Easy Prey

How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.

Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies.

Show Notes:

• [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves.
• [02:17] - Don't be embarrassed if you fall for a phishing scam.
• [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother.
• [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function.
• [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function.
• [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives.
• [09:01] - The identify function is focused on knowing what we have.
• [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security.
• [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong.
• [11:00] - Respond is knowing what the plan is when something does happen.
• [12:01] - Recover is about getting back to normal after something happens.
• [16:22] - Data centers want to make sure that they have redundant power supplies.
• [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware.
• [21:00] - We need to write things down and understand what systems and data connections we have.
• [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there.
• [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected.
• [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important.
• [31:10] - Transparency and communication are paramount for creating trust.
• [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most.
• [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective.
• [37:27] - Have guidance documentation in place and have oversight.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Optic Cyber Solutions
• (MaPT) Maturity and Progress Tracker
• Optic Cyber Solutions on LinkedIn
• Optic Cyber YouTube
• NIST Cybersecurity Framework