The Cyber Rants Podcast

In a digital realm rife with misinformation, the guys dissect the reliability of cyber score sites like Security Scorecard that rate the security level of companies. They discuss the repercussions of false ratings and the pressures on organizations to pay for correcting misleading information. Breaking down real-world examples to a technical level, the guys explore the nuances of these scoring systems and give a concise yet insightful perspective on the pros and cons. Listen to this episode and decide for yourself whether cybersecurity scoring sites are providing real value or misinforming the public.

Let's face it, disasters are prone to strike anytime and almost always when least expected. Most businesses can't afford to stop operations for an extended period of time. Having a plan for disaster recovery and business continuity is central to your cybersecurity program and most compliance requirements. This week, the guys talk about developing effective plans that you hope you never have to use. 

The guys are asked regularly, "How can vendor risk management be quicker and easier?" After all, the process can be quite time-consuming. Others ask, "How do we answer these giant questionnaires from our clients without making ourselves look bad?"  This week, the guys share tips to help organizations both manage vendor risk and present themselves in the best possible way when asked about their own cybersecurity. Regardless of whether you are the vendor under scrutiny or you are evaluating the security of your vendors, this episode is for you.

Let's face it, the end of the year is the busiest time in many areas of business - but fear not! Cybersecurity shouldn't be an end-of-year rush to catch up. This week the guys break down what you can do to make the 4th quarter easier for you so you can actually enjoy some time off during the holidays. They share their observations and insights so you can go into the new year ready and confident.

Headlines:

This week, Zach and Lauro are joined by Milton Chavez, as all three guests have one unique connection - they're all U.S. Army Veterans that have made the post-military transition to the Cybersecurity sector. They discuss what life is like making the jump from a military background to the cybersecurity industry, and tips for current soldiers to make the same transition when they hang up the uniform.

This week, Zach and Lauro talk about some critical but often overlooked topics including in-person social engineering attacks, the nuances of change management, and what it really means to hack wireless networks. They share why organizations need to do more in-person physical penetration testing and how to help employees react properly in the event of a face-to-face social engineering attack. 

Cyber criminals continue to increase their focus on executives and other high-profile individuals. Using well crafted and targeted attack methods, criminals are able to coerce people into sending money and information directly into the wrong hands. This week, the guys talk about whaling, spear phishing, and other tactics being used in successful attacks! 

This week the guys talk about vCISO challenges from the perspectives of both the vCISOs and their clients. But wait - what does it really mean to be a vCISO? How do you know if a vCISO is right for your organization? Which vCISO is best? You’ll get answers from the guys as they share their vCISO stories and discuss cybersecurity expertise for rent in today's confusing marketplace! 

This week, the guys welcome one of the most interesting figures in cybersecurity! Meet Chris Rock, the hacker and cyber mercenary who can overthrow a government, digitally birth and kill people, and leverage a lot more unique skills he doesn't share with everyone. In addition to founding SIEMonster and being a three time DefCon presenter, Chris has worked across the Middle East, the US, and Asia preventing cyber attacks for both governments and private organizations. This episode is as entertaining as it is eye-opening!

It seems like there is a new cybersecurity regulation popping up every week and with so many changes, it can be hard to keep track. This week the guys explain the Securities and Exchange Commission Rule 10 and the Federal Trade Commission Safeguards Rule. They share who's affected and what these requirements could mean to your organization.