Welcome to the GRCISO podcast, where Chief Information Security Officers (CISOs) gain indispensable insights into the dynamic world of Cyber Governance, Risk, and Compliance (GRC). Each episode delves into expert analysis and industry perspectives, designed to empower CISOs with the knowledge needed to make informed decisions in today’s complex cybersecurity landscape. Tune in for in-depth discussions, practical advice, and the latest trends to stay ahead in your role. Whether you’re a seaso ...
…
continue reading
Unlock the future of cybersecurity with the "Dr. Zero Trust Podcast" on all podcasting platforms! Join me as we delve into Zero Trust Security, redefining how we protect data and networks. Explore frameworks, threat prevention, identity management, exclusive interviews, and emerging tech. Whether you're a pro or just curious, trust me– this podcast is where those who value honesty and real insights go for their cybersecurity insights! Tune in on Spotify, Google, or ITunes now. #DrZeroTrustPo ...
…
continue reading
DDoS hosts get arrested, but is it really a legit punishment? Cisco has an issue with remote access and a level 10 vuln, uh oh! Deepfakes are up over 1000% in countries with elections in 2024! And Snowflake adds MFA, after their issue, hurray! Buckle up!
…
continue reading
In this conversation I discuss the Confucius Institute, cybersecurity search engines, ransomware defense evasion tactics, the GOP platform on protecting critical infrastructure, the OpenAI breach, cybersecurity concerns in the automotive industry, the White House's push for increased cyber funds, and the healthcare industry's pushback against cyber…
…
continue reading
New "listening" sites in Cuba, uh oh. Is Temu a threat, it is from China. OpenSSH has some serious issues. Will the Supreme Court affect our cyber security posture? TeamViewer gets hit as well. Buckle up!
…
continue reading
1
Episode 2: AI in GRC / Find out what you need to know about managing cyber risks, training for security, and preventing AI-driven threats.
28:42
28:42
Play later
Play later
Lists
Like
Liked
28:42
This episode is packed with valuable insights on managing cyber risks, the necessity of robust rules and security training, and the challenges posed by emerging threats like AI-driven spearfishing. Discover how cutting-edge tools are enhancing email security and why breaches are an inevitable part of the cybersecurity landscape.…
…
continue reading
Did Microsoft's leadership really say they don't have to play by China's rules? Did they potentially lie in front of Congress? Have you ever read the book that is guiding Chinese cyber warfare strategy? I'll tell you where it is. Those important points and WHOLE lot more on this one.
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
28:49
28:49
Play later
Play later
Lists
Like
Liked
28:49
US government contracts pay big fine for doing "no no's" on cyber, why isn't that happening more often? A crime related database was hacked and leaked, not good for those who filed complaints. Microsoft's CEO took a beating on Capitol Hill for the companies issues with security, ouch. And more on this one!…
…
continue reading
What does it mean to be Breach Ready? A CISO tells me all about his views on this. How should we think about micro-segmentation? Is it really that hard to do right? Where should controls be applied to help limit lateral movement? Can software really help you be ready for an 8K filing with the SEC?
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
21:15
21:15
Play later
Play later
Lists
Like
Liked
21:15
What does it take to really get hit hard for a "cyber" crime? Deepfake the President and find out. Why is it a risk to have a single vendor running all government IT systems? And how does that seem like "fair" competition as required by law? What is skill based hiring for cyber and is that a good thing? Check this episode out!…
…
continue reading
1
Episode 1: Cocktails and Controls / Monitoring security, adjusting to business risks, and reducing losses.
27:08
27:08
Play later
Play later
Lists
Like
Liked
27:08
Join us as we explore Cyber GRC. We discuss the need for continuous security monitoring, adjusting to business risks, and reducing potential losses. We also cover the importance of a holistic view in cybersecurity to manage complex security stacks and meet demands for transparency. Additionally, we highlight the convergence of compliance with busin…
…
continue reading
What should we know about micro-segmentation? How important is a policy engine to Zero Trust enterprises? Where does the focus for network controls need to be? And more on this one!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:03
31:03
Play later
Play later
Lists
Like
Liked
31:03
Was that Nigerian prince who wanted to share his money with you real? The US DoJ files paperwork on a Russian Lockbit "mastermind", so what? How much is it going to take before we see real action based on the aggression we see from our adversaries? Those and more on this one! Don't miss it!
…
continue reading
What is cyber GRC? Why do we need to concern ourselves with it? Can any business do this? How can a business achieve smart compliance? Does AI introduce risk to the process or benefit it? Lots of great stuff here with Cypago.
…
continue reading
1
InfoBlox and Meerkats - What You Should Know
27:54
27:54
Play later
Play later
Lists
Like
Liked
27:54
Meerkats are dangerous, I guess. Especially in DNS. Yeah, that Meerkat. Why should we know about this type of attack? How does China play in here? Where is the risk? Does this type of attack merit increased concern?
…
continue reading
Is the VPN a security technology? Should businesses still use that risky technology? How can an organization move off that old tech? Where do VPN's fit into Zero Trust? Xage Co-Founder gives some great insights here.
…
continue reading
What is RAG and why does it apply to LLM's? Why should it be confidential? How does that work? Where can we do this? And what is the way forward for customers? SafeliShare's CEO shares some insights here. Check them out at RSA this week!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
30:13
30:13
Play later
Play later
Lists
Like
Liked
30:13
A coach used a deepfake to frame one of his coworkers, signs of things to come? GPS is being messed with, should we worry and is it safe to fly? The White House released more requirements for the same stuff we already have requirements for? And does the United CEO's testimony hold water? Listen up!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
32:31
32:31
Play later
Play later
Lists
Like
Liked
32:31
Mandiant says attacker dwell time is "going down" but how is that measured? Is that accurate? TIkTok finally get's the treatment it "deserves" with a proposed sale or ban, but is that going to make a difference? Another agency is created for cyber diplomacy, yeah (your tax dollars at work). And a known Russian cyber group attacks a town's water sup…
…
continue reading
What is Lumu's AutoPilot? How can you use this? Why did they build it? Who is it for? Can you afford it? Lots of great insight in this one! Congrats to Lumu on a new, innovative offering! Meet them and learn more at RSA2024!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
32:47
32:47
Play later
Play later
Lists
Like
Liked
32:47
Where does all our tax money go? Want to know about government waste, man this is nuts. How is the state of ransomware in the US, is it getting better? More on the Google Chrome incognito mode fiasco. And more on this episode!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
30:22
30:22
Play later
Play later
Lists
Like
Liked
30:22
Should you worry about the FISA debate? Azure has internal passwords left exposed, whoops. Some reports on Zero Trust from big government, it's actually happening. Healthcare org is hit twice with ransomware, ouch. Mo' money in cyber, good thing or bad?
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
32:25
32:25
Play later
Play later
Lists
Like
Liked
32:25
Was Incognito mode from Google really "private"? Don't think so. What does the report from the fed say about Microsoft's issues with the China hack? Attacks are already bypassing "AI" solutions, shocker. More on the XZ Linux backdoor as well. Check out this episode and tell me what you think!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:53
31:53
Play later
Play later
Lists
Like
Liked
31:53
Meta was caught with their hands in the trust cookie jar again. Nissan put out a notification of a breach. Citibank is refusing to pay for customers life savings that are stolen via cyber, ouch. CISA has more requirements for reporting on critical infrastructure hacks, but how bad is that problem? Those insights and more on this episode!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
32:44
32:44
Play later
Play later
Lists
Like
Liked
32:44
How much money did Congress allocate for cyber? Was it enough and what agency got the lion's share? An Israeli nuclear facility has been hacked, that's no bueno. What does Talos tell us about Tiny Turla? A murder suspect gets released due to a cyber technicality, who is liable for that one? Those questions and more on this episode!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
38:10
38:10
Play later
Play later
Lists
Like
Liked
38:10
The President and the White House have put out some new "requirements", do they actually matter? Are we seeing early attacks or testing going on as we run up to the election? WTF is Hugging Face and why should you know about them? How did the ransomware group BlackCat get into a mix about payments? And are companies complying with the new SEC rules…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
30:24
30:24
Play later
Play later
Lists
Like
Liked
30:24
POTUS has a TikTok account, why? Isn't that a problem (we just had congressional briefings on that exact issue.) How do we think about FUD in our marketing for cyber, and why should or shouldn't we use the data that we have in our GTM? There is a fundamental DNSSEC flaw in the internet, is it getting patched? And more on this one!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
30:31
30:31
Play later
Play later
Lists
Like
Liked
30:31
Is the new AI leader the right choice for that role? How do we keep China out out of our critical infrastructure when it's so hackable? Who got deepfaked for 25 million dollars? And how does a cyber trade school help us address the shortfalls of human capital in our space?
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:37
31:37
Play later
Play later
Lists
Like
Liked
31:37
What happened when the social media CEO's went to congress? Should we be impressed? Is monitoring your kids social a good thing? If Taylor Swift isn't safe from deepfake attacks is anyone? Is there legislation that can help with deepfakes, or is it all fluff? Should you pay attention to the adversaries posting 3k comments about using GPT's for hack…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
29:19
29:19
Play later
Play later
Lists
Like
Liked
29:19
Oh boy the ZScaler super ZT AI powered SD-WAN SASE blah blah. Wow. Some good research from Forescout on what you should prioritize from the attacker perspective. Key findings from 2023 that show us what the adversaries are focusing on. And the MOAB (Mother of All Breaches), should we be concerned. Enjoy this one.…
…
continue reading
Chris and I cover all kinds of items in this one. Why should we care that there is a ZT certification now from the Cloud Security Alliance? Is that a good thing? What about other certifications? Why is the industry still doing the same stuff and nothing changes? Do the big players muscle out the little guys to the detriment of us all? Those and mor…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
27:06
27:06
Play later
Play later
Lists
Like
Liked
27:06
23andme tells us it's our fault they got pwnd. Yeah. Wickr is done, but why? ZeroFox won a big award, but what does that mean for the US government and identity? Some budget facts for 2024 thinking in cybersecurity. Another company refuses to pay their ransomware bounty, good or bad? Mandiant's X account got hacked and used for a crypto scam, lol.…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
30:49
30:49
Play later
Play later
Lists
Like
Liked
30:49
Is it time to finally deal with the China cyber threat? Has the back and forth with Ukraine and Russia shown what the future of cyberwarfare looks like? What does the Qualys report about vulnerabilities teach us about #notsuckingatpatching? SSH is in big trouble, what do we do, and how big is the problem? Almost Christmas y'all!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
32:02
32:02
Play later
Play later
Lists
Like
Liked
32:02
What new things did I learn about the 23andme breach? Why are they changing their terms of service? Is a cyber Pearl Harbor a real thing, or should we think differently about the current state of attacks? Is reducing headcount for cyber a good idea, or even possible? How bad is Google data security? Those questions, comments, and more on this episo…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
28:31
28:31
Play later
Play later
Lists
Like
Liked
28:31
What's up with the Okta fallout? What does Uber's former CISO say about the SEC and dealing with a hack? How hard is it to find a hackable water control system when the problem with it is published in the news? Do companies really use "ai" to write fake articles? Are you paying for it? Those points and more on this episode!…
…
continue reading
How does a CEO of a tech company view security? How does she run a company that is totally remote? What does her relationship with her CISO look like? What should I tell my daughters about being a woman in tech based on her experience? And more on this one!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
28:46
28:46
Play later
Play later
Lists
Like
Liked
28:46
Solarwinds fires back at the SEC! It's about to go down! Trustwave has some great insight on hacking medical devices, don't be tempted! The Okta breakdown of what happened and when. Github releases some "AI" to help with security "left of boom." And more on this episode!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:04
31:04
Play later
Play later
Lists
Like
Liked
31:04
What statute is the SEC using to go after the CISO at Solarwinds and why should we worry about it? Or should we? What is a keyword search warrant and does that threaten our privacy and legal system? What is a .tk and why is that island chain the "global home of cybercrime?" The White House has another task force meeting on ransomware but it's just …
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:15
31:15
Play later
Play later
Lists
Like
Liked
31:15
Meta is in trouble for creating an addictive application for kids, but what does that say about us as parents? How do we solve that problem (it's simple). Flashpoint has some great data on threats, you should check it out. What about the insider threats and the NSA, Alaska Airlines, and others? How do we fix that problem? And Recorded Future analys…
…
continue reading
You gotta listen to this one. Some hard hitting topics are discussed. What is China up to with their cyber ops? Is Russian playing in the field during the Israel conflict? Where do we go from here at the national level? Are we already losing the super power race via cyber?
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
24:38
24:38
Play later
Play later
Lists
Like
Liked
24:38
Home cybersecurity insurance? What's that all about. Some great research from Google on talking to the board about cybersecurity. Microsoft Defender "auto-secures" machines now. How viable is that? Some points on the conflict currently ongoing and cyberwarfare as well.
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
29:29
29:29
Play later
Play later
Lists
Like
Liked
29:29
What's the scariest sound you can hear in the middle of the night? It's not what you think. Microsoft and Bing have some "splaining" to do as their system is helping generate images of SpongeBob and other cartoons attack the World Trade Center. WithSecure has some really solid insights on the tactics and tools that bad guys use. Cisco Talos found t…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:26
31:26
Play later
Play later
Lists
Like
Liked
31:26
How does a CEO of a unicorn company view cybersecurity? How does the board of such a company look at the risks of cyber threats? Does insurance make sense for those leaders? What about the big acquisition in recent days, does that affect the overall market? Those questions and more on this episode!
…
continue reading
Rick Moy and I discuss ZT and the cloud. How developers can and should look at security (it's not how you think). Dealing with ethereal assets, 5G and a whole bunch of other great issues in this episode!
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
29:13
29:13
Play later
Play later
Lists
Like
Liked
29:13
Should executives ever be exempt from security standards and practices, the answer rhymes with bell no. MGM got his with ransomware via a third party and some social engineering, but they spend hundreds of millions on security. So what should we learn from that? CISA wants to offer free scans for utilities, is that a good or bad thing? Congress wan…
…
continue reading
What is Surf's new RBI extension? How does this fit with Zero Trust strategically? Why is RBI now a "thing" in security? Is this just for enterprises or all businesses? How hard is it to configure this thing? What about third parties and developers, does this help them be more secure? Those questions and more on this one!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
27:27
27:27
Play later
Play later
Lists
Like
Liked
27:27
Data from Blackberry points to the same methods of exploitation, shocker. Some recent revelations from the National Security Agency and #china threat. Additionally, more insights on some of the flaws in our #compliance and #regulatory #cyber spaces. SeeTickets gets hacked, again. What's up with that Dallas City hack? Those and more on this episode!…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
33:25
33:25
Play later
Play later
Lists
Like
Liked
33:25
Cyberpsychology and the hacker mindset, what should we think? Malwarebytes and their funding and layoffs, what does that indicate about the market? AI and LLM's aren't people, stop treating them like they are from MIT. Compliance does not equal security, say what? Phishing as a service get smarter according to Microsoft. The FBI "brought down" a ma…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:10
31:10
Play later
Play later
Lists
Like
Liked
31:10
Thoughts on the recent RNC candidate debate where cybersecurity never came up, super. China is using Linkedin to recruit spies, how can you know when you are targeted? Trustwave published new research on BEC hacks, what do we get from that research? Two guys are arrested for laundering money via crypto, is that a treasonous act? MAC's get some new …
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
28:55
28:55
Play later
Play later
Lists
Like
Liked
28:55
How to defend from a "Zero Day" attack that is "not in any anti-virus" engine. Proxy wars from AT&T. Interesting data from Flashpoint on the underground market. Is CISA really enforcing effective controls if they rely on training? Irish police department have a data breach that might lead to terrorist targeting, yikes! And rethinking the terminolog…
…
continue reading
1
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
31:38
31:38
Play later
Play later
Lists
Like
Liked
31:38
Insider threats are a real thing, do you have the tools to detect malicious intent before it becomes a threat? How do we know if behavior equals threat? More data on ransomware and the insurance market. Companies selling insurance are considering "ratings" for premiums. Halcyon identifies "new" threat groups, or is the same one with a new fancy nam…
…
continue reading