The Cyber Rants Podcast

As technology's most widespread and trusted vendors are compromised, who can you really trust in today's environment? This week, the guys discuss attacks originating from compromised tech products, how the bad guys gain insider access, multi-factor authentication fatigue, and even a few hints at their love for Rick Astley.

Cloud services can offer tremendous benefits and cloud computing environments have become a standard across all industries. However, marketing hype leads consumers to believe that "the cloud is secure" by default and that someone else is taking responsibility for their protection. Too many people are quick to adopt cloud services without truly understanding the risks. This week, the guys discuss the risks and considerations around cloud services to help you ask the right questions and make wise decisions when moving to new technology environments.

Ransomware can infect your on-premise or cloud environments at any given time but we've noticed that ransomware attacks seem to spike during certain times of the year. This week, the guys talk about how ransomware can be deployed on your devices, how to prevent ransomware attacks, and even some horror stories from how ransomware has impacted major networks.

It's cyber risk assessment season! This is the time of year when many organizations seem to perform their annual cyber risk assessment. Unfortunately, the standard methods often result in limited visibility. This week, the guys discuss a more holistic risk assessment approach to make your cybersecurity program stronger than ever.

This week, the guys discuss some cybersecurity trends, tips, and words to the wise that are timely and relevant in today's technology-centric world! They discuss: 

• Are attacks ramping up and if so, why?
• The pros and cons of spending your cybersecurity budget on Black Hat and DefCon
• Why you need specific objectives in your penetration testing, not just the numbers
• The wrong and right way to establish vendor relationships
• And more! 

Does your company recruit IT and cybersecurity staff with the same methods used to fill other positions? If so, don't miss this episode. This week, the guys welcome Cammas Freeman, an expert on finding and retaining the best technology professionals. Cammas shares a unique approach for recruiting the best talent, using a methodology that saves a tremendous amount of time and money. She also shares tips to build a strong culture for less turnover.

Cyber criminals are heavily focused on compromising backups so their attacks are as crushing and painful as possible for the victims. Good backups and the ability to quickly restore are a critical part of every infosec program but many organizations still treat backups as an afterthought. This week, the guys welcome the recognized authority on data backup W. Curtis Preston (aka. Mr. Backup) to reveal the backup and recovery trends he is noticing, tips organizations can implement to minimize risk, and what to look for in a backup solution.

This week, the guys discuss one of their favorite topics, Payment Card Industry Data Security Standards (PCI DSS)! Companies that transmit, process, or store credit card data need to be compliant but PCI has its own nuances. What level of PCI compliance do you need? How do you determine what is in scope? How do you work with auditors? The guys answer these questions and more, plus share some wizard-like tactics to help you maneuver through the PCI requirements.

Inflation and other economic factors are affecting companies large and small. Some organizations are cutting budgets but still have security and compliance requirements to maintain. This week, the guys discuss what organizations can do if they need to reduce spending, how to get the most bang for your buck, plus mistakes you don't want to make during turbulent times. 

Building and managing a cybersecurity program can be confusing for organizations with multiple product lines, subsidiaries, or industry divisions. How do you manage security across all business units? What can you do to set standards that the entire organization follows? How do you control the quality of the cyber risk management practices through different cultures? This week, the guys answer these questions and more, discussing the various aspects of implementing, assessing, managing, and normalizing cybersecurity across a complex organization.