The CISO Stories Podcast Subscribe

Identity, Blue team, Attack surface management

Have you ever had a pen tester own your network? – Julian Austin – CSP #199

November 5, 2024

Guessing the answer is yes. Well, let's talk about some of the simple ways you can avoid account compromises by strengthening your identity security through MFA, least privilege, account reviews, and all the things!

This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them!

This segment is sponsored by Saviynt. Please visit https://cisostoriespodcast.com/saviynt to learn more and get a free demo!

This segment is sponsored by Liminal. Visit https://cisostoriespodcast.com/liminal to learn more about them!

Sponsored By

CyberArk

Liminal

Full episode and show notes

Guest

vCISO at Thrive

I’ve been in IT Security for 15+ years, from working in a Security Operations Center as a data analyst to multiple engineering roles. As a consultant, I’ve performed penetration testing and designed and implemented MSSPs for endpoint security, phishing, vulnerability assessment, and remediation. I worked in the merger and acquisition security assessment space during COVID-19 when large companies bought small companies. I’ve built cybersecurity roadmaps using frameworks like CIS Security Controls and presenting risks to executives and senior management.

A couple of Fun Facts about me: I rode a bike across America from Washington, DC, to San Francisco, CA, (over 4,300 miles) for Habitat for Humanity while in college with 25 other crazy people, and I currently referee men’s college basketball.

Host

Jessica Hoffman

Deputy CISO at City of Philadelphia

Jessica Hoffman is a Certified Information System Security Professional (CISSP) with almost 20 years of information technology and cybersecurity experience in both the government and private sectors. The majority of those years have been in Audit and Compliance. Jessica has dedicated her career to the safety, privacy of millions of Americans’ Personally Identifiable Information (PII), Protected Healthcare Information (PHI), and Federal Tax Information (FTI). She also is a Professor at Harrisburg University and The Pennsylvania State University. Jessica is a member of various organizations cultivating the next generation of cybersecurity professionals and also is a national speaker. Serving currently as the Deputy CISO for the City of Philadelphia and she enjoys long walks on the beach.

Related

Today’s Hybrid Work Era: Integrated Approach & Implementing Identity – ESW #382

October 31, 2024

Today’s cyber threat actors are capitalizing on organizations’ identity vulnerabilities, such as MFA. Nearly 75% of cloud security failures now result from mismanaged identities, access, and privileges, and the identity attack surface is becoming more challenging to protect as companies expand their cloud environments and supply chains to meet thei...

Application security

Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps – Shiven Ramji, Arnab Bose – ASW #305

October 28, 2024

Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. ...

Stay Ahead of Identity Threats & Addressing Cybersecurity Disparities – David Bradbury, Erin Baudo Felter – BSW #370

October 28, 2024

Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat la...