The Cybersecurity Vault - episode #30, with guest Lisa Forte . Effectively responding to cybersecurity crisis events is crucial, yet many organizations lack a mature capability.

I speak with Lisa Forte, a legend when it comes to helping organizations prepare for handling cybersecurity crisis events, who shares her rich insights and recommendations.

Lisa’s LinkedIn profile: https://www.linkedin.com/in/lisa-forte/

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

The Cybersecurity Vault - episode 32, with guest Ian Thornton Trump. In this episode, we discuss one of the most divisive and contentious topics in cybersecurity - should victims of ransomware be allowed to pay the cybercriminals?

With the continuing rise of digital extortion, such as ransomware, the world has realized that typical security practices cannot keep pace and the impacts are threatening the critical infrastructure sector. That has significant ramifications to the security and safety of entire nations.

The idea of criminalizing digital extortion payments, to choke the money going to cybercriminals and thereby deter them, is a contentious idea that has the community polarized.

I welcome back Ian Thorton Trump, the CISO at Cyjax Limited and the CTO at Octopi Managed Services to constructively discuss a path forward to address the growing threat.

Ian’s LinkedIn profile: https://www.linkedin.com/in/ian-thornton-trump-cd-77473a26/

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

The Cybersecurity Vault - episode #31, with guest Donna Kidwell. Donna Kidwell, CISO of Arizona State University, is one of the best and brightest in our community! I am continually amazed at her insights, strategic focus, and ability to creatively tackle some of the biggest problems in cybersecurity.

Today, we talked about the incredible challenges and forward-thinking that her team is driving at ASU and across partnerships around the globe.

Afghan women and their ARISTA internships - so incredibly proud of them - their story is here! https://tech.asu.edu/features/arista-upksilling-cohort-2023

Donna’s LinkedIn profile: https://www.linkedin.com/in/dkidwell

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

The cybersecurity community is in an uproar over the recently announced SEC case against SolarWinds and their CISO. I talk with Ira Winkler, a longtime respected veteran of the industry, to debate the various issues of this SEC fraud and Internal Control Failures.

SEC press release: https://www.sec.gov/news/press-release/2023-227

SEC Compliant (.pdf) https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf

Ira Winkler’s LinkedIn Profile: https://www.linkedin.com/in/irawinkler/

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

The SEC case against SolarWinds and their CISO continues to reverberate across the cybersecurity community. I talk with Edward Amoroso, the Founder and CEO of TAG Infosphere, to discuss different aspects of the case and recent SEC requirements for disclosure of material incidents.

Ed LinkedIn profile: https://www.linkedin.com/in/edward-amoroso/

TAG Infosphere website: https://tag-infosphere.com/

SEC official announcement: https://www.sec.gov/news/press-release/2023-227

SEC Complaint (.pdf) https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

Some companies, after being breached are attempting to shift the 'narrative of blame' away from themselves and sometimes towards their customers! I talk with Christine Bejerasco, CISO of WithSecure, and discuss how this is coming about and what both companies and consumers should be doing to protect sensitive data.

Christine's LinkedIn profile: https://www.linkedin.com/in/christinebejerasco/

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

We are doing cybersecurity metrics wrong! There are better ways and my guest Rick Howard, the CSO at N2K and longtime cybersecurity metrics expert, provides insights into how metrics can support cybersecurity programs and decisions. This is a timely topic as there are more pressures on CISOs, from new regulations, emerging standards, higher Board expectations, and SEC enforcements, that are increasing the need for better cybersecurity metrics.

Rick and I probably had too much fun in this podcast, arguing and bantering. He brings a wealth of knowledge and experience to the table. I look forward to our next chat!

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

Follow Rick on LinkedIn: https://www.linkedin.com/in/rickhoward/

Be sure to check out his books, course, podcasts, and the booklist from the Cybersecurity Canon Project:

Book: Cybersecurity First Principles: A Reboot of Strategy and Tactics

https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083

First Principles Free Course

https://www.n2k.com/cybersecurity-first-principles-course

The Cybersecurity Canon Project

http://cybersecuritycanon.com/bookreviews

Rick Howard Podcast on The CyberWire - CSO Perspectives

https://thecyberwire.com/podcasts/cso-perspectives-public

Cyberwire Network - The Cyberwire’s Network of Security Podcasts

https://thecyberwire.com/podcasts

Cybersecurity metrics as it relates to risk management, regulations, resource optimization, board communications, and grandmothers! We cover it all! Another great conversation with Gavin Grounds, longtime industry veteran and thought-leader in the enterprise cybersecurity metrics space. If you think metrics are important or you need better metrics, be sure to listen in!

Gavin’s LinkedIn Profile: https://www.linkedin.com/in/gavingrounds/

Mercury Risk and Compliance: https://mercuryrisk.com/

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights