Hashtag Realtalk with Aaron Bregg

In this first episode of 2025, I picked a topic that is one of the few areas of security that is both 'hype' and 'real'. Threat Intelligence. It is an area that you can get great information for free but also overpay for what you get.I wanted to take a different approach to discussing this one, so I contacted a well-respected colleague of mine, Justin Lentz. Who happens to  work in the SMB Threat Intel space to come on the podcast and share his experiences and thoughts.Talking Points:How do you approach a smaller client when it comes to TI?What is different when it comes to a client that has some experience with TI?What are some pitfalls when you look at the different TI providers out there?What happens when you run into data that is not relevant to your company's process?Asking clients what is the problem that you are trying to solve?What do you do when you have a low or limited budget?What is his experiences running into this type of project (open source tools, using Azure, etc.)What does it look like a year later?SaaS platformPartnering with different groups, agencies, etc.The 'addiction' on wanting to get more dataCreating a Circle of Trust to share valuable informationEpisode Charity:Corewell Health's Blue Envelope Student Suicide Prevention ProgramEpisode Sponsor:Solis Security is a cyber security managed service provider specializing in Threat Intelligence and Incident Response.  

In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.Talking Points:Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What were some of your biggest challenges and frustrations back then?In 2018 you assumed the dual role of CTO and CISO, what was the hardest thing you had to change/overcome with having that dual role?Let's talk to WannaCry incident, what did the high level leadership view look like and what decisions needed to happen?In 2019 you had to re-evaluate the state of the security program at the halfway part of the timeline. During that you had to make some hard choice about the direction we needed to go in order to compete things. How did you come up with those decisions?You have had the distinct 'pleasure' of being a part of both a small healthcare and large scale acquisitions, what are some valuable lessons learned from each?In 2020 you had to pivot from an almost entirely in-person workforce to almost 100% remote, how did you manage to accomplish this in a timely and successful manner?In 2023 you had a chance to speak in front of congress around healthcare security, walk me through how that came about, how you felt in the moment and what things would you do differently (in hindsight)What has been the hardest part of planning and implementing Artificial Intelligence security?Heading into 2025, what advice do you have for other healthcare security leaders as they face the challenges of tighter budgets, smarter threat actors and changing business strategies? Episode Charities:Toys for Tots of Grand Rapids - Presents for less fortunate childrenNorth Kent Connect - A great foundation that helps families with items that may not be covered by other programsYMCA of Greater Grand Rapids - Great organization promoting healthy lifestylesEpisode Sponsor:Cloud Con - Michigan's premier security and infrastructure conference!

*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.In this episode, which is the first of a listener requested one around technical topics.With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and intel providers that can do this, but they’re not cheap. So why don’t we just do it ourselves?Python can handle simple tasks surrounding dark web scanning and offers more customization for complex tasks. Using strictly free open-source libraries and any system you have available, you can set up an automated scanner and detect threats as they arise.Scan for IP addresses, potentially compromised emails, crypto addresses, and any regex patterns that you desire. Map your findings to the most relevant onion sites and get an understanding of where your adversaries tend to operate. This is just a start. From here, you can go almost anywhere.Episode Charity:Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.Episode Sponsor:Cloud Security Alliance of West MichiganTalking Points:Why is it important that you at least have a basic understanding of the Dark Web is you are in the Small and Medium sized Business (SMB) space.Pros and Cons of Build vs BuyWhat safeguards do you want when out in the fringes?What are the mental health aspects of doing this type of work? How manage those pressures?What are Seed URLs?How to use Dark Web templates for scanning.Description credit to GrrCon

In this episode I talk with Tamer Baker around the not always clear topic of Zero Trust. While the term has been around while, it definitely gets overused by security vendors. However, because of Tamer's role as the Chief Technology Officer in the Healthcare space, he is also to bring several different points of view to the conversation.  Several of these are key to solving questions such as:Is Zero Trust truly expensive and painful? (Radiologist user experience example)As more and more healthcare systems are having to worry about budgets, he challenges the concepts on doing the same with 'less'.A lot of security vendors are talking AI in their products, what things is your company doing that is actually using AI?These are just a few of the tough questions that we tackle. So, set aside some time in your day to listen in to a great conversation!Episode CharitySince 2011, Black Girls Code has supported girls of color in tech through coding education and more. We partner with schools and organizations to offer a range of programs, both in-person and virtual, for ages 7-25.Episode SponsorZscaler is a Cloud Security company based out of San Jose California.

In this episode I talk with Matt Berzinski  about the important of understanding that identity is a journey not a destination. Matt is the Senior Director of Product Management for Ping Identity and has extensive knowledge about identity.Talking Points:Realtime Fraud/RiskOrchestrationOrganizations (The importance of offload work that you don't need to do it)Single Sign OnMulti FactorIdentity Verification (Francis talked about a local automotive company referencing mobile apps for a car)Robot or Vehicle Identity is a relationship not a dependency (Matt has a great Rosie the Robot from The Jetsons reference)Why is Obfuscation still important? Episode Charity:Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.Episode Sponsor:This episode is sponsored by Ping Identity. Ping is an identity solutions provider based out of the great state of Colorado in the awesome town that is Denver.

In this special end of summer episode, I sat down with Tyler Adams to talk about being in the trenches during the recent Crowdstrike incident and other interesting stories from the crazy summer. Tyler is an Information Security Analyst for Corewell Health. He works on the Security Business Engagement Team.Talking Points:What was it like being in the trenches during the Crowdstrike incidentHow having a Business Continuity Plan comes in playWhat was the most surprising about the incident?What challenges are stemming from what the business is working on?Getting the business to understand the value of Multi-Factor AuthenticationData 'Cleanliness' is becoming more important

In this episode I had a chance to have a candid conversation with Charles Henderson. Charles is a global managing partner at IBM and also happens to be the head of the X-Force team. IBM recently released the X-Force Threat Intelligence Index report for 2024.While the report is delves into many different areas of Threat Intelligence, we concentrated on several key areas focused primarily on artificial intelligence:Pronounced increase in Identity attacksUnderstanding how more 'business-like' malicious actors are becomingUpcoming universal AI attack surfaceHow much do you think this will get wors? For example, I reached out to a couple of CISOs from some prominent local companies and one of their worries was and I quote, "Longer term I think we will have to worry about attackers trying to attack and leverage AI technologies that are being utilized by organizations."50% is the expected market share threshold likely to trigger attacks against AI platforms.Evolution of malware delivery mechanisms. AI's part in Business Email Compromise. Another area of concern when I polled my CISO contacts was AI's ability to, and I quote again, "Easier to perfect grammar and templates for phishing and other social engineering attempts.". How do you think companies like IBM can start helping people combat these types of attacks?)Thoughts on OpenAI's Sora and its potential impact on securityEpisode Charity:The Corewell Health's involvement in the Blue Envelope Suicide Prevention Program. The School Blue Envelope Suicide Prevention Program trains middle and high school faculty and staff so that every school employee—from teachers to coaches and bus drivers—would know how to respond to a student who may express thoughts of suicide. The “Blue Envelope” protocol for crisis management was developed internally to quickly activate patient safety responses by communicating the code words "Blue Envelope."Every person within a physician’s office became proficient in how to respond at a moment’s notice to a patient who may have thoughts of suicide. Through previous grant and foundation dollars, this program has been able to successfully train over 8,500 middle, high, and elementary school personnel across 156 schools within 53 different school districts. This training has resulted in over 2,000 interventions for students in crisis.Episode Sponsor:This episode is sponsored by IBM, who recently celebrated their 100th birthday! IBM is a computer solution company based out of Armonk, New York.

In this episode I had a chance to sit down in person with the always insightful and never dull cybersecurity leader, Jim Kuiphof. Jim is the Deputy Chief Information Security Officer at Corewell Health. The topic for this casual conversation is Understanding Your Personal Risk Tolerance. More specifically, it speaks to understanding the different between your own risk tolerance and the business's risk tolerance.Jim has talked on this recently at events like Cloud Con and the Digital Services Summit. His ideas for understanding how to balance personal and business has been a HUGE thing in my professional career.Talking Points:What is Risk?What is Tolerance?Understanding the difference between Personal Risk and Business RiskWhy is it so important to understanding alignment?Diagnosing the DissonanceWhat do you do about it?What does taking ownership look like?Maintaining risk tolerance alignmentThis talk is not only useful for people in the cybersecurity industry, but across all of information technology. It does matter what level you are at, this information can help you!

In this episode I had a chance to speak with Bryan 'Woody' Woodworth around simplifying and securing multi-cloud networking. Bryan is the Director of Solution Strategy for Aviatrix. As we are a few weeks into 2024 and the importance of understanding and utilizing multi-cloud strategies is becoming more and more apparent. Talking Points:What are the current trends in the industry pertaining to multi-cloud?Skills Gaps - More pronounced in Multi-Clouds, FinTech and Banking industries will 'mandate' what environments you use.What are the areas where skill gaps can be addressedSecure Cloud Networking Field Report Sneak PeakWhat kind of tools can you give them and creative ideas that you can use themAutomation is hot but do you know how to prioritize what you automate?The glory days of cloud are over and how do you 'save your pennies' and still move towards a solid FinOps modelConstant state of attack that the cloud is under (How can you protect yourself going forward)Episode Charity:Proceeds from this episode will be going towards the children's mental health program at Corewell Health Foundation.Episode Sponsor:Aviatrix is a Secure Cloud Networking company based out of Santa Clara California.

In this special episode we celebrate the 4th annual holiday fundraiser podcast. It is already a blessing to raise money for great causes all while raising security awareness for small and medium sized businesses. The topic for this episode is one that is super relevant for this day and age of Digital Transformation. However, in keeping with the format of #RealTalk, we are going to explore some 'real world' use cases for using Artificial Intelligence in Security in 2024.The have two special guests and one awesome co-host for this episode. Kassandra Murphy is a Senior Consulting Solutions Engineer for Splunk. My other guest is Sanjay Kalra who is in Product Management for ZScaler.My co-host for this episode is none other than Jim Kuiphof, who happens to be the Deputy Chief Information Security Officer at Corewell Health!Talking Points:Touched on phases of the kill chain/attack lifecycle and how AI comes into play, WHY it's expanding the attack surface within each phase (i.e., system enumeration can be done at such a larger speed and scale)How will AI change how companies will be adhering to the new Security and Exchange Commission's policy for reporting security breachesResearching AI from a defensive Point of ViewHow do you keep up with the business's speed of moving forward with AI while trying to protect itEpisode Sponsors:Splunk -  Splunk is a security observability solutions provider based out of San Francisco California.Zscaler -  ZScaler is a security solution provider based out of San Jose California. Episode Charities:North Kent Connect - North Kent Connect is a Christian organization committed to improving the lives of all people in northern Kent County by providing access to basic needs and promoting economic independence.Toys for Tots West Michigan - The mission of the U. S. Marine Corps Reserve Toys for Tots Program is to collect new, unwrapped toys during October, November and December each year, and distribute those toys as Christmas gifts to less fortunate children in the community in which the campaign is conducted.Reference Links:If you are interested in the SURGe blog that Kassie talked about in the episode, you can find it Here.