Description:

This episode of the Information Security Podcast features a keynote from the Information Security Summit 2019 by Grant Asplund @gasplund from Check Point Software @CheckPointSW “Migrating to the Public Cloud...so, What’s the Big Deal?”.  The presentation is both enlightening and entertaining while examining the many factors an organization should consider when migrating to the Public Cloud.

Key Discussion Points and Actionable Items:

• Parallels between the Mainframe in the past and the Public Cloud today
• Recognition that knowledge from the past of operating and securing On Premise environments don’t directly translate to the Public Cloud
• Importance of an organization asking the basic question “Am I using the Public Cloud securely?”
• The paradigm shift when having an “always connected resource” that must be managed 7x24x365 and the demands it places on IT and Security Teams
• The requirement to “re-tool” the solutions supporting an organization in the Public Cloud especially when using technologies such as Kubernetes and microservices
• Benefits of leveraging the Public Cloud when designed, implemented, and operated properly.

Special Notice to our Faithful Listeners:

The Information Security Podcast will be transitioning to a monthly schedule following this episode.

Thank you for all your support and check back with us in about a month.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

If you enjoyed Grant’s keynote, check out Grant’s podcast, Talking Cloud, featuring interviews regarding secure migration strategies to the public cloud.

Description:

This episode of the Information Security Podcast features a keynote from the Information Security Summit 2019 by Bob Kalka @bobkalka ‏from IBM @IBM entitled “Top Cyber Security Issues when Migrating to the Cloud”.  The presentation examines the many factors that impact an organization as it prepares, migrates, and operates in “the Cloud”.

Key Discussion Points and Actionable Items:

• Recognition that any IT, Security, or Application issues that exist prior to a Cloud migration are going to be further extenuated once migrated to the Cloud
• The concept of security “For, From, and In” the Cloud
• Understanding the difference between a Risk vs. Compliance posture by a Security Team
• Importance of avoiding the pitfalls of “under-deployed” software investments
• Being aware of the assumptions organizations make regarding the “shared responsibility model” between a customer and a cloud service provider and the potential pitfalls that could impact an organization
• Review the proper controls for a cloud migration including the identification of all critical data and properly protecting it before a cloud migration
• Preparation for appropriate incident response tactics

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features a conversation with Kurt Van Etten @kurtvanetten from RedSeal and host Rob Nettgen (@Robert_Nettgen).  This episode discusses the process of enabling a Security Team with the capability of “Delivering Trust and Confidence” within their organizations.

Key Discussion Points and Actionable Items:

• Recognition that a Security Team has a requirement to establish credibility within their respective organizations
• Requirement to establish metrics, via frameworks, so benchmarks can be used to validate the activities of the Security Team
• Importance of managing expectations and communicating across the organization
• Communicating to establish the level of risk, via the Executive Management Team, an organization is willing to assume to guide investments in security
• How critical it is to establish the threat landscape of your organization
• Leveraging tabletop exercises to establish the capability to effectively respond to an incident.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features a conversation with Mike Radigan @RadiganatBOS from Capgemini @Capgemini and host Rob Nettgen (@Robert_Nettgen).  This episode discusses the process of “Demystifying Industrial Control System Cyber Risk”.

Key Discussion Points and Actionable Items:

• Defining the various types of Industrial Control Systems and how they support a Plant’s Operation
• The inter-relationship of Industrial Control Systems, Information Technology, and Cyber Security
• How Industrial Control Systems have evolved over time and why integrations exist with the balance of an organization’s Information Technology infrastructure
• The role of a Plant Manager and how they assess risk in a Plant’s Operation comparing Cyber Risk and Manufacturing Operations
• The difference between Cyber Risks and Cyber Threats
• Methods to equate, quantify, and explain Operational Risk to Cyber Risk
• Importance of understanding Cyber Risk at the Board level and making educated business decisions
• The impact of regulations and compliance in assessing and managing Cyber Risk.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features a returning guest and alumni of the Information Security Podcast, Kevin Baker, with host Rob Nettgen (@Robert_Nettgen).  This episode discusses the approach to “Building a Cyber Security Team”.

Key Discussion Points and Actionable Items:

• The value and importance of maintaining relationships between both the C-Suite and the team executing an organization’s security program
• Recognizing the role of the CISO / security leader to be the “glue” of an organization’s overall security program by being an effective conduit and facilitator within an organization
• Leveraging a full “suite” of skills to be an effective leader to deliver value as part of an organization’s investment in security and business
• The importance of accepting and acknowledging the dependency between Information Technology and Security to complement each other’s respective roles
• Gaining an understanding of the evolving threat landscape and the motivation behind the risks to an organization.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Eric Vanderburg @evanderburg from TCDi @tcdi with host Rob Nettgen (@Robert_Nettgen).  This episode discusses the details surrounding effective “Incident Response”.

Key Discussion Points and Actionable Items:

• Benefits an organization can realize with a defined “Incident Response Program”
• Importance of an organization knowing its environment including IT assets, applications, and where its data resides before an “Incident” takes place
• Requirements to “train” and prepare employees before an “Incident” takes place so the response is well executed vs. a reaction
• Awareness of an organization’s contractual or compliance requirements to have a defined “Incident Response Program”
• Recognizing that “Incident Response” is a cross-organizational responsibility.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Grant Asplund @gasplund from Check Point Software @CheckPointSW with host Rob Nettgen (@Robert_Nettgen).  This episode explores the factors an organization should consider when “Migrating to the Public Cloud”.

Key Discussion Points and Actionable Items:

• The importance of an organization recognizing the difference between a public cloud provider vs. the end customer’s responsibility in both migrating and operating in the public cloud
• Proper preparation and planning are critical to any cloud migration
• Acknowledging that a key “hindrance” to public cloud adoption is security and the importance of addressing it before attempting a migration to the public cloud
• Take advantage of the “free” resources available from the public cloud providers to prepare for a public cloud migration.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

If you enjoyed the conversation with Grant Asplund, check out Grant’s podcast, Talking Cloud, featuring interviews regarding secure migration strategies to the public cloud.

Description:

This episode of the Information Security Podcast features an interview with Lauren Zink from Oportun  @Oportun with host Rob Nettgen (@Robert_Nettgen).  This episode’s conversation discusses the importance of “Employee Security Awareness” as part of an organization’s overall Cyber Security Strategy.

Key Discussion Points and Actionable Items:

• The importance of understanding the meaning of “Employee Security Awareness”
• Defining the elements of a “Employee Security Awareness” Program and how it should be orchestrated within an organization
• Understanding that “Employee Security Awareness” is not a “one-time” event but starts at the time an employee is hired and evolves as they move through an organization
• The risk organizations assume when technology is the only line of defense and does not incorporate “Employee Security Awareness”
• Integration of third-party vendors and contractors that are part of an organization into the “Employee Security Awareness” Program
• “Employee Security Awareness” is the responsibility of the entire organization, including Human Resources, Training, and Compliance, and is not limited to the Cyber Security Team.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Tom Hardin from the Franciscan Alliance @MyFranciscan with host Rob Nettgen (@Robert_Nettgen).  The conversation discusses the correlation between “Cyber Incident Response and Business” and the importance of preparing for Cyber Incidents within an organization.

Key Discussion Points and Actionable Items:

• The correlation between Cyber Incident Response and Overall Business Incident Response
• The importance of adopting a Cyber Incident Response Framework such as NIST or ISO
• The process of engaging government resources, such as the FBI or other organizations, that can provide assistance as part of an Incident Response
• Alignment of a Cyber Incident Response to Cyber Insurance Policies
• Leveraging Industry Association resources to define a Cyber Incident Response Plan

 Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This is a “special” Holiday episode of the Information Security Podcast which features host Rob Nettgen (@Robert_Nettgen) along with a special group of “Security Friends”.  The conversation is lively and entertaining with commentary on a number of recent cyber security news events.

Please join the Security Friends as the Information Security Podcast celebrates the end of 2019 and looks forward to the start of 2020.

Following this episode, we will be taking a short break for the Holidays and will return with a new episode of the Information Security Podcast on Tuesday, January 7, 2020.

Happy Holidays from the Information Security Podcast!

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit).  Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Special Agent Ryan Macfarlane from the FBI’s Cyber Crime Unit with host Rob Nettgen (@Robert_Nettgen). The conversation discusses the role of the FBI in the “battle” against Cyber Criminals and how an organization can leverage the services of the FBI in the event of a Cyber Security Incident.

Key Discussion Points and Actionable Items:

Reporting issues, such as Wire Fraud, to the FBI within 48 hours to improve the chances of recovering losses. 

The importance of establishing a working relationship with the FBI before a cyber incident so they can assist in the event of a cyber incident by contacting the local FBI where your organization is located.

Validation that no organization, regardless of the size or industry, is “immune” from being a target of cyber crime due to the business ecosystem and the use of technology to support business transactions.

The proliferation of Ransomware and the ability of the FBI to assist with these types of incidents.

The benefit of using Multifactor Authentication (MFA) to reduce the likelihood of Social Engineering and Email Fraud.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit). Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Steve Hunt @Steve_Hunt from Hunt BI with host Rob Nettgen (@Robert_Nettgen). The conversation discusses and defines the term “Cyber Resilient Organization” and the role of a CISO to facilitate an organization to reach the goal of becoming a “Cyber Resilient Organization”.

Key Discussion Points and Actionable Items:

How a CISO can be an “enabler” within an organization by:

• Having credibility and describing the value of security to the business
• Allowing an organization to be agile allowing a business to grow

The evolution and positioning of risk management.

What does it mean to be “cyber resilient” and create revenue?

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit). Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Joe Weiss, Managing Partner of Applied Control Solutions by host Rob Nettgen (@Robert_Nettgen). The conversation examines the inter-relationship between controls systems and cyber security.

Key Discussion Points and Actionable Items:

1. Common misconceptions between the inter-relationship between control systems and cyber security.
2. The parallels between the Northeast Blackout of 2003, Stuxnet, and the attack on Iranian Nuclear Facilities.
3. The challenges that exist, and the requirement to evolve the interaction, between control systems, information technology, and cyber security engineers and resources.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

Joe Weiss’ Blog, Unfettered Blog, and his lecture at Stanford University, Cyber Security of Industrial Control Systems.

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit). Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

This episode of the Information Security Podcast features an interview with Bob Kalka @bobkalka ‏from IBM @IBM with host Rob Nettgen (@Robert_Nettgen). The conversation examines the definition of Cyber Security and its relationship with and how it is impacted by an organization’s migration to the Cloud.

Key Discussion Points and Actionable Items:

1. As part of a migration to the Cloud, do you know where your sensitive data exists?
2. The perception that Cloud service providers will manage all an organization’s cyber security requirements once their workloads reside in the Cloud.
3. The level of sophistication of “cyber criminals” continues to evolve as they further leverage contemporary technologies to assist their efforts.
4. Requirement to exercise Incident Response preparedness and response plans through simulated attacks and exercises.

Sponsored By:

ASMGi (@ASMGi_CLE) and https://www.asmgi.com/

Briteskies (@NoBrownCow) and https://www.briteskies.com/

Recorded and Production By:

Evergreen Podcasts (@StreamEvergreen) at https://evergreenpodcasts.com/ and production assistance provided by Frank Yako (@fyako).

Additional Information and Resources:

For additional information on the Information Security Summit, please visit us on the web at https://www.informationsecuritysummit.org/ or on Twitter (@InfoSecurSummit). Planning is underway for the Summit 2020 scheduled for October 26 through October 30, 2020, please join us!

Description:

During this episode, Host Rob Nettgen (@Robert_Nettgen) speaks with Chris Bush, Principal Security Consultant at McAfee, who will be presenting at the 2019 Information Security Summit on “The Internet of Things (IoT) that Shouldn’t Be on the Internet”. Chris is a veteran of the Information Security Summit and has attended every Summit since the event started and has presented 11 times. The presentation will be a thought-provoking discussion and informative discussion as many organizations are dealing with the benefits and security challenges of IoT.

We will be shining a light on the big event coming up, the Information Security Summit in Cleveland, Ohio at the IX-Center, October 21st through the 25th. The Information Security Summit is a great place to meet your peers who are dealing with the same issues, meet experts who will share their knowledge and a one-stop shop for a whole host of top-notch information security vendors with helpful services and products. We look forward to seeing you there.

Sponsored By:

ASMGi (@ASMGi_CLE) and www.asmgi.com/

Briteskies at http://www.briteskies.com/

Produced By:

Evergreen Podcasts (@streamevergreen) at www.evergreenpodcasts.com with production assistance provided by Frank Yako (@fyako).

Additional Information:

For additional information on the Information Security Summit, please visit us on the web at www.informationsecuritysummit.org/, on Twitter (@InfoSecurSummit) or on LinkedIn.

Description:

During this episode, Host Rob Nettgen (@Robert_Nettgen) speaks with William (Billy) Heiser, Manager, IT Security at Lincoln Electric, who explains why he plans to attend the 2019 Information Security Summit and the value and benefits he has realized from past Summits. Billy appreciates the value of participating in discussions and presentations from both the practitioner as well as from solution providers in the security space. From past Summits, Billy has been able to speak with presenters and peers and has directly been able to take away information he learned from the Summit to directly apply it to the his organization’s cyber security needs.  

We will be shining a light on the big event coming up, the Information Security Summit in Cleveland, Ohio at the IX-Center, October 21st through the 25th. The Information Security Summit is a great place to meet your peers who are dealing with the same issues, meet experts who will share their knowledge and a one-stop shop for a whole host of top-notch information security vendors with helpful services and products. We look forward to seeing you there.

Sponsored By:

ASMGi (@ASMGi_CLE) and www.asmgi.com/

Briteskies at http://www.briteskies.com/

Produced By:

Evergreen Podcasts (@streamevergreen) at www.evergreenpodcasts.com with production assistance provided by Frank Yako (@fyako).

Additional Information:

For additional information on the Information Security Summit, please visit us on the web at www.informationsecuritysummit.org/, on Twitter (@InfoSecurSummit) or on LinkedIn.

Description:

During this episode, Host Rob Nettgen (@Robert_Nettgen) speaks with Christopher (Chris) Ortiz, Security Engineer with MTD Products, who explains why he plans to attend the 2019 Information Security Summit and the value and benefits he has realized from past Summits. Chris articulates how it has helped his career not only to refresh his current knowledge but also to cross train himself on other topics that could help his organization.

We will be shining a light on the big event coming up, the Information Security Summit in Cleveland, Ohio at the IX-Center, October 21st through the 25th. The Information Security Summit is a great place to meet your peers who are dealing with the same issues, meet experts who will share their knowledge and a one-stop shop for a whole host of top-notch information security vendors with helpful services and products. We look forward to seeing you there.

Sponsored By:

ASMGi (@ASMGi_CLE) and www.asmgi.com/

Briteskies at http://www.briteskies.com/

Produced By:

Evergreen Podcasts (@streamevergreen) at www.evergreenpodcasts.com with production assistance provided by Frank Yako (@fyako).

Additional Information:

For additional information on the Information Security Summit, please visit us on the web at www.informationsecuritysummit.org/, on Twitter (@InfoSecurSummit) or on LinkedIn.

Description:

During this episode, Host Rob Nettgen (@Robert_Nettgen) provides an overview of the 2019 Information Security Summit.

We will be shining a light on the big event coming up, the Information Security Summit in Cleveland, Ohio at the IX-Center, October 21st through the 25th. The Information Security Summit is a great place to meet your peers who are dealing with the same issues, meet experts who will share their knowledge and a one-stop shop for a whole host of top-notch information security vendors with helpful services and products. We look forward to seeing you there.

Sponsored By:

ASMGi (@ASMGi_CLE) and www.asmgi.com/

Brite Skies at http://www.briteskies.com/

Produced By:

Evergreen Podcasts (@streamevergreen) at www.evergreenpodcasts.com with production assistance provided by Frank Yako (@fyako).

Additional Information:

For additional information on the Information Security Summit, please visit us on the web at www.informationsecuritysummit.org/, on Twitter (@InfoSecurSummit) or on LinkedIn.