Sign up to save your podcasts
Or
Share Navigating NIST CSF 2.0: Guide to Frameworks and Governance
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising.
Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs.
Guest Socials: Lukasz's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:00) A bit about Lukasz
(04:32) Security Challenges for Tech First advertising company
(05:16) Security Challenges for Retail Industry
(06:00) Difference between the two industries
(07:01) Best way to build Cybersecurity Program
(09:44) NIST CSF 2.0
(13:02) Why go with a framework?
(16:26) Which framework to start with for your cybersecurity program?
(18:33) Technical CISO vs Non Technical CISO
(25:37) The Fun Section
Resources spoken about during the interview:
NIST CSF 2.0
CIS Benchmark
ASD Essential Eight
Mapping between the frameworks
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight
Verizon Data Breach Investigations Report (DBIR)
Lukasz Woodwork Channel
BSides Melbourne
View all episodes
By Cloud Security Podcast Team
5
5656 ratings
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising.
Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs.
Guest Socials: Lukasz's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:00) A bit about Lukasz
(04:32) Security Challenges for Tech First advertising company
(05:16) Security Challenges for Retail Industry
(06:00) Difference between the two industries
(07:01) Best way to build Cybersecurity Program
(09:44) NIST CSF 2.0
(13:02) Why go with a framework?
(16:26) Which framework to start with for your cybersecurity program?
(18:33) Technical CISO vs Non Technical CISO
(25:37) The Fun Section
Resources spoken about during the interview:
NIST CSF 2.0
CIS Benchmark
ASD Essential Eight
Mapping between the frameworks
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight
Verizon Data Breach Investigations Report (DBIR)
Lukasz Woodwork Channel
BSides Melbourne
More shows like Cloud Security Podcast
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,009 Listeners
AWS Podcast
202 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Practical AI
192 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Cloud Security Podcast by Google
38 Listeners
Risky Bulletin
43 Listeners