Episode 15: Better Security Through Better Metrics
Planning and enacting a proper cybersecurity strategy requires data, usually in the form of metric data. These tracked statistics, qualitative and quantitative, are analyzed and organized into stories that can help a security operation see vulnerability and places to focus their attention. Metrics, however, can just as easily distract leadership and waste effort and expense. Knowing which metrics to consult and when is as valuable as tracking the data in the first place. Edward Marchewka, founder of 3LC Solutions, joins onSecurity to talk with Stel about what metrics are worth basing decisions on, times metrics don’t tell the whole story, and essential things to remember when considering qualitative and quantitative data.
Episode 14: Creating Cybersecurity Media
One of the most important parts of the cybersecurity community’s work to protect data is to educate their clients and inform the public of known risks and specific threats to their personal and professional data. In a space already filled with disinformation and out-of-date ideas, it is vital that leaders, practitioners, and experts know how to communicate essential security information in clear, credible, and actionable terms.
Kyle McNulty joins Stel on this episode of onSecurity to talk about methods and modes of cybersecurity content creation and developments in the media landscape
Episode 13: Capture the Flag!
Cybersecurity professionals are constantly honing their skills and adding to their knowledge set. Still, to stay ahead of attackers, defenders must make sure to continue to think outside of the box, see the obscure, and practice their ability to solve problems. Capture the Flag competitions are a popular exercise at cybersecurity events, offering an array of riddle-like security challenges. Blue Team Con 2022 hosted such a competition for attendees and it was won by onShore Security analyst Chris Spankroy.
Chris joins Stel to talk about his experience with Blue Team Con’s Capture the Flag competition, how it was designed to test “blue team” skills, and how he analyzed his way to victory.
Episode 12: Building the Cybersecurity Community of Tomorrow
Cybersecurity practitioners, as defenders of information, benefit from the fact that they are, in some ways, one large team, and the sharing of information and best practices as an industry and a community elevates everyone’s ability to protect their data. The passing of experience and expertise among peers is important, but staying ahead of emerging cyber threats requires recruiting and training the next generation.
John Johnson joins onSecurity to discuss CornCon, the cybersecurity convention he founded in Davenport, Iowa. CornCon’s growth is in large part due to it filling a growing demand for regional cybersecurity events, as well as the event’s focus on young professionals, students, and children, with programming designed to support and welcome the cybersecurity industry leaders of tomorrow.
Episode 11: Leading with Cybersecurity
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Cybersecurity practice is typically the territory of experts in the field, but for large organizations, cybersecurity is a board-level concern and should factor into decisions in every department, from security and risk to marketing and customer experience.
Cybersecurity can seem a big obstacle and is a large source of risk for the unaware or ill-prepared, but for those leading with cybersecurity, it offers a new way to think about every part of your organization, at every level.
For our eleventh episode, Robert Barr joins onSecurity to discuss the importance of cybersecurity awareness at the board level and the work that the Private Directors Association is doing with their new Cybersecurity Governance Committee to ensure that leaders have the understanding and knowledge needed to make big decisions.
Episode 10: Cyberpeace
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. The image of the lone wolf hacker or of small-time crooks lit only by laptop glow in their basements is long out-of-date. Cyber attacks, ones that impact civil society, now commonly derive from governmental organizations or groups working for government and military agencies, and their targets are not restricted to the public sector. Total warfare is becoming the prevailing tactic on the growing cyber front of global geopolitical conflict and everyone is caught in the crossfire.
For our tenth episode, John Hering joins onSecurity to discuss the importance of digital diplomacy and his efforts with Microsoft and the Cybersecurity Tech Accord to reduce the risk and impact of cyber warfare and state-sponsored cyber attacks on Enterprises and individuals.
Episode 9: Governance, Risk, and Compliance
At the Enterprise level, many discussions and decisions about cybersecurity and IT focus on the operational capability of the organization and bad actors that may interfere. As cyber operations become a larger part of business operations as a whole, organizations now must also consider regulatory compliance or risk losing the ability to operate and even face potential damaging liability.
Chris Johnson, Sr. Director of Cybersecurity Programs at CompTIA ISAO, joins onSecurity to discuss the importance of GRC – governance, risk, and compliance. Though implementation of GRC in an organization may offer some hurdles, this work raises the cybersecurity posture of an organization, making them better able to prevent and resist cyberattacks, as well as comply with regulations, allowing them to continue the work they do and expand into new opportunities.
Episode 8: Blue Team Con
In cybersecurity, the importance of teamwork, collaboration, skill sharing, and peer review cannot be overstated. When it comes to cyber defense, blue teams are in competition against the criminal elite and cyber attackers worldwide, but draw strength from working and communicating with each other. Cybersecurity conventions are increasingly popular places for the industry’s most meaningful discourse. On our eighth episode, Frank McGovern, Cybersecurity Architect at StoneX, joins onSecurity to discuss the gap he saw in the cybersecurity convention scene and his work to organize Blue Team Con along with our host, BTC co-founder and onShore Security CEO Stel Valavanis.
Episode 7: Zero Trust
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our seventh episode focuses on practicing the zero-trust philosophy to harden cybersecurity targets. As cyber operations at the Enterprise level expand to defend against cyberattacks, hackers seek easier targets among enterprises.
Chase Cunningham joins onSecurity to talk about his effort to raise the maturity level of cybersecurity of targeted companies and how organizations are adopting the use of a zero-trust strategy at every level.
Episode 6: Developing Cybersecurity Products
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our sixth episode focuses on the development of new cybersecurity products and processes. Data analysis is a pillar of any mature cybersecurity operation and is the process that transforms information into intelligence. As cybersecurity advances, engineers and analysts must work together to move forward with speed and safety.
Anil Mudholkar, Head of Product Development for onShore Security, joins Stel to talk about the current state of cybersecurity products.
Episode 5: Benefits and Pitfalls of Automation
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our fifth episode focuses on the rise of automation in cybersecurity. As automated processes augment the capabilities of cybersecurity operations, it is important not to overlook the importance of the human element. Understanding the benefits of automation in cybersecurity requires an examination of potential pitfalls and the ways that security teams fill in the gap.
Joe Gresham, Product Development specialist for onShore Security, joins Stel to talk about the benefits and pitfalls of automation in cybersecurity.
Episode 4: The Future of Cybersecurity
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our fourth episode focuses on the future of cybersecurity. As cybercrime adapts to new cyberdefense products and processes, security must stay one step ahead. Developing new ways of thinking and doing in defending data will require security teams to be agile and imaginative.
Craig Brozefsky, Senior Software Engineer Consultant for onShore Security, joins Stel to talk about his experience at Cisco, projects with onShore, and the future of security.
Episode 3: Marketing Cybersecurity
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our third episode focuses on marketing cybersecurity. As cybercrime’s impact on daily life continues to grow, it becomes even more important to educate our leaders and help employees at every level of your organization understand the importance of cyberdefense.
Founder of Hesser Communications, Amy Hesser joins Stel Valavanis to discuss how to draw attention to security and inspire the action needed to combat cyberattacks.
Episode 2: Beyond Endpoint Security
onShore Security’s podcast, onSecurity, explores a variety of topics in the cybersecurity field. Our second episode centers on cybersecurity beyond the endpoint. As network perimeters become “squiggly”, the focus must shift from endpoint management to the data itself.
Founder and CEO of Nullafi, Rob Yoskowitz, joins Stel Valavanis to discuss how changes in people and processes require cybersecurity operations to reconsider who has access to what and when.
Episode 1: Compliance and Security
onShore Security CTO Steven Kent joins Stel to discuss the intersection of compliance and security. As the author of an oft-cited saying at onShore, “security is a process, not a product”, Steven Kent is the reason that onShore has been able to satisfy the complex needs of clients in the banking industry.