Hashtag Realtalk with Aaron Bregg

*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers.

In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location.  Matt is a Senior Security Architect for Guidepoint Security. The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone.

Talking P...

In this episode I talk with Lloyd 'Lucky' Guyot and Alex O'Meera about The Center for Internet Security's Critical Security Controls. Lloyd is a Security Advisor for Optiv and President of the Grand Rapids ISSA Chapter. Alex is a Security Analyst for Stack Overflow and Secretary of the Grand Rapids ISSA Chapter.

Talking Points:

• How can the CIS 18 help an SMB build your security program?
• How can the CIS 18 help ...

In this episode I had a chance to speak with Chris Jordan and Al Wissigner about where a small and medium sized business (SMB) should start their security journey. This is especially important in this day and age of the ever expanding cloud infrastructure and Software as a Service (SaaS) models.  Both of these fine gentlemen work for Fluency and have a TON of experience working SMBs.

Talking Points:

• The idea of bridging the gap b...

Despite the recent push by some old school (re: outdated) leaders to force employees to return the office, remote work is here to stay. While we all talk about the importance of making remote work secure, there isn't much talk about how the experience for the end-users. Fortunately, there are some companies out there that are understanding the need to balance security, business and end user needs.

In this episode I talk with Me...

In this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams. Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health.

Talking Points:

• How has Network Segmentation changed in 2023?
• Who is responsible? Is that team being supported enough?
• How are you compartmentalizing things?
• Should you separate ...

A few years ago, the topic for the 3rd episode for the #RealTalk with Aaron Bregg podcast about Diversity 

And Inclusion in the Cybersecurity Industry. To this date it is one of the most downloaded episodes. Since that episode was publish a LOT has changed in the world. I felt that it was time to revisit the topic but with a little bit of a twist. The need for a twist comes from the fact that DEI in cybersecurity still where it need...

In this episode I had a chance to dive into a topic that is ripped straight from my day job. Multi Cloud Compliance. My guest for this episode is Mike Roman. Mike is a Senior Security Sales Engineer for Orca Security, which happens to be  the company that just won the 'Best Swag' award at Cloud Con last week!

In all seriousness though, more and more companies are having to rely on multi-cloud environments in order to keep ...

In this episode I break from the norm a little bit in order to delve into the minds of security leadership. These insights come from a recent Grand Valley State University Cybersecurity Masters Graduate, Isaac Beasley.

As part Isaac's Master's project, he interviewed 10 different cybersecurity leaders in the West Michigan area about a variety of different topics. For the sake of time, I concentrated on talking to the follo...

While PenTesting (i.e. hacking) may be the most visible part of Information Security, it is sometimes can lead to a false sense of security. In this episode I had a chance to talk with Nabil Hannan about rethinking your penetration testing strategy and moving towards Attack Surface Management. Nabil is the Field Chief Information Security Officer for NetSPI  and has a ton of useful information to share about starting this journey.

T...

Earlier this year Cloud Security Alliance covered the big debate around should you buy or build for your Cyber Asset Attack Surface Management (CAASM) solution. As luck would have it, Ken Liao recently reached out to me regarding the new company that he works for who handles this very topic.

 In this episode I had a chance to talk with Sevco Security's Chief Strategy Officer, Brian Contos, on this very topic. The timeliness is ...

I know some of you are thinking, "Ugh another podcast on artificial intelligence!", to which I say, "Nope". Originally this was supposed to be a two-part series with the first episode focusing on high level AI talk. The second episode that drills down into how to actually come up with AI/ML policies and standards.

However, like all things related to the podcast, we are going to mix it up a little. In this episode...

In this episode I go outside of the topics and talk about one that I think is definitely underrated, Protecting Your Executives. I sometime forget how lucky my healthcare organization is very forward thinking when it comes to security. However, not all companies have the luxury of having a full team to protect VIPs.

I had a chance to have an in-depth conversation with Daniel Floyd around this very subject. Daniel is the Chief Inform...

In a recent episode Matt Nelson from Guidepoint was talking about how he is seeing a trend with medium-sized companies moving away from the idea of building out or building up a security team. There were several reasons including budget constraints and an experienced talent shortage. So I reached out to Bill Bernard about having a deeper discussion on how revisiting the topic of using a #managedsecurityoperations company.

Talking Po...

In this episode I had a chance to talk with Todd Brockdorf and Chris Lawrence about Zero Trust. Todd is a Senior Sales Engineer and Chris is a Customer Success Engineer. Nowadays it is hard to sift through all of the security vendor marketing chaff to get #RealTalk about Zero Trust.

Talking Points:

• What is the biggest misconception around Zero Trust that is happening right now?
• What about thinking of the cloud as a segmented netwo...

4.6.23 Update:

If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up!

*Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer....

In this episode I had a chance to talk with Derek Smith about the importance of securing your hybrid cloud environments. Derek is the Director of Cloud Strategic Alliances and Brand for Trace3. We took the time to break down several different issues that are happening right now across multiple industries.

Talking Points:

• How do you build a solution agnostic environment?
• How can we learn from the recent issues with Southwest to hel...

In the episode I had a chance to talk to not one, not two but THREE talented gents about the future of medical and IoT device security. Nathanael Dick, Russ Ramsay and Dan Rittersdorf all work for a great, and local, embedded systems engineering company called DornerWorks.

I was fortunate enough to do the podcast prep meeting in person and was able to tour their very cool West Michigan offices. Obviously, medical device security is ...

In this episode I get a chance to talk with Liav Caspi about rethinking how you do your Secure Software Development Lifecycle. Liav is one of the co-founders of Legit Security and got his start in the Israel Intelligence (Unit 800) scene many years ago. He and his other co-founders worked for a well known Static Application Security Testing (SAST) company I know very well. They then branched off a few years back to form what is now...

In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use c...