Socializing Security

In this episode, Brian discusses security lessons derived from everyday life, focusing on urban planning, road safety, and their implications for cybersecurity. He emphasizes the importance of system design over individual accountability, the concept of normal accidents in complex systems, and the necessity of disaster preparedness. Brian also highlights the need for effective communication of security concepts to non-professionals, aiming to make security more relatable and understandable.Chapters00:00 Introduction to Security Lessons from Everyday Life00:54 Urban Planning and Road Safety Insights03:13 Applying Urban Design Principles to Cybersecurity06:53 Project Management and Accountability in Cybersecurity08:30 Understanding Normal Accidents in Complex Systems11:48 Disaster Preparedness and Recovery Planning15:31 Conclusion and Future Discussions on Security Awareness

In this episode of Socializing Security, Brian and Milou delve into the critical distinctions between IT disaster recovery and cyber attack recovery. They explore the definitions, planning strategies, recovery processes, and the varying impacts of each type of incident on organizations. The conversation emphasizes the importance of having well-defined disaster recovery and incident response plans, as well as the need for proactive measures to mitigate risks associated with both IT disasters and cyber attacks.
Chapters00:00 Introduction to IT and Cyber Disasters01:47 Defining IT Disasters05:06 Understanding Cyber Attacks09:58 Planning for IT Disasters vs Cyber Attacks14:40 Backup Strategies and Recovery Planning22:26 Comparing Impacts of IT Disasters and Cyber Attacks26:23 The Role of Forensics for Cyber Attacks27:32 Comparing the Impacts of IT and Cyber Disasters31:36 Response Team Dynamics34:12 Key Takeaways and Conclusion

In this episode of Socializing Security, the hosts discuss the importance of trusting retailers when shopping online. They explore various strategies for evaluating the credibility of websites, the significance of payment methods in ensuring security, and the necessity of protecting personal information. The conversation also highlights warning signs of potential fraud and best practices for online shopping to enhance consumer safety.
Related EpisodesGenetic Testing and Privacy- video: https://youtu.be/TtNSiC9nqgI - audio: https://www.socializingsecurity.com/e/e042-genetic-testing-and-data-privacy Telemarketing, Compliance, and Consumer Protection- https://youtu.be/ZdyFSNFf-vI - https://www.socializingsecurity.com/e/e045-dialed-in-telemarketing-compliance-and-consumer-protection 
Chapters00:00 Introduction to the Online Shopping Dilemma03:34 Evaluating Online Reviews and Security06:32 Payment Methods: Protecting Your Financial Information11:59 Minimizing Data Sharing20:55 Identifying and Dealing with Fraud26:52 Summarization and Outro

In this episode, Milou and Brian sit down with Kimberly Williams, VP of People, Culture, and Compliance at Walker Advertising and spokesperson for the End Workplace Abuse movement. They explore how toxic work environments harm employee mental health—and create real security risks.Topics include:- What workplace psychological abuse looks like- How trauma impacts decision-making and security awareness- The Workplace Psychological Safety Act and why it matters- Tools to document abuse (e.g., Hively, Work Receipts)- Why HR isn’t always the solution—and how to protect yourself- The real financial cost of “brilliant jerks”- Kim shares practical advice for individuals and organizations, and explains how listeners can support ongoing legislative efforts at endworkplaceabuse.com.
Chapters
00:00 Introduction to Workplace Psychological Abuse05:49 Understanding the Impact of Workplace Trauma08:35 Identifying Signs of Toxic Work Culture12:54 Documenting Abuse and Engaging HR16:42 Navigating Workplace Dynamics and Rights19:48 The Movement for Workplace Psychological Safety24:43 Legislative Efforts and Future Directions31:07 Final Thoughts on Privacy and Workplace Rights

In this episode of Socializing Security, Brian and Milou discuss the complexities and recent changes to the FedRAMP certification process, which is essential for cloud service providers working with the U.S. government. They explore the challenges of compliance, the costs involved, and the implications of the new FedRAMP 20X program aimed at streamlining the certification process. The conversation highlights the balance between maintaining security standards and making it easier for companies, especially startups, to engage with government contracts.
Chapters00:00 Introduction to FedRAMP and Its Importance02:44 Understanding FedRAMP Certification Levels04:58 Challenges and Costs of FedRAMP Compliance09:51 Recent Changes: FedRAMP 20X Overview16:28 Balancing Security and Efficiency in FedRAMP21:48 Government Partnering with Industry26:42 Conclusion and Looking to the Future

In this episode, Perry Correll joins us to demystify data governance—framing it not as a source of fear, but as a framework for smarter, safer business practices. We explore how different teams within an organization view data through different lenses, and how compliance can serve as a bridge between them to enable both innovation and accountability.
This is part two of a special edition episode that follows a tabletop framework where each of us presents our concerns with implementing a data governance strategy as different representatives from organizational units. 

In this episode, Perry Correll joins us to demystify data governance—framing it not as a source of fear, but as a framework for smarter, safer business practices. We explore how different teams within an organization view data through different lenses, and how compliance can serve as a bridge between them to enable both innovation and accountability.
This is a special edition two-part exercise that follows a tabletop framework where each of us presents our concerns with implementing a data governance strategy as different representatives from organizational units. 

In this episode, Jack Bailey joins Milou and Brian to share his extensive experience in IT and sales enablement, emphasizing the importance of effective communication in technology. He discusses the role of storytelling in making complex topics more relatable and the significance of data management strategies. The conversation also touches on the evolving nature of privacy and security, the necessity of sales enablement in startups, and the challenges of technical communication. Jack provides valuable insights into how to engage with different audiences and the importance of understanding their needs.
MEDDIC - https://meddicc.com/meddpicc-sales-methodology-and-processTire swing analogy - https://www.smart-words.org/jokes/how-it-projects-really-work.html
Chapters00:00 Introduction00:37 Introducing Jack Bailey and The Importance of Enablement05:30 Understanding Sales Enablement10:05 Using Analogies for Complex Topics19:00 Frameworks for Effective Communication25:30 The Case for Sales Enablement36:48 The Evolving Fight for Privacy and Security43:14 Reflections51:30 Outro

It’s been one year of Socializing Security, and in this special anniversary episode, Brian and Milou reflect on what they've learned—and unlearned—about the evolving world of cybersecurity.
From redefining what "security" even means, to unpacking the human element behind most breaches, they explore why security isn’t just a tech problem—it’s a team sport. Tune in as they discuss the shifting role of security across organizations, how privacy and security continue to intersect, and why lifelong learning is essential in this space.
Whether you're a seasoned pro or new to the field, this episode offers a thoughtful look back—and a hopeful look forward.
Chapters
00:00 Celebrating One Year of Socializing Security03:02 Defining Cybersecurity: What It Really Means05:53 Understanding Information Security vs. Cybersecurity08:53 The Importance of Collaboration in Security11:52 Lessons Learned: Evolving Perspectives on Security14:54 The Lifelong Learning Mindset in Cybersecurity21:33 The Growing Importance of Cybersecurity in Infrastructure24:20 Understanding Data Management and Recovery27:23 The Human Element in Cybersecurity29:27 Challenges for Small Businesses in Cybersecurity32:29 The Cost of Security Compliance for Startups35:47 Privacy vs. Security: A Complex Relationship40:32 Trust and Personal Data Management

In this episode of Socializing Security, the hosts discuss their experiences at the RSA Conference with guest Bharat Jogi, a seasoned attendee. They explore the evolution of the conference, the importance of networking, and share valuable tips for first-time attendees. The conversation also touches on the role of AI in cybersecurity and the significance of making meaningful connections at such events.
Bharat's previous episode: Episode 34 - Researching Threatshttps://youtu.be/Kfbe_FaYwlc        https://www.socializingsecurity.com/e/e034-researching-threats
Socialize with Bharat on LinkedIn: https://www.linkedin.com/in/bharat-jogi-3a680b13/
Chapters00:00 Introduction and RSA Experience08:11 Making the Most of Conferences15:50 Evolving Experiences and Technology at Conferences20:41 Tips for RSAC First Timers25:42 Reflections on Conference Experiences28:36 Focusing On The Advantages of In-Person36:02 Closing Out and Outro