The State of Enterprise IT Security

What’s the real difference between monitoring and observability—and why does it matter in enterprise environments? In this episode, Brad Bussie is joined by Paige Cruz and Bill Hineline of Chronosphere to challenge outdated approaches and reveal how culture, cost, and complexity are shaping the future of observability in enterprise IT.Topics Covered:Why observability is not “SIEM 3.0”—and what it really isThe “fourth pillar” of observability: Why culture is just as important as metrics, logs, and tracesPractical strategies to reduce cognitive load and cost in modern environmentsKey Takeaways:Observability ≠ Monitoring: Monitoring tells you if your system is up; observability helps you understand why it’s behaving the way it is.Culture is foundational: Without a culture of observability, even the best tools and traces fall flat.Data hygiene is critical: It's not just about collecting everything—it's about collecting with intent.AI isn’t taking your job—it’s your new assistant: Observability will evolve alongside agentic AI to reduce toil, not replace humans.Mentions & References:ChronosphereOpenTelemetryPrometheusDORA 2025 ReportTimestamps with Highlights:00:00 – What Is Observability? Paige and Bill define observability as more than system uptime—it's about understanding how services behave.03:00 – Observability vs. Monitoring: Bill compares old-school monitoring with modern service-level observability.05:00 – The Fourth Pillar: Culture: Why observability fails without shared responsibility and developer enablement.09:30 – Cognitive Load Is Killing Innovation: Context switching and signal-to-noise problems are making devs less productive.14:00 – Open Standards Help Reduce Friction: OpenTelemetry and trace correlation are streamlining the dev workflow.18:00 – Cost vs. Value of Observability: Why you shouldn't just cut logs to save money without understanding their impact.22:00 – Regulated Industries & Observability: Using pipelines to enforce PII redaction and smart data routing.27:00 – Looking Ahead: The AI Connection: Observability tools will lean into AI—not to predict, but to guide faster diagnosis.33:00 – From Reactive to Proactive: How to build observability practices that detect problems before they impact customers.36:00 – Clarity at Scale: Managing observability in multi-cloud, multi-cluster environments with standards and simplicity.41:00 – Trust Between Teams: How observability can heal the trust gap between devs and ops.47:00 – The Future of Observability: It’s becoming table stakes, foundational to every org’s operational maturity.Follow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsBrad Bussie: https://www.linkedin.com/in/bbussie/Paige Cruz: https://www.linkedin.com/in/paigerduty/Bill Hineline: https://www.linkedin.com/in/billhineline/About the Show: The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360: e360 strengthens organizations by solving complex business challenges through composable enterprise solutions, artificial intelligence engineering, security, managed services, and customer success. We help clients operationalize the full value of their investments in people, processes, and technology, with CARE at the center of our approach.Visit us: www.e360.com

In this episode, Brad Bussie and field CISO Mark Aksel explore how AI is transforming manufacturing, from predictive maintenance to advanced supply chain strategies. They break down the real impacts of tariffs and share how companies can future-proof operations with smarter AI-driven decisions.## Topics Covered* Using AI for predictive maintenance and real-time quality control on manufacturing lines* Navigating global trade challenges and tariff impacts on supply chains* Security considerations and data readiness for AI adoption in industrial environments## Key Takeaways* Many manufacturers are still operating on outdated equipment, making retrofitting with AI a critical first step.* AI-driven predictive maintenance and supply chain modeling can significantly reduce costs and improve resilience against tariffs.* Ensuring high-quality, trusted data is foundational before implementing AI; without it, models risk making poor or biased decisions.* Security leaders should see AI as a way to enable smarter, proactive business decisions rather than just another tool to manage.## Mentions & References* Predictive maintenance and supply chain scenario modeling* Use of computer vision in quality control* AI readiness checklists (mentioned as upcoming resource)## Time Stamps with Highlights00:00 — Opening: Why AI in manufacturing is more than a trend02:00 — Tariffs and supply chain vulnerabilities explained04:00 — The case for predictive maintenance using historical machine data06:00 — How sensors and real-time analysis help prevent downtime07:30 — Computer vision for quality control and immediate line adjustments09:00 — Mark’s 3D printer story and parallels to industrial automation12:00 — Challenges of retrofitting older manufacturing equipment14:00 — AI-led global supply chain shifts (moving from China to Vietnam, India)17:00 — Stretching IT and security budgets by delaying refresh cycles strategically19:00 — The importance of data quality and human oversight in AI decision-making22:00 — Future use cases: AI for trade policy analysis and third-party risk automation25:00 — The coming impact of GenAI on contract and trade agreement analysis26:00 — Key boardroom-level decisions for smarter manufacturing investments27:00 — Closing thoughts and an upcoming AI readiness checklist for manufacturing## Follow UsLinkedIn: [https://www.linkedin.com/company/e360solutions](https://www.linkedin.com/company/e360solutions)Facebook: [https://www.facebook.com/e360solution](https://www.facebook.com/e360solution)X: [https://twitter.com/e360\_solutions](https://twitter.com/e360_solutions)YouTube: [https://www.youtube.com/@e360solutions](https://www.youtube.com/@e360solutions)## About the ShowThe State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.## About e360e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: [www.e360.com](http://www.e360.com)

Opening Summary: In this episode, Brad Bussie and Mark Aksel unpack the key security takeaways from Google Cloud Next 2025. From AI-powered threat detection to innovative SecOps integrations and game-changing cyber insurance developments, this episode gives enterprise security leaders the insights they need to stay ahead.Topics Covered:Google’s Unified Security Platform: Merging Mandiant, Siemplify, Chronicle, and VirusTotal into a single, AI-powered SecOps ecosystem.Agentic AI in Threat Detection: How Google is using AI agents to empower, not replace, analysts.Security Posture & Insurance: Google's partnerships with Beazley and Chubb to reduce premiums based on real-time security posture.Key Takeaways:Google's integration of acquisitions (Chronicle, Mandiant, etc.) under the GUS platform shows a clear focus on unifying threat detection and response.Agentic AI is redefining how analysts work—augmenting, not replacing, human roles in security ops.The addition of Mandiant Threat Defense directly into SecOps offers expert-level defense in-platform.Google’s Data Security Posture Management tool will now monitor AI training data—crucial for model integrity and compliance.The new Expanded Risk Protection Program may lower cyber insurance premiums by proving better security posture.Mentions & References:Google Cloud Next 2025Mandiant Threat DefenseGoogle Unified Security (GUS)Gemini AIData Security Posture Management (DPSM)Beazley and Chubb (Cyber Insurance)Time Stamps with Highlights: 00:00 – Intro & The Gaming Interview Origin Story 01:30 – Why IT security podcasting took a break & the value of seasonality 03:10 – Google Cloud Next Overview – 244 announcements, only ~10-15 security focused 05:00 – Partner Summit: Crowds, chaos, and how security tracks drew high attention 06:00 – Google Unified Security (GUS): Combining Mandiant, Siemplify, Chronicle & more 07:00 – AI-powered security suite using Gemini for threat detection & response 08:30 – Agentic AI: Giving analysts superpowers, not replacing them 11:00 – Agentic AI for reverse-engineering obfuscated scripts – live demo recap 13:00 – Role of human enhancement with AI in SecOps 15:00 – Mandiant Threat Defense: Bringing elite responders directly into Google SecOps 19:30 – DPSM: Discover, govern, and monitor even AI training data—huge for security teams 24:00 – Expanded Risk Protection Program: Cyber insurance discounts from Beazley & Chubb 28:00 – How cyber insurance pricing is evolving with real-time posture scoring 30:00 – Startup Hub insights: Best part of Google Next for spotting security innovation 36:00 – Final thoughts: AI, security, and where Google is headed nextFollow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show: The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360: e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

In this episode, Brad Bussie is joined by Svetla Yankova, CEO of Citreno, to discuss the evolution of Google SecOps. They dive deep into how automation, AI, and cloud-native solutions are transforming security operations and the promise (and limitations) of SIEM solutions.Topics Covered:The evolution of Google SecOps and the role of Chronicle and SiemplifyWhat is SecOps? A Simplified ExplanationThe Broken promise of SIEM and how SecOps is evolvingBest practices for implementing effective SecOps in modern enterprisesThe Future of SecOps: AI and Cloud-Native SolutionsKey Takeaways:Google SecOps integrates advanced threat intel and automation to improve security efficiency.SIEM tools have evolved, but many organizations still struggle with data hygiene and correlating meaningful alerts.The future of SecOps lies in risk-based, cloud-native solutions, combining AI with human oversight for smarter, faster decision-making.Mentions & References:Google Chronicle and Siemplify (now part of Google SecOps)Threat Intel through the Mandiant acquisitionVirusTotal integration for enhanced threat detectionTime Stamps with Highlights:00:00 - Introduction to Enterprise IT Security01:04 - Meet the experts: Brad Bussie and Svetla Yankova02:00 - Exploring the evolving landscape of SecOps03:40 - The journey of Google SecOps: From secret moonshot project to powerful tool05:44 - Understanding SecOps: A simplified explanation07:17 - The rise of automation and AI in security operations10:24 - The evolution of SecOps technology and Google’s role15:18 - The broken promise of SIEM: Why many systems fall short20:00 - How SIEM is evolving with automation, SOAR, and AI26:30 - Best practices for effective SecOps implementation30:45 - The future of SecOps: AI, automation, and risk-aware solutionsFollow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show: The State of Enterprise IT Security podcast, hosted by e360, makes IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity trends.About e360: e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises.Visit us: www.e360.com (00:00) - Introduction to Enterprise IT Security (01:04) - Meet the Experts: Brad Bussie and Svetla Yankova (01:36) - Exploring the Evolving Landscape of SecOps (02:58) - The Google SecOps Journey (05:44) - Understanding SecOps: A Simplified Explanation (08:22) - The Evolution of SecOps Technology (15:18) - The Broken Promise of SIEM (26:30) - Best Practices for Effective SecOps Implementation (29:56) - The Future of SecOps: AI and Cloud-Native Solutions (34:45) - Conclusion and Final Thoughts

In this episode, we explore the rapid rise of AI in businesses and the pressing need for security teams to stay ahead of the curve. As organizations increasingly adopt AI technologies, the potential for Shadow AI and other security risks grows. Brad Bussie, Chief Information Security Officer at e360, discusses how security leaders can navigate this wild west environment, protect their organizations from unseen threats, and ensure that AI innovations don't outpace security measures. Tune in to learn practical strategies for balancing AI adoption with robust security practices.Topics Covered:The rapid adoption of AI in businesses and its implications for security.What Shadow AI is and why it’s a growing concern.How security teams can keep up with the fast-paced AI environment.Practical tips for implementing AI governance and controls.The changing dynamic between business users and security leaders.Key Takeaways:AI adoption is accelerating across industries, making it crucial for security teams to adapt.Shadow AI poses significant risks if not managed properly.Security leaders must be proactive in implementing tools and strategies to protect their organizations.Collaboration between business users and security teams is more important than ever.Time Stamps:[00:00] Introduction and overview[01:18] The current state of AI adoption in businesses[10:34] The risks of Shadow AI and how to manage it[16:44] How security teams can stay ahead in the AI era[31:15] Real-world examples of AI transforming business practices[32:44] The future of AI in business and the role of security teamsFollow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com (00:00) - Introduction and Potential Risks of GenAI (01:54) - Black Hat Insights and Shadow AI (06:32) - AI Security Implementation Challenges (17:58) - Live Demo: GenAI in Marketing (24:43) - Security Considerations for AI (40:25) - Future of AI and Closing

Ep. 27: From Updates to Outages: A Deep Dive into CrowdStrike's Recent IssueIn this episode of "The State of Enterprise IT Security," Brad Bussie, Chief Information Security Officer at e360, is joined by Erin Carpenter, Sr. Director of Digital Marketing. They dive deep into the recent CrowdStrike incident, discussing its implications and broader cybersecurity themes.Topics Covered:The CrowdStrike incident and its impact on organizationsBroader implications for other cybersecurity platformsStrategies for ensuring cyber resiliencyKey Takeaways:Understand the details and scale of the CrowdStrike incident and how it affected organizations globally.Learn about the broader implications for other cybersecurity platforms and the importance of cyber resiliency.Gain insights into strategies for ensuring business continuity and preventing future widespread disruptions.Mentions & References:CrowdStrike incidentMicrosoft updates and blue screen issuesStrategies for IT resilience and redundancyTime Stamps with Highlights:00:00 - Introduction: Brad Bussie and Erin Carpenter discuss the episode's agenda01:37 - The CrowdStrike incident: Overview and impact04:00 - Broader implications for other cybersecurity platforms09:00 - Ensuring cyber resiliency: Lessons learned12:25 - Strategies for IT resilience and redundancy18:00 - Potential legal implications and GDPR considerations23:00 - Communicating with the board and stakeholders29:00 - Final thoughts and recommendationsFollow Us:LinkedIn https://www.linkedin.com/company/e360solutionsFacebook https://www.facebook.com/e360solutionX (Twitter) https://twitter.com/e360_solutionsYouTube https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

In this episode of the State of Enterprise IT Security Edition, Brad Bussie, Chief Information Security Officer at e360, discusses three critical topics affecting today's cybersecurity landscape.Topics Covered:Data Breach in Baltimore: The identities of residents who reported crimes were leaked, highlighting severe risks to privacy and public safety. Brad explores the importance of protecting personal data, particularly in public services, and offers measures to prevent such breaches.Cybersecurity in the Automotive Industry: A new study finds cybersecurity as the top concern among automotive manufacturers. With the rise of connected cars and autonomous driving, Brad delves into the vulnerabilities these technologies introduce and the steps manufacturers are taking to safeguard vehicles.Untrained Users Weaken Cyber Defense: Untrained users are often the greatest weakness in a cyber defense plan. Brad explains how human error leads to significant security breaches and the importance of comprehensive cybersecurity training to mitigate these risks.Key Takeaways:Robust data protection measures are essential for public services handling sensitive information.The automotive industry's integration of digital technologies requires stringent cybersecurity practices.Investing in cybersecurity training and fostering a security-aware culture can significantly reduce human error-related breaches.Mentions & References:Baltimore City's 311 services data breachHigh-profile automotive cybersecurity incidents (Jeep Cherokee and Tesla's autopilot system)2016 Democratic National Committee hackEquifax data breachTime Stamps with Highlights:[00:00] Introduction and Overview[00:45] Data Breach in Baltimore: A Case Study[05:44] Cybersecurity in the Automotive Industry[11:08] Untrained Users Weaken Cyber Defense[16:42] Conclusion and Final ThoughtsFollow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, makes IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com (00:00) - Introduction and Overview (01:05) - Data Breach in Baltimore: A Case Study (06:04) - Cybersecurity in the Automotive Industry (11:28) - The Human Factor in Cybersecurity (17:02) - Conclusion and Final Thoughts

In this episode of The State of Enterprise IT Security, Brad Bussie dives into the crucial aspects and risks of being a Chief Information Security Officer (CISO). Explore why AI initiatives often fail and learn how to tailor threat intelligence to your business vertical for enhanced security.Topics Covered:Risks involved with being a Chief Information Security OfficerReasons behind the failure of AI initiatives and next stepsBenefits of tuning threat intelligence to your business verticalKey Takeaways:CISO Challenges: The immense responsibilities and pressures CISOs face, including legal, regulatory, and reputational risks.AI Initiative Failures: Common pitfalls in AI projects such as poor data governance, inadequate security measures, and integration challenges with legacy systems.Tailored Threat Intelligence: How tuning threat intelligence to specific business verticals can significantly enhance cybersecurity posture and proactive threat management.Mentions & References:NIST AI FrameworkOWASP Top 10 for LLMTime Stamps with Highlights:[00:00:00] Introduction and Overview: High accountability and stress for CISOs.[00:01:30] Risks of Being a CISO: High stakes, accountability, and evolving threat landscape.[00:07:44] Challenges in AI Initiatives: Reasons AI initiatives fail and what steps to take next.[00:13:31] Tuning Threat Intelligence: Benefits of tailored threat intelligence for different business verticals.[00:22:01] Conclusion and Final Thoughts: Summarizing the importance of proactive security measures.Follow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com (00:00) - Introduction and Overview (01:30) - Risks of Being a CISO (07:44) - Challenges in AI Initiatives (13:31) - Tuning Threat Intelligence to Your Business (22:01) - Conclusion and Final Thoughts

In this FAQ-style episode of the State of Enterprise IT Security Podcast, Brad Bussie answers key questions in healthcare - securing patient data, the pros and cons of AI-based cybersecurity tools versus traditional methods, and how to tackle the complex challenges of securing IoT devices in patient care. Tune in to gain valuable insights that can help safeguard sensitive healthcare information.Topics Covered:Best practices for securing patient data in healthcare settingsAdvantages and disadvantages of AI-based cybersecurity tools versus traditional toolsChallenges and strategies for securing IoT devices used in patient careKey Takeaways:Securing Patient Data: Implement encryption, establish access controls, conduct regular security training, and develop incident response plans.AI vs. Traditional Cybersecurity Tools: AI tools offer real-time threat detection and adaptive learning but can be costly and prone to false positives. Traditional tools are more predictable but may struggle with new, sophisticated threats.Securing IoT Devices: Use strong encryption, regularly update software, employ unique passwords, leverage multi-factor authentication, and segment networks to protect sensitive data.Mentions & References:AES 256 EncryptionHIPAA complianceIntrusion detection/prevention systemsTime Stamps with Highlights:[00:00] Introduction and overview of topics[00:19] Brad Bussie introduces the episode and outlines the main topics[01:16] Best practices for securing patient data[07:06] AI-based cybersecurity tools vs. traditional tools[13:36] Securing IoT devices in healthcare[18:51] Closing remarksFollow Us:LinkedIn: linkedin.com/company/e360solutionsFacebook: facebook.com/e360solutionX (Twitter): twitter.com/e360_solutionsYouTube: youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, makes IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

Healthcare organizations face a unique set of cybersecurity challenges, from protecting patient privacy under regulations like HIPAA to managing the hidden costs of upgrading legacy systems. In this episode, Brad Bussie dives into these critical issues and offers actionable insights for healthcare providers.Topics Covered:Hidden Costs of Upgrading Legacy SystemsHighly Rated Cybersecurity Solutions for Healthcare OrganizationsCommon Cybersecurity Challenges in HealthcareKey Takeaways:Hidden Costs of Upgrading Legacy Systems:Compatibility issues between new security solutions and older software.Potential downtime and learning curves impacting day-to-day operations.Integration challenges and risks of data loss during migration.Financial costs including new software licenses, hardware, and ongoing maintenance.Risks of vendor lock-in and hidden security vulnerabilities in legacy data.Highly Rated Cybersecurity Solutions for Healthcare:Endpoint security for devices including medical equipment.Threat and vulnerability management through regular scans and updates.Network security using firewalls, intrusion detection/prevention systems, and secure VPNs.Incident management and response through drills and tabletop exercises.Data encryption at rest and in transit to protect patient information.Identity and Access Management (IAM) to control access and prevent insider threats.Regular security awareness training to mitigate human error.Compliance management to adhere to regulations like HIPAA.Common Cybersecurity Challenges in Healthcare:Protecting patient privacy and maintaining HIPAA compliance.Dealing with outdated legacy systems that are vulnerable to cyber attacks.The growing threat of ransomware and malware attacks.Shortage of skilled cybersecurity professionals in the healthcare sector.Security issues with Internet of Medical Things (IoMT) devices.Financial constraints limiting investments in cybersecurity.Managing third-party risks from numerous vendors.Time Stamps with Highlights:[00:00:00] Introduction: Overview of healthcare cybersecurity challenges and importance of protecting patient privacy under HIPAA.[00:01:17] Hidden Costs of Upgrading Legacy Systems: Discussing compatibility issues, potential downtime, and financial costs.[00:06:00] Top Cybersecurity Solutions for Healthcare: Importance of endpoint security, threat management, network security, and incident response.[00:10:23] Common Cybersecurity Challenges: Issues with legacy systems, ransomware threats, and shortage of skilled professionals.[00:13:26] IoMT Device Security and Financial Constraints: New vulnerabilities from IoT devices and financial limitations post-pandemic.[00:14:25] Third-Party Risks and Compliance Management: Managing risks from third-party vendors and maintaining regulatory compliance.[00:15:15] Conclusion: Importance of a comprehensive approach to addressing cybersecurity challenges in healthcare.Follow Us:LinkedIn: e360 Solutions https://www.linkedin.com/company/e360solutionsFacebook: e360 Solutions https://www.facebook.com/e360solutionX (Twitter): e360 Solutions https://twitter.com/e360_solutionsYouTube: e360 Solutions https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

In this episode, Brad Bussie covers three crucial topics in the realm of cybersecurity. Zoom is gearing up for a quantum future with post-quantum encryption, Rockwell advises disconnecting internet-facing industrial control systems due to rising cyber threats, and the Library of Congress successfully thwarts a cyberattack using multi-factor authentication (MFA). Join us as we delve into these significant developments and their implications for IT security leaders.Topics Covered:Zoom's implementation of post-quantum encryption to secure digital communications.Rockwell Automation's advisory to disconnect vulnerable ICS devices amid cyber threats.How multi-factor authentication helped the Library of Congress prevent a cyberattack.Key Takeaways:Zoom is the first unified communications company to offer post-quantum encryption, safeguarding against future quantum threats.Rockwell Automation emphasizes the critical need to disconnect ICS devices from the public internet to minimize cyber risks.The Library of Congress effectively used MFA to prevent a potential cyberattack, highlighting the importance of robust security measures.Mentions & References:Zoom's post-quantum encryption using Kyber 768 algorithm.Rockwell's advisory and the role of US CISA in reinforcing security measures.The thwarted cyberattack on the Library of Congress and its implications for cybersecurity practices.Time Stamps with Highlights:[00:00] Introduction: Overview of the episode's topics.[00:41] Zoom Prepares for Quantum World: Details on Zoom’s post-quantum encryption and its significance.[04:26] Rockwell's Advisory: Importance of disconnecting ICS devices and securing critical infrastructure.[08:40] Library of Congress Cyberattack: How MFA prevented a breach and lessons learned.Follow Us:LinkedIn: https://www.linkedin.com/company/e360solutionsFacebook: https://www.facebook.com/e360solutionX (Twitter): https://twitter.com/e360_solutionsYouTube: https://www.youtube.com/@e360solutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: http://www.e360.comLinks to Articles:Zoom - Zoom Prepares for Quantum World with Post-Quantum Encryption: https://www.e360.com/blog/zoom-post-quantum-encryption-rockwell-ics-cyber-threats-library-of-congress-cyberattackRockwell - Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats: https://www.e360.com/blog/zoom-post-quantum-encryption-rockwell-ics-cyber-threats-library-of-congress-cyberattackLibrary of Congress - Thwarted Cyberattack Targeted Library of Congress: https://www.nextgov.com/cybersecurity/2024/05/thwarted-cyberattack-targeted-library-congress-tandem-/View Article of this Podcast: https://www.e360.com/blog/zoom-post-quantum-encryption-rockwell-ics-cyber-threats-library-of-congress-cyberattack

In this episode, Brad Bussie discusses the critical gap in cybersecurity expertise, the U.S. government's $50 million investment to bolster healthcare cyber resilience, and the emerging threat of YouTube as the latest phishing battleground. Stay tuned to uncover the latest insights and expert analysis on these pressing issues in the world of IT security.Topics Covered:The widening cybersecurity expertise gap and its implications.U.S. investment in Better Healthcare cyber resilience.YouTube's rise as a phishing battleground.Key Takeaways:Expertise Gap: The shortage of skilled cybersecurity professionals is a growing concern, affecting the ability of organizations to defend against sophisticated threats.Healthcare Cyber Resilience: The U.S. government's $50 million investment aims to enhance the cybersecurity infrastructure of healthcare systems, critical in the wake of increasing cyberattacks.YouTube Phishing: Cybercriminals are increasingly targeting YouTube as a platform for phishing attacks, exploiting its vast user base.Mentions & References:U.S. government initiatives on healthcare cybersecurity.Recent studies and reports on the cybersecurity skills shortage.Examples of phishing attacks on YouTube.Time Stamps with Highlights:[00:00] Opening Remarks: Introduction and episode overview.[02:30] Expertise Gap: Discussing the lack of cybersecurity professionals and its impact.[05:00] U.S. Invests $50m in Better Healthcare Cyber Resilience: Details on the $50 million investment and its expected benefits.[08:15] YouTube Phishing Threats: How cybercriminals are exploiting YouTube for phishing scams.[12:45] Key Strategies: Recommendations for organizations to improve their cybersecurity posture.[15:30] Closing Thoughts: Final insights and a look ahead to future episodes.Follow Us:LinkedInFacebookX (Twitter)YouTubeAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us:www.e360.com (00:00) - Introduction to Cyber Threats and IT Security (00:49) - Exploring the Security Expertise Gap in Cloud Expansion (05:41) - Investing in Healthcare Cyber Resiliency (09:15) - YouTube: The New Frontier for Cyber Threats (13:51) - Conclusion and Call to Action

Join Brad Bussie, Chief Information Security Officer at e360, as he explores Google's innovative approach to cloud security in today's episode. Focusing on how Google has revolutionized security operations with a multilayered defense strategy, Brad discusses the integration of AI and threat intelligence to enhance cybersecurity measures in the cloud era.Topics Covered:Google's Approach to Cloud Security: An overview of how Google tackles the complexities of cybersecurity with advanced technologies and strategies.The Role of AI and Automation in SecOps: Examining how Google utilizes artificial intelligence to streamline threat detection, investigation, and response.Integrating Threat Intelligence and Expertise: Insights into how Google’s acquisition of Mandiant and integration with VirusTotal enhance their security capabilities.Key Takeaways:Google Security Operations is designed to support not just Google Cloud but multi-cloud environments, providing a versatile and robust security solution.The use of AI in Google's security operations allows for more efficient data analysis and threat detection, significantly reducing the workload for security analysts.Google’s comprehensive security framework combines AI, machine learning, and human expertise from Mandiant to offer a proactive and informed cybersecurity defense system.Mentions & References:Insights from the Google Next Conference on the role of AI in securityGoogle's VirusTotal IntegrationTDIR Process in Google's Cloud SecurityMandiant’s ExpertiseTime Stamps with Highlights:[00:00:32] - Introduction to Google’s security operations and the challenges in cloud security[00:02:09] - Discussion on the shift from traditional security models to advanced, integrated systems[00:07:24] - The impact of AI and automation on security operations[00:11:27] - How Google's comprehensive threat intelligence network supports proactive defenseFollow Us:LinkedInFacebookX (Twitter)YouTubeAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

In Episode 19 of The State of Enterprise IT Security, Brad Bussie tackles critical issues affecting the cybersecurity landscape. From new CISA guidelines aimed at protecting critical U.S. infrastructure to major data leaks impacting millions, this episode dives deep into the challenges and strategies for securing our digital world.Topics Covered:CISA Guidelines for AI in Critical Infrastructure: Discussion on new measures to enhance the security of U.S. critical infrastructure against AI-related threats.Kaiser Data Leak: Examination of a significant data breach affecting 13.4 million Kaiser members, including the inadvertent sharing of data with advertisers.Okta Credential Stuffing Attacks: Analysis of the recent spike in credential stuffing attacks against Okta accounts, exacerbated by the use of residential proxy services.Key Takeaways:CISA is intensifying efforts to safeguard critical infrastructure by focusing on AI risks, proposing a comprehensive plan for risk management.Kaiser's data leak highlights the ongoing challenges in protecting personal health information and the risks associated with third-party data sharing.Okta's experience with credential stuffing attacks illustrates the evolving tactics of cybercriminals and the importance of robust cybersecurity measures, including enhanced authentication processes.Mentions & References:CISA (Cybersecurity and Infrastructure Security Agency)Kaiser PermanenteOktaTechniques like residential proxy services that facilitate anonymity in cyber attacks.Time Stamps with Highlights:[00:00:33] Introduction to Episode 19 Topics[00:01:24] CISA's New AI Security Guidelines[00:06:33] Data Leak Impacting Kaiser Insurance Members[00:11:02] Rise in Okta Credential Stuffing AttacksFollow Us:LinkedInFacebookX (Twitter)YouTubeAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com

In this episode, Brad Bussie, Chief Information Security Officer at e360, is joined by Shariq Aqil, Field CTO from Zerto, an HPE company. They delve into the critical topic of building a cyber resilience vault, providing valuable insights into creating robust defenses against cyber threats.Topics Covered:Introduction to Cyber Resiliency:Definition and importance of cyber resiliency in modern business environments.Strategies for achieving cyber resilience, including proactive and reactive measures.Exploring the Cyber Resiliency Vault Concept:Detailed explanation of what a Cyber Resiliency Vault is and the problems it addresses.Discussion on how Zerto’s technologies enhance cyber resilience through their innovative vault solutions.Building a Cyber Resiliency Vault with Zerto:The technical and strategic approach to using Zerto for creating a cyber resiliency vault.Benefits of integrating Zerto’s solutions into cybersecurity frameworks.Key Takeaways:Importance of a comprehensive strategy encompassing prevention, detection, response, and recovery.Insights into Zerto’s approach to continuous data protection and its impact on minimizing data loss and recovery times.The role of cyber resiliency vaults in enhancing organizational ability to withstand and recover from cyber incidents.Mentions & References:Zerto and e360 partnershipCyber resilience strategies and technologies discussed in the episode are pivotal for organizations seeking to enhance their security posture.Time Stamps with Highlights:[00:02:00-00:04:00] Shariq Aqil’s Background:Shariq provides an overview of his professional background and his role at Zerto, detailing his experiences at Dell, EMC, and IBM before joining Zerto.[00:04:00-00:06:00] What is Cyber Resiliency:Brad elaborates on the concept of cyber resiliency, explaining it as an organization’s ability to maintain critical operations effectively amidst cyber threats.[00:06:00-00:08:00] The Role of Cyber Resiliency Vaults:The discussion shifts to the specific function of cyber resiliency vaults, describing how they protect critical data and support quick recovery from cyber incidents.[00:08:00-00:10:00] Technical Details of Zerto’s Solutions:Shariq dives into the technical aspects of Zerto’s solutions, focusing on continuous data protection and its advantages over traditional backup solutions.[00:10:00-00:12:00] Importance of Quick Recovery:The conversation emphasizes the importance of rapid recovery capabilities in cyber resiliency solutions, highlighting how Zerto’s technology minimizes data loss and recovery times.[00:12:00-00:14:00] Implementing Zerto’s Cyber Vaults:Brad and Shariq discuss the implementation of Zerto’s cyber vaults, explaining the process of data replication, scanning for anomalies, and ensuring data immutability.[00:14:00-00:16:00] Broader Implications of Cyber Attacks:They discuss the broader impact of cyber attacks on business operations, stressing the need for comprehensive cyber resilience strategies that go beyond immediate recovery.[00:16:00-00:18:00] Discussion on Cyber Resilience Strategies:The discussion turns to strategies for enhancing cyber resilience, including the need for a multi-faceted approach that encompasses technology, policies, and people.Follow Us:LinkedInFacebookX (Twitter)YouTubeAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.Visit us: www.e360.com (00:00) - Welcome to the State of Enterprise IT Security Edition (01:05) - Introducing Shariq Aqil from Zerto (02:53) - Understanding Cyber Resiliency (05:26) - Exploring the Cyber Resiliency Vault Concept (15:05) - Building a Cyber Resiliency Vault with Zerto (19:49) - The Importance of Testing and Recovery Planning (26:05) - Expert Tips on Cyber Resiliency and Vaulting (30:15) - Action Steps for Organizations

Brad Bussie, Chief Information Security Officer at e360, hosts the State of Enterprise IT Security Edition podcast, where he delves into three main topics aimed at making IT security more approachable for technology leaders. The first segment reflects on the aftermath of a ransomware attack on United Health and Change Healthcare, highlighting the sobering realization that paying ransoms does not guarantee the safety of stolen data, as evidenced by Change Healthcare's loss of sensitive patient information despite a $22 million ransom payment. The second segment discusses cloud security, questioning the substantial investment in cloud technology and exploring the utility and limitations of security tools such as SIEM, EDR, and ITDR based on a survey of 150 security professionals from large companies. The implications of automation and AI in enhancing security operations, despite staffing challenges within the IT security domain, are also examined. The third segment probes the ethical and privacy concerns surrounding AI technologies capable of emotional intelligence and voice synthesis, spotlighting Hume's empathic AI and HeyGen's AI-driven content creation platform. Bussie underscores the need for robust security measures to protect user data and prevent misuse of AI in emotional manipulation and content generation, advocating for user vigilance and informed engagement with emerging AI technologies.00:00 Introduction to Enterprise IT Security Insights01:20 Deep Dive into United Health's Cybersecurity Incident07:02 Exploring Cloud Security Investments and Challenges17:12 The Future of AI: Emotional Intelligence and Avatars24:13 Innovative AI Technologies: HeyGen and AI Avatars31:30 Conclusion and Final Thoughtse360 website: www.e360.comShow page: e360.com/state-of-enterprise-it-security-podcastFollow on LinkedIn: https://www.linkedin.com/company/e360solutionsAbout the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forwardAbout e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise. (00:00) - Introduction to Enterprise IT Security Insights (01:20) - Deep Dive into United Health's Cybersecurity Incident (07:02) - Exploring Cloud Security Investments and Challenges (17:12) - The Future of AI: Emotional Intelligence and Avatars (24:13) - Innovative AI Technologies: HeyGen and AI Avatars (31:30) - Conclusion and Final Thoughts

Navigating Emerging Threats and Innovations in IT SecurityIn this episode of the State of Enterprise IT Security Edition, host Brad Bussie discusses three main topics relevant to technology leaders today. Firstly, he addresses the growing adoption of Multi-Factor Authentication (MFA) and its vulnerabilities, including MFA fatigue, SIM swapping, and session cookie theft, providing strategies to mitigate these risks. Next, Bussie talks about a recent emergency directive from the U.S. Cybersecurity Agency (CISA) in response to a Russian APT's infiltration of Microsoft's network and theft of sensitive correspondence, emphasizing the importance of federal agencies hunting for signs of the breach, analyzing exfiltrated emails, and securing authentication tools. Lastly, insights from the Google Next conference are shared, highlighting advancements in AI-driven security solutions and features, including Gemini for cloud and cybersecurity, AI hypercomputers, and enhanced data privacy measures. The episode aims to make IT security approachable and actionable for its audience.00:00 Breaking News: Russian Hackers Target Microsoft00:00 Introduction00:48 Welcome to the State of Enterprise IT Security Edition01:52 Growing Challenges with Multi-Factor Authentication (MFA)09:11 U.S. Government on High Alert: Russian Hackers Steal Sensitive Data16:24 Innovations and Security Insights from Google Next Conference23:24 Closing Thoughts on Enterprise IT Security

Navigating the Complex Landscape of IT Security: MFA, Russian Hackers, and Google's InnovationThis video explores the current state of enterprise IT security, emphasizing the widespread adoption of multi-factor authentication (MFA) and its vulnerabilities, including MFA fatigue, SIM swapping, and session cookie theft. It discusses a recent emergency directive by CISA in response to Russian hackers stealing sensitive correspondence from Microsoft, underlining the importance of immediate action by federal agencies to secure their systems. Additionally, the video highlights announcements from the Google Next Conference, particularly focusing on the new AI-driven cybersecurity solutions like Gemini for cloud and cybersecurity, AI assistance in coding, and advancements in AI-powered threat defense, demonstrating Google's commitment to enhancing data privacy and security in the face of increasing cyber threats.00:00 Breaking News: Russian Hackers Target Microsoft00:00 Introduction00:48 Welcome to the State of Enterprise IT Security Edition01:52 Growing Challenges with Multi-Factor Authentication (MFA)09:11 U.S. Government on High Alert: Russian Hackers Steal Sensitive Data16:15 Innovations and Security Insights from Google Next Conference23:16 Closing Thoughts on Enterprise IT Security

In the 15th episode of the State of Enterprise IT Security Edition, Brad Bussie, the Chief Information Security Officer at e360, discusses critical vulnerabilities and innovations within the IT security landscape. The episode covers a range of topics from a security breach at a budget hotel chain, Microsoft's AI-driven red team augmentation, to the massive AT&T breach impacting 70 million users. Bussie emphasizes the importance of secure coding practices, the potential of AI in cybersecurity, and actionable steps for individuals and organizations to protect against breaches.Timestamps:[00:01:00] Hotel Self Check-In Kiosk Vulnerability:- A security flaw in a budget hotel's self check-in kiosks exposed room access codes, affecting potentially 600 hotels in 20 countries.- The vulnerability underscores the critical need for rigorous secure code practices and thorough application architecture understanding.[00:06:30] Microsoft’s Red Team Augmentation via AI:- Partnership with OpenAI to introduce a Python Risk Identification Toolkit (PYRIT) aiming at exposing vulnerabilities through AI.- This development highlights the evolving role of AI in cybersecurity, moving towards augmenting human capabilities rather than replacing them.[00:14:00] AT&T Breach Impacting 70 Million Users:- Sensitive information including social security numbers and passcodes were compromised and found on the dark web.- The breach illustrates the ongoing risks of data theft and the importance of protective measures such as credit freezes and vigilant password management.About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

In the 14th episode of the State of Enterprise IT Security, Brad Bussie, Chief Information Security Officer at e360, goes over CISA Alert on SharePoint Server Attacks, Chinese Hacking Plot Exposed, Ray AI Framework Under Siege and more.Timestamps:[00:01:10] CISA warns that hackers are actively attacking a SharePoint server vulnerability[00:03:30] Millions of Americans caught up in a Chinese hacking plot[00:14:00] Thousands of servers hacked in an ongoing attack targeting Ray AI frameworkEpisode Summary: In the latest installment of "The State of Enterprise IT Security Edition," host Brad Bussie, CISO at e360, offers a deep dive into current cybersecurity threats and practical defense strategies. This episode covers three critical topics:CISA's SharePoint Server Vulnerability: Brad discusses a serious vulnerability in Microsoft SharePoint Server that is being actively exploited, emphasizing the critical nature of applying patches that have been available since May 2023 to prevent such attacks.Chinese Hacking Campaign: The episode moves on to a sinister hacking campaign orchestrated by Chinese nationals, which has been targeting American officials, businesses, and critics over 14 years. Bussie explores the campaign’s breadth and the U.S. government's response, including a reward for information leading to the identification of the perpetrators.Ray AI Framework Attacks: Thousands of servers have been compromised in an ongoing campaign targeting the Ray AI framework, used by companies like OpenAI, Uber, and Amazon. Brad outlines the campaign's impact on AI models and network credentials and provides advice on securing systems against such insidious attacks.Listeners will come away with a greater understanding of the current cybersecurity landscape and how to implement effective security measures within their organizations.About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

In the 13th episode of the State of Enterprise IT Security, Brad Bussie, Chief Information Security Officer at e360, goes over Credo AI's Risk Management, OT Cyberattack Impact, Atlassian's Critical Patch and more.Timestamps:[00:57.3] - Credo AI's Risk Management[04:13.6] - OT Cyberattack Impact[08:04.7] - Atlassian's Critical Patch Don't miss out on this insightful episode filled with actionable advice and cutting-edge information. Stay ahead in the ever-evolving world of IT security!📲 Follow Us:LinkedInFacebookX (Twitter)About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

In the 12th episode of the State of Enterprise IT Security, Brad Bussie, Chief Information Security Officer at e360, goes over the House voting to ban TikTok, The EU regulating AI, and modern cars tracking and reporting driving habits and more.Timestamps:[00:01:00] The House Bans TikTok - A bill passed by the U.S. House could lead to a TikTok ban, prompted by security concerns and a controversial pop-up notification strategy.[00:04:30] EU Regulating AI - Details on the European Parliament's overwhelming approval of the Artificial Intelligence Act, setting forth strict AI regulations.[00:10:28] Data Sharing in Modern Cars - An exploration of how modern cars collect and share data with insurance companies, raising significant privacy concerns.Don't miss out on this insightful episode filled with actionable advice and cutting-edge information. Stay ahead in the ever-evolving world of IT security!📲 Follow Us:LinkedInFacebookX (Twitter)About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

In the 11th episode of the State of Enterprise IT Security, Brad Bussie, Chief Information Security Officer at e360, the Change Healthcare ransomware attack, the importance of Apple’s latest iOS update, and how AI is revolutionizing cybersecurity tactics.Timestamps:[00:54] - [07:56] Change Healthcare Ransomware Attack:[08:00] - [10:27] Apple Blunts Zero-Day Attacks with iOS 17.4 Update:[10:27] - [17:42] Cybercriminals Leveling Up – CrowdStrike CEO's Insights:Don't miss out on this insightful episode filled with actionable advice and cutting-edge information. Stay ahead in the ever-evolving world of IT security!📲 Follow Us:LinkedInFacebookX (Twitter)About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

In this episode of "State of Enterprise IT Security Edition," host Brad Bussey, Chief Information Security Officer at e360, discusses key issues in cybersecurity, focusing on recent developments that provide insight into state surveillance, privacy concerns, and updates to cybersecurity frameworks.Episode Highlights:[00:00-05:12] An insider leak from a company suspected of conducting cyber espionage for the Chinese government offers a rare glimpse into state surveillance and hacking activities.[05:12-09:18] A vending machine error at the University of Waterloo revealed a secret database of facial images, raising privacy concerns.[09:18-17:39] NIST has updated its cybersecurity framework to version 2.0, introducing the "govern function" which adds a strategic layer to cybersecurity management.Key Takeaways:1. Insider Leak of Chinese Hacking Documents: A significant leak from a company suspected of conducting cyber espionage for Chinese security services revealed extensive state surveillance activities, including hacking tools used to spy both domestically and internationally. The leak highlights the vast scope of surveillance and espionage conducted by China, involving various government and security departments.2. Vending Machine Facial Analysis Controversy: An error in a smart vending machine at the University of Waterloo exposed a facial analysis system, sparking debate over privacy and the necessity of such technology in consumer devices. Despite claims of GDPR compliance and limited data usage for marketing effectiveness, the incident raised concerns about sensitive data collection without explicit consent.3. NIST Releases Version 2.0 of Its Cybersecurity Framework: The updated framework introduces a "govern" function focusing on leadership and strategic risk management, enhancing guidance on cybersecurity supply chain risk management, and emphasizing integrated risk management. This represents a comprehensive update to address evolving threats and improve usability across organizations.Follow Us:LinkedIn: e360 SolutionsFacebook: e360 SolutionsX (Twitter): @e360 SolutionsYouTube: e360 SolutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.Visit us: www.e360.comCatch the full episode for a deeper dive into these topics and to arm yourself with the knowledge you need to steer your organization towards a more secure future.

In episode nine of the State of Enterprise IT Security podcast, host Brad Bussie, Chief Information Security Officer at E360, covers the utilization of open AI systems by hackers from nations like China and Russia for cyberattacks, the introduction of Pindrop's real-time audio deep fake detection tool named Pindrop Pulse, and the potential implications of the Biden administration's new executive order on AI for cybersecurity.Episode Highlights:[00:03.116] In episode nine of the State of Enterprise IT Security podcast, host Brad Bussie, Chief Information Security Officer at E360, delves into the use of open AI systems by hackers from nations like China and Russia for cyberattacks, emphasizing the practical rather than exotic application of AI in these activities.[02:29.518] The episode discusses the introduction of Pindrop's real-time audio deep fake detection tool, Pindrop Pulse, and its capabilities in identifying synthetic audio, showcasing a significant advancement in combating phone-based fraud and deep fake technologies.[07:17.87] Bussie unpacks the Biden administration's new executive order on AI, focusing on its implications for cybersecurity. The discussion highlights the executive order's directives towards AI development, critical infrastructure protection, and the establishment of guidelines for AI usage across various sectors, albeit with challenges in enforceability and the need for updates in the legal framework.Key Takeaways:1. Hackers' Use of AI: Hackers from various countries are exploiting open AI systems for cyberattacks, using them for tasks like email drafting and document translation to increase productivity.2. Pindrop Pulse: A new tool that can detect audio deep fakes in real-time, helping to combat phone-based fraud and potentially aiding political campaigns and call centers in ensuring communication security.3. Biden Administration's Executive Order on AI: Outlines initiatives for AI development, critical infrastructure protection, and the establishment of guidelines for AI usage, with enforceability dependent on agency action and legal framework updates.Follow Us:LinkedIn: e360 SolutionsFacebook: e360 SolutionsX (Twitter): @e360 SolutionsYouTube: e360 SolutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.Visit us: www.e360.comCatch the full episode for a deeper dive into these topics and to arm yourself with the knowledge you need to steer your organization towards a more secure future.

In this episode of the State of Enterprise IT Security podcast, Brad Bussie gets into the rapidly evolving landscape of artificial intelligence (AI) within the realm of cybersecurity. The episode covers three critical topics: Google's initiatives to incorporate AI in cybersecurity, the collective efforts of tech giants to mitigate AI-generated election interference, and the challenges posed by Shadow AI in corporate environments.Episode Highlights:[00:00 - 02:49] The Role and Challenges of AI in Cybersecurity: Discussion on Google's proactive approach to fostering AI in cybersecurity, aiming to leverage AI for improved threat detection and response. Despite these advancements, there's an acknowledgment of the overwhelming challenge defenders face against AI-generated attacks, stressing the need for a collaborative effort to secure AI technologies from the ground up.[05:03 - 07:01] The Response to AI-generated Election Trickery and the Importance of Collaboration: Highlight on tech companies, including major names like Adobe, Amazon, and Google, signing an accord to combat AI-generated election trickery, focusing on the deliberate efforts to deceive voters and a critique of the tech companies' cautious approach to AI governance in the context of protecting democratic elections. [09:24 - 16:10] Shadow AI: Risks and Strategies for Mitigation: The segment transitions into discussing the prevalence of shadow AI within organizations and its implications for data security.Key Takeaways:AI can greatly enhance threat detection and response in cybersecurity.Tech companies are taking steps to combat AI-generated election trickery, but more needs to be done.Shadow AI poses risks to organizations and requires comprehensive technical controls and user education to mitigate.Public and private organizations should work together to secure AI from the ground up.Follow Us:LinkedIn: e360 SolutionsFacebook: e360 SolutionsX (Twitter): @e360 SolutionsYouTube: e360 SolutionsAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.Visit us: www.e360.comCatch the full episode for a deeper dive into these topics and to arm yourself with the knowledge you need to steer your organization towards a more secure future.

In this episode of the State of Enterprise IT Security podcast, Brad Bussie dives into pressing cybersecurity topics that technology leaders can't afford to miss. With his expert insight, Brad unpacks a recent discovery by an MIT Ph.D. student of a critical vulnerability in the Apple Vision Pro, explores the aftermath and lessons learned from Clorox's costly cyberattack, and celebrates Cloudflare's successful handling of a security incident over Thanksgiving 2023.Episode Highlights:[00:55-01:15] MIT Ph.D. Student Uncovers Apple Vision Pro Vulnerability: Discover how days after its release, a significant security flaw was identified in the Apple Vision Pro, emphasizing the importance of vulnerability detection and the value of bug bounty programs.[01:16-02:08] Clorox Cyberattack—A Financial Blow: Learn about the cyberattack that left Clorox with a staggering $50 million in expenses, highlighting the need for robust cybersecurity insurance and comprehensive incident response strategies.[02:09-03:46] Cloudflare's Triumph Over Thanksgiving Security Threat: An in-depth look at how Cloudflare's proactive security measures and zero-trust architecture effectively neutralized a potential disaster, serving as a model for cybersecurity excellence.Key Takeaways:The critical role of early vulnerability detection and robust bug bounty programs in maintaining system security.The importance of cybersecurity insurance and well-drafted incident response plans to mitigate financial and operational impacts of cyberattacks.The effectiveness of proactive security strategies, including zero-trust architecture, in preventing and minimizing damage from cyber threats.Brad wraps up the episode by emphasizing the importance of proactive cybersecurity measures. By conducting regular risk assessments, establishing clear incident response plans, and implementing network segmentation, organizations can significantly enhance their defenses against the ever-evolving landscape of cyber threats.Follow Us:LinkedIn: e360 SolutionsFacebook: e360 SolutionsX (Twitter): @e360 SolutionsYouTube: e360 SolutionsAbout the Show: The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.Visit us: www.e360.com

In this insightful episode of the State of Enterprise IT Security, host Brad Bussie, Chief Information Security Officer at e360, explores pressing cybersecurity issues affecting businesses and governments. Brad brings his expertise to the forefront, discussing significant topics ranging from Ivanti's latest patches for zero-day vulnerabilities to the evolving landscape of cyber threats between the US and China, and Congress's approach to AI security risks.Topics Covered:Ivanti’s response to zero-day vulnerabilities and new exploits.The US government's actions against Chinese cyber threats and the ongoing risks.The US Congress's cautious approach towards the integration of AI in legislative processes.Key Takeaways:The criticality of staying updated with cybersecurity patches in enterprise systems.Understanding the global dynamics of cybersecurity, especially concerning nation-state threats.The importance of balancing innovation and security risks when integrating AI into government systems.00:00 Introduction00:59 Avanti Patches Zero Days and Confirms New Exploits06:18 China Cyber Threat Targets Critical Infrastructure11:41 Congress Confronts Security Risks and Expands Use of AIMentions & References:Ivanti's zero-day vulnerabilities and new exploits: Security Week ArticleThe US government’s counteractions against Chinese cyber threats: Security Week ArticleThe US Congress and AI: Politico ArticleDigital forensics firm Volexity's involvement: VolexityFurther information about Ivanti: IvantiMandiant’s insights on cybersecurity: MandiantFollow Us:Stay updated with the latest in cybersecurity:LinkedInFacebookTwitterYouTubeAbout the Show:The State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity topics and trends.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.

🔒 Are you safeguarding your digital identity? Tune in to Episode 5 of the State of Enterprise IT Security podcast where Brad Bussie, e360's Chief Information Security Officer, navigates the intricate web of digital security.📌 Topics CoveredFacebook's Data Monetization: Explore how Facebook monitors user activities, sharing data with thousands of companies, and the implications for personal privacy.Massive Data Breaches: Delve into the alarming reality of 26 billion records exposed, including sensitive information like email addresses and social security numbers, and the resultant social engineering threats.Microsoft's Network Security Breach: A deep dive into the breach of Microsoft's network by a Russian state hacker group through password spraying, emphasizing the need for robust cybersecurity hygiene.🔗 Mentions and ReferencesFacebookMicrosoftDropboxLinkedInXLiveRampFacebook Monitoring Users (Consumer Reports)Data Leak - 26 Billion Records (Forbes)Microsoft Security Breach (ARS Technica)⏰ Time Stamps with Highlights:[00:00:46] - Introduction by Brad Bussie, covering the episode's focus areas[00:01:07] - Discussion on Facebook's data sharing with companies[00:05:31] - Tips on preventing personal data from being shared by Facebook[00:09:36] - Insights into the 26 billion records leak[00:13:06] - Analysis of the Microsoft network security breach👥 Follow usLinkedInFacebookX (Twitter)📖 About the ShowThe State of Enterprise IT Security podcast, hosted by e360, is your go-to source for making IT security approachable and actionable for technology leaders. Join us for insightful discussions and expert analysis on the latest cybersecurity trends and challenges.🌐 About e360e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.📧 For more information, visit our website: e360

In the 4th episode of the State of Enterprise IT Security, Brad Bussie, Chief Information Security Officer at e360, discusses three critical topics that are shaping the landscape of technology and security:Topics CoveredOpenAI's New Team Feature.Chat GPT Store IntroductionHave I Been Pwned?Timestamps:01:44 Teams Option for Privacy06:58 Introduction of the Chat GPT Store09:50 Potential Problems for Enterprises with OpenAI's ChatGPT Store18:50 Have I been Pwned?21:49 Importance of Multi-Factor Authentication23:47 Moving Towards Passwordless LoginDon't miss out on this insightful episode filled with actionable advice and cutting-edge information. Stay ahead in the ever-evolving world of IT security!📲 Follow Us:LinkedInFacebookX (Twitter)About the Show:The State of Enterprise IT Security podcast is your go-to source for the latest in IT security, offering approachable and actionable insights for technology leaders. Join us as we explore the complexities of cybersecurity and the innovative solutions driving the industry forward.About e360:e360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services. We are at the forefront of driving digital transformation for global and national enterprises with our top-tier expertise.

🔍 Exploring AI security risks, dissecting the 23andMe data breach, and evaluating antivirus software - how effective is it truly?📝 Topics Covered:Current Top AI Security Risks23andMe Data Breach: A Case of User Negligence?The Real Effectiveness of Antivirus Software⏰ Time Stamps:[00:00] - Introduction to the episode's topics: AI Security Risks, 23andMe Data Breach, Antivirus Effectiveness.[02:04] - Discussion on top AI security risks and OWASP top 10 for LLM.[07:16] - Analysis of insecure output handling and other AI vulnerabilities.[12:14] - Deep dive into 23andMe data breach and user negligence.[17:32] - Examination of potential misuse of 23andMe data in social engineering attacks.[18:55] - Exploration of antivirus effectiveness and defense strategies.[22:00] - Final thoughts on practicing defense in depth and the value of antivirus software.🔗 Mentions and References:Infosecurity Magazine: 23andMe Blames User BreachReddit: Looking for evidence about Antivirus effectivenessOWASP Resource for Top Ten LLM Security RisksVirus Total👉 Follow Us:LinkedInFacebookTwitter📖 About the Show:The State of Enterprise IT Security focuses on delivering approachable and actionable insights for technology leaders. Brad Bussie, the Chief Information Security Officer at e360 walks through the latest security threats facing the enterprises and share’s his first-hand perspective of these topics based on daily work with CISOs and other enterprise technology leaders.🌐 About e360:e360, a premier IT solutions provider, is at the forefront of providing specialized technology solutions to global and national enterprises. Our expertise spans five key areas: Cloud Solutions, Cybersecurity Solutions, Digital Workplace, Modern Infrastructure, and Managed Services. Each domain is handled by our team of industry experts, including alumni from Big 4 consulting firms, ensuring unparalleled service and innovation.Our Cloud Solutions reshape how businesses engage with technology, offering comprehensive strategies and governance. In Cybersecurity, we safeguard digital assets against evolving threats. Our Digital Workplace initiatives enable seamless, productive remote work environments. We build and maintain Modern Infrastructure, ensuring agility and resilience. Additionally, our Managed Services provide ongoing, adaptive support tailored to each client's needs.Committed to excellence, e360 is more than a service provider; we're a strategic partner, empowering businesses to navigate and lead in a digitally-transformed world.

In this episode of the State of Enterprise IT Security Edition, Brad Bussie discusses three topics: the safety of cybersecurity experts using TikTok, the potential increase in cybersecurity breaches this year, and the influence of the MITRE ATT&CK framework.📝 Topics Covered:1. Can cybersecurity experts safely use TikTok? 2. What's the outlook for cybersecurity breaches this year? 3, How influential is the MITRE ATT&CK framework?⏰ Time Stamps:00:00 - Introduction with Brad Bussie01:23 - Can Cybersecurity Experts Safely Use TikTok?08:59 - Will Cybersecurity Breaches Be Worse This Year?18:01 - The Influence of the MITRE ATT&CK Framework🔗 Mentions and References:Byte-Sized Security Podcast: C kan cybersecurity experts safely use TikTok?Reddit Discussions: Will cybersecurity breaches be worse this year?, Is the MITRE ATT&CK really that influential?👉 Follow Us:LinkedInFacebookTwitter📖 About the Show:The State of Enterprise IT Security focuses on delivering approachable and actionable insights for technology leaders. Brad Bussie, the Chief Information Security Officer at e360 walks through the latest security threats facing the enterprises and share’s his first-hand perspective of these topics based on daily work with CISOs and other enterprise technology leaders.🌐 About e360:e360: Your Strategic Partner in Technology Innovatione360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.

In the first episode of the State of Enterprise IT Security Podcast, e360’s Brad Bussie focuses on the transformative impact of GenAI on cybersecurity, particularly for CISO roles. The episode highlights the dual nature of GenAI in creating sophisticated phishing attacks, raising both opportunities and challenges. Brad also delves into the risks of unused identities and the importance of robust identity management. The tactics of ransomware groups are likened to guerrilla warfare, with a call for a comprehensive, automated approach to cybersecurity. Last, Brad concludes the show by advocating a zero trust approach and the need for more decentralized defenses to protect against evolving cyber threats.📝 Topics Covered:GenAI and its Impact on CISOsThe Risks Associated with Unused IdentitiesThe Increase in Ransomware Attacks in 2023⏰ Time Stamps:00:00 - Introduction to Cybersecurity Topics00:40 - GenAI's Role in Shaping Cybersecurity and CISO Strategie​s04:10 - The Evolution of Phishing Attacks with GenA07:30 - The Changing Tactics of Ransomware Groups and Guerrilla Warfare Approac​h11:50 - Risks of Feeding Information to AI and Unintended Consequence​​】15:20 - Auditing and Managing Unused Identities for Securit​y18:45 - Challenges with Governance of Gen AI and Machine Learning Tools in Organization​​s22:05 - Social Engineering Tactics of Hacker Groups like Lockbit and Scattered Spide​​r25:30 - The Challenges of Managing Identity and Access, and the Importance of Training​28:55 - The Creep of Access and its Security Implication​​s32:20 - The Role of Security in Organizational Resilience and Risk Mitigatio​n35:45 - Challenges with Deprovisioning and Lifecycle Management of Identitie​s39:10 - The Need for a True Zero Trust Approach in Cybersecurit​y👉 Follow Us:LinkedInFacebookX📖 About the Show:The State of Enterprise IT Security focuses on delivering approachable and actionable insights for technology leaders. Brad Bussie, the Chief Information Security Officer at e360 walks through the latest security threats facing the enterprises and share’s his first-hand perspective of these topics based on daily work with CISOs and other enterprise technology leaders.🌐 About e360:e360: Your Strategic Partner in Technology Innovatione360 excels in delivering specialized technology solutions across Cloud, Cybersecurity, Digital Workplace, Modern Infrastructure, and Managed Services, driving digital transformation for global and national enterprises with top-tier expertise.