Look for any podcast host, guest or anyone
Showing episodes and shows of

Aaron Bregg

Shows

Hashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 107 - Rethinking Threat Intelligence in 2025In this first episode of 2025, I picked a topic that is one of the few areas of security that is both 'hype' and 'real'. Threat Intelligence. It is an area that you can get great information for free but also overpay for what you get.I wanted to take a different approach to discussing this one, so I contacted a well-respected colleague of mine, Justin Lentz. Who happens to  work in the SMB Threat Intel space to come on the podcast and share his experiences and thoughts.Talking Points:How do you a...2025-01-1537 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 106 - CISO Insights - Lessons Learned in My Healthcare Security JourneyIn this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.Talking Points:Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What...2024-12-1850 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 105 - Monsters Under Your Bed: Mapping The Dark Web with Python*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.In this episode, which is the first of a listener requested one around technical topics.With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and...2024-11-0650 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggDebunking The Zero Trust is Expensive and Painful MythIn this episode I talk with Tamer Baker around the not always clear topic of Zero Trust. While the term has been around while, it definitely gets overused by security vendors. However, because of Tamer's role as the Chief Technology Officer in the Healthcare space, he is also to bring several different points of view to the conversation.  Several of these are key to solving questions such as:Is Zero Trust truly expensive and painful? (Radiologist user experience example)As more and more healthcare systems are having to worry about budgets, he challenges the concepts on d...2024-10-1652 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 103 - Let's have a RealTalk about Your Identity JourneyIn this episode I talk with Matt Berzinski  about the important of understanding that identity is a journey not a destination. Matt is the Senior Director of Product Management for Ping Identity and has extensive knowledge about identity.Talking Points:Realtime Fraud/RiskOrchestrationOrganizations (The importance of offload work that you don't need to do it)Single Sign OnMulti FactorIdentity Verification (Francis talked about a local automotive company referencing mobile apps for a car)Robot or Vehicle Identity is a relationship not a dependency (Matt has a great Rosie the Robot from The Jetsons reference)W...2024-09-0448 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggTales from the Trenches: The Crowdstrike Incident and Other Crazy Stories from Summer 2024In this special end of summer episode, I sat down with Tyler Adams to talk about being in the trenches during the recent Crowdstrike incident and other interesting stories from the crazy summer. Tyler is an Information Security Analyst for Corewell Health. He works on the Security Business Engagement Team.Talking Points:What was it like being in the trenches during the Crowdstrike incidentHow having a Business Continuity Plan comes in playWhat was the most surprising about the incident?What challenges are stemming from what the business is working on?Getting the business to...2024-08-2932 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 101 - Talking AI Threat Intelligence Insights from the IBM X-Force ReportIn this episode I had a chance to have a candid conversation with Charles Henderson. Charles is a global managing partner at IBM and also happens to be the head of the X-Force team. IBM recently released the X-Force Threat Intelligence Index report for 2024.While the report is delves into many different areas of Threat Intelligence, we concentrated on several key areas focused primarily on artificial intelligence:Pronounced increase in Identity attacksUnderstanding how more 'business-like' malicious actors are becomingUpcoming universal AI attack surfaceHow much do you think this will get wors? For example, I reached out...2024-03-0147 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 100 - Understanding Your Personal Risk ToleranceIn this episode I had a chance to sit down in person with the always insightful and never dull cybersecurity leader, Jim Kuiphof. Jim is the Deputy Chief Information Security Officer at Corewell Health. The topic for this casual conversation is Understanding Your Personal Risk Tolerance. More specifically, it speaks to understanding the different between your own risk tolerance and the business's risk tolerance.Jim has talked on this recently at events like Cloud Con and the Digital Services Summit. His ideas for understanding how to balance personal and business has been a HUGE thing in my...2024-02-1446 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 99 - Simplifying and Securing Multi-Cloud NetworkingIn this episode I had a chance to speak with Bryan 'Woody' Woodworth around simplifying and securing multi-cloud networking. Bryan is the Director of Solution Strategy for Aviatrix. As we are a few weeks into 2024 and the importance of understanding and utilizing multi-cloud strategies is becoming more and more apparent. Talking Points:What are the current trends in the industry pertaining to multi-cloud?Skills Gaps - More pronounced in Multi-Clouds, FinTech and Banking industries will 'mandate' what environments you use.What are the areas where skill gaps can be addressedSecure Cloud Networking Field Report S...2024-01-2443 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 98 - 'Real' Use Cases for Artitificial Intelligence Security in 2024In this special episode we celebrate the 4th annual holiday fundraiser podcast. It is already a blessing to raise money for great causes all while raising security awareness for small and medium sized businesses. The topic for this episode is one that is super relevant for this day and age of Digital Transformation. However, in keeping with the format of #RealTalk, we are going to explore some 'real world' use cases for using Artificial Intelligence in Security in 2024.The have two special guests and one awesome co-host for this episode. Kassandra Murphy is a Senior Consulting Solutions...2023-12-2150 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 97 - The 'Ins' and 'Outs' of Trying to Break into the Cybersecurity FieldHave you ever wondered what it takes to get into the information security field? Have you thought how hard could it be? What about all of the big money I hear people make in this space? Well in this episode I talk with Mattalynn Darden and Esther Muchai about how hard it really is to break in.If you are wondering how these two talented young women know, here is a little background on what they are currently doing and why it is relevant to the this episode's topic.Mattalynn is an Information Security Intern...2023-11-2949 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 96 - The 'Unnatural' Side of Security Sales - Buyers Beware!*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers.In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location.  Matt is a Senior Security Architect for Guidepoint Security. The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone.Talking Points Include:Ineffective Bad Behavior - You are doing you and your company a disservice Improper In-person Ev...2023-11-1540 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 95 - A Closer Look at the CIS Security ControlsIn this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter. Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter.Talking Points:How can the CIS 18 help an SMB build your security program?How can the CIS 18 help mature a security program?Which controls should a company start with?And many more!Episode Sponsor:Grand Rapids ISSA...2023-10-3142 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 94 - Where Do You Start Your Security Journey as an SMB?In this episode I had a chance to speak with Chris Jordan and Al Wissigner about where a small and medium sized business (SMB) should start their security journey. This is especially important in this day and age of the ever expanding cloud infrastructure and Software as a Service (SaaS) models.  Both of these fine gentlemen work for Fluency and have a TON of experience working SMBs.Talking Points:The idea of bridging the gap between what they want to do and what they can afford to do?Why is it so important for a...2023-10-1142 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 93 - Securing Your Digital Employee ExperienceDespite the recent push by some old school (re: outdated) leaders to force employees to return the office, remote work is here to stay. While we all talk about the importance of making remote work secure, there isn't much talk about how the experience for the end-users. Fortunately, there are some companies out there that are understanding the need to balance security, business and end user needs.In this episode I talk with Melinda Ann O'Neill about Digital Employee Experience (DEX). Melinda Ann is a Director of Strategic Accounts for Tanium. We covered several key...2023-09-2739 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 92 - Let's Talk Network Segmentation in 2023In this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams. Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health.Talking Points:How has Network Segmentation changed in 2023?Who is responsible? Is that team being supported enough?How are you compartmentalizing things?Should you separate your IT and your OT?Does network segmentation make it easier to start a deception campaign?How can you get business buy it to make this happen?2023-09-0639 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 91 - Rethinking DEI: Latinas In CybersecurityA few years ago, the topic for the 3rd episode for the #RealTalk with Aaron Bregg podcast about Diversity And Inclusion in the Cybersecurity Industry. To this date it is one of the most downloaded episodes. Since that episode was publish a LOT has changed in the world. I felt that it was time to revisit the topic but with a little bit of a twist. The need for a twist comes from the fact that DEI in cybersecurity still where it needs to be.As luck would have it I had met Angela Hill a...2023-08-1655 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 90 - Getting Multi Cloud CompliantIn this episode I had a chance to dive into a topic that is ripped straight from my day job. Multi Cloud Compliance. My guest for this episode is Mike Roman. Mike is a Senior Security Sales Engineer for Orca Security, which happens to be  the company that just won the 'Best Swag' award at Cloud Con last week!In all seriousness though, more and more companies are having to rely on multi-cloud environments in order to keep the lights on. You may be a Amazon AWS shop but you may use Snowflake for d...2023-08-0235 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 89 - CISO Insights: A Call To ActionIn this episode I break from the norm a little bit in order to delve into the minds of security leadership. These insights come from a recent Grand Valley State University Cybersecurity Masters Graduate, Isaac Beasley.As part Isaac's Master's project, he interviewed 10 different cybersecurity leaders in the West Michigan area about a variety of different topics. For the sake of time, I concentrated on talking to the following key data points:Hiring, Retention, & Advancement80% reported not fully cyber staffed60% struggle with team burnout70% see diversity as a top challenge when building...2023-07-1254 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 88 - Rethinking Pentesting and Moving Towards Attack Surface ManagementWhile PenTesting (i.e. hacking) may be the most visible part of Information Security, it is sometimes can lead to a false sense of security. In this episode I had a chance to talk with Nabil Hannan about rethinking your penetration testing strategy and moving towards Attack Surface Management. Nabil is the Field Chief Information Security Officer for NetSPI  and has a ton of useful information to share about starting this journey.Talking points include:What are the biggest misconceptions with PenTesting?The problem with buying security 'things'Understanding your Attack Surface using Breach and A...2023-06-2837 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 87 - What The Heck is Asset IntelligenceEarlier this year Cloud Security Alliance covered the big debate around should you buy or build for your Cyber Asset Attack Surface Management (CAASM) solution. As luck would have it, Ken Liao recently reached out to me regarding the new company that he works for who handles this very topic. In this episode I had a chance to talk with Sevco Security's Chief Strategy Officer, Brian Contos, on this very topic. The timeliness is very apt, as Gartner recently named CAASM as an emerging technology that enables security teams to solve persistent asset visibility and v...2023-06-1438 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 86 - What Artificial Intelligence is and What it is NotI know some of you are thinking, "Ugh another podcast on artificial intelligence!", to which I say, "Nope". Originally this was supposed to be a two-part series with the first episode focusing on high level AI talk. The second episode that drills down into how to actually come up with AI/ML policies and standards.However, like all things related to the podcast, we are going to mix it up a little. In this episode I have a non-security co-host, Brian Carlson and a security guest, Tim O'Connor. Brian is one of the Lead Data Analysts2023-05-3150 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 85 - Are You REALLY Protecting Your C-Suite and Board Well?In this episode I go outside of the topics and talk about one that I think is definitely underrated, Protecting Your Executives. I sometime forget how lucky my healthcare organization is very forward thinking when it comes to security. However, not all companies have the luxury of having a full team to protect VIPs.I had a chance to have an in-depth conversation with Daniel Floyd around this very subject. Daniel is the Chief Information Security Officer for BLACKCLOAK. BLACKCLOAK was one of the first companies to focus on Digital...2023-05-1742 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 84 - Changing the Way You Looked at Managed Security OperationsIn a recent episode Matt Nelson from Guidepoint was talking about how he is seeing a trend with medium-sized companies moving away from the idea of building out or building up a security team. There were several reasons including budget constraints and an experienced talent shortage. So I reached out to Bill Bernard about having a deeper discussion on how revisiting the topic of using a #managedsecurityoperations company.Talking Points:What is Managed Detection and Response?Because of budget and resource constraints, more companies are starting to move away from the idea...2023-05-0347 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 83 - Zero Trust is not a Product. It is a MindsetIn this episode I had a chance to talk with Todd Brockdorf and Chris Lawrence about Zero Trust. Todd is a Senior Sales Engineer and Chris is a Customer Success Engineer. Nowadays it is hard to sift through all of the security vendor marketing chaff to get #RealTalk about Zero Trust.Talking Points:What is the biggest misconception around Zero Trust that is happening right now?What about thinking of the cloud as a segmented network?How are upcoming government regulations, how do company’s balance with regulations and end user experience?How does Ch...2023-04-2647 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 82 - What the Heck is Wrong with Security (Updated)4.6.23 Update:If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up!*Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer. Additionally, this episode is not sponsored and therefore is not influenced by outside sources.In this episode I...2023-04-0544 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 81 - How are you securing your hybrid cloud environment?In this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3. We took the time to break down several different issues that are happening right now across multiple industries.Talking Points:How do you build a solution agnostic environment?How can we learn from the recent issues with Southwest to help going forward?How do you marry up your resiliency goals with your security goals?Breaking down the Broadcom takeover...2023-03-2247 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 80 - The Future of Medical and IoT Device SecurityIn the episode I had a chance to talk to not one, not two but THREE talented gents about the future of medical and IoT device security. Nathanael Dick, Russ Ramsay and Dan Rittersdorf all work for a great, and local, embedded systems engineering company called DornerWorks.I was fortunate enough to do the podcast prep meeting in person and was able to tour their very cool West Michigan offices. Obviously, medical device security is very important to me considering I work in healthcare. However, we touched on the following other relevant IoT security topics:A...2023-03-1554 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 79 - Rethinking Your Secure Software Development Lifecycle StrategyIn this episode I get a chance to talk with Liav Caspi about rethinking how you do your Secure Software Development Lifecycle. Liav is one of the co-founders of Legit Security and got his start in the Israel Intelligence (Unit 800) scene many years ago. He and his other co-founders worked for a well known Static Application Security Testing (SAST) company I know very well. They then branched off a few years back to form what is now called Legit Security.Talking PointsWhy your current Secure Software Development Lifecycle process needs to changeWhat is...2023-03-0837 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 78 - Advancing Your SIEM: Tales from the TrenchesIn this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassandra is a Senior Consulting Solutions Engineer at Splunk. Rich is the Lead...2023-02-1540 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 77 - Your Data Classification and Governance Journey BeginsIn this episode I get to talk with Daniel Post about data classification and data governance. Dan is a Senior Sales Engineer for Varonis. He has been in the industry for a while and has knowledge that we break down into 'bite sized' chunks to make it easier for your staff to consume.Talking Points:Where does a company first start their Data Classification and Governance journey?What are some of the challenges that a company can expect when it comes to data classification?What are you seeing in the field right...2023-02-0138 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 76 - Why Your Business Needs Data VisualizationIn this episode I had a chance to talk to Lisa Jones-Huff about the importance of data visualization and how it can help both security AND the business. Lisa is the Senior Director of Global Security Specialists for Elastic.Talking Points:Some basic steps for understanding how to interpret your data:What is the very first thing you should do on your data visualization journey?What type of data do you have?What is the value of that data?What types of use cases provide the most 'Combined...2023-01-1830 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 75 - Where are My Logs at? Rethinking Loggin in 2023In this the 3rd annual holiday fundraiser podcast episode, I talk with Kam Amir and Brenden Morgenthaler about what enterprise logging will look like in 2023. Kam is the Director of Technical Alliances for Cribl. Brenden is an Enterprise Architect for CDW.Talking Points:Kam has developed a formula for getting the most value from your setup using the three 'Vs':VarietyValueVelocityThis allows for you to get more freedom to get valuable data into your platform.Brenden talks to real life uses cases like:Grouping Meta Data for...2022-12-2149 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 74 - Let's Talk Advanced Email SecurityIn this episode I have a 1 on 1 conversation with the one and only Brian 'Schneebs' Schneble about Advanced Email Security. Brian is a Senior Enterprise Account Executive for Abnormal Security. Brian is not only an active member of the Michigan cybersecurity community but he has extensive knowledge of the automotive industry. Talking Points:In a break from the traditional talking points, for this episode we break down a real world use case where a company was hit by a very creative 'double whammy'. Both a compromised email account and...2022-11-3045 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 73 - Thinking Differently About PrivacyIn this episode I sit down with Paul McManus about all things Privacy. Paul is a Senior Information Governance Analyst for Corewell Health Corporate. I have had the distinct pleasure of working with Paul on several different privacy related engagements over the years.Talking Points: What are some of the challenge you are seeing in privacy space right now?Integration Who watches the watcher? As more and more things are outsourced, how do you this with digital assets?Do people realize that data that may not be considered 'confidential' now may considered something different in...2022-11-2338 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 72 - Human Factors in CybersecurityIn this special episode I had the honor of MC'ing a Security Awareness Month online panel for Cadre Information Security and the topic was Human Factors in Cybersecurity. The panelists were Phil Swaim, Mike Davenport, Tim O'Connor and Mike Peterson.  We not only had great discussions on how to build your Security Awareness Program but actions steps you can take right now to create 'Security Champions' in your organization. Talking Points:So how is a Security Awareness Program different from Security Awareness Training?Why would an organization want a Security Aw...2022-11-0954 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 71 - Looking at Vulnerability ManagementIn this episode I talk with Rob Walk about looking at vulnerability management differently.  As recently as last week I have seen a shift is how people are thinking about the topic.  Some range from the talk of how it needs to fit in with business needs all of the way to 'CVSS is Dead!'.  Rob is a Senior Engineer from Tenable and shares from valuable insight on how thinking differently can be accomplished heading into 2023.Talking Points:What do you fix when there are some many vulnerabilities?What are the downsides to pri...2022-10-1231 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 70 - Secure Email - What the Heck is DMARC?In this episode I talk with Rob Bowker about securing your email using DMARC.  Rob is the Sales Director for EasyDMARC.  Besides the high level explanation of what DMARC is, we delve deeper into the following topics.Talking Points:Why is there slow global adoption of DMARC?Are cyber insurance companies interested in a customer is using DMARC?Why your marketing team should care if you use DMARC?What is the value of aggregating sender reports?What does the future look like? I am very excited to share that parts of money raised fro...2022-09-2830 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 69 - The State of Cyberinsurance in 2022In this special Pre-Cloud Con episode we mix things up a little. Rather than joining me as a co-host, the Cloud Security Alliance of West Michigan's own Anthony Coggins, sits on the other side of the mic.  He along with the ever knowledgeable Tim O'Connor, discuss the current state of cybersecurity insurance in 2022. Anthony is the Senior Manager of the Security Operations Team at Grand Rapid's own rocket ship insurance company, Acrisure. Tim is the Manager of Knowledge Services at Cadre Information Security.Talking Points:What does the industry look like today an...2022-07-2039 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 68 - Network Observability in a Hyrid Cloud WorldIn this episode I get a chance to talk to Kevin Peterson about Network Observability in a Hybrid Cloud World.  Kevin is great information security evangelist who works for Arista. One of the many challenges that I face in the healthcare industry is handling devices that live On-Prem and send data to multiple cloud environments.Kevin and I talk about some very common use cases and the challenges that come along with it.  We also tag about how to handle segmentation across multiple domains.  So if you can relate to having to secure data that transverses to man...2022-07-0638 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 67 - Let's Talk Cloud Security CertificationsIn this special episode I speak with Peter HJ van Eijk about the CCSK and  CCAK cloud security certifications from the Cloud Security Alliance.  Peter is the owner of Club Cloud Computing and an authorized CCSK and CCAK trainer.I have personally taken his training course and thought it was one of the best ones out there.  He also offers free refresher courses and online focus sessions.  If you want to learn more about CSA certifications, then definitely listen in!2022-05-1837 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 66 - Let's Talk Medical Device SecurityIn this episode I had the pleasure of talking with Jonathan Jesse about medical device security.  Jonathan is a Senior Systems Engineer for Forescout.  In fact, he has been working for the same information security company for over 6 years!  That is pretty unheard of nowadays in the security vendor space.What prompted this interesting discussion you say? Well Forescout recently acquired CyberMDX.  They are company that specializes in medical device security protection.  Since I have to work protecting medical devices sometimes as part of my 'real job'.  I have several different business use cases to discuss.  Including one aro...2022-05-0433 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 65 - A Deeper Look at Mobile SecurityIn this episode I talk with Richard Melick about mobile security. Richard is the Director of Threat Reporting for Zimperium, so he knows a thing or two about what is happening out in the mobile world right now.We definitely took a deeper look at the current state of mobile security and the talking points cover a bunch of key areas.Talking Points:What is more important and more secure to have, your wallet or your phone?Mobile threats can happen when you least expect it or in the last...2022-04-2037 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 64 - Let's Talk Cloud IdentityIn this episode I had a chance to talk with Rebecca Harvey about Cloud Identity. Rebecca does regional sales for SailPoint and she is also a co-founder of the Women's Security Alliance (WomSA).Her and I talked about why companies are still getting Cloud Identity wrong.  We also did a deeper dive into cutting edge items like Robot Identity and Robotic Process Automation.Episode Sponsor:This episode was sponsored by SailPoint.  SailPoint is an Identity Security Solutions Provider that is based out of gr...2022-03-3035 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 63 - Let's Talk 5G SecurityIn this episode I had a chance to talk with Brian Philips about 5G security.  Brian is the Chief Solutions Architect for NetScout.  We had a chance to dive into various parts of 5G and what does it mean for the future of the 'Mobile Office'. We also talked about future use cases that are not as far as away as you think.How is 5G going to impact security?5G Internet to home isn't 'private' yetCellular security is wider than it needs to be right nowHow companies like Amazon could utilize 5G for both a private network an...2022-03-1644 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 62 - Rethinking 'Trust' in the New Digital Transformation AgeIn this episode I had a chance to talk with Brian Schneble, Claudio Catti and Chuck Chessor about mobile security and rethinking 'trust' in the new Digital Transformation age. This was a more detailed discussion from the holiday fundraiser episode and has some great real world examples.Talking Points:As WFH becomes permanent, do we need to rethink 'trust' in the digital transformation age?How many companies are well verse in SASE philosophy?General Motors CEO asked her employees to turn off their VPN. What are the ramifications of that precedence?The rise of...2022-02-0942 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 61 - A Closer Look at Digital ForensicsIn this first episode of 2022 I am reaching into my distance security past and invited a former colleague, Mike Ahrendt, to join Natasha Young and myself to take a close look at digital forensics.Mike has worn many security hats, including recent leadership roles, but his heart lies in the SOC.  Mike shares some insightful stories and answers from tough questions from Natasha!Talking Points:What is the difference between Public Sector vs Private Sector?How come some companies don't prioritize digital forensics investigations?Why can't forensics data be subjective (hint: legal r...2022-01-2550 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 60 - Lookalike Domain Email AttackIn this brief end of the year episode I talk about a recent phishing attack on a 3rd party vendor that was compromised via email in a very unique way. I reveal how it happened and why defense in depth in so important.Talking Points:What is a lookalike domain?The importance of having a defensive domain strategyHow bad guys used an operating system and email applications default behavior against the user2021-12-2911 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 59 - Preparing for a Ransomware AttackIn this episode I had a chance to talk with Israel Barak about a listener submitting topic, 'How do I prepare for a ransomware attack?'. Israel is the CISO for Cybereason and has intricate knowledge of ransomware and cybersecurity dating back to his days in the Israeli Defense Force.Using his extensive knowledge we talked through his concept of having different security 'pillars' to help navigate the lifecycle of ransomware: Security Hygiene - Checklists are in security hygiene - you don't build a program around ransomwarePeople - Executive L...2021-12-2259 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 58 - Advanced Social Engineering with Mobile HackingIn this special holiday fundraising episode I have not one but two special guests joining a small panel to discuss the current state of mobile security and the pitfalls of social engineering. Mike Jones is a former Anonymous hacker and founder of the Haunted Hacker security podcast and magazine. Jonathan Scott is a Mobile Security Researcher and the author of the Pegasus ID software. I was also joined by Jim Kuiphof, Director of Information Security for Spectrum Health, Richard Melick from Zimperium, Brian Schneble and Mitch Milligan from Sentinel One, Claudio Cattai and Chuck Chessor from Netskope.2021-12-1657 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 57 - A Look Back at Cybersecurity in 2021In this episode I sit down with Lloyd Guyot,  Mike Peterson and Steve Barnes to discuss the state of cybersecurity in 2021. Lloyd is a Client Solutions Advisor for Optiv, Mike is a Cybersecurity Consultant for Cadre and Steve is a Systems Engineer for Fortinet.Talking Points:How do we secure the new hybrid workforce?Is SASE where is needs to be going into 2022?Do you think there is ransomware fatigue?How is Social Engineering just security marketing hype?We cover a veritable cornucopia of security topics for your listening pleasure! E...2021-12-0849 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 56 - A Passwordless Future: Insights from a CISOIn this episode I have a special guest joining me to talk about a 'Passwordless Future'.  Jorel VanOs is the Chief Information Security Officer for the insurance company that is taking off like a rocket ship, Acrisure.  This is continuing a great conversation that was discussed in the Security Leadership panel at this year's C3 Tech Advisors IT Summit.Talking Points:What are companies not understanding about Multi Factor Authentication (MFA)?Why do banks use Email/SMS in this age of basic data already being out there?If security keys are the answer then wh...2021-11-2441 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 55 - Mentoring Women in Security: A Look BackIn this episode we are going to do things a little different. I am very to have Rebecca Harvey take over the hosting duties.  She will be interviewing myself and my awesome mentee, Natasha Young, about the last 6 months of our participation in WomSA mentorship program.If you are interested in becoming either a mentor or a mentee, I highly encourage you to set aside sometime to listen to this episodes.  Kudos to Rebecca for being a great guest host and to Natasha for being a great mentee!2021-11-1046 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 54 - Security Posture Management as a ServiceIn this episode I talked with Dave Golding about Security Posture Management as a Service.  What the heck is it? Are misconfigurations just FUD from vendor marketing teams?  Dave is a Sales Executive for AppOmni.Talking Points:What the heck is Security Posture Management anyways?What is your CASB not doing (not in a bad way)?What is the biggest problem with default configuration that you are seeing with customers?What is one of the biggest surprises that you are seeing in the industry?What about best practice policies?Episode Sp...2021-10-2742 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 53 - How to Mature Your Security Awareness ProgramIn this episode I sit down with Corwin Tobias, to take a deeper dive into maturing a Security Awareness program.  Corwin is the Information Security Awareness Ambassador for Blue Yonder.  I had the pleasure of working with Corwin when he was working on the Information Security Training Team for Spectrum Health.Talking Points:How to quip your staff to identify key risksDoes an employee know what to do when they make a mistake?A Human Firewall sounds good but doesn't always work in real life because cyber criminals adaptWhat are so...2021-10-1353 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 52 - Security Awareness is more than just Phishing trainingIn this episode I talk with Tim O'Connor about what companies don't understand about Security Awareness programs. Tim is the Manager of Knowledge Services for Cadre Information Security.Talking Points:Security Awareness is  more than just Phishing awareness trainingWhat doesn't the business get about Security Education?Risk Assessments and Vulnerability Assessments are two different thingsThe importance of Table Top exercisesBrand Name ProtectionIT is NOT where the cybersecurity buck stopsEpisode Sponsor:This episode is sponsored by Cadre Information Security.  Cadre is a trust security partner ba...2021-10-0651 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 51 - Let's Talk Security Operation Center as a ServiceIn this episode I have a special co-host, Alex O'Meera to help me interview my guest, Jim Jakary about Security Operation Center (SOC) as a Service. Alex is a newly minted Senior Security Engineer for Spectrum Health (congrats!) and Jim is an Account Executive for Expel. This was the first remote broadcast in a long time and definitely contained lots of #RealTalk!Talking Points:We already have a security program, what can SOCaaS do to further help?Should be looking at metrics to help guide you?Can SOCaaS help your program with alert fatigue...2021-09-2242 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 50 - SIEM and SOC - Taking a Step Before You SOARIn this special milestone episode I talked with Ryan Dengate and Tim Vandermel about setting up a SIEM and SOC program before you try and tackle implementing SOAR.  Ryan is a Technical Engineer Lead and Tim is a Global Account Executive.  They both work for a great West Michigan company called C3 Tech Advisors. Talking Points:What are they seeing/hearing from customers right nowDo SMBs understand the importance of cyber liability insurance how SIEM/SOC programs can help?Where do you start your program?What are things you can do to 'get ready' to...2021-09-0851 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 49 - Endpoint Solutions as a Business AND Security ToolIn this episode I have a special co-host Natasha Young. Natasha is my WomSA security mentee. Here and I had a chance to speak with Stephanie Aceves about endpoint solutions as a security AND business tool.  Stephanie is an Threat Response Subject Matter Expert Leads for Tanium.Talking Points:What’s the difference between EDR and what Tanium does? Specifically, how can end-point management systems close the gap between traditional detection systems and automation while still being able to manage time sensitivity?What are some of the lessons learned from recent cyber attacks, such as...2021-07-2155 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 47 - A Journey to Secure Your Email - Part Two: DMARC ReportingIn this episode I had a chance to speak with Rob Bowker about using DMARC and other secure email tools to prevent domain spoofing.  Rob is the Director of Sales North America for EasyDMARC.Talking Points:How to use DMARC reports to move from 'quarantine' to 'reject'What is process of applying a percentage when moving to quarantineHow to get around DNS limitations for SPF recordsWhat is BIMI?What are the pre-requirements for implementing it?How to use domain scanners and reputation checksEpisode Sponsor:The sponsor for this episode i...2021-06-2345 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 46 - Talking Network Access ControlIn this episode I get a chance to talk with Jonathan Jesse about Network Access Control. Jonathan is a Senior Systems Engineer with Forescout. Talking Points:What are the biggest challenges that you are seeing with NAC during the pandemic?What are your employees going to bring back in?What has been on your home network that is now coming into your company network?Has the asset been patched?Do you plan on putting home devices into a quarantine segment before it gets on?Do you do compliance checks while there on or before t...2021-06-1646 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 45 - What The Heck Is S.O.A.R?Topic:What is Security Orchestration Automation and Response?Guest:Jeff Gardner of Rapid7Co-Host:Anthony Coggins from AcrisureEpisode Description:In this episode Anthony and I get a chance to talk with Jeff Gardner about Security Orchestration Automation and Response.  Jeff is a Practice Advisor for Rapid 7.Podcast Sponsor:This episode is sponsored by Rapid7. They are multi-faceted security vendor based out of Boston, MA (L...2021-06-0952 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 44 - A Journey To Secure Your Email - Part OneIn this episode I sit down with two Spectrum Health colleagues, Robb Wesche and Jon Bult, to talk about our secure email journey.  Robb is a Email Messaging Engineer and Jon is a Security Engineer with Spectrum Health.Talking points:Life before a good secure email gatewayA near miss with business email compromise storyWhat is DKIM?What is SPF?How does DMARC tie things that togetherWhat is IP warming?The importance of defensive domainsSeparating the 'Wheat from Chaff' with email security AI2021-06-0143 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 43 - A Closer Look at Identity AutomationIn this episode I talk with Kevin Foisy and Justin Taylor about Identity Automation. Traditional Identity Governance Administration is not adapting as the same business processes are in this digital transformation era.  So how do you evolve the identity systems/solutions that you have put a considerable amount of money into?  Let's take a deep dive.Talking Points:The 'Lifecycle' of IdentityHow do you do Identity Automation when you don't know where all of your data points are?Is it easier to clean up 'On-Prem' identity or 'Cloud' identity?What about Multi-Tenant Go...2021-05-0448 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 42 - Lessons Learned: Security MetricsIn this episode I talk with Jim Kuiphof and Aaron Silver from Spectrum Health Information Security. We take a look at the last 5 years of the security program to glean some lessons learned about Security Metrics.Talking Points:There are three key principles in any security metrics program:It’s a Journey - You are going to have to be OK with taking a faceplant at first before you can mature and get quality metrics. Think of metrics are a ‘lifecycle’The ‘Why’ - What is the problem are you tr...2021-04-2150 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 41 - A Day in the Life of a SOC AnalystIn this episode I get a chance to speak with Dave Stycos who is a Senior Security Engineer for Spectrum Health.  Dave was part of the Security Operation Center that helped thwart a Wannacry attack on a major healthcare system in West Michigan.  We talk about what a day in the SOC looks like and what is going through the SOC analyst's mind during an active incident.Talking Points:What does a typical day look like? Is it like it is in Hollywood movies?What are some of the tools that you us...2021-04-0756 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 40 - The State of Cybersecurity in 2021In this episode I had the pleasure of doing a state of security in 2021 panel with guests from several different security backgrounds. My guests were Steve Barnes from Fortinet, Doug Copley from Data Protection Partners and Mike Peterson from Cadre Information Security.Talking Points in a Round Robin Format:Endpoint Security for Remote WorkersThoughts on Solar Winds FalloutF5 and Other Security Vendor Patching IssuesDevSecOps and AutomationPodcast Sponsor: This episode is sponsored by Optiv.  Optiv is a security solutions integrator based out of Denver Colorado. Proceeds from th...2021-03-311h 00Hashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 39 - Security MentoringIn the episode I am very grateful to have my first female co-host, Maril Vernon.  Maril and I got a chance to talk with two talented colleagues of mine who are both on the board of the Women's Security Alliance (WOMSA), Rebecca Harvey and Diana Volere.  The topic that we delve into this security mentoring and the state of DEI in 2021.Talking Points:Is there a shortage of quality mentors?What does a good mentoring experience look like?Push your comfort zone when looking for a mentorWhat has change since you both started your ca...2021-03-2450 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 38 - What The Heck Is XDR Anyways?In this episode I had to chance talk with Michael Leland about XDR.  Michael is the Chief Technology Strategist for McAfee. We spoke both at a high level and a lower level about Extended Detection and Response.  The goal of the episode is to help your SMB better understand if it is a good fit for your company.Talking Points:What is XDR and is it more than just marketing fluff?What are all of the 'data points' XDR uses?Can it help with managing Cloud data security?Could it help with things like la...2021-03-1745 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 37 - Peering into The Mind of a HacktivistIn this episode I talk with former hacktivist Mike Jones.  Mike was a former cryptologist for the US Army and also a former member of the hacktivism group Anonymous.  Have you ever wonder why someone would get into hacking? Ever wonder what it's like to be 'talk to' by the FBI?  Well now is your chance to hear about it.Talking Points:What is Hacktivism? What drew you to it?What is the most misguided conception of Anonymous/Hacktivism?While the movie ‘The Net’ with Sandra Bullock was fictional in the 90’s, you kind of had to...2021-03-0357 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 36 - Let's Talk Secure Coding and Container SecurityIn this episode I talk with Clinton Herget about secure coding, container security and the importance of having a DevSecOps mindset.  Clinton is the Principal Federal Solutions Engineer for Snyk. Talking Points (including SSDLC diagram):Software Vulnerabilities can happen even before your first line of custom code (Open Source Libraries)Review an example of a Secure Software Development Lifecycle Diagram (SSDLC)Pros and cons of using a Static Application Scanning Tool (SAST)Pros and cons of using a Dynamic Application Scanning Tool (DAST)Container Security:Image scanning guidancePros and cons of containersPo...2021-02-2441 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 35 - Solar Winds Attack: What Can Your Business Learn From It?In this episode I talk with Greg Franseth about the Solar Winds incident and how your business can learn from their mistakes.  Greg is the Senior Director of Professional Services and Internal Operations for Cadre Information Security3 Segments:High Level Overview of What HappenedRecent News of Chinese InvolvementWhat Can You Do To Prevent It?Talking Points:It's time to take Nation State actors more seriousHow did this happen and go undetected for so long?Do nation state actors 'truly' care about SMBs that are not attached to the government?Should t...2021-02-1750 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 34 - Let's Talk Security Policies and Risk ProfileIn this episode I talk with Allison Prout about security policies and a company's risk profile. Allison is an up and coming Cyber Security and Policies counsel for Beckage Law Firm. She specializes in IT Contracting for PCI-DSS, data ownership, cyber insurance and data protection and response.Talking Points:What is your risk profile?  Do you know how to change it?Best Practices for Working with Third Party Risks [Both Proactive and Reactive]Robust Vendor Management ProgramThird Party Risk AssessmentStrong Contracting ProtocolsIncident Response Plan2021-02-1052 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 33 - How to Build a Risk Management ProgramIn this episode I have a co-host, Anthony Coggins, join me to talk with Steve Tobias about the first steps to take in building a Risk Management program.  Anthony is the Security Architect for Acrisure and Steve is one of the Lead Risk Analysts for Spectrum Health.Talking Points:Looking at Risk Management through the eyes of a brand new startup company we discuss:What is the first thing you should do?Awareness of understanding your risk posture Do it internal or hire a partner company? What documents do you need to sta...2021-02-0349 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 32 - What it's like to be in a Ransomware AttackIn this episode I speak with Josh Geno about what it's like to be in a ransomware attack.  Josh is one of the Lead Security Engineers for Spectrum Health.  Josh has had the distinction of being in a ransomware attack as well as having to 'clean up' after one.  Josh has created a Ransomware Playbook that is open for use by anyone and is geared to sharing knowledge/lessons learned.Talking Points:Walk Through The Incident Prepare Detect Triage/Prioritize Analyze Contain/Eradicate/Recover Post-Incident How would you use these documents in your organization?Can be use...2021-01-2758 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 31 - It's 12am. Do You Know Where Your VM's Are?In this episode we are going to take a look at cloud visibility and not the kind of visibility you think.  Not is the sense of something like a Cloud Access Security Broker. Rather visibility into your entire cloud infrastructure.  My guests are Matt Hallahan and Nilesh Deo from CloudBolt.Talking Points Include:How can you get the 'Cloud View' of your different environments?How can you hold 'shadow IT' to a governance model? How quotas and automation can help How visualization can help What things can you do to 'enable' self-service IT?How can a...2021-01-2040 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 30 - A High Level Look at Threat IntelligenceIn this episode I have a special co-host, Alex Ronquillo, and we spoke with Allan Liska about Threat Intelligence and how SMBs can use it.  Alex is a Internet Threat Hunter from rec.  Allan is a Threat Intelligence Analyst from Recorded Future.Talking Points:Why as a SMB should you care about threat intel?What are the must have capabilities / resources that a company should have before investing in a threat intelligence platform?Are some SMBs starting to understand protecting their 'brand'What is everyone getting wrong their 3rd party suppliers?What are the biggest ch...2021-01-1350 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 29 - Talking Multi Factor AuthenticationIn this episode I talk with Andy Winiarski and Craig Widmaier about Multi Factor Authentication and how a password(less) future is closer and simpler than you think.  Andy is a Senior Solution Engineer and Midwest Sales Director for Yubico.Talking Points:What is Multi Factor Authentication and why should an SMB use it?What is the difference between a Yubikey and a different form of MFA (SMS, RSA Key, etc.)Why isn't MFA used more?What does 'password(less)' mean?This episode was sponsored by Yubico.  Yubico is a global authentication le...2021-01-0637 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 28 - Ransomware Fallout: Talking Cyber Liabilities and InsuranceIn this special holiday episode I have both a special guest and a special co-host.  My co-host is Jim Kuiphof and we got a chance to talk with Tim Francis about Cyber Insurance and Liabilities pertaining to ransomware attacks.  Jim in a Director of Information Security for Spectrum Health and Tim is a Enterprise Lead for Cyber Insurance at Travelers.These are just some of the questions and topics that we covered:What is cyber liabilities insurance and why do some think they don't need it?While ransomware attacks are increasing in the public eye, some we...2020-12-181h 03Hashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 27 - Data Governace and Privacy - What Do You Need To KnowIn this episode Matt Nelson and myself talk with Adam Rosen about Data Privacy and Data Governance.  Adam is the VP of Product Strategy for Stealthbits.For this conversation we used the Gartner Data Security Governance Framework as our guide to talk about:Where does a SMB start when it comes to data governance and privacy?What are some of the biggest challenges that SMBs currently face?How automation can help when IT/Security resources may be limitedWhat are some 'Gothcas' when it comes to data privacy?Gartner Reference Link:2020-11-2542 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 26 - Let's Talk Amazon Web Services SecurityIn this special Veteran's Day episode I talk with LinkedIn Top Voices of 2020 honoree, AJ Yawn, about Amazon Web Services security.  AJ is a US Army veteran and also the Co-Founder and CEO of a brand new company called ByteChek.AJ walks us through his five quick tips for AWS security for small businesses.Protect Your Root AccountIdentity Access Management (IAM) ReportDownload Trusted Advisor ReportEnable AWS Cloud Trail Across All RegionsAutomate Something Using Cloud TrailWe also had a chance to talk about the ever elusive thing called the Shared Responsibility Model2020-11-1858 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 25 - Let's Talk About Zero TrustIn this episode I talk about the concept of 'Zero Trust' with Patrick Tyler.  Patrick is a Senior Solutions Engineer for Okta.Talking Points:What is Zero Trust and why should you care?What did organizations have to do right away when it comes to Zero Trust?Why Zero Trust is important for 'non-traditional' cloud industries like manufacturing to do it?While VPN is a powerful tool, it isn't the 'End All Be All' for security.What did organizations have to do right away?This episode is sponsored by Okta.  Okta is...2020-11-1145 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 24 - Why Physical Network Security Still MattersIn this episode I talked with Steve Barnes about physical network security.  Steve is an Enterprise Systems Engineer for Fortinet.Talking Points:Why does physical network security still matter in the age of SASE?What is the biggest difference between 'Next Gen' and 'Stateful' firewalls?Does content awareness (SSL inspection) really help with visibility and protection?Even SASE needs something to connect toWhy is SD-WAN important in the age of Digital Transformation?Ransomware Protection with Default DenyThis episode is sponsored by Fortinet.  Fortinet is On-Prem and Cloud Security co...2020-11-0434 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggSpecial Event - Tales from the Cyber War Trenches - Jim Kuiphof's Cloud Con GR 2020 Keynote I am happy to share very special event, Tales From The Cyber War Trenches from Jim Kuiphof's Cloud Con GR 2020 Keynote. In this episode Jim talks about real life experiences with vulnerability management lessons learned, how do you deal with 'interesting' government warnings, a ransomware near miss and disruptive security controls.Cybersecurity Scenarios:Tick Tock, Tick Tock - Time is Running Out (A Vulnerability Management Faceplant)The Russians are Coming! … to waste your SOC's time Ransomware: How Do You Find An Infected Printer At Midnight?Disruptive Security Controls - Implementing Perimeter "Default Deny"Many, many than...2020-10-3047 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 23 - Let's Talk Web Application SecurityIn this episode I talk with Zane Lackey about Web Application Security.  Zane is the Co-Founder and Chief Security Officer for Signal Sciences. Talking Points and Listener Submitted Questions:What kinds of 'Real World' attacks are people dealing with against web applications?How do you detect an attack against a web application?How do you measure the effectiveness of your technical web app security controls (WAF, API, Authentication, Business Logic, etc.)?How do can you ensure that your companies web application API's cannot be abused to access data that the user is unauthorized to a...2020-10-2841 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 22 - What the Heck is SASE and Why Should I Care?In this episode I speak with Nick d'Amato about SASE (Secure Access Service Edge).  Nick is the Director of Solution Engineering for Americas North with Bitglass. What is SASE and why should SMBs learn more about it?How does it secure SaaS apps?What are biggest threats that you are seeing with small and medium businesses? Can it help with identifying shadow IT?How can you change the culture when it comes to SASE and its policy and controls?What are the security controls that you need today and what does that look like in 12 months? What does netw...2020-10-2153 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 21 - How to Build a Successful Security Awareness Training ProgramIn this special live stream podcast recording event I spoke with Tim O'Connor. Tim is the manager of Knowledge Services for Cadre Information Security. The topic of this podcast is 'How to Build a Successful Security Awareness (SA) Program. Talking points include: What is the first step in building a successful program?The concept of a security champion when you don't have a dedicated SA teamWhat are some common misconceptions about SA programs?Diagramming out a social engineering attack This episode is sponsored by Cadre Information Security. Cadre is a security solutions provider that focuses on...2020-10-141h 01Hashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 20 - A Casual Conversation About RansomwareIn this episode I speak with Jared Phipps on the timely topic of ransomware.  Jared is the Vice President of Worldwide Sales Engineering for SentinelOne and had some great insights on what is happening with these types of attacks.Some of the talking points included:Why the sudden surge of ransomware attacks?What is really happening behind the scenes?What is the impact to cyber liability insurance companies?How can you reduce your chances of getting hit?What does the future hold for cyber insurance?The sponsor for this episode is SentinelOne.  Se...2020-10-0747 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 18 - Bad, Worse and Just Downright Awful SecurityIn this episode I talk with Kevin Dillaway, who is a Cloud Security Architect for Optiv.  Optiv is security solutions integrator based out of Denver Colorado.The topic for this episode is bad security horror stories.  Have you ever wondered what the worst security thing a cloud architect has seen?Well wait until you hear some of the crazy things that he come across!This episode is sponsored by Optiv and part of the proceeds will be going to help 'At Risk' students in West Michigan.2020-10-0251 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 19 - Privilege Access Management for Small and Medium BusinessIn this episode I speak with Martin Cannard about Privilege Access Management for Small and Medium Business. Martin is the Vice President of Product Strategy for STEALTHbits Technologies. Here are some of the questions that we tackled in this session: What is Privileged Access Management and why do you need it?Why is PAM so 'scary'?What the biggest problems that you are seeing in the PAM space?What is wrong with a typical PAM boilerplate? This episode is sponsored by STEALTHbits and, as always, proceeds from this sponsorship will go toward At Ris...2020-09-3043 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 17 - Talking Third Party Risk Management with Executive LeadershipIn this episode I talk with Lenny Levy about talking Third Party Risk Management with Executive Leadership.   Lenny is a healthcare Chief Information Security Officer and has extensive experience with Risk Management and currently works at Security Cubed Consulting.Questions and Talking Points:Why is third party risk management a challenge for organizations?How should organizations determine how much third party risk to take on?Why are some companies being too risk adverse?How do you handle leadership that doesn't take third party risk seriously? 2020-09-1648 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 16 - Talking Digital Identity with Diana VolereSummary:In this episode I talk with Diana Volere of SailPoint about Digital Identity.  As more people work remote and IoT and mobile devices proliferate, the need to understand digital identity is critical.Talking Points:Federation or Governance - Which Should You Do First?Digital Transformation and Security Fatigue - Real or Myth?What is the Biggest Challenge You are Seeing in Digital Identity Right Now?Because of the Pandemic Will More Businesses Get on the SSO Train?Podcast Sponsor:2020-09-1147 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 15 - Why Active Directory Security Still MattersIn this episode I talk with Sean Deuby about Microsoft Active Directory and why AD security still matters.Topics included:The Circle of 'AD' LifeAD in the Age of Ransomware (e.g. tools at script kiddie's disposal)Ransomware - Risk and RecoverKrazy Mimikatz StoriesThis podcast was sponsored by Semperis. Semperis offers great Microsoft Active Directory services including Directory Service Protector and Active Directory Forest Recovery.Part of the proceeds from the sponsorship will go towards helping 'At Risk' students in West Michigan.2020-09-0441 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 14 - A Casual Conversation on Social EngineeringIn this episode, myself and my CSA sidekick Matt Nelson, talk with Ken Liao from Abnormal Security about email security and how social engineering is wreaking havoc on businesses.Topics include:The Recent Twitter HackIran Advancing Their Social Engineering SkillsThe Importance of Good Email HygieneWhat Does The Future of Email Security Look Like?A big thanks to Abnormal Security for sponsoring this podcast!  A majority of the proceeds will be going to low income students in West Michigan!2020-09-0341 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 13 - Security Career: Character or PersonaIn this episode I got a chance to talk with Joseph 'Augie' D'Agostino.  Augie is the Deputy Chief Information Security Officer for Spectrum Health.  The topic is around security careers and what the different ways to get into the Information Security world.Some area we talked about were:Biggest Security Leadership ChallengesWhy Aren't Security Jobs Being Filled?Your Personal Security BrandHow Can A Specific Security Degree Won't Hurt Your ChancesBiggest Security ConcernsMost Hopeful with Security's Up and Coming 'Generation'2020-08-0540 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 12 - Securing the Internet of ThingsIn this episode I talk with Ken Dickey of Cadre to talk about the current state of the security for the Internet of Things.Talking points will be:VisibilityEase of Use and DeploymentBaselining Network AccessNetwork Segmentation GuidanceFuture of IoT Threat IntelligenceCadre Security will be sponsoring this episode with the majority of funds going to purchase mobile hotspots for low income families in the Grandville/Standale area.2020-07-2646 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 11 - Hack a Human - Security in the Age of Virtual HealthcareIn this episode I got to speak with several different industries and leaders. The topic will be 'Security in the Age of Virtual Healthcare'Guests:Chris Roberts - Renowned Hillbilly HackerDan Baziun - Healthcare Innovation LeaderSumit Sehgal - Chief Technology StrategistFunds from this event will be going to purchasing technology and Internet access for low income families in West Michigan!!Many thanks to McAfee and Comcast so sponsoring this event!2020-06-1958 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 9 - Security Awareness Training - Past, Present and FutureIn this episode of #realtalk with Aaron Bregg, I catch up with Gabriel Friedlander of Wizer.  Wizer is a great security awareness training solution.  Discussion Topics:How did you get started? (personal background, company background, etc.)How are the topics selected? (hot topics or just ‘common sense’ approach?What is your process to creating videos?What are the biggest challenges in Security Awareness training right now?What do you wish big companies would do better at?What are your favorite video feedback story?What do you think the future of Security Awareness looks like?L...2020-05-0536 minHashtag Realtalk with Aaron BreggHashtag Realtalk with Aaron BreggEpisode 5 - Security for the InsecureIn this episode we talk about the first listener suggested topic, security for the insecure.  I sit down with Heather Bregg an Research Analyst for Spectrum Health.The topics that we discuss include current frustrations with information security, the unique world of healthcare research and how a non-secure person can protect themselves and their company.Heather's LinkedIn profile:https://www.linkedin.com/in/heather-bregg-a6371356/Links on how the privacy rule relates to Research:https://www.hhs.gov/hipaa/for-professionals/special-topics/research/index.htmlhttps://privacyruleandresearch.nih.gov/pr_06.asphttps://cynergistek.com/b...2020-03-0137 minDefeasible ReasoningDefeasible ReasoningAaron BreggAaron Bregg is the Director of Professional Outreach at Cloud Security Alliance West Michigan. We talk about Reed City, the movie War Games, go off on tangents, and collectively realize there’s not one single path to enter into the cyber security industry!<img src="http://feeds.feedburner.com/~r/drpodcast/~4/Lb_8QpIA_Aw" height="1" width="1" alt=""/>2019-10-0424 min