In this episode of Socializing Security, Brian and Milou discuss the evolving nature of workspaces, particularly in the context of small businesses and remote work. They explore the importance of physical spaces, confidentiality, and creating environments that foster productivity and well-being. The conversation delves into thoughtful office design, accommodating different work styles, and the future of workspaces, emphasizing the need for personalization and flexibility in the workplace. Chapters00:00 Introduction01:22 Exploring Physical Spaces and Security04:28 The Balance of Remote Work and Office Dynamics09:29 Creating a Productive Work Environment14:58 Thoughtful Office Design and Employee Well-being19:40 Personalizing Workspaces for Individual Needs28:15 Wrap-up30:47 Outro

In this episode of Socializing Security, hosts Brian and Milou discuss the implications of Spotify's new instant messaging feature, the risks associated with shadow IT, and the integration of ChatGPT with Spotify. They explore privacy and security concerns, particularly for users who may not be aware of the changes in the platform's functionality. The conversation emphasizes the importance of being cautious with new technology and understanding the potential risks involved.To see where this conversations started, check out our previous episode: https://youtu.be/pu0ycyc15Mc | https://www.socializingsecurity.com/e/e074-two-perfectionists-walk-into-a-podcast-part-2 Chapters00:00 Introduction to Current Events in Security 02:29 Introduction to New Spotify Security Concerns 05:41 Managing Corporate Applications and Shadow IT 11:28 Privacy and Security Risks of Social Media 20:53 Integration of ChatGPT with Spotify 25:32 The Future of AI and Privacy Concerns 34:48 Ending on a Positive note

In the latest episode of Socializing Security, Milou Meier and Brian Knudtson embrace SYFI energy — Senior Year F-It — as they reflect on how far the podcast has come, from early audio hiccups to finding their flow as co-hosts. With their signature mix of humor and real-world insight, they explore the art of showing up consistently, balancing prep with authenticity, and how even Spotify’s new messaging feature could quietly create a shadow IT risk in the workplace. 🎧 Real talk on creativity, security, and showing up — even when it’s not perfect. Chapters: 00:00 – Welcome Back to Chaos (and Comfort) 04:12 – Finding Flow in the Format 10:37 – Consistency, Community, and Connection 17:25 – Guest Goals and Growing Pains 25:14 – Security in Everyday Life 31:42 – Looking Ahead: AI, Regulation, and Real Talk

This episode provides a comprehensive overview of ransomware, detailing its definition, methods of delivery, and the various impacts it has on individuals and organizations. Brian Knudtson discusses the evolution of ransomware attacks, the types of targets, and the significant consequences that can arise from such incidents. He emphasizes the importance of prevention strategies, including strong passwords and regular backups, and highlights notorious ransomware gangs and their tactics. The discussion concludes with real-world examples of ransomware attacks and their far-reaching effects on businesses and public services. Chapters00:00 Understanding Ransomware Basics06:31 Targeting and Impact of Ransomware13:03 Consequences of Ransomware Attacks16:13 Protecting Against Ransomware22:24 Ransomware Gangs and Their Tactics27:22 Real-World Examples of Ransomware Attacks

In this episode, Brian speaks with Justin Keck, Director of Security at Inspire Security Solutions, about the evolving role of the CISO, the importance of business acumen in security, and the need for effective communication across departments. They discuss the significance of building a security culture, the role of security champions, and the emerging BISO role as a liaison between security and business needs. As always, the conversation ends on the ongoing battle for privacy in the face of data breaches and the necessity for collaboration within organizations to enhance security. Chapters 00:00 Introduction to Security and the CISO Role 04:13 The Evolving Role of the CISO 09:50 Communication and Business Acumen in Security 14:26 The Importance of Security Culture 21:57 The Role of Security Champions 30:29 The BISO Role and Its Significance 35:32 The Ongoing Battle for Privacy 39:26 Closing Thoughts and Contact Information

In this episode, Brian and the host discuss the evolution of technology and its impact on daily life, particularly focusing on the ideal tech stack for 2025, frustrations with current technology, the need for standardization, and goals for 2026. They also touch on the intersection of pop culture and technology, exploring how past media has predicted current trends and the implications of smart devices and IoT on privacy and user experience. The conversation wraps up with reflections on the challenges of maintaining a frictionless IT environment and the importance of collaboration in navigating these issues.Chapters 00:00 Introduction and Episode Setup 01:44 Imagining a Frictionless Tech Environment 08:13 The Frustrations of Modern Technology 12:43 The Need for Standardization in Tech 16:39 Goals for IT in 2026 20:41 Pop Culture and Technology 25:07 Closing Thoughts on IT and Automation 29:55 Outro

In this episode of Socializing Security, host Milou Meier shares her personal experiences and frustrations as a compliance officer and small business owner in the IT sector. She discusses the challenges of navigating technology, the importance of a frictionless IT environment, and the need for connection in a tech-heavy world. Milou reflects on her own technology struggles and emphasizes the significance of making IT systems work seamlessly to enhance productivity and reduce frustration.Chapters00:00 Introduction to the Conversation00:01 Exploring Key Themes in Security00:37 Introduction and Personal Reflections02:44 The Challenges of IT and Compliance05:18 Navigating Technology Frustrations07:18 The Importance of Frictionless IT09:46 Community and Connection in Technology12:21 Personal Experiences with IT Systems15:18 Reflections on 2025 and Looking Ahead to 2026

In this conversation, Patrick Kovalik discusses the critical role of data in the healthcare industry, emphasizing the importance of data strategy, protection, and governance. He highlights the complexities of managing healthcare data, the shift towards synthetic data, and the challenges posed by unstructured data. The discussion also touches on the balance between privacy and security, particularly in the context of healthcare, and the need for organizations to adapt their data strategies to meet evolving demands. Chapters00:00 Introduction to Data in Healthcare04:15 Understanding Data Strategy06:56 The Importance of Protecting Health Data11:41 Governance vs. Strategy in Data Management14:56 The Role of Synthetic Data for Development and Sharing23:09 Partnerships and Sharing Data30:22 The Challenges of Unstructured Data33:36 Privacy in the Healthcare Data Space38:52 Closing Thoughts on Data Strategy

In this episode of Socializing Security, Milou and Brian delve into the complexities of compliance programs, focusing on the importance of selecting the right audit firms, the role of GRC software, and the common controls necessary for effective compliance. They discuss the significance of access control, incident response, risk management, data protection, vendor management, security awareness training, audit logging, business continuity, and vulnerability management. The conversation emphasizes the mutual relationship between security and compliance, providing insights for organizations looking to enhance their compliance efforts.Chapters00:00 Exploring Compliance Programs02:45 Partnering with Audit Firms05:32 Choosing the Right Audit Firm08:25 The Role of GRC Software11:03 Managing Compliance Documentation14:07 Common Security Controls21:46 Access Control Challenges23:33 Incident Response Essentials26:07 Risk Management Practices27:49 Data Protection and Privacy30:25 Vendor Management Strategies32:23 Security Awareness Training Importance34:10 Audit Logging and Monitoring36:29 Business Continuity and Disaster Recovery38:29 Vulnerability Management Overview

In this episode of Socializing Security, the hosts delve into the essential topic of compliance within the cybersecurity landscape. They explore various compliance frameworks such as SOC 2, ISO 27001, HIPAA, and FedRAMP, discussing their significance, requirements, and the implications for organizations. The conversation highlights the importance of compliance in demonstrating security controls to customers and the challenges faced by companies in achieving and maintaining these standards. The hosts also touch on emerging standards related to AI and the evolving landscape of compliance requirements. Chapters 00:00 Introduction to Compliance in Security 02:03 Understanding Compliance and Its Importance 06:29 Diving into SOC 2 Compliance 10:52 Exploring ISO 27001 Compliance 14:42 AI and Emerging Standards 16:39 Overview of CSA STAR Compliance 20:09 Understanding CMMC for Defense Contractors 22:57 Navigating FedRAMP Compliance 28:53 HIPAA and Healthcare Compliance 31:41 HITRUST Certification in Healthcare 34:31 SOX Compliance for Public Companies 36:19 PCI DSS for Payment Processing 38:52 GDPR? 39:49 Structuring Audits 42:05 Preparing for a Second Part 43:55 Outro

In this episode, Tracy Doaks, the president and CEO of MCNC, discusses her extensive background in both public and private sectors, emphasizing the importance of digital equity and the challenges faced in cybersecurity funding. She highlights the impact of technology on public service and the necessity of addressing the digital divide, particularly in rural communities. The discussion also delves into the ongoing negotiation between privacy and security in technology, and the need for collaboration to enhance cybersecurity efforts.Chapters 00:00 Introduction to Tracy Doaks and MCNC 04:15 A Passion for the Public Good 11:04 Challenges in Cybersecurity for Public Sector 23:31 Striving For Digital Equity 33:03 The Relationship Between Privacy and Security 37:33 Reflections

In this episode of Socializing Security, Brian and Milou delve into the fundamentals of risk management, emphasizing its importance across all organizations. They discuss the definition of risk management, the process of identifying and assessing risks, and the significance of executive buy-in. The conversation covers various aspects of risk management, including quantitative analysis, compliance requirements, and the integration of risk management with cybersecurity practices. The hosts also explore different strategies for treating risks and the necessity of ongoing monitoring and review to ensure effective risk management. Chapters 00:00 Introduction to Risk Management00:57 Understanding Risk Management03:07 Risk Assessment and Organizational Context07:24 Quantitative Risk Analysis11:39 The Importance of Cybersecurity in Risk Management14:00 Compliance and Risk Management15:28 Integrating Risk Management with Cybersecurity Practices20:17 Implementing a Risk Management Program23:31 Risk Treatment Strategies26:58 Monitoring and Reviewing Risks

In this episode, Jake Williams discusses the intersection of physical and cybersecurity, emphasizing the importance of threat assessments and understanding vulnerabilities. The conversation explores how human behavior impacts security, the need for integrated security measures, and the balance between privacy and security. Jake shares insights on training for security awareness and the significance of proactive planning in maintaining safety.OODA Loop: https://en.wikipedia.org/wiki/OODA_loop Jake on LinkedIn: https://www.linkedin.com/in/jthomaswilliams1/Fortified Risk: https://www.fortifiedrisk.com/ More about phishing on episode 61: https://www.socializingsecurity.com/e/e061-gone-phishing | https://youtu.be/r84Mx4s3jKUChapters 00:00 Introduction to Jake and Fortified Risk Group 03:16 The Importance of Threat Assessments 08:27 Understanding Open Source Intelligence 10:07 Avoiding Lax Physical Security 11:17 Bridging Physical and Digital Security 17:01 Humans as the Weakest Link In Physical Security 22:38 Training for Security Awareness 28:32 Balancing Privacy and Security 32:13 Reflections

In this episode of Socializing Security, Steve Sims returns to discuss the fundamentals of cybersecurity, focusing on vulnerability management. The conversation covers the importance of understanding assets, the role of CVE in tracking vulnerabilities, prioritization strategies, and the necessity of having a robust vulnerability management plan. Steve emphasizes the significance of compensating controls, risk management, and the need for documentation and exceptions in the face of vulnerabilities. The episode concludes with insights on engaging consultants to build effective security plans and the importance of continuous adaptation in cybersecurity practices. Steve's previous episode about Asset Management: https://www.socializingsecurity.com/e/e012-security-foundations-champions-of-asset-management More from Steve at https://www.cruxialtech.com/ Chapters 00:00 Introduction and Reintroduction 04:08 Security Fundamentals Start with Asset Management 06:10 Vulnerability Management Essentials 08:58 The Role of CVEs in Vulnerability Tracking 11:54 Prioritizing Vulnerabilities in Your Environment 19:19 Compensating Controls and Risk Management 23:23 Prioritization and Hard Decisions 28:25 Building a Vulnerability Management Plan 32:37 Business Impact and Resource Allocation 34:27 Wrapping Up and the Future of Security Essentials 35:41 Reflections

In this episode, the hosts discuss the various roles and responsibilities related to data security within organizations. They explore the importance of CISOs, compliance teams, and IT departments in managing data security, the lifecycle of data, and the challenges of sensitive data management. The conversation also touches on the implications of data breaches, public exposure of data, and the necessity of effective data retention policies.Chapters00:00 Introduction to Data Security Responsibilities02:40 Roles of CISOs and InfoSec Teams05:47 The Importance of Compliance and GRC08:20 Collaboration Between IT, Compliance, and Security11:10 Data Lifecycle Management13:54 Reducing Sensitive Data Exposure16:26 Reporting on Data Breaches19:25 Internal Threats and Access Control22:21 Public Exposure of Data25:01 Data Retention Policies and Legal Considerations27:51 Conclusion and Future Perspectives

In this episode, Brian and Milou discuss the often-dreaded topic of phishing and compliance training. They explore the various types of phishing attacks, including spear phishing and whaling, and delve into the business aspects of phishing, such as ransomware. The conversation emphasizes the importance of human factors in cybersecurity, highlighting the need for effective training and awareness. They provide practical tips for identifying phishing emails and stress the importance of a vigilant and collaborative approach to cybersecurity.A list of phishing techniques: https://us.norton.com/blog/online-scams/types-of-phishingChapters00:00 Introduction to Phishing and Compliance Training03:14 Understanding Phishing: Definition and Types12:37 The Business of Phishing: Ransomware and Illicit Profits18:21 The Human Factor: Training and Awareness in Phishing Prevention21:20 Identifying Phishing Emails: Tips and Best Practices28:24 Conclusion: Staying Vigilant Against Phishing Threats

In this episode, Yousuf Khan, a seasoned CIO and CISO turned venture capitalist, shares insights on the critical role of communication in leadership, the nuances between CIO and CISO responsibilities, and the importance of investing in B2B software. He discusses the challenges faced in the tech landscape, particularly regarding privacy and security, and emphasizes the need for a proactive approach in managing these issues. Yousuf also reflects on his transition from practitioner to investor, highlighting the significance of understanding the product and team behind startups.Chapters 00:00 Introduction to Yousuf Khan and His Background 05:53 The Evolving Role of CIO and CISO 10:49 Differentiating Responsibilities: CIO vs CISO 16:19 Transitioning to Venture Capital: A New Chapter 20:02 Investment Strategies in B2B Software 25:51 The Importance of Due Diligence in Venture Capital 29:53 Current Challenges for CIOs and CISOs 35:56 The Ongoing Fight for Privacy and Security 41:31 Contact and Goodbyes 42:50 Perspectives 48:26 Investment Philosophy: Believing in the Product 48:29 Outro

In this episode, Brian discusses security lessons derived from everyday life, focusing on urban planning, road safety, and their implications for cybersecurity. He emphasizes the importance of system design over individual accountability, the concept of normal accidents in complex systems, and the necessity of disaster preparedness. Brian also highlights the need for effective communication of security concepts to non-professionals, aiming to make security more relatable and understandable.Chapters00:00 Introduction to Security Lessons from Everyday Life00:54 Urban Planning and Road Safety Insights03:13 Applying Urban Design Principles to Cybersecurity06:53 Project Management and Accountability in Cybersecurity08:30 Understanding Normal Accidents in Complex Systems11:48 Disaster Preparedness and Recovery Planning15:31 Conclusion and Future Discussions on Security Awareness

In this episode of Socializing Security, Brian and Milou delve into the critical distinctions between IT disaster recovery and cyber attack recovery. They explore the definitions, planning strategies, recovery processes, and the varying impacts of each type of incident on organizations. The conversation emphasizes the importance of having well-defined disaster recovery and incident response plans, as well as the need for proactive measures to mitigate risks associated with both IT disasters and cyber attacks. Chapters00:00 Introduction to IT and Cyber Disasters01:47 Defining IT Disasters05:06 Understanding Cyber Attacks09:58 Planning for IT Disasters vs Cyber Attacks14:40 Backup Strategies and Recovery Planning22:26 Comparing Impacts of IT Disasters and Cyber Attacks26:23 The Role of Forensics for Cyber Attacks27:32 Comparing the Impacts of IT and Cyber Disasters31:36 Response Team Dynamics34:12 Key Takeaways and Conclusion

In this episode of Socializing Security, the hosts discuss the importance of trusting retailers when shopping online. They explore various strategies for evaluating the credibility of websites, the significance of payment methods in ensuring security, and the necessity of protecting personal information. The conversation also highlights warning signs of potential fraud and best practices for online shopping to enhance consumer safety. Related EpisodesGenetic Testing and Privacy- video: https://youtu.be/TtNSiC9nqgI - audio: https://www.socializingsecurity.com/e/e042-genetic-testing-and-data-privacy Telemarketing, Compliance, and Consumer Protection- https://youtu.be/ZdyFSNFf-vI - https://www.socializingsecurity.com/e/e045-dialed-in-telemarketing-compliance-and-consumer-protection  Chapters00:00 Introduction to the Online Shopping Dilemma03:34 Evaluating Online Reviews and Security06:32 Payment Methods: Protecting Your Financial Information11:59 Minimizing Data Sharing20:55 Identifying and Dealing with Fraud26:52 Summarization and Outro