Cyberattacks can happen to an individual computer or an entire network. It’s vital to have well-tested plans in place before ransomware rears its ugly head. Today’s guest is Steve Orrin. Steve is Intel’s Federal CTO and Senior Principal Engineer. He leads public sector solutions architecture, strategy, and engagement and has held technology leadership positions at Intel. Steve was previously CTO, CSO, and co-founder of several successful security startups and is a recognized expert and frequent lecturer on enterprise security.

Show Notes:

• [1:01] - Steve shares what his current role is at Intel Corporation and how he became drawn to the field.

• [2:52] - There are risks everywhere. Where do we start when it comes to cybersecurity for a business?

• [3:54] - Steve describes risk profiles and what you need to understand what you’re trying to protect.

• [5:21] - Once you know your environment and risk profile, it’s time to look at the key things above security “hygiene” and the processes to raise the bar.

• [7:48] - There are benefits to microsegmentation, including smaller network enclaves.

• [9:44] - Steve makes a suggestion for network segmentation when it comes to state of the art equipment.

• [12:07] - Ideally, you want sensors in every network enclave but that isn’t always realistic.

• [13:57] - Having network segmentation will also give you the information needed to find which part of your business receives an attack.

• [15:39] - How do we protect data in the cloud?

• [17:04] - It all goes back to understanding the data you need to protect.

• [21:01] - Just like in your business, you need to know how your IT resources are being used and which ones are not right.

• [23:20] - These building blocks help you see how you are utilizing security and it needs to be built in from the beginning.

• [24:55] - Changing approaches in large organizations can seem challenging, but Steve says they are constantly modernizing and it’s all about perception.

• [26:24] - Literally any type of company can be attacked because of every industry’s reliance on digital tools and infrastructure.

• [28:16] - There are different types of attackers - those who target someone specific, those who are opportunistic, and those who are purely automated.

• [29:44] - Everyone is a potential target even if you aren’t being targeted.

• [31:33] - Planning will also help answer the question of how to continue running the business while ransomware is active.

• [33:21] - Companies need to adopt a gamified system to train everyone in the organization on how to respond to an attack.

• [3