The Cyber Rants Podcast

For some organizations, vendor vetting for cyber risk management is a process that runs like a well-oiled machine. For most, it's a tedious and challenging nightmare. This week, the guys discuss the vendor vetting process from both sides, vetting your vendors and navigating the vetting process of your prospects. They share how organizations of all sizes can use the vetting process to their advantage.

This week, the guys discuss technical controls to protect your employees and protect your company from its own employees. From honest mistakes to gross negligence and malicious activity, proper protections minimize employee related cyber risk. The guys also share tips for configuring and issuing devices to your team members, which is especially critical for those working from home. 

This week, the guys welcome Heather Monthie, PhD, who's illustrious career has blended her passions for cybersecurity, aviation, and education. She has been an integral part of K-12 and university education systems, developing STEM programs that build a stronger technology workforce.

Heather shares her insight about the world of cybersecurity education, plus valuable advice and resources for anyone looking to work toward a career in technology.  

Nobody loves cybersecurity governance documentation like we do! This week, the guys discuss cybersecurity policies and why the proper policies make all the difference for security, compliance, and audits. Plus, learn what documents are most important, why the "one size fits all" cybersecurity policy templates don't work, and how to build documentation to your exact needs. 

What's the difference between having an Incident Response Plan and just "winging it"? This week the guys talk about their real-world cybersecurity incidents and share their knowledge about proper planning and preparation. Having an incident response plan for cybersecurity is important. Learn what goes into incident response planning, who should be involved, and how to ensure everyone is on the same page for quick response and minimizing damage during a cyber-attack.

What is a cybersecurity risk assessment? This week, the guys take a deep dive into the intricate world of Cyber Risk Assessments. They cover best practices from choosing an industry recognized cybersecurity framework, to scoping and preparing for your cyber risk assessment, plus how to make cybersecurity standards like NIST, CSF, and CIS Controls work for your company.

Cybersecurity is critical for financial services organizations, but many mid-market and emerging companies struggle tremendously with their cyber risk management programs.

Not anymore with Fintech Cybersecurity. This week, the guys talk about credit union cybersecurity, bank security, and any other issue in the industry including staffing, risk assessment, penetration testing, and compliance. Financial services companies are an attractive and highly targeted sector for cyber criminals. It is also an industry where Zach, Mike, and Lauro have a deep history.

This week, the guys talk about a topic that everyone loves, PCI (Payment Card Industry) Compliance! They rant about PCI-DSS compliance levels and standards, plus what first timers need to consider when preparing for a PCI audit. PCI DSS Legal Compliance can be tricky, but the team is ready to share tips about how to make your PCI compliance process simpler throughout the year and how to deal with the QSA (auditor), especially when the auditor doesn't understand your environment.

This week, the guys discuss considerations in cybersecurity for healthcare organizations. Despite some people thinking that healthcare organizations have a completely different set of circumstances than other organizations, they must meet HIPPA Cybersecurity Compliance. However, that is not the case for the most part. They discuss despite some different nuances, it's still vital for Healthcare organizations to be equipped in cybersecurity and protection, and the same rules and protocols for HIPPA Digital Security can still apply.