EP240 Cyber Resiliency for the Rest of Us: Making it Happen on a Real-World Budget

Guest:

• Errol Weiss, Chief Security Officer (CSO) at Health-ISAC

Topics:

• How adding digital resilience is crucial for enterprises? How to make the leaders shift from “just cybersecurity“  to “digital resilience”?
• How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money?
• How to make yourself a smaller target?
• Smaller target measures fit into what some call “basics.”  But “Basic” hygiene is actually very hard for many. What are your top 3 hygiene tips for making it happen that actually work?
• We are talking about under-resources orgs, but some are much more under-resourced, what is your advice for those with extreme shortage of security resources?
• Assessing vendor security - what is most important to consider today in 2025?  How not to be hacked via your vendor?

Resources:

• ISAC history (1998 PDD 63)
• CISA Known Exploited Vulnerabilities Catalog
• Brian Krebs blog
• Health-ISAC Annual Threat Report 
• Health-ISAC Home 
• Health Sector Coordinating Council Publications
• Health Industry Cybersecurity Practices 2023
• HHS Cyber Performance Goals (CPGs) 
• 10 ways to make cyber-physical systems more resilient
• EP193 Inherited a Cloud? Now What? How Do I Secure It?
• EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights
• EP49 Lifesaving Tradeoffs: CISO Considerations in Moving Healthcare to Cloud
• EP233 Product Security Engineering at Google: Resilience and Security
• EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators