Technically Validating the Efficacy of our Security Programs

In this episode of the The Smart IT podcast, I welcomed Derek Krein, to the show. We discussed cybersecurity and the challenges organizations face in protecting themselves from threats. The conversation explored the importance of validating the effectiveness of cybersecurity investments. The focus shifted to evaluating security controls, with an emphasis on technical assessments using various tools to gain an attacker's perspective. We talked about how to help answer our organization's question of "are we we getting a good return on our security investments?"

The discussion touched on the significance of understanding threat actor tactics and behaviors, particularly interactive, hands-on attacks and the use of information stealers and administrative utilities for lateral movement and data exfiltration. The conversation concluded with a focus on proactively staying informed about threat trends and behavioral patterns to prioritize cybersecurity efforts and effectively defend against evolving cyber threats.

Link to this episode: https://youtu.be/NQBtBvKu9oQ

#cybersecurity #ciso #riskmanagement #threatintelligence #vulnerabilitymanagement #bas #smartit

Podcast Production: Brilliant Beam Media Syya Yasotornrat

Show Notes:

• Derek on LinkedIn: https://www.linkedin.com/in/derek-krein-casp/
• Derek's website/blog/newsletter (31337 InfoSec): https://31337infosec.com/
• Link to this episode: https://youtu.be/NQBtBvKu9oQ
• The Smart IT Podcast YouTube Channel: https://www.youtube.com/@thesmartitpodcast
• Captivate Website for all episodes: https://the-smart-it-podcast.captivate.fm/