Hashtag Realtalk with Aaron Bregg

In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.

Talking Points:

• Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What were some of your biggest challenges and frustrations back then?
• In 2018 you assumed the dual role of CTO and CISO, what was the hardest thing you had to change/overcome with having that dual role?
• Let's talk to WannaCry incident, what did the high level leadership view look like and what decisions needed to happen?
• In 2019 you had to re-evaluate the state of the security program at the halfway part of the timeline. During that you had to make some hard choice about the direction we needed to go in order to compete things. How did you come up with those decisions?
• You have had the distinct 'pleasure' of being a part of both a small healthcare and large scale acquisitions, what are some valuable lessons learned from each?
• In 2020 you had to pivot from an almost entirely in-person workforce to almost 100% remote, how did you manage to accomplish this in a timely and successful manner?
• In 2023 you had a chance to speak in front of congress around healthcare security, walk me through how that came about, how you felt in the moment and what things would you do differently (in hindsight)
• What has been the hardest part of planning and implementing Artificial Intelligence security?
• Heading into 2025, what advice do you have for other healthcare security leaders as they face the challenges of tighter budgets, smarter threat actors and changing business strategies?

Episode Charities:

• Toys for Tots of Grand Rapids - Presents for less fortunate children
• North Kent Connect - A great foundation that helps families with items that may not be covered by other programs
• YMCA of Greater Grand Rapids - Great organization promoting healthy lifestyles

Episode Sponsor:

Cloud Con - Michigan's premier security and infrastructure conference!

In this episode I talk about the concept of 'Zero Trust' with Patrick Tyler. Patrick is a Senior Solutions Engineer for Okta.

Talking Points:

• What is Zero Trust and why should you care?
• What did organizations have to do right away when it comes to Zero Trust?
• Why Zero Trust is important for 'non-traditional' cloud industries like manufacturing to do it?
• While VPN is a powerful tool, it isn't the 'End All Be All' for security.
• What did organizations have to do right away?

This episode is sponsored by Okta. Okta is a Workforce and Customer identity company that is based out of California. Proceeds from this sponsorship will be going towards prizes for the holiday fundraiser event.

In this episode, myself and my CSA sidekick Matt Nelson, talk with Ken Liao from Abnormal Security about email security and how social engineering is wreaking havoc on businesses.
Topics include:

• The Recent Twitter Hack
• Iran Advancing Their Social Engineering Skills
• The Importance of Good Email Hygiene
• What Does The Future of Email Security Look Like?

A big thanks to Abnormal Security for sponsoring this podcast! A majority of the proceeds will be going to low income students in West Michigan!

4.6.23 Update:
If you had downloaded this file before 6pm on April 6th you received the wrong episode. This error has been fixed and you have my sincerest apologies for the mess up!
*Disclaimer* While there was no physical harming of bad security vendors in this episode, there is a lot of honest #RealTalk. Opinions in this episode are my own and do not necessarily reflect the views of my leadership or my employer. Additionally, this episode is not sponsored and therefore is not influenced by outside sources.

In this episode I finally had some time to go over to the 'Fresh' Coast of West Michigan and sit down with Matt Nelson to talk about the current state of the cybersecurity industry. Matt is a Senior Solutions Architect for GuidePoint Security and brings a plethora of both useful and useless security knowledge to the conversation!

We kept the conversation focused on several different key areas of information security:

• How NOT to work with a business if you are a security vendor
• How are companies dealing with the rising cost of cybersecurity
• Giving some #RealTalk advice to people looking to break into the information security industry

While this episode went a little bit longer that I would like, it contains a TON of useful advice for not only employees and leaders, but security vendors as well.

*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.

In this episode, which is the first of a listener requested one around technical topics.

With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and intel providers that can do this, but they’re not cheap. So why don’t we just do it ourselves?

Python can handle simple tasks surrounding dark web scanning and offers more customization for complex tasks. Using strictly free open-source libraries and any system you have available, you can set up an automated scanner and detect threats as they arise.

Scan for IP addresses, potentially compromised emails, crypto addresses, and any regex patterns that you desire. Map your findings to the most relevant onion sites and get an understanding of where your adversaries tend to operate. This is just a start. From here, you can go almost anywhere.

Episode Charity:

Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.

Episode Sponsor:

Cloud Security Alliance of West Michigan

Talking Points:

• Why is it important that you at least have a basic understanding of the Dark Web is you are in the Small and Medium sized Business (SMB) space.
• Pros and Cons of Build vs Buy
• What safeguards do you want when out in the fringes?
• What are the mental health aspects of doing this type of work? How manage those pressures?
• What are Seed URLs?
• How to use Dark Web templates for scanning.

Description credit to GrrCon