Pulling the Strings

When Will IT Security Escape the Cat-and-Mouse Game? with Sean Atkinson, CISO of CIS

Episode Summary

2024 is shaping up to be the biggest year on record for software vulnerabilities identified. How are security, compliance, and ops teams supposed to respond? We talked with the CISO of the Center for Internet Security about exactly that.

Episode Notes

When Sean Atkinson says that “We’re on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he’s talking about.

He’s referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.

In this conversation, Robin Tatam, Puppet’s Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what’s behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.

Highlights:

• What a CISO actually does versus a CIO or a CTO 
• The difference between “security” and “compliance” 
• How compliance helps build the backbone of a long-term security posture 
• Who really owns IT security and where IT operations fits into the security conversation 
• What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities 
• How Puppet’s partnership with CIS puts the power of automation behind CIS’s widely recognized frameworks

Speakers:

• Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by Perforce
• Sean Atkinson, Chief Information Security Officer, Center for Internet Security

Links:

• Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGs
• Listen to Sean’s podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcasts

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn