The Virtual CISO Moment

The Virtual CISO Moment

The Virtual CISO Moment dives into the stories of information security, information technology, and risk management pros; what drives them and what makes them successful while helping small and midsized business (SMB) security needs. No frills, no glamour, no transparent whiteboard text, no complex graphics, and no script - just honest discussion of SMB information security risk issues. Quick strike and wrap up audio-only episodes drop Mondays and Fridays; Throwback Thursday episodes are repeats. email greg.schaffer@secondchancebook.org. A Second Chance Publishing, LLC podcast.

Episodes

January 26, 2023 26 min

From September 28, 2022 -  Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC’s Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Secu...

Mark as Played

BJ Withrow, Manager, Major Accounts, East Coast at Tenable, is a self-proclaimed geek at heart and cybernerd by trade. When he is passionate about something, it comes out in everything he does, and he loves what he does. We cover a variety of topics, including cybersecurity for small and midsized businesses, exercising, and the importance of a servant's heart.

Note a production error resulted in mismatched video and audio for h...

Mark as Played
January 24, 2023 15 min

Southwest upgrades, NIST CSF update, ransomware affects 1000 ships' connectivity,  ransomware threat in next 24 months, iOS 12 zero-day fix, SCOTUS infosec risk management fails, securing IoT (list), my appearance this morning on the KAJMasterclass, and a thanks to Cynomi for including me as a top vCISO influencer.


  • https://www.ciodive.com/news/southwest-airlines-technology-data-upgrades-FAA/640890/
  • https://news.yahoo.com/southw...
  • Mark as Played
    January 20, 2023 14 min

    T-Mobile breach (again), MailChimp breach (again), ransomware payments down, TikTok fined for cookie issue, Avast posts decryptor for BianLian, five trends for 2023, and leveraging LNK files. 

  • https://www.wsj.com/articles/t-mobile-says-hackers-stole-data-on-about-37-million-customers-11674166048
  • https://techcrunch.com/2023/01/19/t-mobile-data-breach/
  • https://www.msn.com/en-gb/money/technology/mailchimp-suffers-another-major-data-brea...
  • Mark as Played

    From September 27, 2022 - Cy Sturdivant, Director at Forvis (Cybersecurity Division), joins us to discuss his path from accounting and finance to cybersecurity and the audit field. We dive into controls, the Three Line of Defense model, and how audit as the third line helps organizations achieve and maintain a solid information security posture.

    --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
    Mark as Played
    January 17, 2023 30 min

    Brent Forrest is a leader, architect, and strategic advisor of holistic cybersecurity. He has developed security programs across Oil & Gas, Financial, Insurance, and Construction industries including architecture of endpoint visibility/protection, managed detection and response (MDR), and security awareness as well as leading real-world cyberbreach response efforts. He is a graduate of Western Governors University and a holder ...

    Mark as Played
    January 16, 2023 19 min

    Malware attack on CircleCI, FortiOS vuln exploited, RTU ransomware attack, Lifelock compromise, Cloudflare and .gov, how and why to improve security culture, and nine top-of-mind issues for CISOs in 2023.

  • https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html
  • https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html#tk.rss_all
  • https://industri...
  • Mark as Played
    January 13, 2023 18 min

    US air grounding due to one engineer's error, vuln in chromium browsers, Citrix vuln, Tech Republic bundle offer, 10 penetration testing decision factors, and why soft skills are necessary in infosec.

  • https://www.dailymail.co.uk/news/article-11628753/FAA-flight-grounding-debacle-stranded-tens-thousands-hours-caused-engineer.html
  • https://thehackernews.com/2023/01/experts-detail-chromium-browser.html
  • https://www.csoonline.com/artic...
  • Mark as Played

    From September 20, 2022: Adam Bricker has led many career lives, from working on Tomahawk missiles to cofounding the Carolina Cyber Center, focused on hardening community resources and continuing education to address the nation's critical cybersecurity talent shortfall. He currently provides consulting services for businesses in high tech, IT-enabled and emerging markets as the founder of ePower Learning, and his testimony of f...

    Mark as Played

    Mary-Michael Horowitz, CISM, is the Founding Partner/CEO at Asylas, LLC. Asylas is a cybersecurity solutions firm heavily focused on remarkable service and customized approaches to security, privacy and risk consulting. We discuss small and midsized business security challenges, including passwords and password managers.

    --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
    Mark as Played
    January 9, 2023 20 min

    Experian security flaw, CISOs focus on three trends, email services encryption, importance of SaaS user permissions, $24B MATIC coin risk, and today's list: 10 CRUCIAL cybersecurity tips for small business.

  • https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/
  • https://www.darkreading.com/microsoft/cisos-are-focused-on-these-3-trends-are-you-
  • https://www.techrepublic.com/article/cl...
  • Mark as Played
    January 6, 2023 21 min

    Flipper phish, Slack breach, LastPass last trust, Twitter account info for free, Iran DDoS attack, data privacy trends, and a question of whether or not to use a VPN firewall (feedback encouraged, email greg@gregschaffer.info).

  • https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/
  • https://cybernews.com/security/slack-admits-security-breach/
  • https://www.pcmag.com/opinions/la...
  • Mark as Played

    From September 13, 2022 - Elvis Huff is the Vice President - Director of Security/Information Security Officer for Wilson Bank and Trust. His path to bank ISO is not typical but is inspirational, with 12 years as a police officer prior to entering the world of banking. His reason for the transition involves faith and following a calling. He also produces an awesome security newsletter, Security Stuff with Elvis Huff - check it out ...

    Mark as Played

    For our kickoff episode of Season Five, Dave Evangelista joins us. He has 20 years of experience with financial institutions and is currently the Vice President Information Technology for a midwestern credit union where he is responsible for the tactical direction, control, and ongoing analysis and planning for the credit union’s IT environment. Infrastructure, Operations, Critical Systems, Information Security, Development, e-Serv...

    Mark as Played

    Twitter GDPR investigation, ransomware group clones victim's site, LockBit apologizes to children's hospital, ransomware ecosystem diversifying, IT Pros' cybersecurity fears, FinTech cybersecurity issues, and cybersecurity tools to keep you safe as a remote worker...sort of.

  • https://gdprbuzz.com/news/twitter-faces-investigation-in-ireland-over-data-breach/
  • https://www.bleepingcomputer.com/news/security/ransomware-gang-cl...
  • Mark as Played

    Ransomware not covered by cyber insurance, cyberattacks may be impossible to insure without some changes, whatever happened to UEBA, 100,000 students have their data exposed, six tips for hiring cybersecurity talent, and my predictions for 2023.


  • https://www.jurist.org/news/2022/12/ohio-supreme-court-says-insurance-policy-does-not-cover-ransomware-attack-on-software/
  • https://www.techspot.com/news/97118-cyberattacks-could-soon-become...
  • Mark as Played

    From September 6, 2022 - Donna Gallaher, President and CEO of New Oceans Enterprises, LLC, is a seasoned IT and information security pro providing virtual CISO and risk management services. She is a FAIR (Factor Analysis of Information Risk) evangelist and is passionate about growing the virtual CISO community, including serving on the Board of Directors for vCISO Catalyst, a Public Benefit Corporation supporting the improvement of...

    Mark as Played

    Michelle Drolet is a highly experienced information security expert who is well respected by clients, information security peers and analysts. Ms. Drolet is a sought-out speaker, panelist, and is a regular contributor to leading online publications such as Forbes Technology Council, Wired.com and IDG CSO Online. We discuss SMB security needs and challenges and how services such as a virtual CISO can be an effective solution.

    --- ...
    Mark as Played

    BetMGM breach, search engine ad attacks, ransomware with new encryption algorithm, new ransomware served by PrivateLoader, and an update on the LastPass breach, with some thoughts.

  • https://www.bleepingcomputer.com/news/security/leading-sports-betting-firm-betmgm-discloses-data-breach/
  • https://www.infosecurity-magazine.com/news/fbi-cyber-search-engine-ads-attacks/
  • https://cybersecuritynews.com/vice-ransomware-group-uses-custom-ransomw...
  • Mark as Played

    Okta breach, Gmail client side encryption, avoid clicking bad links not enough, and more predictions!

  • https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/amp/
  • https://www.zdnet.com/article/google-brings-client-side-encryption-to-gmail-for-workspace/
  • https://www.ncsc.gov.uk/pdfs/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-working.pdf
  • https://www.trendmicro.com/en_u...
  • Mark as Played

    Popular Podcasts

      Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

      Stuff You Should Know

      If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.

      The Piketon Massacre

      The most notorious mass murder in Ohio’s history happened on the night of April 21, 2016 in rural Pike County. Four crime scenes, thirty-two gunshot wounds, eight members of the Rhoden family left dead in their homes. Two years later a local family of four, the Wagners, are arrested and charged with the crimes. As the Wagners await four back-to-back capital murder trials, the KT Studios team revisits Pike County to examine: crime-scene forensics, upcoming legal proceedings, and the ties that bind the victims and the accused. As events unfold and new crimes are uncovered, what will it mean for all involved? What will it mean for Pike County?

      Crime Junkie

      If you can never get enough true crime... Congratulations, you’ve found your people.

      Morbid

      It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.

    Advertise With Us

    For You

      Music, radio and podcasts, all free. Listen online or download the iHeart App.

      Connect

      © 2023 iHeartMedia, Inc.