Richard Hollis, Director of Rick Crew, is serious about asking the tough questions.

ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry.

Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future!

To read Richard's full report, please visit www.isaca.org/the-circle-of-failure.

To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made by actively exploiting the soft spots of the company.

In this podcast, Justin Tiplitsky, Director of the Red Team at Adobe, talks about how his team uses adversary intel to perform continuous testing on the parts of the company that attackers are the most interested in targeting. This continuous testing leads to the relentless identification of the most opportunistic areas to attack, more closely emulating the never-ending threat from real adversaries. Testing is followed up by storytelling and data to influence change within the company.

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data.

Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK framework.

Tim Liu, long-term security technologist, co-founder, and CTO, will provide an overview of these two frameworks and the limitations or benefits of each approach. 

To read Taking Security Strategy to the Next Level, please visit www.isaca.org/taking-security-strategy-to-the-next-level.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit.

Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit.

To read Steve’s full-length article, “Auditee Buy-In—A Key Component of Effective Audits,” visit www.isaca.org/auditee-buy-in

To watch the ISACA Video Podcast of this episode, visit, https://youtu.be/nWFcXC24ueA. 

For more ISACA Podcasts, please visit: www.isaca.org/podcasts or visit ISACA YouTube Channel at https://www.youtube.com/c/IsacaHq.

 In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report.

As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers.

To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” 

To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world.

Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public.

To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter.

It is all about the system's downtime.

In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the IT world is currently living in a dangerous time.

To read Steven's full-length article, visit www.isaca.org/its-about-down-time.

To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe.

Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune in now to learn how to be vigilant when facing potential attacks from scammers.

To read Allen’s full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government, and socio-economically disadvantaged communities with his company Security Studio.

ISACA's Jeff Champion asks him about ways to overcome technical language barriers when completing risk assessments and Ryan discusses key issues with risk assessments and a path forward to resolving them. Tune in to start thinking about more interesting ways to approach risk assessments!

To read Ryan's full-length article, visit: www.isaca.org/what-makes-risk-assessments-so-unpleasant

To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout.

There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting workplace burnout and creating healthy boundaries with your colleagues. Tune into this ISACA Podcast now!

To learn more about Naomi, please visit: https://www.linkedin.com/in/naomi-buckwalter/

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts