5 Key Cybersecurity Elements with Kelly Hood

How do phishing scams, AI-powered attacks, and strategic
governance intersect? Together, they're redefining the future of
cybersecurity. Organizations are navigating a mix of challenges
and implementing innovative solutions to proactively address
today's threats. 


Today's guest is Kelly Hood. She is the EVP and cybersecurity
engineer at Optics Cyber Solutions. She is a CISSP who
specializes in implementing cybersecurity and privacy best
practices to manage risks and to achieve compliance. She supports
the NIST cybersecurity framework and serves as a CMMC registered
practitioner, helping organizations strengthen their
cybersecurity posture and develop effective risk management
strategies.
Show Notes:

[01:06] - Kelly is a cyber security engineer at Optic Cyber
Solutions. It's her job to help companies protect themselves.

[02:17] - Don't be embarrassed if you fall for a phishing
scam.

[03:01] - These attempts are getting more realistic. Kelly
shares how she was briefly fooled by a phishing scam that looks
like an email from her mother.

[05:25] - The NIST Cybersecurity Framework is a voluntary
framework for defining cybersecurity. An update was put out in
February of 2024. They also added a new function.

[06:01] - The five functions that organize a cybersecurity
program have been to identify, protect, detect, respond, and
recover. They recently added the govern function.

[06:38] - The govern function is about defining your business
objective and then putting protections in place that makes sense
for those objectives.

[09:01] - The identify function is focused on knowing what we
have.

[09:40] - Protect includes everything from identity
management, authentication, training, data security, and platform
security.

[10:12] - Detect is looking at what's happening around us.
It's continuous monitoring and knowing what happens if something
goes wrong.

[11:00] - Respond is knowing what the plan is when something
does happen.

[12:01] - Recover is about getting back to normal after
something happens.

[16:22] - Data centers want to make sure that they have
redundant power supplies.

[17:33] - We discuss some of the things that people might
forget when identifying cybersecurity assets. Data and people
need to be thought about as well as systems and hardware.

[21:00] - We need to write things down and understand what
systems and data connections we have.

[23:10] - We talk about the importance of being aware of the
physical space and who is actually supposed to be there.

[24:46] - Data is one of the assets that often gets
overlooked for protection. There are many new requirements that
require data to be protected.

[27:54] - Monitoring to understand what traffic you should
expect and what is and isn't normal activity is also important.

[31:10] - Transparency and communication are paramount for
creating trust.

[33:51] - Sometimes recovery doesn't mean 100%. Get up and
running and prioritize the systems that matter most.

[36:56] - With governance, you really want to look at what
you're trying to do with the business and then translate
cybersecurity to fit that objective.

[37:27] - Have guidance documentation in place and have
oversight.



Thanks for joining us on Easy Prey. Be sure to subscribe to
our podcast on iTunes and leave a nice review. 
Links and Resources:

Podcast Web Page

Facebook Page

whatismyipaddress.com

Easy Prey on Instagram

Easy Prey on Twitter

Easy Prey on LinkedIn

Easy Prey on YouTube

Easy Prey on Pinterest

Optic Cyber Solutions

(MaPT) Maturity and Progress Tracker

Optic Cyber Solutions on LinkedIn

Optic Cyber YouTube

NIST Cybersecurity Framework