CERT Podcast

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.

In this podcast, Edna Conway, and John Haller, discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.

In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team’s experiences in planning and executing the workshop and identifying improvements for future offerings.

In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.

In this webinar, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.

In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.

ES-C2M2 helps improve the operational resilience of the U.S. power grid.

ES-C2M2 helps improve the operational resilience of the U.S. power grid.

CERT led the 7-year effort to publish an ISO/IEC technical specification containing 46 CERT-based secure coding rules for compilers and analyzers.

CERT led the 7-year effort to publish an ISO/IEC technical specification containing 46 CERT-based secure coding rules for compilers and analyzers.

Participating in a CRR allows critical infrastructure owners and operators to compare their cybersecurity performance with their peers.

Participating in a CRR allows critical infrastructure owners and operators to compare their cybersecurity performance with their peers.

Maturity models are providing measurable value in improving an organization's cybersecurity capabilities.