Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution.

Matt chatted with me over Skype about a wide variety of security topics, including:

• Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity?

• Why is it still so hard to find "bad stuff" on the network?

• What are some common security mistakes you wish you could wave a magic wand and fix for all companies?

• The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks.

• Low-hanging hacker fruit that all organizations should consider addressing, such as:

  • Disabling IPv6
  • Using a password manager
  • Turning on multi-factor authentication
  • Don't write down your passwords!
  • Have a mail transport rule that marks external mail as "EXTERNAL" so it jumps out to people
  • Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!)

• Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector

I also asked Matt a slew of questions that many of you submitted via Slack:

More info under the show notes for this episode at 7ms.us!