Introducing Season 4 of The Tea on Cybersecurity

Speaker 1: Another thing that I've learned lately is that the idea of a secure network is beginning to fade. As more employees are working remotely and things like cloud computing, the idea of a secure network doesn't really exist anymore. Employees are able to log in from everywhere and companies have to think beyond just firewalls and passwords now. Gather around as we spill the tea on cybersecurity. We are talking about the topic in a way that everyone can understand. I'm your host, Jara Rowe, giving you just what you need. This is The Tea on Cybersecurity, a podcast from Trava. Hey, friends, and welcome back to The Tea on Cybersecurity. It's been a while since we spilled the tea on the cybersecurity industry, and boy, has a lot happened. Cyber threats haven't slowed down one bit, and cyber criminals are only getting smarter. So, as we kick off season four of The Tea on Cybersecurity, we are going to look at three main things during this episode. First, we're going to look at where we have gone through seasons one through three. Two, we're going to look at some key trends that are happening in the industry. And three, we're going to give you a bit of a spoiler of what's coming up in season four. So, let's take a step back and refresh our memories on what we have covered through seasons one through three. In season one, we really honed in on cybersecurity basics as I brought the listeners on the journey with me as I learned about the cybersecurity industry. One of the major things I took away in season one is that a lot of people think that cybersecurity is daunting. And as Trava Security's CTO and co- founder, Rob Beeler, discussed with me, people find it daunting and intimidating simply because they don't understand it. And one of the things I took away is that we really just need to take a little extra time and educate ourselves about things that we don't know, including cybersecurity, which is how The Tea on Cybersecurity was born, just so we can educate ourselves to not only keep ourselves safe, but everyone around us, including our companies. Another major thing that I took away from that first season is that cybersecurity is for everyone. It's not just for tech people, as a lot of people think. One of the things that one of the experts told me is that anything that has some sort of computer chip in it is in the realm of cybersecurity, so that's from our doorbells to our laptops to our cell phones, and even light bulbs in our house now. So, it is for everyone. And the final thing that I would like to point out from season one is that cybersecurity is a team effort. During season one, we often talked about how humans can be the weakest link. But again, if we take the time to educate ourselves with training and if we work for companies that have a really sound cybersecurity culture, people can actually become the strongest link. So, onto season two, so let's go ahead and cover those receipts. So, in season two, we started to get into how SaaS companies could really start to implement some of these cybersecurity best practices and things of that nature. So, receipt one from season two. Proactive cybersecurity beats reactive responses. So, it's really important for all of us to take time to be more proactive instead of reacting when something were to happen. So, if we work for companies that have policies and things like that in place, it only helps all of us. So, next in that is that employee training is really crucial. So, one of the easiest ways for a company to become more proactive instead of reactive is through employee training. Training is super crucial, but one of the things that the expert pointed out to me during that episode is that training isn't to make an employee an expert. It's really just to train them enough to be able to spot things that happen, like a spam email or phishing or something along those lines. So, it's not to make us an expert, it's just to help train our eyes to be a little more cautious. And the final thing I got from that second season is that multifactor authentication is a must. Every expert, honestly, across all of the seasons so far of The Tea on Cybersecurity really talked about how MFA is crucial. MFA is the easiest way to strengthen security, so if you have the opportunity to turn it on, do so. It's a no- brainer. Let's look at season three. So, in season three, we really focused on compliance, including what it is, why it's important, and best practices on getting those certifications. So, receipt one from that season. Trust is foundational in cybersecurity. And one of the easiest ways as a company to show a potential client or customer that you are trustworthy is by showing that compliance certification. It really is a badge of honor. It shows that you're trustworthy. Customers need to trust that businesses will protect their data just as securely as they protect their own. And another big thing that I took from that season is that compliance frameworks are like recipes. So, you can think of a framework like a recipe in a cookbook. If you follow it closely, you'll have a strong security program. All right, so now we're getting into the second section of this episode. We've covered where we've been, so let's dive into some of the biggest cybersecurity trends right now. And as I cover these, they're in no particular order. It's just what I took my notes from, what I've researched, and the experts that I've talked to. So, the first thing I'm going to cover is AI is changing everything. I'm pretty sure AI, artificial intelligence, is a buzzword that's probably in every single industry, school, hospital, anything of the sort. AI is really a hot topic right now, and it's truly taking over. Companies are using AI for threat detection and automation, but guess what? So are hackers. AI- powered cyber attacks are making phishing scams and ransomware way more sophisticated, so things like AI governance and compliance are really important for businesses to begin to look into. Another thing that I've learned lately is that the idea of a secure network is beginning to fade. As more employees are working remotely and things like cloud computing, the idea of a secure network doesn't really exist anymore. Employees are able to log in from everywhere and companies have to think beyond just firewalls and passwords now. So, IT teams have to protect not only contractor laptops, but personal devices and even third- party vendors. So, this leads us to things like CMMC and supply chain security, which we will cover CMMC soon. Something else that's really a top trend in the cybersecurity industry right now is compliance is no longer optional. Regulations are really tightening up. The government is focusing on cybersecurity and businesses working with sensitive data, especially in healthcare, finance, and defense. They are really facing stricter requirements. That's why compliance frameworks like CMMC, like I just mentioned, and SOC 2 are becoming must- haves for company, not just a nice- to- have anymore. And the other major trend I would really like to talk about are how companies need something called a vCISO more than ever. So, here's a wild fact. There's a major cybersecurity talent shortage right now. Many businesses can't afford a full- time chief information security officer, or a CISO, so they're hiring virtual CISOs, AKA a V- C- I- S- O, or vCISO, to help cybersecurity strategy and compliance. But what does a vCISO actually do? Don't worry. That is something we will be covering in season four of The Tea on Cybersecurity. Okay, so let's go ahead and get to the final section of this episode. We've covered a lot, again, already. Now that we know what's trending and where we have been in the past seasons of The Tea on Cybersecurity, let's go ahead and give a couple of spoilers in season four. And again, we're not going to cover everything that we're giving, but just the key nuggets that are coming up that I'm excited to learn more about, and I hope all of you are as well. So, first up, what is a vCISO and why does a company even need one? So, vCISOs can help companies navigate risk, compliance, and cyber strategy, which is especially important when a company doesn't have an in- house security team. I also just mentioned a couple minutes ago about CMMC. So, what's the deal with CMMC? CMMC stands for Cybersecurity Maturity Model Certification, and it's a hot topic for businesses working with the Department of Defense. So, if you're dealing with supply chain security, compliance, or government contracts, this is an episode you do not want to miss. Another topic that we will be covering are penetration tests. Now, we do have an episode previously where we went into the basics of pen testing and why it's important, but in this season, we will talk about needs versus wants versus compliance. Penetration tests are often a requirement for some compliance certifications, but not all pen tests are created equally. I'm going to talk to some Trava experts, and we are going to be able to figure out what level of testing your business actually need when it comes to pen testing, plus so much more. And the final spoiler, AI compliance and governance. It really is the new frontier. So, as AI takes over cybersecurity, we obviously need rules. But who's making them? How do you stay compliant with AI regulations? We are going to break all of that down over two episodes during this season. All right, so we've looked at what we've covered previously on The Tea on Cybersecurity. We've talked about some key cybersecurity trends that are happening right now, and I've given you all a couple of spoilers of what we will be covering this season on The Tea on Cybersecurity. But I want to leave you with a takeaway. Cybersecurity is evolving fast, so on this season, we're giving you everything you need to stay informed, stay compliant, and stay secure. I can't wait to bring all of you along on this journey with me again. And that's The Tea on Cybersecurity. If you like what you listened to, please leave a review. If you need anything else from me, head on over to Trava Security. Follow wherever you get your podcasts.