concern among IT professionals, and why nobody should ever feel threatened when their organization brings in quality cybersecurity support.

Thinking about a career in cybersecurity? This week, the guys share their thoughts about getting into the cybersecurity field. They share the pros and cons of the job, training and experience that helps along the way, how to find your first position or two, plus some reasons why cybersecurity is NOT a good career for some people. Chances are, you're probably closer than you realize to landing your first cybersecurity job.

As technology's most widespread and trusted vendors are compromised, who can you really trust in today's environment? This week, the guys discuss attacks originating from compromised tech products, how the bad guys gain insider access, multi-factor authentication fatigue, and even a few hints at their love for Rick Astley.

Cloud services can offer tremendous benefits and cloud computing environments have become a standard across all industries. However, marketing hype leads consumers to believe that "the cloud is secure" by default and that someone else is taking responsibility for their protection. Too many people are quick to adopt cloud services without truly understanding the risks. This week, the guys discuss the risks and considerations around cloud services to help you ask the right questions and make wise decisions when moving to new technology environments.

Ransomware can infect your on-premise or cloud environments at any given time but we've noticed that ransomware attacks seem to spike during certain times of the year. This week, the guys talk about how ransomware can be deployed on your devices, how to prevent ransomware attacks, and even some horror stories from how ransomware has impacted major networks.

It's cyber risk assessment season! This is the time of year when many organizations seem to perform their annual cyber risk assessment. Unfortunately, the standard methods often result in limited visibility. This week, the guys discuss a more holistic risk assessment approach to make your cybersecurity program stronger than ever.

This week, the guys discuss some cybersecurity trends, tips, and words to the wise that are timely and relevant in today's technology-centric world! They discuss: 

• Are attacks ramping up and if so, why?
• The pros and cons of spending your cybersecurity budget on Black Hat and DefCon
• Why you need specific objectives in your penetration testing, not just the numbers
• The wrong and right way to establish vendor relationships
• And more! 

Does your company recruit IT and cybersecurity staff with the same methods used to fill other positions? If so, don't miss this episode. This week, the guys welcome Cammas Freeman, an expert on finding and retaining the best technology professionals. Cammas shares a unique approach for recruiting the best talent, using a methodology that saves a tremendous amount of time and money. She also shares tips to build a strong culture for less turnover.

Cyber criminals are heavily focused on compromising backups so their attacks are as crushing and painful as possible for the victims. Good backups and the ability to quickly restore are a critical part of every infosec program but many organizations still treat backups as an afterthought. This week, the guys welcome the recognized authority on data backup W. Curtis Preston (aka. Mr. Backup) to reveal the backup and recovery trends he is noticing, tips organizations can implement to minimize risk, and what to look for in a backup solution.

This week, the guys discuss one of their favorite topics, Payment Card Industry Data Security Standards (PCI DSS)! Companies that transmit, process, or store credit card data need to be compliant but PCI has its own nuances. What level of PCI compliance do you need? How do you determine what is in scope? How do you work with auditors? The guys answer these questions and more, plus share some wizard-like tactics to help you maneuver through the PCI requirements.