Shows
The Cybersecurity Readiness Podcast SeriesAI Security in the Public Sector: Balancing Innovation and RiskIn this episode, Dr. Dave Chatterjee is joined by Burnie Legette, Director of IoT and AI at Intel Corporation and former professional football player. Their conversation explores the evolving landscape of AI deployment within the public sector, with a particular focus on the security challenges and governance strategies required to harness AI responsibly. Drawing on his cross-sectoral experience, Burnie offers insights into the cultural, technical, and ethical nuances of AI adoption. Dr. Chatterjee brings in his empirically grounded Commitment-Preparedness-Discipline (CPD) cybersecurity governance framework to emphasize the importance of planning, transparency, and stakeholder engagement.To access and download...2025-06-1735 minThe Cybersecurity Readiness Podcast SeriesHolistic Identity Security: Shifting the Paradigm from Reactive to ProactiveIn this compelling episode, Dr. Dave Chatterjee is joined by Damon Fleury, Chief Product Officer, SpyCloud to dissect one of cybersecurity’s most exploited and least understood attack surfaces—identity. With nearly three decades of experience in security, Damon shares real-world insights into how identity compromises serve as the entry point for major breaches, why a holistic approach to identity security is urgent, and how organizations can move from reactive defense to proactive resilience. The discussion underscores the convergence of people, processes, and technology in building durable identity security frameworks.To access and download the entire podcast summ...2025-05-1739 minThe Cybersecurity Readiness Podcast SeriesFrom Botnets to AI: Defending Against the Future of DDoS WarfareIn this episode of the Cybersecurity Readiness Podcast, Dr. Dave Chatterjee sits down with Richard Hummel, Director of Threat Intelligence at NETSCOUT, to unpack the fast-evolving Distributed Denial of Service (DDoS) threat landscape. Richard shares unique insights from NETSCOUT’s latest global threat intelligence report, discussing the strategic weaponization of DDoS attacks in geopolitical conflict, the role of AI in modern attack infrastructure, and why proactive preparation, not prevention, is key. Together, they explore how leaders must adopt a “resilience by design” mindset to secure their digital frontlines.To access and download the entire podcast summary with discus...2025-05-0343 minThe Cybersecurity Readiness Podcast SeriesStopping Social Engineered Vishing Attacks Before They StartSocial engineering continues to be the primary gateway for cyberattacks, responsible for nearly 80% of fraud and ransomware incidents. And notably, 1 in 4 of these social engineering attacks originate via phone calls. Yet many enterprises continue to leave their phone systems exposed. In this episode, Dr. Dave Chatterjee engages Richard Quattrocchi, Vice President of Digital Transformation, Mutare Inc., in a compelling discussion on the often-overlooked threat of voice-based cyberattacks, particularly vishing (voice phishing). Richard shares his professional journey, personal motivation rooted in a family scam incident, and the alarming rise of social engineering via phone calls—especially in the era of AI...2025-04-2241 minThe Cybersecurity Readiness Podcast SeriesFuture-Proofing Your Data: Preparing for the Post-Quantum EraDr. Dave Chatterjee and David Close discuss the implications of post-quantum cryptography (PQC) on cybersecurity readiness. David, a Chief Solutions Architect at Futurex, explains the evolution of cryptographic methods to counter quantum computing threats. He highlights the importance of NIST's role in standardizing quantum-resistant algorithms like Kyber and Dilithium. David shares practical examples, such as Google and Cloudflare's hybrid TLS implementation and a financial institution's use of PQC for data storage. They emphasize the need for organizations to develop roadmaps, inventory cryptographic assets, and ensure vendor readiness. Dr. Chatterjee stresses the importance of a proactive, holistic approach to cybersecurity...2025-03-3134 minThe Cybersecurity Readiness Podcast SeriesSecuring AI's Blind Spots: The Hidden Risks in Enterprise AI AdoptionThe adoption of Artificial Intelligence (AI) and Generative Artificial Intelligence (Gen-AI) applications and tools are exploding. The global AI infrastructure market is projected to reach over $96 billion by 2027. AI applications are being used to empower every organizational function and industry, from logistics and supply chain to manufacturing, healthcare, finance and banking, marketing and sales, and customer sales. However, such adoption and use of AI tools and platforms has greatly expanded the attack surfaces and the attack vectors. They are presenting many more opportunities for hackers to break into systems and networks and also violate individual privacy and reputation, thereby...2025-03-0540 minThe Cybersecurity Readiness Podcast SeriesElevating Your Offensive Security ProgramDr. Dave Chatterjee hosts a discussion on elevating your offensive program with Mark Carney, CEO @ Evolve Security, and Yaron Levi, Chief Information Security Officer (CISO) at Dolby Labs. They emphasize the importance of a proactive, continuous approach to cybersecurity, contrasting it with traditional reactive measures. Key points include the need for a threat-informed, programmatic mindset, continuous threat exposure management (CTEM), and the integration of business objectives. They stress the importance of intelligence, risk assessment, and the role of third-party providers as partners. The conversation highlights the necessity of senior leadership commitment and the challenges of defining and measuring risk...2025-02-1843 minThe Cybersecurity Readiness Podcast SeriesUsing Blockchain Technology to Make Messaging Apps More Secure and PrivateDr. Dave Chatterjee and Kee Jefferys, Technical Co-Founder of Session, discuss the use of blockchain technology in enhancing the security and privacy of messaging apps, specifically Session. Session, which has over a million monthly active users, uses a decentralized network of nodes incentivized by Session tokens. Unlike traditional messaging apps, Session does not require a phone number for sign-up and employs onion routing and end-to-end encryption to protect user data. Kee emphasizes the importance of considering the threat model and user needs when choosing a messaging app. Session is best suited for high-threat scenarios, while other apps may be...2025-02-0339 minThe Cybersecurity Readiness Podcast SeriesAuthenticate without Storing Credentials: MIT Scientist Cracks the CodeDespite companies’ best efforts, stored access credentials inevitably get stolen or misused. Whether it is a disgruntled employee posting the data, an employee that makes an innocent mistake exposing that data, a company needing revenue selling the information, a criminal hacker group stealing the information, or a government-backed group stealing the information, etc. it is simply a matter of when not if that information will be stolen.“The only truly safe way to handle people’s secrets is never to store them in the first place – what is not stored cannot be stolen,” says Tina Srivastava, Ph.D., an MIT...2025-01-1328 minThe Cybersecurity Readiness Podcast SeriesLessons from 2024's Biggest Cyber Incidents and Building Stronger Defenses for 2025In this episode, Shrav Mehta, Founder, and CEO at Secureframe, joins me to discuss major cybersecurity incidents in 2024, highlighting five significant breaches: National Public Data (2.7 billion records), AT&T (50 billion), Ticketmaster (500 million), Change Healthcare (145 million), and Dell (49 million). We emphasize the importance of proactive measures, such as data minimization, continuous training, and zero-trust models. I stressed the need for leadership engagement, robust incident response plans, and a holistic approach to security. Shrav underscores the role of automation and continuous monitoring in enhancing protection. We both agreed on the necessity of evolving security practices to counter emerging threats like deepfakes...2024-12-3136 minThe Cybersecurity Readiness Podcast SeriesStopping Deepfake Threats Through Identity VerificationIn this episode, Aaron Painter, CEO at Nametag, joins me in discussing the Deepfake fraud phenomenon and how organizations and individuals should protect themselves from such scams. A recent study conducted by finance software provider Medius finds that over 53% of businesses in the U.S. and U.K. have been targets of financial scams powered by “deepfake” technology, with 43% falling victim to such attacks. 85% of the finance professionals polled view such scams as an “existential” threat to their organization’s financial security. In the United States, families lose an average of $11,000 in each fake kidnapping scam. According to data from the F...2024-12-1433 minThe Cybersecurity Readiness Podcast SeriesFrom reactive to proactive: How behavioral psychology is transforming enterprise securityIBM recently reported a 71% year-over-year increase in attacks using valid credentials. This continued use of stolen credentials is also evident through ongoing public incidents like the string of attacks targeting Snowflake's customers that resulted in breaches at AT&T and Advanced Auto Parts. Lynsey Wolf, Team Lead and Insider Threat Analyst at DTEX Systems believes that users' psychological and behavioral traits are being overlooked when it comes to defending against credential misuse. In this episode, we discuss how best to mitigate such threats using a proactive approach to insider risk management by focusing on user behavior and indicators rather t...2024-11-2056 minThe Cybersecurity Readiness Podcast SeriesCompliance in the Cloud: Challenges and Best PracticesAccelerating into the cloud without caution often brings complexities that can cause more harm than good. Gartner has noted that cloud configuration errors cause 95% of cybersecurity breaches. With the rapid pace of cloud adoption, less time is spent ensuring systems are built and operated effectively with proper cyber hygiene. In this episode, Dale Hoak, Director of Information Security at RegScale, joins me in discussing cloud compliance-related challenges and best practices. Here are some terrific Dale Hoak one-liners:"Compliance is essentially where fun went to die.""Nobody steals your work. So, we need to use automation...2024-11-0135 minThe Cybersecurity Readiness Podcast SeriesReducing the Risk of Social Engineering to Exploit IT Help DeskIn this episode, Mike Manrod, the Chief Information Security Officer (CISO) of Grand Canyon Education, and Ori Eisen, the Founder and CEO of Trusona, joined me to discuss how best to reduce the risks of social engineering attacks on IT support and help desk personnel. This episode was motivated by the major cyber attack that brought MGM Resorts International's operations to a screeching halt. It was a social engineering attack where the attackers gained super administrator privileges by providing the MGM Help Desk with basic employee information.To access and download the entire podcast summary with discussion...2024-10-2035 minThe Cybersecurity Readiness Podcast SeriesUnlocking Cyber Potential: The Power of Collaboration in K-12 Cyber EducationIn this episode, Laurie Salvail, Ph.D., Executive Director of CYBER.ORG, joins me to discuss the importance of cybersecurity education for K-12 students. Primarily funded by the Cybersecurity and Infrastructure Security Agency (CISA), CYBER.ORG is a powerful and free resource available to K-12 students and educators in the United States. CYBER.ORG’s Range, a cloud-based virtual environment, empowers K-12 students with real-world cybersecurity skills in a secure platform.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-73-unlocking-cyber-potential-the-power-of-collaboration-in-k-12-cyber-education/Connect with Ho...2024-10-0634 minThe Cybersecurity Readiness Podcast SeriesLarge Language Model (LLM) Risks and Mitigation StrategiesAs machine learning algorithms continue to evolve, Large Language Models (LLMs) like GPT-4 are gaining popularity. While these models hold great promise in revolutionizing various functions and industries—ranging from content generation and customer service to research and development—they also come with their own set of risks and ethical concerns. In this episode, Rohan Sathe, Co-founder & CTO/Head of R&D at Nightfall.ai, and I review the LLM-related risks and how best to mitigate them.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-72-large-language-model-llm-risks-and-mitigation-strategies/Con...2024-09-2328 minThe Cybersecurity Readiness Podcast SeriesIdentity Continuity in Multi-Cloud EnvironmentsThe importance of maintaining uninterrupted services cannot be overemphasized, especially in light of the recent global IT outage fiasco. With the increasing dependence on cloud-based services, uninterrupted connectivity is essential to maintaining business continuity. Since identity providers control access to an organization's application and data, any downtime can shut down mission-critical operations. It was great to have Eric Olden, Co-Founder, Chairman, and Chief Executive Officer of Strata Identity, share his thoughts and perspectives on this critical topic.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-71-identity-continuity-in-multi-cloud-environments/...2024-09-0239 minThe Cybersecurity Readiness Podcast SeriesSecuring SMBs Serving Defense Industrial Base and U.S. Critical InfrastructureIn this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in supporting the Advanced Defense Systems that protect our nation from domestic and international threats. So, it is imperative to review what it takes to keep these SMBs safe from cyber-attacks.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-70-securing-smbs-serving-defense-industrial-base-and-u-s-critical-infrastructure/Connect wi...2024-08-2040 minThe Cybersecurity Readiness Podcast Series2024 Cyber Trends and Predictions: Global IT Outage and MoreIn this episode, John Funge, Managing Director at DataTribe, and I discuss the Global IT Outage caused by a flawed update to CrowdStrike's cloud-based security software. We also review DataTribe's recently published report on cybersecurity trends and predictions for 2024. In closing, John shares some tips and recommendations for those seeking cybersecurity funding. To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-69-2024-cyber-trends-and-predictions-global-it-outage-and-more/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast, so you do...2024-07-3144 minThe Cybersecurity Readiness Podcast SeriesFortifying Healthcare Data: Proactive Defense StrategiesThe recent breach of the Change Healthcare platform serves as a strong reminder that the healthcare sector remains extremely vulnerable to different types of attacks. In late February, a ransomware gang known as Black Cat claimed responsibility for hacking Change Healthcare, a subsidiary of UnitedHealth Group. The intruders disrupted operations and stole up to four terabytes of data, including personal information, payment details, insurance records, and other sensitive information. It is also reported that a ransom payment of $22 million was made. What is even more concerning is that Change Healthcare is being extorted again by another ransomware group. Incidents...2024-06-2536 minThe Cybersecurity Readiness Podcast SeriesQuantum Computing and Cybersecurity – Examining Trends and ImplicationsThe fast-evolving quantum computing phenomenon represents a paradigm shift in how computers process data. Due to its ability to process vast amounts of data and solve complex problems at an unprecedented speed, quantum computing holds great promise for new material discovery through the simulation of physical systems, portfolio optimization in finance, and more. It also poses a significant threat to cybersecurity, requiring a change in how we encrypt our data. Even though quantum computers don’t technically have the power to break most of the current forms of encryption yet, we need to stay ahead of the threat and co...2024-06-0539 minThe Cybersecurity Readiness Podcast SeriesCreating a Security-Minded CultureIn this podcast, I enjoyed talking with Chirag Shah, Model N's Global Information Security Officer and Data Privacy Officer, about creating a security-minded culture. Infusing a security culture within organizations starts with leadership buy-in and support. Chirag highlighted the need for interactive and engaging training programs tailored to specific departments, involving real-world examples and practical scenarios. He stressed the significance of fostering a security mindset among employees through daily reminders and reinforcement and leveraging free or low-cost resources to implement effective security awareness programs. Chirag also emphasized the need for a strategic approach to security and a security-minded culture...2024-05-2239 minThe Cybersecurity Readiness Podcast SeriesSecuring the Future: Inside Student-Led Cybersecurity ClinicsStudent-led cybersecurity clinics are increasingly playing an essential role in strengthening the digital defenses of nonprofits, hospitals, municipalities, small businesses, and other under-resourced organizations in our communities while also developing a talent pipeline for cyber-civil defense. Sarah Powazek, Program Director - Public Interest Cybersecurity at the University of California, Berkeley Center for Long Term Cybersecurity (CLTC), sheds light on this important development. One of the highlights of the discussion was the recognition that the cybersecurity field is such a melting pot of different skill sets. In Sarah's words, "it's actually one of the biggest advantages we have; threats are...2024-05-0528 minThe Cybersecurity Readiness Podcast SeriesDeveloping Resilient and Secure Mission Critical Facilities (Data Centers)Developing and maintaining resilient and secure data centers is a huge part of cybersecurity readiness. Spiros Liolis, Chief Technologist and Managing Consultant, EYP Mission Critical Facilities, Part of Ramboll, joins me to discuss the challenges and best practices of creating and maintaining state-of-the-art data centers. Topics covered include a) elements and attributes of resilient data centers, b) creating and maintaining a resilient and adaptive data center, and c) the different types of risks – geological, meteorological, and human – that must be considered when building and maintaining the data centers.To access and download the entire podcast summary with disc...2024-04-2433 minThe Cybersecurity Readiness Podcast SeriesSecuring Application Programming Interfaces (APIs)Application Programming Interfaces (APIs) play a vital role in modern software development, enabling the integration of services and facilitating the exchange of information. The ubiquity of APIs is a testament to their success in supporting many functions. However, their prominence has also made APIs a target for cyberattacks. Jeremy Snyder, Founder & CEO of Firetail.io, joins me in discussing how to secure APIs effectively. Our discussion revolves around the following questions:What do we need APIs for? Why do we need API security? What are the consequences of lax API security?What are the risks...2024-04-1038 minThe Cybersecurity Readiness Podcast SeriesThe Last Line of Defense Against a Ransomware AttackAttackers have started increasingly targeting victims' backups to prevent organizations from restoring their data. Veeam's "2023 Ransomware Trends Report" found more than 93% of ransomware attacks specifically targeted backup data. My discussion with Gabe Gambill, VP of Product and Technical Operations at Quorum, revolves around the following questions: • What vulnerabilities of data backups do ransomware hackers exploit?• What are the common mistakes and barriers when recovering against a ransomware attack?• How to successfully recover from a ransomware attack?To access and download the entire podcast summary with discussion highlights -- https://www.dc...2024-03-2734 minThe Cybersecurity Readiness Podcast SeriesOvercoming the Stale Nature of Tabletop ExercisesWhile tabletop exercises (TTX) are considered a proven tool for finding gaps in an organization’s security posture, they can be painstakingly challenging to plan and implement effectively. In a time where information security teams are understaffed and overworked, are TTX still worth the time and resources? Or are there other ways of ensuring incident response readiness? Navroop Mitter, the CEO of ArmorText, a mobile security and privacy startup, sheds light on the various aspects of tabletop exercises and their effectiveness as a preparedness tool.To access and download the entire podcast summary with discussion highlights -- ...2024-03-1338 minThe Cybersecurity Readiness Podcast SeriesSecuring Artificial Intelligence (AI) ApplicationsAs artificial intelligence (AI) technologies continue to evolve and be leveraged, organizations need to make a concerted effort to safeguard their AI models and related data from different types of cyber-attacks and threats. Chris Sestito (Tito), Co-Founder and CEO of Hidden Layer, shares his thoughts and insights on the vulnerabilities of AI technologies and how best to secure AI applications.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-60-securing-artificial-intelligence-ai-applications/Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast2024-02-2831 minThe Cybersecurity Readiness Podcast SeriesBuilding a Resilient Disaster Recovery InfrastructureThe latest disaster recovery statistics reveal that modern businesses still face costly interruptions due to a variety of threats, ranging from ransomware attacks to sudden hardware failures. The monetary costs of disasters and outages can be significant. According to results from Uptime Institute's "Annual Outage Analysis 2023" survey, 25% of respondents reported that their latest outage incurred more than $1 million in direct and indirect costs. In addition, 45% reported that the cost of their most recent outage ranged between $100,000 and $1 million. Another research report reveals that just over half of organizations have disaster recover plans and around 7% of organizations never test their disa...2024-02-1426 minThe Cybersecurity Readiness Podcast SeriesUnraveling the Positive and Negative Impacts of Generative AIIn a very thought-provoking discussion, Artificial Intelligence (AI) expert Tony Hoang, Ph.D., traced the evolution of Gen AI, highlighted the many benefits, and also shared his concerns about the irresponsible and abusive use of this technology. What got my attention were the following realities:Innovators often prioritize speed over responsible AI development, leading to potential negative consequences.How easy it is to create a software-generated duplicate of someone's voice or video avatar without their consent, using online content such as images and videos.There are no current safeguards to prevent someone from exploiting AI-generated images of someone e...2023-11-2241 minThe Cybersecurity Readiness Podcast SeriesBest Practices for Overcoming Troublesome Vulnerability Management TrendsA 2023 State of Vulnerability Management Report finds that only half of the surveyed organizations (51%) have, at best, a moderate level of visibility into vulnerabilities. Several other vulnerability management metrics, such as maturity levels, frequency of vulnerability scans, and patch deployment speed, reveal an alarming and troublesome trend. In this episode, Ashley Leonard, CEO at Syxsense, joins me in reviewing the research report findings and discussing vulnerability management challenges and best practices.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-57-best-practices-for-overcoming-troublesome-vulnerability-management-trends/2023-11-0148 minThe Cybersecurity Readiness Podcast SeriesStreamlining and Improving Security by Standardizing Identity ManagementWhile cloud computing has become a great digitization enabler to enterprises, multiple clouds—especially when intersecting with on-premises systems and one another—can produce some challenges. Many organizations can end up with an "identity gridlock" of competing identity systems and protocols since each cloud platform cannot exchange access policy data with other cloud providers. It was an absolute pleasure having Gerry Gebel, Head of Standards at Strata Identity, join me to discuss the significance of standardizing identity management.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-56-str...2023-10-1832 minThe Cybersecurity Readiness Podcast SeriesHow Informed is the Board of Directors on Cybersecurity Risks?With the global cost of cybercrime expected to reach $10.5 trillion by 2025, cybersecurity has become a board-level imperative. According to the Diligent Institute survey 'What Directors Think,' board members ranked cybersecurity as the most challenging issue to oversee. Even though boards say cybersecurity is a priority, they have a long way to go to help their organizations become resilient to cyberattacks. Kayne McGladrey, Field CISO at Hyperproof and a senior IEEE member, sheds light on this important aspect of cybersecurity governance. The driving question being: How informed is the Board of Directors to provide effective oversight of cybersecurity governance?2023-10-0352 minThe Cybersecurity Readiness Podcast SeriesEnhancing Incident Response EffectivenessAccording to a 2023 IBM report, companies take 197 days to identify a breach and 69 days to contain one on average. The delay between infection, detection, and containment can cost businesses millions of dollars. Only 45% of the companies polled had an incident response plan in place. In this episode, Markus Lassfolk, VP of Incident Response, Truesec, and Morten von Seelen, Vice President of the Truesec Group, who have extensive hands-on experience in dealing with major cyber attack incidents, shed light on this very important subject matter. To access and download the entire podcast summary with discussion highlights -- 2023-09-0655 minThe Cybersecurity Readiness Podcast SeriesCybersecurity in the Age of AIWhile large language models such as ChatGPT can be used to write malicious code, AI tools are increasingly used to proactively detect and thwart cyber-attacks. There is growing recognition of AI’s potential to fight cybercrime. Ian L. Paterson, CEO, Plurilock, sheds light on how AI has impacted the cybersecurity industry, especially how Generative AI is changing the industry. Describing the role of the AI as a co-pilot, he says, "The way I think about leveraging AI is typically having a human do the first 10%, and the last 10%, an AI is really good at doing the 80% in the middle. So...2023-07-1238 minThe Cybersecurity Readiness Podcast SeriesIdentity Orchestration Strategies and Best PracticesCloud migration and remote work requirements are forcing organizations to modernize their applications and identity systems. Making the transition is both time-consuming and expensive using traditional software development practices. By decoupling applications from identity, orchestration can alleviate the burden while allowing companies to seamlessly mix and match different cloud providers as well as MFA and passwordless technologies. In this episode, Eric Olden, Co-founder and CEO at Strata Identity sheds light on identity orchestration strategies and best practices.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-52-identity-orchestration-strategies-and-best-practices/2023-06-2842 minThe Cybersecurity Readiness Podcast SeriesCreating a Diverse Cybersecurity Workforce and Solving the Talent ShortageRecent cybersecurity workforce study reports reveal that a) there’s still a global shortage of 3.4 million workers in this field, and b) only 25% of the global cybersecurity workforce are women. In this episode, I had an engaging discussion with panelists Ashley Podhradsky, Vice President of Research and Economic Development at Dakota State University, and Kriti Arora, Security Global black belt, Threat Intelligence and External Attack Surface Management, Microsoft, North America, on attracting more talent, especially motivating and inspiring women to become cybersecurity professionals. One of the key messages that came out of the discussion was not to allow a ce...2023-06-1456 minThe Cybersecurity Readiness Podcast SeriesCountering Insider Threats: Seven Science-Based CommandmentsResearch finds that there was a 44% increase in insider threat incidents across all types of organizations, and 56% of the reported incidents were due to negligence. Equally alarming is that the average annual cost to remediate a negligence incident was $6.6 million. Dr. Eric Lang, Ph.D., Director, Personnel and Security Research Center (PERSEREC), United States Department of Defense, draws upon his research to share some of the (science-based) commandments for understanding and countering insider threats. Emphasizing the criticality of human factors, Dr. Lang contends that "without individuals’ sincere commitments, the most extensive insider threat policies will fail."To acce...2023-04-2645 minThe Cybersecurity Readiness Podcast SeriesMitigating Risks from Unmonitored Communication ChannelsSignificant fines in excess of $2 billion have been levied on organizations in the financial services sector for failing to capture, retain and supervise communications. This crackdown on non-compliant communications is the clearest indicator yet that regulators have lost patience with firms that still haven't addressed supervision and record-keeping risks that were exacerbated by the pandemic. In this episode, Garth Landers, Director of Global Product Marketing at Theta Lake, discusses how businesses can mitigate risks from unmonitored communication channels.To access and download the entire podcast summary with discussion highlights -https://www.dchatte.com/episode-49-m...2023-04-1456 minThe Cybersecurity Readiness Podcast SeriesImplementing Secure and Fast Authentication ProcessesTraditional authentication methods are outdated and need many layers of code, which can take time and resources away from developer teams. If developments like FIDO2, WebAuthn, and passkeys are to be the cornerstones of a passwordless future, then every application (not just Apple, Google, and Microsoft) needs an easy way to adopt these methods and weave them into current user authentication flows. Slavik Markovich, Co-founder and CEO, Descope, discusses current and future authentication trends and the importance of building a low-code/no-code passwordless authentication solution for app developers.To access and download the entire podcast summary with di...2023-03-3041 minThe Cybersecurity Readiness Podcast SeriesProactive Resilient Approach to CybersecurityIt is well known that a proactive intelligence-driven approach to cyber governance is the way to go. But it is easier said than done. Embracing and sustaining such an approach requires high commitment, preparedness, and discipline. Kriti Arora, Security Global Black Belt, Threat Intelligence and Enterprise Attack Surface Management, Microsoft, shares her experiences guiding clients to adopt an intelligence-driven proactive approach to thwarting attacks. She also shares her passion for the field and the satisfaction of training and serving as a cyberwarrior.To access and download the entire podcast summary with discussion highlights --https...2023-03-1549 minThe Cybersecurity Readiness Podcast SeriesThe Challenges and Best Practices of Cyber Security in Emerging Markets“While developed markets may today bear the brunt of cyber breaches, emerging markets are no less vulnerable. Their risks arise from weak processes and governance, the complexity of global supply chains, the need to remain low cost to attract investment, and the rapid adoption of technology without adequate cyber defenses.” Andre Keartland, Solutions Architect at Netsurit, Johannesburg, South Africa, speaks to these realities and offers guidance on managing cyber risks and implementing robust security solutions.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-46-the-challenges-and-best-practices-of-cyber-security-in-emerging-markets/2023-03-0148 minThe Cybersecurity Readiness Podcast SeriesCybersecurity Perspectives of a Community College PresidentIn this episode, Pamela Senegal, President, Piedmont Community College, shares several best practices, including having an information technology presence in each of the college-wide committees. I had the pleasure of meeting Pamela at a cybersecurity symposium organized by the World View Program at the University of North Carolina-Chapel Hill. Charle LaMonica, the Director of UNC's World View Program, also shared her thoughts and perspectives during this very engaging discussion. Driven by the belief that students and instructors must actively engage in cybersecurity governance discussions, she and her team organized a conference to create such knowledge-sharing opportunities. To...2023-02-1544 minThe Cybersecurity Readiness Podcast SeriesFrom Law Enforcement Officer to Chief Information Security OfficerIn this episode, Brian Penders, Chief Information Security Officer, at the University of North Carolina Chapel Hill Medical School, shares his exciting but challenging journey from working as an engineering lab technician in the US nuclear submarine to being a law enforcement officer with the Vermont State Police and then gravitating to his current role of Chief Information Security Officer at a major academic institution. He sheds light on the principles driving the high-reliability organizational culture in the US Nuclear Navy Propulsion Program and how those experiences influenced and shaped his growth as a cybersecurity leader.To...2023-02-0133 minThe Cybersecurity Readiness Podcast SeriesTo trust or not to trust: the overwhelming challengeClinical psychologist Beatrice Cadet, Scientist Integrator at Netherland's Organization for Applied Scientific Research (TNO), draws upon multiple concepts such as 'learned helplessness' to explain why people still fall for phishing attacks despite the training. Beatrice emphasizes the need to factor in human behavioral traits and motivational triggers when developing social engineering solutions and training.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-43-to-trust-or-not-to-trust-the-overwhelming-challenge/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast...2023-01-1840 minThe Cybersecurity Readiness Podcast SeriesUseful Technology Should Be Attack AgnosticIn this episode, Patricia Muoio, Ph.D., Partner at SineWave Ventures and Former Chief of Trusted Systems Research Group, National Security Agency, sheds light on the cybersecurity technology landscape and emphasizes the need to develop technologies that are attack agnostic. Some of the questions driving the discussion include: a) what progress has been made in the development and use of cybersecurity technologies? b) What does it mean to be attack agnostic? c) how near or far are we from taking the burden off people trying to protect themselves from different cyber attacks? and d) the ideal government and industry...2023-01-0443 minThe Cybersecurity Readiness Podcast SeriesDo you see what attackers see? Threat modeling done rightThreat modeling is an intrinsic part of information security governance and needs to be done well. However, research finds that many organizations don't do it well, some are pretty haphazard or chaotic in their approach. In this episode, Marcos Lira, Lead Solutions Engineer at Halo Security, sheds light on how to do threat modeling the right way. The key questions driving the discussion were: a) what is the scope and purpose of threat modeling? b) what have people and organizations been getting wrong about threat modeling? c) what is the right way of doing threat modeling? and d) what...2022-12-2135 minThe Cybersecurity Readiness Podcast SeriesImplementing Phishing Resistant Multifactor AuthenticationThe Cybersecurity and Infrastructure Security Agency (CISA) recently (Oct 31, 2022) released fact sheets urging all organizations to implement phishing-resistant multi-factor authentication (MFA). In this episode, George Gerchow, Chief Security Officer and Senior Vice President of IT, Sumo Logic, and I have an in-depth discussion on this very important security subject matter. The scope of coverage ranges from providing an overview of MFA and its benefits to discussing the challenges and hurdles of implementing phishing-resistant MFA, recommended implementation approaches, and the future of MFA.To access and download the entire podcast summary with discussion highlights -- https...2022-12-0740 minThe Cybersecurity Readiness Podcast SeriesHow do SMBs protect themselves from ransomware attacks?A recent Global SMB Ransomware survey finds that nearly half of small and medium-sized businesses (SMBs) have experienced a ransomware attack, yet the majority aren't sure they are a target, and most are not confident they can fend off such an attack. Since 60% of SMBs are known to go out of business within six months of being hacked, it is a very troubling state of affairs. In this episode, Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions, joins me in discussing the security challenges faced by SMBs and sharing success factors and best practices.To access...2022-11-2339 minThe Cybersecurity Readiness Podcast SeriesCybersecurity As A Strategic OpportunityIn this episode, Kal Sambhangi, Senior Vice President, Cybersecurity Strategy and Architecture at Truist, shares his vision of the future of cyber governance. According to him, the leadership mindset needs to change whereby they are optimistic and opportunistic about cybersecurity and view developing cybersecurity capabilities as a source of competitive advantage. Kal also emphasized the importance of attracting professionals from other fields. He said, “I think cyber security as a community should start embracing people with other skills. I think there is a lot of opportunity here, for people skilled in software development, program management, product management, and data an...2022-11-0938 minThe Cybersecurity Readiness Podcast SeriesComprehensive Asset DiscoveryComprehensive asset discovery is foundational to robust and proactive cybersecurity governance. The Cybersecurity and Infrastructure Security Agency recently issued a directive (BOD 23-01) requiring federal enterprises (civilian executive branch) to perform automated asset discovery every 7 days. Among other things, the directive also requires federal enterprises to initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days. Huxley Barbee, Security Evangelist at runZero and former Cybersecurity Practice Lead at Cisco, discusses the various methods of comprehensive asset discovery and provides guidance in selecting an appropriate asset discovery tool.To access...2022-10-2638 minThe Cybersecurity Readiness Podcast SeriesIs Cybersecurity A Moving Target at Academic Institutions?In a highly engrossing and in-depth discussion, Tej Patel, Vice President, and CIO at Stevens Institute of Technology sheds light on the various information security challenges that plague academic institutions and how best to deal with them. He talks about establishing a highly collaborative and security-centric culture, structuring an ideal CIO-CISO relationship, effective execution strategies, and more.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-36-is-cybersecurity-a-moving-target-at-academic-institutions/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe...2022-10-1244 minThe Cybersecurity Readiness Podcast SeriesSecurely Migrating to the Cloud -- Insights from the American Cancer Society ExperienceAs more organizations embrace cloud-based services, securely migrating to the cloud is becoming an important capability. Keith Weller, former Vice President, Enterprise Technology Services, American Cancer Society (ACS), spearheaded a highly successful migration initiative where they transitioned a 5000-square-foot donation processing on-premise data center to the cloud. Keith and his team completed the implementation on time (in eight weeks), under budget, and helped the organization realize savings of $18 million in real estate and $2 million in technology costs (projected over three years). In this podcast, Keith shares some highlights of this cloud migration best practice. To access and do...2022-09-2843 minThe Cybersecurity Readiness Podcast SeriesDetecting Malicious Insider Threats by Monitoring User JourneysInsider threats are often considered the biggest risk for organizations because they can cause the most destruction. Survey reports, and studies, have found that organizations have spent millions of dollars to recover from insider threat attacks. Proactively detecting and thwarting such threats is a critical aspect of robust information security governance. Doron Hendler, CEO, and Co-Founder at RevealSecurity, sheds light on a context-based detection model that analyzes activity sequences performed when using an application. According to Doron, this User Journey Analytics method is a ubiquitous detection model that can be applied to any SaaS and custom-built application. Since no ru...2022-09-1427 minThe Cybersecurity Readiness Podcast SeriesSkilling Up for Security Operations Center RolesThe Security Operations Center (SOC) is at the heart of an organization's cyber defense system. Highly skilled and motivated personnel must work in these centers. James Risler, Senior Manager, Cisco Learning and Certifications, discussed the roles of the security engineer and the security analyst and the hard and soft skills needed to be effective in those functions. While the ability to code, learn computer forensics techniques, and know how to operationalize MITRE attacks are top skills, the ability to communicate effectively is equally important. Jim strongly recommends that academic institutions partner up with industry to provide hands-on training opportunities...2022-08-3139 minThe Cybersecurity Readiness Podcast SeriesBridging the Gap Between Intentions and Practicality in CybersecurityDaniela Almeida Lourenco, Chief Information Security Officer (CISO) at Tinka, firmly believes that CISOs have the very best of intentions -- "we all mean the best; we all want to protect the organization, and that is all we want to do." However, often the reality of the Board's lack of a cybersecurity mindset coupled with insufficient budget and resources results "in a reactive posture, unpreparedness, unclear risk management strategy, and low response maturity." She also highlights "the misinterpretation and implementation of the lines of defense model" to be another reason why right intentions do not get translated into good...2022-08-1742 minThe Cybersecurity Readiness Podcast SeriesPreparing for the Future of Device ManagementWith the growing move towards a hybrid and remote work environment, more and more people are relying on their smart devices to get work done. Keeping track of all of these devices, and ensuring that they are being used in a very secure manner, can be a challenging proposition. A recent survey finds organizations unprepared and overwhelmed with managing thousands or hundreds of thousands of these endpoint devices. Mike McNeill, CEO, Fleet Device Management, sheds light on some of these critical security issues and addresses questions such as: How does an organization manage its devices? Do they know if...2022-08-0332 minThe Cybersecurity Readiness Podcast SeriesThe State of Attack Surface ManagementWith increasing digitization and the use of cloud-hosted assets, managing attack surfaces continues to be a major challenge. A recent survey report on the state of attack surface management (ASM) finds security teams drowning in a flood of legacy and ineffective tools with limited discovery capabilities. The need for ASM platforms with advanced digital asset detection capabilities is revealed in the survey findings. David Monnier, Team Cymru Fellow, sheds light on the latest ASM platform capabilities and discusses the implementation challenges and success factors.To access and download the entire podcast summary with discussion highlights -- 2022-07-2047 minThe Cybersecurity Readiness Podcast SeriesGlobal Security and Post Breach Management Best Practices"If you can plan for the zombie apocalypse, you can probably face just about anything," said Tim Callahan, Senior Vice President, and Global Chief Information Security Officer, Aflac during a talk in my Master's level class on cybersecurity readiness at Duke University. In this podcast, Tim describes the key elements of an effective crisis management framework and shares several best practices. Some of the highlights of a robust business resiliency and recovery posture include -- a) well thought-out and rehearsed plan that takes into consideration different scenarios; b) world-class forensics team; c) strong partnership with Legal, HR, Law Enforcement...2022-07-0640 minThe Cybersecurity Readiness Podcast SeriesHow to Tackle Burnout in CybersecuritySecurity Operating Center (SOC) staff members are often consumed with tedious manual tasks that lead to burnout and can cost organizations millions of dollars in losses due to human error. Thomas Kinsella, Co-Founder & Chief Operating Officer at Tines discusses at length the challenges faced by SOC team members and makes actionable recommendations on how to decrease burnouts, increase retention, and create a better work environment for the security analysts.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-28-how-to-tackle-burnout-in-cybersecurity/Connect with Host Dr...2022-06-2252 minThe Cybersecurity Readiness Podcast SeriesActionable Threat Intelligence and the Dark WebIn a recent news release, Reuters reported that "United States has offered a $15 million reward for information on Conti ransomware group. The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess of $150 million in ransomware payments." Victoria Kivilevich, Director of Threat Research at KELA Group, describes the cybercrime ecosystem and provides guidance on how to gain and leverage actionable intelligence from dark and deep web resources.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-27-actionable-threat-intelligence-and-the-dark-web/2022-06-0835 minThe Cybersecurity Readiness Podcast SeriesReducing the Disconnect Between Security and Development TeamsHow do you make security a first-class citizen of the software development process? According to an industry report, “many information security engineers don’t understand software development—and most software developers don’t understand security. Developers and their managers are focused on delivering features and meeting time-to-market expectations, rather than on making sure that software is secure.” Harshil Parikh, CEO and Co-Founder Tromzo, shares best practices for reducing the disconnect between software development and information security engineers. One such practice is the establishing and automation of security guardrails for application development.To access and download the entire podcast su...2022-05-2531 minThe Cybersecurity Readiness Podcast SeriesPerspectives of a Global Chief Information Security OfficerIn a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of "delivering on your agenda" for CISOs to gain trust and credibility. Vishal also recommends making the CISO role independent of the CIO, uniformly enforcing security policies across the organizational hierarchy, and operating at a high state of readiness.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-25-perspectives-of-a-global-chief-information-security-officer/2022-05-1145 minThe Cybersecurity Readiness Podcast SeriesThinking Like A HackerUsing compelling stories and metaphors, Ted Harrington, author of Hackable: How To Do Application Security Right, and Executive Partner at Independent Security Evaluators, explains the process of hacking and the importance of being able to think like a hacker. He encourages leaders to get excited about information security investments and look for ways of gaining a competitive edge from those investments.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-24-thinking-like-a-hacker/Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast2022-04-2750 minThe Cybersecurity Readiness Podcast SeriesIs Cybersecurity Regulatory Compliance Good Enough?"The story of the RMS Titanic has served as a grim reminder that regulatory compliance does not guarantee safety or security. The ship was carrying 2,224 passengers and crew when it sank one April night in 1912, killing over 1,500 people. The designers of Titanic had followed the British Board of Trade by equipping it with 20 lifeboats, and even threw in four more than the regulations required." (securicon.com) Dixon Wright, Vice President, Vice President, Compliance Management and Automation Platform, Coalfire, speaks to the importance of moving beyond the check-the-box approach and engaging in substantive information security compliance efforts. He recommends the...2022-04-1341 minThe Cybersecurity Readiness Podcast SeriesIs Cyber Insurance Necessary?"Security experts are split on cyber insurance and its place in business, with just as many arguing that it is a useless add-on as an essential business enabler." A KPMG study indicated that these policies were not overly trusted by business leaders. In this podcast episode, Erica Davis, Global Co-Head of Cyber, Guy Carpenter & Co, discusses at length the different types of coverages, how underwriters evaluate and assess cyber risks, the current state of the market, re-insurance mechanisms, and more. She also offers valuable guidance on how to plan and approach cyber insurance-related decisions. To access and...2022-03-3038 minThe Cybersecurity Readiness Podcast SeriesDealing with Cyber TraumaThe phenomenon of cyber trauma is very real and individuals and organizations are often not adequately prepared to deal with it. Patrick Wheeler, a Luxembourg-based cybersecurity practitioner and Director of the Cyber Wayfinder program, shares his experience in dealing with cyber trauma incidents. He also talks about the Cyber Wayfinder program that is designed to help people with diverse life experiences and skillsets pivot to cybersecurity careers. Patrick passionately argues for removing the artificial barriers to attract a diverse cybersecurity talent pool. To quote him, "why is it that everyone says you have to be a STEM graduate to...2022-03-1640 minThe Cybersecurity Readiness Podcast SeriesA Deep Dive into Ransomware Attacks and NegotiationsArt Ehuan, Vice President, Palo Alto Networks, and Former FBI Special Agent, discusses at length the unfortunate evolution and escalation of ransomware attacks. He explains how the threat actors have upped their game and are now engaging in double, triple, and quadruple extortions. While lamenting that "organizations continue to make the same mistakes," Art also acknowledges the challenges of vulnerability management. He offers some interesting insights into ransomware negotiations and provides excellent advice and recommendations on how to proactively thwart such attacks.To access and download the entire podcast summary with discussion highlights -- https...2022-03-0255 minThe Cybersecurity Readiness Podcast SeriesMaking Cybersecurity Communication EffectiveCybersecurity communication should be simple, immersive, attractive, continuous, and multi-channel, says Marcin Ganclerz, a subject matter expert. He passionately argues for creating a 'culture of enablement and not fear' so employees can play a vital role in enhancing cybersecurity communication effectiveness. Marcin also shares several examples and best practices in support of his recommendations.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-19-making-cybersecurity-communication-effective/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast...2022-02-1647 minThe Cybersecurity Readiness Podcast SeriesSecuring the Smart Supply ChainIn episode 18, Alan Mihalic, President IoT Security Institute, speaks to the challenges and success factors associated with securing Internet-of-Things (IoT) devices in smart supply chains. He draws upon the IoT Security Framework to share some guiding principles and practices to help supply chain participants specify, procure, install, integrate, operate, and maintain IoT securely for smart cities and critical infrastructure. To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-18-securing-the-smart-supply-chain/Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast...2022-02-0247 minThe Cybersecurity Readiness Podcast SeriesReducing the Carbon FootprintWhen justifying cybersecurity investments, Andy Bates, Chief Development and Strategic Partnership Officer, Global Cyber Alliance, recommends making the business case from the standpoint of reducing the carbon footprint. He feels people will make a stronger emotional connection with the carbon reduction argument and thereby be more willing to fund and participate in cybersecurity initiatives. Changing up the cyber conversation and making it more relatable was one of the key takeaways from this discussion. Andy also talked about the vision and offerings of the non-profit organization Global Cyber Alliance.To access and download the entire podcast summary with...2022-01-1943 minThe Cybersecurity Readiness Podcast SeriesRole of Emotional Intelligence in Creating a Healthy Information Security CultureNadia El Fertasi, Human Readiness and Resilience Expert and former NATO senior executive, highlights the importance of leveraging emotional intelligence to create and sustain a healthy information security culture. During a very thought-provoking discussion, Nadja made some poignant statements and recommendations such as a) build a culture of empowerment and not fear, b) use empathy to counter social engineering attacks, c) make cyber hygiene practices non-technical and reduce human firewalls, and d) practice reason over fear.To access and download the entire podcast summary with discussion highlights --https://www.dchatte.com/episode-16-role-of-emotional-intelligence-in-creating-a-healthy-information-security-culture/2022-01-0559 min