Cyber criminals are growing in their attack planning. CISA is continuing training their teams to look for vulnerabilities and help out not only the government, but other entities secure their networks and products. Today’s guest is Robert Karas. Rob came to the Cybersecurity and Infrastructure Security Agency in 2010. He has over 30 years experience in the information security field and significant experience in building nationally recognized security platforms. At CISA, Rob built the Cyber Hygiene Program, risk and vulnerability assessments, and penetration testing programs. He has also created the Cyber Defense Education training programs to address industry challenges. Rob was also recognized by Cyber Patriot as Mentor of the Year.

Show Notes:

• [1:03] - Robert shares his background, what he does at CISA, and what CISA does as an agency.

• [4:01] - At CISA, agents hack into a company’s system with their permission to see where the vulnerabilities are.

• [5:53] - Phishing and social engineering continue to be the most successful attacks.

• [8:41] - A lot of times it feels like good security equals bad customer service.

• [10:27] - Playbooks are all the same or similar but the tools that CISA uses are unique.

• [12:29] - With the introduction and evolution of AI, there is some preparation to be done for an inevitable increase in attacks.

• [14:07] - Attackers prey on human vulnerability and emotion.

• [15:53] - Phishing emails are so good now that many times they really appear to come from someone you know.

• [17:15] - Over the last ten years, the statistics of people reporting a scam have improved.

• [20:16] - It is important for organizations to be prepared. For help with this, you can email [email protected]. 

• [23:39] - CISA has implemented Secure by Design.

• [25:30] - If you suspect you are communicating with a scammer, stop communicating right away.

• [27:02] - It is overwhelming when you think about the amount of devices we have that are connected and relied on.

• [30:16] - The amount of data we have and can have access to is so immense. How can we inspect everything?

• [32:09] - When it comes to purchasing new devices, ensure that frequent updates are part of the guarantee.

• [34:41] - A great place to start for resources on CISA’s website. Robert shares some of the resources available, including Secure Our World.

• [35:54] - CISA also offers free vulnerability scans for businesses.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

• Podcast Web Page

• Facebook Page

• whatismyipaddress.com

• Easy Prey on Instagram

• Easy Prey on Twitter

• Easy Prey on LinkedIn

• Easy Prey on YouTube

• Easy Prey on Pinterest

• CISA Secure Our World

• CISA’s Website