エピソード

  • Transforming Compliance and Revolutionizing Cybersecurity | A HITRUST Collaborate 2024 Conversation with Ryan T. Patrick | On Location Coverage with Sean Martin
    2024/10/31
    Guests: Ryan T. Patrick, Vice President of Adoption, HITRUSTOn LinkedIn | https://www.linkedin.com/in/ryan-patrick-3699117a/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesIn On Location Podcast episode, Sean Martin had a recap conversation with Ryan T. Patrick, engaging about the pivotal topics surrounding HITRUST and its Collaborate Conference. Ryan Patrick, Director of Corporate Audit and Compliance Operations at HITRUST, provided insightful commentary on HITRUST's mission and its recent initiatives to strengthen cybersecurity and compliance across various sectors. Throughout the episode, Ryan emphasized the significance of HITRUST's annual event, Collaborate. The conference serves as a central hub for customers, assessors, partners, auditors, security, and privacy professionals to share insights and build relationships.One key discussion topic was the evolving concept of continuous assurance. Ryan highlighted how HITRUST is striving to transform annual assessments into a continuous process, enabling organizations to better manage and understand their security posture throughout the year. This shift aims to make security and compliance efforts more proactive and less burdensome.Sean and Ryan also touched on the important role of HITRUST's Results Distribution System (RDS). This innovative system allows organizations to receive structured assessment results, which can be integrated seamlessly into GRC platforms like ServiceNow. By utilizing RDS, companies can more effectively compare vendor assessments and manage risk in a streamlined manner.Another significant highlight from the conference was the announcement of HITRUST's first AI security certification. Set to launch in December, this certification will provide a comprehensive framework for securing AI technologies. Ryan explained that this initiative addresses the rising concerns around AI security by focusing on the controls needed to safeguard AI deployments. In addition, the certification will ensure that the underlying infrastructure supporting AI meets high-security standards.Cyber insurance was another critical topic discussed. HITRUST's partnership with leading insurers has led to the creation of a cyber insurance product tailored for HITRUST-certified organizations. This product offers a 25% premium reduction for those who achieve HITRUST certification, potentially leading to lower premiums and higher coverage limits. Ryan noted that the product is designed to reward organizations that have demonstrated robust cybersecurity practices through their HITRUST certification.The conversation wrapped up with a mention of HITRUST's impressive Trust Report statistics. According to Ryan, less than 1% of HITRUST-certified organizations experienced a security breach in the past two years, compared to over 50% of non-certified entities. This stark difference underscores the effectiveness of HITRUST's rigorous assessment and certification process in enhancing organizational security. Ryan’s insights during this episode illuminate the critical role HITRUST plays in advancing cybersecurity and compliance.The initiatives discussed not only demonstrate HITRUST's commitment to innovation but also highlight practical steps organizations can take to fortify their security posture and achieve greater assurance in an increasingly interconnected world. This collaborative spirit and dedication to continuous improvement continue to set HITRUST apart as a leader in the field.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasBe sure to share and subscribe!____________________________ResourcesLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxayLearn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf
    続きを読む 一部表示
    36 分
  • Guiding Organizations on the Next Steps in Their Compliance Journey | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | An A-LIGN Short Brand Innovation Story with Shreesh Bhattarai
    2024/10/31

    The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.

    A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN’s experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.

    A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.

    Learn more about A-LIGN: https://itspm.ag/a-lign-uz1w

    Note: This story contains promotional content. Learn more.

    Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]

    On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/

    Resources

    Learn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lign

    Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

    Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

    Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    7 分
  • Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty
    2024/10/24

    The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.

    Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university’s national hub for cyber education. The organization’s focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.

    Vasu Daggupaty explains that the Catalyst’s training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.

    The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst’s Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program’s design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.

    Additionally, the Catalyst’s corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada’s cybersecurity skills shortage and enhancing the nation’s defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.

    Learn more about Rogers Cybersecure Catalyst: https://cybersecurecatalyst.ca/

    Note: This story contains promotional content. Learn more.

    Guests:

    Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure Catalyst

    On LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/

    Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure Catalyst

    On LinkedIn | https://www.linkedin.com/in/vdaggupaty/

    Resources

    Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

    Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

    Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    7 分
  • Effectively Managing a Growing Compliance Program While Minimizing Audit Fatigue | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Schellman Short Brand Innovation Story with Michael Parisi and Ryan Meehan
    2024/10/23

    Schellman, founded in 2002 as SAS 70 Solutions, was originally focused on just one audit standard; the SAS 70 (subsequently replaced by SOC 2). As the client base grew so did the request to perform other audits outside of the SAS 70. Schellman grew its offerings over the past 20+ years by identifying client needs and then determining if we have the skillset and expertise to deliver high quality work. We have always stayed true to our core strengths and expertise, which is why Schellman is the only Top 100 CPA firm that specializes in IT Audit and Cybersecurity.

    Schellman provides full-spectrum cybersecurity third-party audits, assessments, and certifications. In a marketplace with growing cybersecurity compliance needs, organizations are struggling to incorporate additional framework and regulations in an efficient and effective way. At Schellman we harnesses our expertise and deep knowledge across the compliance standards to roadmap audits throughout the year that promotes the highest return on evidence collection and subject matter expert time.

    By performing specific assessments in a staggered or parallel fashion, Schellman is able to collect once and test many; both in terms of information from subject matters experts and evidence from business stakeholders. The broad range of our compliance offerings, along with our combined audit approach and depth of expertise sets Schellman apart. Schellman's approach was built to provide expertise and quality work while valuing and respecting the time and stress assessments/audits place on an organization.

    Learn more about Schellman: https://itspm.ag/schellman9a6v

    Note: This story contains promotional content. Learn more.

    Guests:

    Michael Parisi, Head of Client Acquisition, Schellman [@Schellman]

    On LinkedIn | https://www.linkedin.com/in/michael-parisi-4009b2261/

    Ryan Meehan, Director, Schellman [@Schellman]

    On LinkedIn | https://www.linkedin.com/in/ryan-meehan-cisa-cissp-ccsfp-iso-lead-cipp-71a5939

    Resources

    Learn more and catch more stories from Schellman: https://www.itspmagazine.com/directory/schellman

    Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

    Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

    Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    7 分
  • Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk
    2024/10/22

    In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.

    Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.

    Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.

    Note: This story contains promotional content. Learn more.

    Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]

    On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/

    Resources

    Learn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentext

    Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

    Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

    Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    7 分
  • LevelBlue Futures Report: Cyber Resilience in Retail | 7 Minutes on ITSPmagazine | A LevelBlue Short Brand Innovation Story with Theresa Lanowitz
    2024/10/21

    Retailers today continue to grapple with unforeseen issues as supply chain attacks become more common and vulnerabilities from third-party sources emerge as major threats.

    Of the 1,050 C-suite and senior executives surveyed, 86% of respondents anticipate that dynamic computing will enhance operational performance within the next three years, especially in AI strategy development and leveraging sophisticated supply chains. However, 82% acknowledge the increased exposure to risk.

    In this age of dynamic computing, retail organizations encounter both significant opportunities and risks. With traditional security boundaries fading and conventional security measures proving inadequate, retail leaders must adopt a comprehensive approach to ensure overall cyber resilience.

    To better achieve cyber resilience in the retail industry, LevelBlue shares five specific steps that can be applied across industries, directly in response to these findings: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies.

    To learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:

    https://cybersecurity.att.com/resource-center/futures-reports/2024-levelblue-futures-report-for-retail

    Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

    Note: This story contains promotional content. Learn more.

    Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

    On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

    Resources

    Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

    Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

    Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

    Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    7 分
  • Leveraging AI for Effective Healthcare Solutions | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Walter Haydock and Steve Dufour
    2024/10/17

    The Emergence of Innovative Partnerships: As AI becomes increasingly integral across industries, healthcare is at the forefront of adopting these technologies to improve patient outcomes and streamline services. Sean Martin emphasizes the collaboration between StackAware and Embold Health, setting the stage for a discussion on how they leverage HITRUST to enhance healthcare solutions.

    A Look into StackAware and Embold Health: Walter Haydock, founder and CEO of StackAware, shares the company's mission to support AI-driven enterprises in measuring and managing cybersecurity compliance and privacy risks. Meanwhile, Steve Dufour, Chief Security and Privacy Officer of Embold Health, describes their initiative to assess physician performance, guiding patients toward top-performing providers.

    Integrating AI Responsibly: A key theme throughout the conversation is the responsible integration of generative AI into healthcare. Steve Dufour details how Embold Health developed a virtual assistant using Azure OpenAI, ensuring users receive informed healthcare recommendations without long-term storage of sensitive data.

    Assessment Through Rigorous Standards: Haydock and Dufour also highlight the importance of ensuring data privacy and compliance with security standards, from conducting penetration tests to implementing HITRUST assessments. Their approach underscores the need to prioritize security throughout product development, rather than as an afterthought.

    Navigating Risk and Compliance: The conversation touches on risk management and compliance, with both speakers emphasizing the importance of aligning AI initiatives with business objectives and risk tolerance. A strong risk assessment framework is essential for maintaining trust and security in AI-enabled applications.

    Conclusion: This in-depth discussion not only outlines a responsible approach to incorporating AI into healthcare but also showcases the power of collaboration in driving innovation. Sean Martin concludes with a call to embrace secure, impactful technologies that enhance healthcare services and improve outcomes.

    Learn more about HITRUST: https://itspm.ag/itsphitweb

    Note: This story contains promotional content. Learn more.

    Guests:

    Walter Haydock, Founder and CEO, StackAware

    On LinkedIn | https://www.linkedin.com/in/walter-haydock/

    Steve Dufour, Chief Security & Privacy Officer, Embold Health

    On LinkedIn | https://www.linkedin.com/in/swdufour/

    Resources

    Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

    View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story

    続きを読む 一部表示
    26 分
  • Unveiling AI's Impact and Challenges at SECTOR 2024 | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Helen Oakley and Larry Pesce | On Location Coverage with Sean Martin and Marco Ciappelli
    2024/10/10
    Guests:Helen Oakley, Director of Secure Software Supply Chains and Secure Development, SAPOn LinkedIn | https://www.linkedin.com/in/helen-oakleyOn Twitter | https://x.com/e2hlnOn Instagram |https://instagram.com/e2hlnLarry Pesce, Product Security Research and Analysis Director, Finite State [@FiniteStateInc]On LinkedIn | https://www.linkedin.com/in/larrypesce/On Twitter | https://x.com/haxorthematrixOn Mastodon | https://infosec.exchange/@haxorthematrix____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesSean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today.The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations.Preventing the AI ApocalypseOne of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes.Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components.AI BOM: A Tool for Understanding and ComplianceThe conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time.Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts.Engagement at the CISO Executive SummitThe speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment.Conclusion: A Call to Be PreparedAs the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesLearn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast
    続きを読む 一部表示
    23 分