With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function.

Co-hosts:
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Brian Blakely: https://www.linkedin.com/in/bblakley/
Eric Woodard: https://www.linkedin.com/in/eric-woodard/

Sponsored by Right of Boom cybersecurity conference: https://www.rightofboom.com/

Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.

In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other.

Sponsored by: Hacket Cyber and post game interview with Founder James Carroll. Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels. https://hacketcyber.com/partner/

James Carroll LinkedIn: https://www.linkedin.com/in/jchax/

Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.

Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.

Our sponsor: Exigence (https://www.exigence.io) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops.

The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. ​

It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time.

Contact Noam here: noam@exigence.io

Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/
'