Greg and Bill discuss how breach disclosure laws could play out while discussing the recent events around SUNBURST, water treatment as targets, and the critical CISO skill of just walking around and talking to people.

Bill reports that Mastodon lives on and how awful Twitter is, we talk about the SEC complaint re: the SolarWinds CISO, and Greg reports on his Digital Fight Club experience in Dallas (and how awesome it was)

Bill and Greg nominate their candidates for biggest fails in cybersecurity in 2023 - we focus on the ideas or technologies that were hyped and just didn't deliver.

Cybersecurity for elections is likely going to be hitting the news more often. Bill and Greg discuss the big picture issues of election security, why governments struggle with election security at all (spoiler: it isn't because technology isn't available), and a brief discussion of rural and small jurisdictions. Here's the link to the poll book systems graphic we discuss during the episode: https://www.cyber.gc.ca/en/guidance/security-considerations-electronic-poll-book-systems-itsm10...

An update of the state of AI cybersecurity (including the hype) and a roundup of noteworthy breaches in the news. Also our thoughts on Splunk.

This week Bill and Greg dig into posture management - not the chair - but the posture of assets, people, and identities and such. We discuss why infrastructure and operating system companies won't ever make best in breed security, and why infrastructure isn't self-defending.

Discussion on risk, GRC, and 3rd party risk with former Gartner analyst who is now with Black Kite.

Greg covers the new SEC rules for disclosing cybersecurity incidents, and our celebrity reporter Bill has a brush with greatness in the personage of Jonathan Frakes.

This week in Real Cybersecurity we celebrate the 365 day countdown to Skynet, the Guidelines for the National Cybersecurity Strategy, startup funding challenges, & recent hack news including Microsoft and Revolut.

A real treat for you today, as Bill brought in his friend Spaff for a great chat. One highlight was hearing about his newest book, Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us Amazon link to his new book: https://a.co/d/3SCd1nG https://en.wikipedia.org/wiki/Gene_Spafford

We discuss Bill's ugly luggage, how new entries to the cybersecurity job market are often exploited, lapsing CISSPs, what really happened around Y2K, the limitations of AI in risk management, and why declassifying in a cavalier manner is catastrophic.

Bill and Greg answer listener questions about AI. And we didn't use ChatGPT for our answers. I think.

Our roving reporter Bill gives his impressions of the RSA Conference 2023, his talk on maritime cybersecurity he delivered just an hour before our recording. Greg asserts that without public-private partnership cybersecurity is hobbled vs the bad guys: but only if they each stay in their lanes.

Bill and Greg discuss the security aspects of AI, the 'black box' of AI is vulnerable to being manipulated or polluted, or having biases that aren't evident to subjects., how a Bay Area bank collapse will impact cybersecurity, and Bill's visit to CERIAS' anniversary with Gene Spafford.

Bill updates us about the updates to the NIST CSF (Cyber Security Framework), and we talk about the state of ransomware.

Greg and Bill dig into the unique cybersecurity needs of FinTech, and manage to keep blockchain mentions down to a few mentions. In the 2nd part some brief security impact of ChatGPT and AI. Bill has a great story about naming collisions.

Bill and Greg try and unravel where the Crypto-Queen has skedaddled to, how all airline IT and cybersecurity are not equal, and how downsizing hasn't made a dent in the cybersec skills gap and people shortage.

We cover a lot of recent cybersecurity news, including AI developments, Infragard and the cyberwar part of the Russian/Ukraine war, and why it is the new era of Public-Private Partnerships

Greg and Bill discuss options when faced with recession cuts. Cut shelfware, or a platform could be your best bet in getting rid of inefficiencies. Cuts in cybersec aren't a common thing, but even so, getting rid of inefficacies and shelf ware is a great way to improve security.

This week we talk about the issues in the wide-spread use of open source components, and what an attractive target that makes for the bad guys.