Cybersecurity Where You Are (video)

In episode 175 of Cybersecurity Where You Are, Tony Sager sits down with Phil Reitinger, Chair and Senior Advisor of Global Cyber Alliance. Together, they look back on Phil's career and his dedication to exploring how to practically solve cyber problems at scale. Here are some highlights from our episode: 00:5704:5106:1407:3310:0912:3322:50Resources Episode 30: Solving Cybersecurity at Scale with NonprofitsEpisode 79: Advancing Common Good in Cybersecurity – Part 1Episode 80: Advancing Common Good in Cybersecurity – Part 2Quad9If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website. Here are some highlights from our episode: 02:0003:0905:0807:4713:1916:0718:0219:2020:2522:4026:3931:2533:43Resources Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1The Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeSurge of QakBot Activity Using Malspam, Malicious XLSB FilesActive Lumma Stealer Campaign Impacting U.S. SLTTsEpisode 173: Scammer Jousting as Human Risk ManagementClickFix: An Adaptive Social Engineering TechniqueImpact of Federal Funding Cuts to the Value of MS-ISAC CTIEpisode 157: How a Modern, Mission-Driven CIRT OperatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing. Here are some highlights from our episode: 01:0503:4806:1909:2715:0016:5719:5723:5629:52Resources Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs. Here are some highlights from our episode: 00:5106:0309:0012:3120:5724:2928:1331:08Resources CIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption. Here are some highlights from our episode: 00:5002:4804:1007:2408:1313:2224:4633:17Resources The Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 170 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Douglas Holland, Senior Solutions Engineer at Akamai Technologies. Together, they discuss how U.S. State, Local, Tribal, and Territorial (SLTT) government organizations can increase their visibility to obstruct the attack attempts of Typhoon advanced persistent threat (APT) groups. Here are some highlights from our episode: 00:4902:1608:3009:1514:1416:4619:1123:2029:18Resources Malicious Domain Blocking and Reporting (MDBR)Living off the Land: The Power Behind PowerShellCybersecurity for Critical InfrastructureBuild a Zero Trust Roadmap for FinServ with CIS SecureSuiteIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 169 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager begin their discussion of 2026 cybersecurity predictions from seven experts at the Center for Internet Security® (CIS®), as shared on the CIS website. Here are some highlights from our episode: 01:0505:3712:5221:2231:18Resources An Introduction to Artificial IntelligenceCybersecurity for Critical InfrastructureEpisode 144: Carrying on the MS-ISAC's Character and CultureEpisode 142: SLTTs and Their Nuanced Cybersecurity NeedsCollective SLTT Cyber DefenseGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1Episode 90: Migrating to the Cloud with Control ContinuityBuild a Zero Trust Roadmap for FinServ with CIS SecureSuiteSecure by Design: A Guide to Assessing Software Security PracticesEpisode 110: How Security Culture and Corporate Culture MeshEpisode 147: Actualizing Threat Intel for Effective DefenseLaw EnforcementReasonable Cybersecurity GuideNIST SP 800-207: Zero Trust ArchitectureEpisode 74: The Nexus of Cybersecurity & Privacy LegislationMapping and Compliance with the CIS ControlsMapping and Compliance with the CIS BenchmarksIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 168 of Cybersecurity Where You Are, Tony Sager sits down with Tony Rutkowski, one of the CIS Critical Security Controls® (CIS Controls®) Ambassadors of the Center for Internet Security® (CIS®). Together, they discuss what Tony Rutkowski has learned in his efforts to institutionalize good cybersecurity ideas like the CIS Controls. Here are some highlights from our episode: 01:4806:0612:5017:5021:4424:2526:41Resources Episode 160: Championing SME Security with the CIS ControlsEpisode 167: Volunteers as a Critical Cybersecurity ResourceReasonable Cybersecurity GuideCybersecurity at Scale: Piercing the Fog of MoreMapping and Compliance with the CIS ControlsSecure by Design: A Guide to Assessing Software Security PracticesEpisode 164: Secure by Design in Software DevelopmentCIS Critical Security Controls Implementation GroupsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 167 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kelley Misata, Ph.D., Chief Trailblazer and Founder at Sightline Security. Together, they discuss how volunteers constitute a critical cybersecurity resource for the Center for Internet Security® (CIS®). Along the way, they explore the nature of volunteerism, the role of volunteers at CIS, and how CIS is looking to mature its engagement with volunteers going forward. Here are some highlights from our episode: 01:3703:0904:5006:5510:5114:3919:4320:3024:3726:0030:0934:5138:32Resources 25 Years of Creating Confidence in the Connected WorldCIS CommunitiesEpisode 160: Championing SME Security with the CIS ControlsStoryCorpsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 166 of Cybersecurity Where You Are, Sean Atkinson sits down with Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa, and Daniel Woods, Lecturer at the University of Edinburgh. Together, they review the foundations of actuarial science in cyber risk. Here are some highlights from our episode: 00:4801:2202:2004:0107:2108:5811:3813:1014:3117:4322:3026:2032:3336:09Resources Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 105: Context in Cyber Risk QuantificationEpisode 77: Data's Value to Decision-Making in CybersecurityHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 113: Cyber Risk Prioritization as Ransomware DefenseEpisode 65: Making Cyber Risk Analysis Practical with QRAFAIR: A Framework for Revolutionizing Your Risk AnalysisIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 165 of Cybersecurity Where You Are, Tony Sager sits down with Valecia Stocchetti, Senior Cybersecurity Engineer at the Center for Internet Security® (CIS®), and Charity Otwell, Director of Critical Security Controls at CIS. Together, they take an in-depth look at implementing the CIS Critical Security Controls® (CIS Controls®), including what you need to know to begin your own CIS Controls implementation efforts. Here are some highlights from our episode: 00:5302:4806:4209:5613:0115:3120:3623:1725:3042:0347:21Resources Cloud Companion Guide for CIS Controls v8.1CIS Community Defense Model 2.0The Cost of Cyber Defense CIS Controls IG1Episode 132: Day One, Step One, Dollar One for CybersecurityPolicy TemplatesEpisode 107: Continuous Improvement via Secure by DesignReasonable Cybersecurity GuideCIS Controls ResourcesCIS Controls Assessment SpecificationEpisode 156: How CIS Uses CIS Products and ServicesCIS Controls AccreditationControls AccreditationEpisode 102: The Sporty Rigor of CIS Controls AccreditationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 164 of Cybersecurity Where You Are, Tony Sager sits down with Curt Dukes, EVP and General Manager of Security Best Practices at the Center for Internet Security® (CIS®), and Steve Lipner, Executive Director of SAFECode.org. Together, they explore the evolution of secure software development and why secure by design is critical for reducing risk in today’s complex environments. Here are some highlights from our episode: 01:0804.0108:4114:3928:5239:59Resources Secure by Design: A Guide to Assessing Software Security PracticesHow Secure by Design Helps Developers Build Secure SoftwareCIS, SAFECode Launch Secure by Design Guide to Help Developers Meet National Software Security ExpectationsEpisode 107: Continuous Improvement via Secure by DesignSecure by DesignSecure Software Development FrameworkEpisode 63: Building Capability and Integration with SBOMsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 163 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brock Boggs, Director of Technology at Cityscape Schools, and Maureen Kunac, Senior Product Manager at the Center for Internet Security® (CIS®). They dive into the realities and challenges of K-12 cybersecurity, including limited budgets, small teams, and growing threats. Brock shares how a ransomware incident at a neighboring school district and new state requirements pushed his district to take K-12 cybersecurity more seriously. He explains how CIS SecureSuite® tools gave him a clear starting point and helped him transform panic into progress. Maureen highlights how CIS continues to adapt its cybersecurity solutions for K-12 schools and why simplicity matters when resources are tight. Here are some highlights from our episode: 00:4702:5011:5012:3922:5234:20Resources Formalizing K-12 Cybersecurity Policies in Less TimeHow to Plan a Cybersecurity Roadmap in 4 Steps2025 K-12 State of Cybersecurity Report: Where Education Meets Community ResilienceEpisode 142: SLTTs and Their Nuanced Cybersecurity Needs25 Years of Creating Confidence in the Connected WorldIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 162 of Cybersecurity Where You Are, Tony Sager sits down with Tina Williams-Koroma, Founder and CEO of TCecure, LLC and CyDeploy, Inc. Together, they discuss why "cyber insecurity is not inevitable" and how organizations can take a managed approach to attack surface management. Along the way, Tina shares her journey from software development to cybersecurity entrepreneurship and explains why proactive measures like hardening systems and automating patching are critical for reducing risk. Here are some highlights from our episode: 00:5003:35CIS Benchmarks®07:3511:0013:4419:1427:2333:5438:38Resources Mapping and Compliance with the CIS BenchmarksGuide to Asset Classes: CIS Critical Security Controls v8.1Gartner Says That in the Age of GenAI, Preemptive Capabilities, Not Detection and Response, Are the Future of CybersecurityCIS Community Defense Model 2.0OwlThis — Powered By CyDeployIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 161 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Mishal Makshood, Azure Partner Alliance Manager at the Center for Internet Security® (CIS®), and David Kalish, Sr. Cybersecurity Solutions Engineer at CIS. Together, they explore how CIS Hardened Images® help to secure cloud environments and strengthen critical national infrastructure (CNI) resilience through collaboration. Mishal and David explain how these virtual machine images, which are pre-configured to the CIS Benchmarks®, serve as secure, scalable blueprints for cloud deployments. They highlight how CIS Hardened Images reduce human error, accelerate compliance, and foster trust across a global cybersecurity ecosystem that includes hyperscalers, supply chains, and public-private partnerships. Tony shares the origin story of the CIS Hardened Images and reflects on the evolution of cybersecurity from isolated efforts to a cooperative model built on shared standards and integrated tooling. The group also discusses how CIS Hardened Images align to frameworks and how they help organizations navigate multi-cloud environments while maintaining consistent security postures. Here are some highlights from our episode: 00:5001:3603:1404:2406:3410:3213:4420:3928:5034:35Resources CIS Hardened Images® ListSecure by Design: A Guide to Assessing Software Security PracticesSoftware Supply Chain Security25 Years of Creating Confidence in the Connected WorldMapping and Compliance with the CIS ControlsGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1Build a Zero Trust Roadmap for FinServ with CIS SecureSuiteEpisode 154: Integration of Incident Response into DevSecOpsHow to Construct a Sustainable GRC Program in 8 StepsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In Episode 160 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Alan Watkins, CIS Controls Ambassador, to explore how the CIS Critical Security Controls® (CIS Controls®) empower small and medium-sized enterprises (SMEs) to build practical, scalable cybersecurity programs. Alan shares his journey from law enforcement to IT leadership in the City of San Diego and how his passion for supporting SME security led him to become a champion of the CIS Controls. The episode highlights the importance of translating complex cybersecurity guidance into actionable steps that SMEs can realistically implement even with limited resources. Here are some highlights from our episode: 00:4911:4318:0422:2325:31Resources Implementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1Establishing Essential Cyber HygieneEpisode 132: Day One, Step One, Dollar One for CybersecurityEpisode 97: How Far We've Come preceding CIS's 25th BirthdayPCI & CIS: Partners in Data Security2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationPolicy TemplatesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 159 of Cybersecurity Where You Are, Sean Atkinson is joined by Joshua Palsgraf, Sr. Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, Vice President of Security Operations & Intelligence at CIS. Together, they dive into the scariest malware of 2025 in this special Halloween edition. The conversation explores what makes today’s malware truly terrifying, from stealthy threats that hide in plain sight to modular malware that evolves faster than defenses can adapt. The trio also discusses the corporatization of cybercrime, the rise of Malware as a Service, and how generative artificial intelligence (GenAI) is lowering the barrier to entry for cybercriminals. Here are some highlights from our episode: 00:4202:2105:4209:3311:2515:4917:2023:3224:4527:0229:27Resources Multi-State Information Sharing and Analysis Center®Episode 144: Carrying on the MS-ISAC's Character and CultureEpisode 126: A Day in the Life of a CTI AnalystA Short Guide for Spotting Phishing AttemptsThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 157: How a Modern, Mission-Driven CIRT OperatesLiving Off the Land: Scheduled TasksCyber defenders sound the alarm as F5 hack exposes broad risksEpisode 134: How GenAI Lowers Bar for Cyber Threat ActorsActive Lumma Stealer Campaign Impacting U.S. SLTTsMS-ISAC Member-Reported Phishing Likely from Tycoon2FA PhaaSClickFix: An Adaptive Social Engineering TechniqueTop 10 Malware Q1 2025CTAs Leveraging Fake Browser Updates in Malware CampaignsItalian police freeze cash from AI-voice scam that targeted business leadersCornCon Cybersecurity ConferenceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 158 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Weidner, Product Manager at Nerdio, and Jason Ingalls, Chief Cybersecurity Officer at C3 Integrated Solutions. Together, they explore how organizations can navigate the complexities of Cybersecurity Maturity Model Certification (CMMC) compliance using automation, scalable infrastructure, and hardened cloud environments. The conversation dives into the challenges faced by managed service providers (MSPs) and defense contractors, the importance of baking in security from the start, and how Nerdio’s platform acts as a force multiplier for compliance and operational efficiency. Jason shares a compelling anecdote from his time in a security operations center (SOC), illustrating the real-world stakes of cybersecurity and the origins of CMMC. Here are some highlights from our episode: 00:4401:1703:4008:3412:1518:1425:1926:3829:22Resources NerdioC3 Integrated SolutionsCIS Hardened Images®How to Plan a Cybersecurity Roadmap in 4 StepsCIS Controls v8.1 Mapping to CMMC 2.0CIS Controls v8.1 Mapping to NIST SP 800-53 Rev 5CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 157 of Cybersecurity Where You Are, Sean Atkinson sits down with Matthew Grieco, Cyber Incident Response Team (CIRT) Principal Analyst at the Center for Internet Security® (CIS®), and Dustin Cox, CIRT Analyst at CIS. Together, they explore the unpredictable world of cyber incident response. From ransomware investigations to digital forensics, the team shares how they adapt to evolving threats, leverage open-source tools, and collaborate to support state and local governments. The conversation highlights the mission-driven mindset that fuels their work and the importance of continuous learning, effective communication, and teamwork in cybersecurity. Here are some highlights from our episode: 00:4401:2005:3307:3814:5119:2625:5230:16Resources Multi-State Information Sharing and Analysis Center®The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 152: Driving Response Time While Enriching TelemetryEpisode 126: A Day in the Life of a CTI AnalystCombatting RansomwareIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements. The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode: 01:1202:5604:0210:0312:0122:4327:1730:2432:40Resources Episode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.