Episodes
6 days ago
6 days ago
Join us in this episode as we delve into the world of cybersecurity with the Center for Internet Security (CIS). As a community-driven nonprofit, CIS is responsible for establishing the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data.
Discover how CIS supports the cyber threat prevention, protection, response, and recovery efforts of U.S. State, Local, Tribal, and Territorial government entities through the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®).
Learn about CIS Membership pricing tiers and the benefits they offer, including access to essential cybersecurity resources like the CIS Controls and CIS Benchmarks. Explore the different Implementation Groups (IG) within the CIS Controls and the recommended security settings provided by CIS Benchmarks for various systems, such as Microsoft Server, Linux, and IOS.
Find out about other CIS offerings and how CIS, in partnership with Accenture and CrowdStrike, provides Managed Security Services (MSS) and Endpoint Security Services (ESS) to help organizations enhance their cybersecurity posture. Additionally, discover innovative solutions like Malicious Domain Blocking and Reporting Plus (MDBR+) and Albert Network Monitoring and Management, designed to bolster security for government organizations and private hospitals. Join us to uncover the comprehensive cybersecurity offerings available through CIS and why they're essential for safeguarding your digital assets in today's threat landscape.
Sunday Apr 14, 2024
Sunday Apr 14, 2024
In Episode 12 of our podcast series, we delve into the world of cybersecurity, focusing on the benefits and drawbacks of implementing vendor access solutions.
We kick off by exploring the pros of enhancing cybersecurity measures. From fortified security protocols to streamlined centralized management and strict compliance adherence, we uncover how these solutions can bolster your organization's defenses against cyber threats.
However, as with any solution, there are potential drawbacks to consider. We delve into how implementing robust cybersecurity measures may inadvertently slow down support processes, increase overhead for IT departments, and result in ongoing costs that can strain budgets.
Join me as we navigate the intricate landscape of cybersecurity, empowering you with the knowledge to make informed decisions to safeguard your organization's digital integrity.
Available on Apple Podcasts, Spotify, YouTube, and your favorite podcast app, this episode promises valuable insights into cybersecurity and its implications for your business. Stay tuned for expert analysis and practical advice.
Saturday Mar 30, 2024
S1, E11 - 10 Lessons from Safeguarding a DoD Network
Saturday Mar 30, 2024
Saturday Mar 30, 2024
In this episode, we dive deep into the fundamental practices necessary for safeguarding your organization's digital infrastructure.
Join us as we explore crucial topics such as patch management, application control, vulnerability scanning, and the principle of least privilege. With insights gleaned from years of experience in protecting sensitive networks, we offer actionable strategies that apply to every level of your organization.
Learn why patching everything is non-negotiable, and why it's imperative to speak with authority when it comes to operating securely. Discover the importance of limiting applications and questioning the necessity of ubiquitous tools like Chrome.
We delve into the necessity of vulnerability scans, emphasizing the need for regular, credentialed scans to ensure your defenses remain robust. And when vulnerabilities are found, we discuss mitigation strategies to minimize risk effectively.
But security isn't just an IT concern—it's a company-wide responsibility. Find out why all IT personnel, from help desk to data analysts, should possess a baseline understanding of security principles.
Discover how the use of Security Technical Implementation Guides (STIGs) and CISA Benchmarks can elevate your security posture, reinforcing the principle of least privilege and hardening your systems against potential threats.
In our discussion on policy enforcement, we highlight the importance of technical solutions in achieving compliance. While policies are crucial, we emphasize the need for practical, technical measures to fortify your network against evolving threats.
So join us as we share our insights, lessons learned, and practical advice in "Securing Your Network." Because in today's digital landscape, proactive defense is the key to staying ahead of the curve.
Tune in to uncover the 10 essential lessons learned from protecting a DoD network, and embark on your journey towards a more secure tomorrow.
Saturday Mar 16, 2024
S1, E10 - In the future will the IT Manager role be obsolete?
Saturday Mar 16, 2024
Saturday Mar 16, 2024
Summary of Podcast Notes:
Introduction:
- The podcast welcomes listeners with a brief introduction to the episode.
- The episode overview discusses the future of the IT Manager role.
Main Content:
- The role of IT Managers is explored, detailing responsibilities such as overseeing IT systems, managing personnel, training, budget management, and day-to-day operations.
- Differences between an IT Manager, VP of IT, and CIO are outlined.
- The importance of having a strategic IT leadership role, such as a CIO or VP of IT, is emphasized, including their responsibilities in aligning technology with business objectives, long-term planning, and ensuring efficiency.
- The absence of a CIO or similar leadership role can lead to various challenges such as lack of strategic direction, inefficient resource utilization, security vulnerabilities, limited innovation, and poor decision-making.
- The increasing importance of technology in organizations, with IT leaders potentially transitioning into CEO roles.
- IT professionals are encouraged to adopt a CIO mindset regardless of their current role, and the importance of seeking organizations that support professional growth is highlighted.
Outro:
- The episode concludes with a recap of key points and closing remarks thanking listeners and encouraging engagement through social media.
Timeline Bullets:
- Responsibilities of IT Managers are detailed, covering various aspects of IT operations and management.
- Responsibilities of CIOs are outlined, focusing on strategic direction and long-term planning.
- Challenges associated with the absence of a CIO or similar leadership role are highlighted.
- The evolving role of technology in organizations, with potential opportunities for IT professionals to transition into CEO roles, is discussed.
- The importance of adopting a CIO mindset and seeking growth-supportive organizations is emphasized.
Sunday Mar 03, 2024
S1, E9 - Is this the end of VMWare?
Sunday Mar 03, 2024
Sunday Mar 03, 2024
Broadcom's acquisition of VMware has created uncertainty among many, leading some to explore alternatives. Broadcom has shifted from perpetual licensing to a subscription model, with significant price increases. Layoffs have occurred, and the company plans to divest some assets. VMware partner agreements are being canceled, requiring reapplication for partnership. Broadcom's focus on global enterprise systems raises questions about support for coops and local governments. The free version of ESXi is discontinued, while other VMware offerings undergo restructuring. Broadcom intends to halve VMware Cloud Foundation offerings to encourage migration. The move away from VMware products prompts consideration of alternatives like Microsoft's Hyper-V, Scale, Nutanix, and open-source tools. Investors are eyeing potential returns following Broadcom's stock increase. CEO Hock Tan emphasized VMware's hardware and cloud agnostic approach. VMware Cloud Foundation facilitates seamless operation across various environments, supporting hybrid multi-cloud setups.
Wednesday Jan 17, 2024
S1, E8 - To EDR or Not to EDR: A Clash of Views in OT Security
Wednesday Jan 17, 2024
Wednesday Jan 17, 2024
In the latest episode of our insightful podcast series, we tackled a hot-button issue in the realm of Operational Technology (OT) security: the role of Endpoint Detection and Response (EDR) systems. This episode, "To EDR or Not to EDR: A Clash of Views in OT Security," features our own Jon and Anthony diving deep into the contentious debate, offering enlightening perspectives on whether EDR systems are a boon or a bane in the OT environment.
The Case for EDR: Anthony's View
Anthony, a staunch advocate for the integration of EDR in OT security, laid out compelling reasons why EDR systems are indispensable in today's increasingly interconnected and cyber-threat-prone world. His arguments centered on:
- Proactive Threat Detection: Anthony emphasized how EDR provides real-time monitoring and rapid response capabilities, crucial for thwarting cyber attacks in their infancy.
- Bridging IT and OT: He highlighted the importance of integrating IT and OT security strategies, considering the blurring lines between these once-separate domains.
- Compliance and Advanced Intelligence: With growing regulatory demands, Anthony argued that EDR systems help in meeting compliance standards while leveraging advanced threat intelligence to combat sophisticated cyber threats.
The Case Against EDR: Jon's Perspective
On the flip side, Jon presented a well-articulated case against the use of EDR in OT environments. His main points included:
- Integration and Complexity Concerns: Jon pointed out the unique complexities of OT environments, which might not mesh well with EDR systems primarily designed for IT networks.
- Risk of Disruption: He raised concerns about the potential for EDR systems to unintentionally disrupt sensitive industrial processes.
- Resource and Cost Implications: Highlighting the resource-intensive nature of EDR systems, Jon questioned the feasibility of their deployment in resource-constrained OT settings.
A Balanced Discussion
What made this episode particularly engaging was the balanced nature of the discussion. Both Jon and Anthony presented well-researched arguments, backed by real-world examples and expert insights. This not only enlightened our listeners but also sparked a thought-provoking dialogue about the future of cybersecurity in OT environments.
Conclusion: An Ongoing Debate
As our podcast wrapped up, it was clear that the debate on EDR in OT security is far from settled. The episode ended on a note that encourages listeners to consider both sides of the argument, weigh the pros and cons, and think critically about the best path forward for their specific OT environments.
Wednesday Dec 27, 2023
S1, E7 - Introducing KIKrr and the HACKERverse (Sponsored)
Wednesday Dec 27, 2023
Wednesday Dec 27, 2023
Discover the inspiring journey of KIKrr's co-founders, Mariana Padilla and Craig Ellrod, in Episode 7 of the Off the Wire podcast, "Introducing KIKrr and the HACKERverse." Dive into Mariana's transition from non-profit work to leading KIKrr, as she demystifies cybersecurity for businesses. This episode is a must-listen for anyone interested in tech innovation and cybersecurity solutions.
KIKrr is an innovative platform designed for the cybersecurity industry. It acts as an automated demo marketplace with a built-in events arena, showcasing the functionality of cybersecurity software. KIKrr enables users to experience products in a real-world, interactive environment. Additionally, it fosters a community of professionals seeking new cybersecurity solutions and provides a unique marketplace for connecting buyers with vendors.
Learn more and connect with KIKrr at kikrr.co. Don't miss this captivating exploration of the HACKERverse!
Tuesday Dec 12, 2023
S1, E6 – Navigating the Cyber Storm: Lessons Learned from DMEA
Tuesday Dec 12, 2023
Tuesday Dec 12, 2023
In November 2021, Delta-Montrose Electric Association faced a cyber-attack that tested their limits. Now, hear the gripping behind-the-scenes story in our latest interview with CIO, Bob Farmer.
️ Exclusive Insights:
- ️ Inside the Attack: The critical moments and decisions
- Turning Point: Strategies that turned the tide
- Team Effort: How collaboration and training made the difference
- Future-Proofing: Lessons learned for enduring cybersecurity
Why You Can’t Miss This:
- Learn from real-world experiences
- Gain insights on effective incident response
- Understand the importance of proactive cybersecurity
️️ Whether you’re in IT, manage a team, or just love a good comeback story, this interview is a must-listen!
Tune in to discover how resilience, expertise, and quick thinking can triumph in the face of digital adversity.
Subscribe and Follow: Don’t forget to subscribe to “Off the Wire” for more insightful conversations. Stay tuned for our next episode!