silent-sector-us

The Cyber Rants Podcast

Bringing you cybersecurity insider tips, guidance, news, and rants!

apple-logo-white      spotify-podcasts     podcast-iheartradio

Episode #70 - Securing Complex Organizations and Subsidiaries

Building and managing a cybersecurity program can be confusing for organizations with multiple product lines, subsidiaries, or industry divisions. How do you manage security across all business units? What can you do to set standards that the entire organization follows? How do you control the quality of the cyber risk management practices through different cultures? This week, the guys answer these questions and more, discussing the various aspects of implementing, assessing, managing, and normalizing cybersecurity across a complex organization. 

Open Episode

Episode #69 - News, Notes, and... Goodwill Hacking?

This week, the guys reconvene after a mini-hiatus and talk about some topics and tips in the news today such as 

  • Goodwill Ransomware Hacking
  • Safe Browsing - the hidden dangers people need to know
  • A word to the wise about Wordpress (even though they supposedly "don't talk about wordpress")
Open Episode

Episode #68 - Cybersecurity Offense - Can you hack back?

Is there really such a thing as "offense" in cybersecurity? This week, the guys discuss how it's possible to proactively protect organizations against criminals and how to identify potential attacks so you can stop them before it's too late. They share the realities of offensive cybersecurity and "hacking back."

Open Episode

Episode #65 - Dissecting Cybersecurity Frameworks - Part 1

A cybersecurity framework is the foundation of any good cyber risk management program but many people are not familiar with what a framework really is and what they include. This week the guys reveal the importance of following an industry-recognized cybersecurity framework and begin walking through the National Institute of Standards & Technology Cybersecurity Framework (NIST CSF) as an example. You'll understand why cyber risk management is not a mystical "make it up as you go" approach but a series of cybersecurity methods with easy to access, readily available guidance.

Open Episode

Episode #63 - Physical Security Controls for Data Protection & Compliance

This week, the guys discuss physical security controls (and lasers) to ensure that your organization is both secure and compliant! Cybersecurity doesn't stop at technology implementation. If you follow NIST 800-171, CMMC, PCI-DSS, or a number of other compliance requirements, you'll need physical security consulting to help secure your premises to protect systems and data. Hear what the guys have to say about implementing effective physical security controls.

Open Episode

Episode #62 - Eric Adams, FedRAMP Expert

This week, the guys are joined by Eric Adams, experienced CISO and FedRAMP Strategist discuss what precisely is FedRAMP, its relation with cloud security standards, and why should organizations consider it for their structure, as well as the steps to make it happen. 

Open Episode

Episode #60 MSSP vs. vCISO vs. Cybersecurity Program Development

It's a wild market for cybersecurity services, often confusing buyers and selling companies less than ideal solutions. The question is, between MSSP, vCISO, and cybersecurity program development, what is the best fit for your organization's needs? This week, the guys discuss the pros and cons of the common services to help you understand the best fit. From Managed Security Services Providers (MSSP) and Virtual Chief Information Security Officers (vCISO), to remote security teams and tailored Cybersecurity Program Development solutions, this episode covers the critical considerations for selecting the right cybersecurity service partner.

Open Episode

Episode #59 - Getting The Most from Your Cyber Security Provider

It is important to know what you're getting into when you invest in services from a cybersecurity provider to help with security and compliance! There are critical considerations and points you must know in order to get the most from your cybersecurity firm and their services.

This week, the guys discuss how to properly engage your cybersecurity provider to make sure your initiatives are met. They also share insights about what a cybersecurity firm cannot do for you, plus how much time you or your team should expect to spend.

Open Episode

Episode #58 - Red Team Testing & Other Colorful Methods

What do you think of when you hear "Red Team vs. Blue Team"? Board or video games, military exercises, or cybersecurity terms? This week the guys discuss Red Teaming as it relates to cybersecurity and penetration tests, when Red Team Cybersecurity Testing is an appropriate method and when other colors are better, plus the critical considerations you need to think through before engaging a cybersecurity firm to perform a Red Team Penetration Test.

Open Episode

Episode #56 - Compliance and Security with a Remote Workforce

The transition to a remote workforce has left many companies wondering how they'll achieve compliance with various requirements like CMMC, ISO 27001, and SOC 2. Meanwhile, remote workers have made it easier than ever for cyber criminals to attack. This week, the guys discuss cybersecurity for remote workers and meeting all compliance requirements, sharing principles that work across companies of all sizes.

Open Episode
10103417-small

Send Us Your Questions & Rants!