Home  /  Resources  /  Podcast  /  Cybersecurity Maturity: What Associations Need to Know

Cybersecurity Maturity: What Associations Need to Know

In this episode of Reboot IT, host Dave Coriale sits down with Ben Muscolino, CEO of Breezio, Data Sangria, and co-founder of Vortacity, and Ryan O’Donnell, CTO at Vortacity, to demystify cybersecurity for associations and nonprofits. They explore the evolving threat landscape, the importance of proactive security measures, and how organizations can build a culture of cybersecurity without fear or shame. From phishing-resistant MFA to red team engagements, this conversation is packed with practical advice for leaders and IT professionals alike.

Subscribe

Topics

Dave, Ben, and Ryan discuss:

Cybersecurity Culture and Leadership

  • Cybersecurity must be embraced across the organization, not just by IT.
  • Leaders should foster a “shameless and blameless” environment for open dialogue.
  • Culture impacts how teams respond to threats and education efforts.

Phishing and Account Takeover Risks

  • Phishing remains the most common entry point for breaches.
  • Attackers often dwell silently before exploiting access.
  • Social engineering tactics are becoming more sophisticated.

Cybersecurity Maturity

  • Organizations should progress from asset inventory to vulnerability scans, pen tests, and red team engagements.
  • Skipping foundational steps can lead to ineffective or costly security efforts.
  • Tailoring assessments to organizational needs is key.

Penetration Testing and Red Teaming

  • Pen tests simulate real-world attacks to expose vulnerabilities.
  • Red team engagements test people, processes, and systems under stealth conditions.
  • Trusted agents within the organization coordinate red team efforts discreetly.

Deception Technology and Canary Tokens

  • Canary tokens act as tripwires to detect post-compromise behavior.
  • These tools are low-cost and high-impact for early breach detection.
  • Ideal for organizations with limited cybersecurity resources.

Budgeting and Advocacy for Cybersecurity

  • Cybersecurity is often the first to be cut during budget reviews.
  • IT leaders must communicate risk in terms of cost and organizational responsibility.
  • Starting small is better than doing nothing—get from zero to one.