logo
episode-header-image
Oct 2024
36m 29s

Navigating NIST CSF 2.0: Guide to Framew...

Cloud Security Podcast Team
About this episode

In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising.

Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs.


Guest Socials:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Lukasz's Linkedin

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(03:00) A bit about Lukasz

(04:32) Security Challenges for Tech First advertising company

(05:16) Security Challenges for Retail Industry

(06:00) Difference between the two industries

(07:01) Best way to build Cybersecurity Program

(09:44) NIST CSF 2.0

(13:02) Why go with a framework?

(16:26) Which framework to start with for your cybersecurity program?

(18:33) Technical CISO vs Non Technical CISO

(25:37) The Fun Section


Resources spoken about during the interview:

NIST CSF 2.0

CIS Benchmark

ASD Essential Eight

Mapping between the frameworks

https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0

https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight

Verizon Data Breach Investigations Report (DBIR)

Lukasz Woodwork Channel

BSides Melbourne

Up next
Today
Guide to Hybrid Cloud & Bare Metal Secret Management
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Eng ... Show More
32m 23s
Jul 1
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system ... Show More
40m 27s
Jun 23
Prioritizing Cloud Security: How to Decide What to Protect First
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a sma ... Show More
41m 8s
Recommended Episodes
Oct 2024
Balancing Security with Usability in Cybersecurity
In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More
41m 41s
Nov 2024
Bridging AI and Cybersecurity Gaps with Mileva Security Labs’ Harriet Farlow
Join us in this episode of Threat Vector as guest host Michael Heller shares his conversation with Harriet Farlow, CEO of Mileva Security Labs and a pioneer in AI security research. With a background spanning AI and national cybersecurity, Harriet shares her journey into adversar ... Show More
27m 17s
May 24
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability: https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with A ... Show More
54m 36s
Sep 2024
Cyber Security Trends and Tips
Join us on the latest episode of Aviation Tech Talks with host, Jim Boccarossa, as we soar into the world of aviation technology! In this episode, we dive deep into the crucial topic of cybersecurity with expert guest, Sagar Pandya, co-founder of Middle Ground Technologies. Disco ... Show More
31m 27s
Sep 2024
CISO vs. Security Engineer
In this episode of Life of a CISO, Dr. Eric Cole dives into the significant differences between security engineers and chief information security officers, a distinction many fail to recognize. He explains that merging these two roles into the same career track is one of the core ... Show More
31m 46s
May 17
The Monthly Cybersecurity Review: Data Breaches, Ransomware, and Critical Infrastructure
In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disapp ... Show More
56m 44s
Aug 2024
Cyber Security vs Frameworks
In the latest episode of Life of a CISO, Dr. Eric Cole dives deep into the critical difference between compliance and true cybersecurity. He emphasizes that while frameworks and compliance standards are essential, they often focus on checking boxes rather than addressing the holi ... Show More
30m 17s
Aug 2024
Securing SMBs Serving Defense Industrial Base and U.S. Critical Infrastructure
In this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in suppo ... Show More
40m 59s
Jun 2024
Accor CTO's Hotel Tech Masterclass: Cyber Security, Sustainability and More
In this episode of Hotel Tech Insider, we dive deep into the future of hotels and the technology driving them forward. Our guest, Floor Bleeker, the CTO of Accor, one of the largest hotel companies globally, shares insights into how technology is revolutionizing every aspect of A ... Show More
32m 52s