In episode 64 of Cybersecurity Where You Are, co-host Sean Atkinson initiates a series around establishing an underlying policy for your organization's cybersecurity program. He begins by discussing how a policy provides an overview of the business rules, or standards, that will feature in the program. With each standard, he clarifies that you can take a procedural approach to upholding supporting elements. He then narrows his focus to managing data and information, including different types of data management considerations for your organization. Along the way, he points out how you can use resources from the Center for Internet Security (CIS) to drive continuous improvement in this space.ResourcesData Management Policy Template for CIS Control 3The Cost of Cyber Defense: CIS Controls IG1Prioritizing a Zero Trust Journey Using CIS Controls v8Episode 61: Overcoming Pre-Audit Scaries Through GovernanceHow to Navigate the Cybersecurity Audit Cycle with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

In episode 63 of Cybersecurity Where You Are, co-host Sean Atkinson discusses software bills of materials (SBOMs). He uses CISA and other resources to contextualize key considerations of an SBOM, including how you can use one to understand your organization's underlying risks. From there, Sean explores how to build capability in the SBOM space. He urges a judicious approach that follows practice and builds on resiliency.ResourcesEpisode 22: CIS Behind the Veil: Log4jCIS Software Supply Chain Security GuideEpisode 56: Cybersecurity Risks and Rewards of LLMsSoftware Bill of Materials (SBOM)Executive Order on Improving the Nation’s CybersecurityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

In episode 62 of Cybersecurity Where You Are, co-host Sean Atkinson sits down with Chris Elgee, Senior Security Analyst at Counter Hack; and Erik Pursley, Technical Engineer at Counter Hack. Together, they discuss the "spidey sense" that goes into being a penetration tester. They reflect on key skills and certifications that help to make a successful pentester, review some of the methodologies that go into pentesting, and consider how specialization might be inevitable in an evolving technology landscape. They conclude by offering advice to organizations that are looking to engage in a pentest.ResourcesFollow Chris and Erik on LinkedInCounter HackA CISO's Best Friend: The PentesterEpisode 59: Probing the Modern Role of the PentestEpisode 49: Artificial Intelligence and CybersecurityEpisode 55: Live at RSA Conference 2023If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.ResourcesFollow Stephanie on LinkedInHow to Navigate the Cybersecurity Audit Cycle with CIS SecureSuiteEpisode 9: Mitigating Risk – Information Security GovernanceRemote Attestation Enabling Posture Assessment for Automated GRCCIS Software Supply Chain Security GuideService Provider Management Policy Template for CIS Control 15If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.ResourcesFollow Kathleen and Ben on LinkedInEmbedded IoT Security: Helping Vendors in the Design ProcessEpisode 33: The Shift-Left of IoT Security to VendorsCIS Controls v8 Internet of Things & Mobile Companion GuidesMaking Security Simpler for Organizations Big and SmallIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].