The Virtual CISO Moment

https://www.bleepingcomputer.com/news/technology/amazon-faces-30-million-fine-over-ring-alexa-privacy-violations/ https://securityaffairs.com/146892/hacking/backdoor-like-behavior-gigabyte-systems.html https://vcisoservices.com https://cybersec.jetpatch.com/s/the-ultimate-guide-to-linux-server-patch-management-8887 https://api.cyfluencer.com/s/5-steps-to-choosing-the-perfect-grc-solution-57d7fd5a-8902 https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/ https://thehackernews.com/2023/05/beware-of-ghost-sites-silent-threat.html https://thehackernews.com/2023/05/6-steps-to-effective-threat-hunting.html Music from #Uppbeat (free for Creators!): https://uppbeat.io/t/cruen/raw-power License code: OSDVYUTGJ3ESKUFQ

Greg Flatt is the founder of Flatt Earth Networking, Inc. Since 1996, Flat Earth Networking, Inc. has provided mid- to large-sized businesses an authoritative approach to network security that includes superior enterprise products and effective problem-solving. Greg discusses his path beginning and growing Flat Earth Networking, Inc. over the past 26 years. From December 13, 2022.

From August 20, 2020 - Metrics - security leaders talk about them often. But what is the one critical question they, and you, should ask about information security metrics?

James McQuiggan has over 20 years of experience in cybersecurity. He is currently a Security Awareness Advocate for KnowBe4, where he is responsible for amplifying the organization's messaging related to the importance of, effectiveness of and the need for new-school security awareness training within organizations through social media, webinars, in-person presentations, industry trade shows and traditional media outlets. McQuiggan is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division. Within the Central Florida community, he is the president of the (ISC)2 Central Florida Chapter and a member of the Trustee Board for the Center for Cyber Safety and Education.

https://securityaffairs.com/146768/cyber-crime/rpmsg-messages-microsoft-365-phishing.html

https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html

https://vcisoservices.com

https://cybersec.xmcyber.com/s/the-anatomy-of-a-healthcare-cyberattack-two-true-stories-8874

https://cy.bugprove.com/s/iot-security-resource-directory-8875

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

https://www.hackread.com/stealing-wallets-browsers-bandit-stealer-windows/

Derek Andrews, Incident Response Manager at a Financial Institution, joins VCM to discuss his journey, incident response in the financial sector, and different types of virtual CISOs from the perspective of one who has worked with both the good and not so good. He also explains why he is the Resident Birdman of LinkedIn! From December 12, 2022.

GE Scott Knauss is the Owner/CEO at Immauss Cybersecurity, President vCISO Catalyst, and Vice President (ISC)² US Military Germany Chapter. He has 26 years of experience with Linux, IP Networks and Security; 23 years of experience working with virtualized environments and Cloud technologies; and protected the US Navy’s Mediterranean fleet from cyber attacks while leading a team of engineers providing tier III support for a high paced Operations Center for 7 ½ years.

From November 30, 2022 - Jacob Horne was born with a rare genetic mutation that allows him to read NIST publications and government regulations without experiencing boredom like a normal person and has made a career out of using this power for good. He does a great job of using NIST SP 800-53 to clarify the bizarre, heavily tailored world of NIST SP 800-171 and CMMC - if you're interested in CMMC you must follow him on LinkedIn! He is also co-host of the Sum It Up podcast which sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.

Leon Kuperman is the co-founder and CTO at CAST AI. Formerly Vice President of Security Products OCI at Oracle, Leon’s professional experience spans across tech companies such as IBM, Truition, and HostedPCI. He founded and served as the CTO of Zenedge, an enterprise security company protecting large enterprises with a cloud WAF. Leon has 20+ years of experience in product management, software design, and development, all the way through to production deployment. He is an authority on cloud computing, web application security and Payment Card Industry Data Security Standard (PCI DSS), e-commerce, and web application architecture.

Support us by supporting our sponsor Bitdefender! https://bitdefender.f9tmep.net/c/4084356/1488530/4466

https://www.infosecurity-magazine.com/news/ransomware-fails-to-extort-dragos/

https://www.bleepingcomputer.com/news/security/wordpress-elementor-plugin-bug-let-attackers-hijack-accounts-on-1m-sites/

https://securelist.com/new-ransomware-trends-in-2023/109660/

https://www.helpnetsecurity.com/2023/05/11/bitdefender-app-anomaly-detection/

https://arstechnica.com/tech-policy/2023/05/1-5m-crypto-scheme-leads-to-2-year-prison-term-for-ex-coinbase-manager/

https://www.sans.org/cyber-security-training-events/cybersecurity-small-businesses-summit-2023/

https://www.bleepingcomputer.com/news/security/top-5-password-cracking-techniques-used-by-hackers/

From November 29, 2022 - Cheri Hotman of the Hotman Group (https://hotmangroup.com) is a CPA, has her MBA, and is a CISSP - a combination rare in information security. She discusses her experiences and lessons learned managing a business providing quality virtual CISO services to a variety of clients, including navigating "the land of 1000 piranhas"!

Support us by supporting our sponsor Bitdefender!

https://bitdefender.f9tmep.net/c/4084356/1488530/4466

Wordpress vuln, Cactus ransomware, Bitmarck attacked, Apple Rapid Security Updates, generative AI in malware, CISA urges incorporating list in risk management plans, and SEC whistleblower payout record (and why that is meaningful to cybersecurity).

https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html

https://www.bleepingcomputer.com/news/security/new-cactus-ransomware-encrypts-itself-to-evade-antivirus/

https://www.infosecurity-magazine.com/news/bitmarck-halts-operations/

https://arstechnica.com/gadgets/2023/05/seven-months-in-ios-and-macos-get-their-first-rapid-security-updates/

https://securityaffairs.com/145692/security/generative-ai-lure-malware.html

https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-urges-organizations-incorporate-fcc-covered-list-risk-management-plans

https://www.sec.gov/news/press-release/2023-89

David Primor is the Founder and CEO of Cynomi, which addresses a critical gap in mid-market cyber protection - creating and executing a cyber and compliance strategy for companies with insufficient (or no) cyber personnel. He spent the first half of his career as a strategic cyber expert and leader, on the front lines of state-level cyber defense (8200, Israeli National Cyber Security Authority). He believes one of the next big challenges (and opportunities) in cyber is in the SMB space - providing optimal protection for companies with a very limited cyber budget and little to no in-house expertise. Cynomi’s AI powered offering does just that.

From November 22, 2022 - Robin Wilde is the Director of Business Solutions for TeamHealth. She is passionate about project management and cyber security, particularly Identity Management, as well as promoting women in cyber. She holds a variety of certifications, including the CISSP, CRISC, PMP, ACP, CSP, and Prosci, demonstrating her vast skillset and experience. She introduces the phrase "privilege sprawl" - listen to find out what that means!

Nick Espinosa is the Chief Security Fanatic at Security Fanatics, author, speaker, and radio show host. An expert in cybersecurity and network infrastructure, Nick has consulted with clients ranging from the small business owners up to Fortune 100 level companies. Nick has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments.

From November 16, 2022 - Lin Clark, the Carolina Cyber Center's SOC Director, discusses how the SOC benefits both the students in the Carolina Cyber Center program and the western North Carolina small business community. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022. Audio only.

Lisa Plaggemier, the Executive Director at National Cyber Security Alliance, joins us for our special April Wednesday end of month episode. She is a creative and revenue-driven Marketing and Strategy Executive. She excels at creating attainable strategic vision that inspires employees and attracts customers, is respected by CSOs and CISOs, is a winner of the SC Magazine’s Reboot Thought Leadership Award, and is a frequent speaker at RSA and SANS. She joins us to explain how the National Cyber Security Alliance helps with both personal and small and midsized business security, including a new initiative for SMBs.

Tracy Maleeff, Principal, Sherpa Intelligence LLC, is an Information Security Professional with a Master of Library and Information Science degree. A frequent author and speaker on InfoSec and research topics, she has presented at several Information Security industry conferences like Security BSides, DerbyCon, and DEF CON's Recon Village, as well many library/information professional events. She holds the GIAC Security Essentials (GSEC) certification. She also maintains an OSINT blog and cybersecurity newsletter at https://infosecsherpa.medium.com/

From November 9, 2022 - Rob Bowker, Sales Director at EasyDMARC, explains the risks of email spoofing, the benefits of implementing DMARC in addition to DKIM and SPF, and how EasyDMARC helps to manage DMARC. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

Matthew Dechant is the founder of MD3 Consulting, providing virtual CISO services to small and medium sized businesses. He is a seasoned executive building, operating, and scaling comprehensive information security programs that address business risk and adapt to emerging threats without affecting the speed of business.

From November 8, 2022 - Jake Williams is a cybersecurity manager and aspiring CISO, currently pursuing his MBA. He is also well-versed in CMMC, and we dive into some elements of this somewhat confusing standard/requirement.

Davy Cox is the founder of Brainframe.com, an all in one ISMS/GRC/DMS/QMS that can help SMBs and vCISOs manage their information security programs. With a bachelor in ICT, a Master in Security (RSSI), a AWS Solution Architect - professional certification and more than 15 years hands on experience leading IT, infrastructure and infosec, he can highly augment the success, efficiency and stability of any challenging environment. Over the years he has built up a deep understanding and experience on ISO2700x security implementations, HDS compliance, GDPR compliance (with medical products) and effective hands on security hardening best practices for high traffic online services. He has built up a "security & privacy by design" mentality which he strives to spread among the people he works with.

From November 2, 2022 - Dan Bradley, CIPP/E, CIPP/US, CIPM, is the Senior Associate General Counsel at Global Payments, Inc. and a former Federal Prosecutor. We discuss privacy regulations both for financial institutions and SMBs, including the importance of frameworks. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

Ryan Spellman is the Managing Director, Cyber Risk Managing Director, Cyber Risk at K logix. There are many vCISO and other cyber security consultants who offer third-party risk services but have minimal exposure to the issues associated with third-party risk, which are markedly different than enterprise risk. Learn what a vTPCISO is, why it matters, and what questions to ask of your vCISO when they suggest adding third party risk service to their offerings.

From November 1, 2022 - Christian Espinosa is the author of "The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity", Founder and CEO of Alpine Security, a cybersecurity engineer, certified high-performance coach, professor, and lover of heavy metal music and spicy food. He’s also an Air Force veteran and Ironman triathlete. He used to value being the “smartest guy in the room,” only to realize that his greatest contribution to the fight against cybercrime is his ability to bring awareness to the issue through effective communication. Christian is a speaker, coach, and trainer in the Secure methodology, helping to make the smartest people in the room the best leaders in the field. For more information, visit www.christianespinosa.com, and to order his book, visit https://www.amazon.com/dp/B08T6QK6FN.

For our special last Wednesday of the month episode for March, Greg van der Gaast joins us. Greg is an international speaker on Why Security Fails, IT Quality, Leadership, and Strategy. He also is a former hacker, FBI & DoD operative, author, advisor, CISO, and people and culture enthusiast. Listen to hear his fascinating story and what is a major threat for SMB information security that most don't consider. He can be reached at https://gregvandergaast.com/.

Bill Butler is an experienced Vice President Of Engineering with a demonstrated history of working in the hospital and health care and security compliance industry. He is the Founder and VP Engineering of PolicyCo (policyco.io), a platform that lets you tie Regulations, Policies, Procedures, Control Testing and Remediation together in a single platform, along with a host of other features like version control, reporting, sharing, attestations, and a public API.

Gordon Moore has died, ChatGPT bug exposed more, Windows snip vulnerability, a different take on BEC, North Dakota cyber education program, CISA pre-ransomware notifications initiative, proposed SWEC cyber regs, and today's list - 5 tips for cyber beginners.

From October 26, 2022 - In October 2022's special end of month Wednesday episode we talk with Marci McCarthy, CEO and President at T.E.N. CEO and Chairman at ISE® Talent. She founded T.E.N.’s flagship program, the Information Security Executive® of the Year (ISE®) Program Series, which is lauded by the IT industry as the premier recognition and networking program for security professionals in the U.S. and Canada. She is a 2012 recipient of a 4th Congressional District of Georgia Citation for fostering greater visibility and professionalism for the IT security industry, naming March 13th “Marci McCarthy Day.” She was listed as one of IFSEC Global’s Security and Fire Influencers for 2018 as #3 of 20 total leaders in their Cybersecurity category; she was also the highest-ranking woman on the list. She is also the DeKalb GOP Chairman (Georgia). She joins us to discuss information security and election integrity.

Michael Lines is CISO for Open Technology Solutions, an expert in developing and leading information security and risk programs for organizations ranging from global enterprises to SaaS startup, and is authoring a book titled Heuristic Risk Management, dealing with why most risk management efforts are ineffective and what to do about it.

From October 25, 2023 - Albert Whale, Founder and CEO of IT Security Solutions, Inc and the developer of ITS Safe which provides real-time continuous protection at machine speed. He has over 30 years of experience with reducing the risk for business owners, minimizing their liabilities and overall risk. He has extensive experience in the techniques that criminal hackers use and identifies the probability and impact risks to exploit their business. He is the author of #Hacked and the primary author of #Hacked2.  https://its-safe.com/ https://thehackedbook2.com/

Carlota Sage is the Founder and Community CISO for Pocket CISO, thrives in that squishy area where business and technology meet human nature, and builds the relationships that get security, technology, business processes and people working together better, and has a background that includes information architecture, enterprise infrastructure, information security, and knowledge management. Among other things we discuss the vCISO space and the importance of brake lines!

From October 19. 2022 - Jon Sternstein is the Founder and Principal of Stern Security, a cyber security company headquartered in Raleigh, NC. He is co-author of the Cisco Press course titled “Security Penetration Testing (The Art of Hacking) LiveLessons”, holds many security certifications including: GIAC Penetration Tester and Certified Information Systems Security Professional (CISSP), is a featured cyber security expert, and talks with us about managing risks - and a little guitar! Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

Dave Sobel is the host of the Business of Tech podcast (https://www.businessof.tech/), a leading IT services focused news and analysis podcast and YouTube show, and owner of MSP Radio. He is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business. He owned and operated an IT Solution Provider and MSP for over a decade, both acquiring other organizations and eventually being acquired. Dave holds a bachelor's degree in Computer Science from the College of William and Mary. He is a dynamic voice within the IT community, a former member and facilitator for Heartland Technology Groups and passionate about collaborating with clients and peers on utilizing technology to advance organizations.

From October 19, 2022 - Keith Maune, Founder & COO at Acumen Technology, discusses his IT and cybersecurity path, from doing consulting work for companies needing website design and programming services, working after school and full-time during the summers, pursuing a BS and MBA while working full-time as co-owner and CIO of Advanced Network Solutions, earning a law degree, and launching Acumen Technology, a comprehensive managed services organization that serves Middle Tennessee as the premier IT services provider for community banks, healthcare providers, and professional services organizations.

Caroline McCaffery is a lawyer who started a data privacy and cybersecurity technology company called ClearOPS to provide technology to virtual CISOs. B2B2B It is a customer relationship management tool + work automation for managing security programs, such as vendor management, gap analysis, security posture and security questionnaire response. She also hosts The vCISO Chronicles, a new podcast series focused on telling the stories of virtual CISOs.

Dennis Davoren is a vCISO, PhD Candidate, and Green Belt Six Sigma. He also is a veteran, having been an Air Force Instructor and Command Pilot along with being a Commander. He is an experienced leader with a demonstrated successful history of working in the Military, Marketing & Advertising industry, and Cyber Security/IT field. Skilled in Intelligence Analysis, Enterprise Risk Management, Financial Risk Management, Intelligence, and Risk Assessment. He is a Subject Matter Expert(SME) on Government Regulation Compliance(GRC) and CMMC 2.0 implementation. He holds a Master of Science degree focused on Cyber Security Management. We discuss the virtual CISO field and how risk management in flying translates to risk management in information security.

From October 12, 2022 - Michelle Pupoh is the Senior Director of Cybersecurity Education at the Carolina Cyber Center. She discusses the approach the center takes in training the next generation of cyber professionals, including the importance of ethics and soft skills. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

Jean-Christophe (J.C.) Gaillard is the founder and CEO of Corix Partners, a London-based Boutique Management Consultancy Firm and Thought-Leadership Platform focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges. He is a leading advisor, senior executive and global cyber security influencer with over 25 years of experience developed in several financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.He is also the author of "Cyber Security: The Lost Decade - A Security Governance Handbook for the CISO and the CIO" and "The CyberSecurity Leadership Handbook for the CISO and the CEO".

https://www.amazon.com/dp/B0BW51C5J1/

Ray Harrison is a cyber security consultant with Abira Security, a consistent top sales performer, people oriented, reliable, and loyal. He also has a servant heart and leads the Faith in Jesus Forum, a LinkedIn group for Christians seeking to grow in their faith in Jesus and share with others along the way and those seeking to learn more about faith in Jesus. 

From October 11, 2022 - David Leech is a vCISO using his global, operational, program management, and security experience together with leadership skills to drive digital transformation, product innovation, and risk reduction for business growth, involving work across Risk Management, Technical Architecture, Control Frame Works, HIPAA, FFIEC, PCI, HITRUST, FedRamp, and SOC compliance. He has supported clients in multiple sectors, including Finance, Manufacturing, Insurance, Healthcare and GovEd.

In this special Wednesday edition, Aaron Robel is a CISO with a positive, energetic, and transparent approach that fosters trust and collaboration across the business. He has a consistent track record for developing high-performing security programs and teams that bring business value while maintaining the organization's risk posture. We discuss infosec in the financial services sector, as his current role is CISO for a credit union and I am a former bank CISO and currently work with several financial institutions as a virtual CISO.

Ted Ilanchelian is President of CMIT Solutions of Brentwood and Franklin, a one-stop technology solution provider offering Small and Midsized Businesses (SMBs) enterprise-level IT infrastructure support and cybersecurity solutions at an affordable price. He is passionate about helping SMBs, noting that "attitude" is one of the most significant infosc threats SMBs face. Watch or listen to find out more!

From October 5, 2023 - Joe Jakubielski is a Cyber Defense Analyst with the Carolina Cyber Center. He discusses his recent pivot to a new career in cyber, including challenges and opportunities ahead. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

Dustin Sachs is an expert in cyber supply chain risk management, Sr. Manager GRC at World Fuel Services, a doctoral candidate at Colorado Tech, a mentor at Springboard, and a future CISO. He is passionate about giving back to the cybersecurity community and also about GRC.

From October 4, 2022 - Gary Chan of Alfizo LLC helps businesses stay secure from hackers and insider threats, meet legal and regulatory compliance, and enable sales by meeting their customers' expectations for security. He is also a "security mentalist", and if you're like me and have never heard of this term, you need to check out this episode - it's fascinating!

Gary's websites:

• Creating memorable experiences for corporate audiences, https://www.gschan2000.com/
• Helping organizations build their information security programs, https://alfizo.com/

Derek Morris is a virtual Chief Information Security Officer (vCISO) with almost 3 decades in IT, Information Security, Cybersecurity. He possesses numerous industry certifications including: CISSP, CISM, CISA, CDPSE, PCI-QSA, CCSFP, CCNA, and MCSA. Bachelor's Degree in Computer Information Systems from Bryant University with a minor in Applied Statistics. We discuss the virtual CISO space and what to look for in a virtual CISO, including "IT empathy".

Links: