The Security Ledger Podcast

The Security Ledger Podcast


Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber

October 18, 2021

In this episode of the podcast (#228) we’re joined by Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA) to talk about how the US government’s lead cybersecurity agency is helping companies and local government to keep hackers at bay. But are organizations ready to ask for help?

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

October is the 18th annual Cybersecurity Awareness Month – a month dedicated to educating the public and the private sector about cyber risks. What better time, then, to check in with our friends at CISA, the Cybersecurity and Infrastructure Security Agency. 

CISA: A Different Kind of Agency

Eric Goldstein (CISA)

As the U.S. government’s newest agency and the tip of the spear for government response to cyber risks and cyber threats, CISA has its hands full. The agency is responsible for coordinating and informing the cybersecurity practices of the federal government, which employs more than 4 million Americans and has a budget of close to $5 trillion. It also is the go-to for cybersecurity intelligence and security services for state and local governments. The agency offers a series of “cyber hygiene services” that local and state governments can use to interrogate their infrastructure. CISA also helps coordinate with the private sector around emerging threats, such as ransomware gangs and the hack of key providers like SolarWinds, Kaseya, the Colonial pipeline and more. 

CISA executives are quick to point out that the agency is not a regulator nor is it law enforcement. Indeed: CISA is “a different kind of agency:” less bureaucratic, more agile and more willing to embrace technologic change. CISA’s most important objective is to be a friend to the agencies and organizations that it serves: involving itself in cyber incident response not to assign blame or mete out punishment,