Every week on the InSecurity Podcast, Matt Stephenson interviews leading authorities in the security industry to gain an expert perspective on topics including risk, control friction, compliance, and building a culture of security. Each episode provides relevant insights for security practitioners a…
Let's just say you didn't grow up wanting to become a spy. You just wanted out of the family car business. You're armed with an Ivy League education in your back pocket. You have a more noble profession in mind. I don't know... maybe... to be an actor. But... to support yourself... you need a survival job. Before you now it, while your acting peers are waiting tables, you begin your apprenticeship as a corporate spy. Dear listeners... everything you about to hear is entirely true... At least as far as we know... I mean... this is the security industry... And we are talking about a working professional actor But I digress... pm73media and Matt Stephenson are excited to welcome Robert Herbek to the show. Robert has worn many hats over a long career... most of them in various characters as a CORPORATE SPY! Yes, that is a thing. After a career as a working actor on many network shows you have probably seen, he went full time into the world of social engineering. His new book RUSE: Lying the American Dream from Hollywood to Wall Street details stories that are just too good to not be true. Dig it... RUSE: Lying the American Dream from Hollywood to Wall Street RUSE: Lying the American Dream from Hollywood to Wall Street is the story of a young man who dreams of stardom but can't quite shake everything he's learned growing up in the family car business. RUSE lives in a unique intersection of Hollywood and Wall Street as Robert tries to straddle both worlds: interacting with entertainment legends as a burgeoning actor while making ends meet as corporate spy, coaxing people inside big Wall Street firms to reveal information and secrets that could bring down companies worth billions of dollars—and bring him into the crosshairs of the authorities. About Robert Kerbek Robert Kerbeck is the author of RUSE: Lying the American Dream from Hollywood to Wall Street, a thrilling look into the world of corporate espionage and his career as a secret spy. Robert's essays and short stories have been featured in numerous magazines and literary journals. One story was adapted into the award-winning film, Reconnected. He fought one of the worst fires in California history, the 2018 Woolsey Fire, to save his home. His debut book, Malibu Burning: The Real Story Behind LA's Most Devastating Wildfire, won the 2020 IPPY Award as the Silver Medalist in Creative Nonfiction, the Readers' Favorite Award as the Silver Medalist in Nonfiction Drama, and the Best of LA award. A lifetime member of The Actors Studio, Robert has worked extensively in theater, film, and television, appearing in lead roles in major shows and earning several awards. A graduate of the University of Pennsylvania, he resides in Malibu. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“I'm like a dog chasing cars, I wouldn't know what to do if I caught one, you know, I just do…things.” -- The Joker, The Dark Knight, 2008, Jonathon and Christopher Nolan Matt Stephenson welcomes Chris Humphreys to pm73media. How does a nice boy from Metro Washington DC start playing pro football (or soccer for you heathens) in England, then move on to multiple other international squads before landing in the United States Army as a linguist with a focus on security? After that... how does he become a leading expert for state and national cybersecurity initiatives? And just how many Pulp Fiction references can they make in a single show? Dig it... About Chris Humphreys Chris Humphreys (@CBHumphreys) is the Founder and CEO of The Anfield Group Inc. which provides cybersecurity, regulatory, and technological strategic advisement to all Critical Infrastructure sectors. He is an internationally recognized thought leader and evangelist in the industry verticals of Cybersecurity, Critical Infrastructure Protection, Intelligence Operations, Data Privacy and Regulatory Compliance. With over 20 years of experience, Chris has written National-Level policy on cybersecurity and Critical Infrastructure Protection as well as served as the first Cyber Regulator for Electric Utilities within the Texas Region and across North America. Chris has provided testimony for both the Senate and House of Rep on Data Privacy regulation and as a Legislative Advisor for Cybersecurity and Data Privacy Regulation. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
How can we make a better mousetrap if the designers of and the materials that go into the contemporary mousetraps aren't good enough to keep pace with the current mouse? Adapt or perish… now as ever, is nature's inexorable imperative --HG Wells It is not the strongest species that survie, nor the most intelligent… but the ones most responsive to change --Charles Darwin You improvise! You adapt! You overcome! -- Gunnery Sgt Tom Highway; Heartbreak Ridge All due respect to the United States Air Force Do you know what SecDevOps is? Do you know how when or why the concept applies to cybersecurity and the world at large? What if I told you that there are people out there who personify the definition of what we identify as SecDevOps. Well… I gotta guy… On today's episode, Matt Stephenson welcomes Mike Fraser, VP of DevSecOps at Sophos. We take a look at the role that developers can and must play in the world of cybersecurity. These aren't the folks building the security building... the are the ones making the bricks and hammers used to construct that building. How important are the materials used to construct the very infrastructure of an entire industry? Tune in and find out... About Mike Fraser Mike Fraser is Vice President of DevSecOps at Sophos. Previously, he was co-founder, CEO and chief architect at Refactr (acquired by Sophos in 2021) where he spearheaded the creation of a DevSecOps automation platform that bridges the gap between DevOps and cybersecurity. Mike is a regular speaker at numerous industry events, including Hashiconf, Hashitalks, KubeSec, various Microsoft events, RedHat AnsibleFest, DevOps Days, and All Day DevOps. He has also published several feature articles including on TechCrunch, RSA 365, and DevOps.com. In addition to his Sophos role, Mike helps advise other veteran-led software startups. While leading Refactr, Mike earned a bachelor's degree in application development from North Seattle College and has a master's degree in computer science from Seattle University. He is also, and it is clearly stated on his CV, the World's Coolest Dad About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Standing in line, marking time Waiting for the welfare dime 'Cause they can't buy a job The man in the silk suit hurries by As he catches the poor old ladies' eyes Just for fun he says, "get a job" That's just the way it is Some things will never change That's just the way it is Ah, but don't you believe them -- Bruce Hornsby You tired of hearing about that 3.5 million open cybersecurity jobs number? You know for the open I like to bring either culture or data… let's go with some data this time. How bout we dig a little deeper? There are nearly 465,000 unfilled cyber jobs across the nation. (ISC)2 says that globally, the cybersecurity industry is short 3.1 million workers and that in the U.S. alone, another 879,000 are needed. Analytics Insight forecasts 10,006,993 new job openings in cybersecurity by 2023 compared to 3,241,800 job openings in 2019 Cybersecurity has the widest gap between the workforce skills needs and the people who possess those skills MIT Technology Review fewer than 25% of applicants are qualified for open positions. Medium reports that ICO fines, incessantly evolving threats, and fewer tools are "creating exhaustion" among cybersecurity professionals. Let's add this from a Google search… As we are all more than likely familiar with how Google searches work. This… from the “People also ask” section Is cybersecurity a high paying job? Is cyber security a good career? What jobs can you do with cyber security? What are 3 jobs in cybersecurity? Valid questions one and all… What is actually happening in the world of Cybersecurity talent? Well… I got A Guy… Today Matt Stephenson welcomes Matt Donato, Executive Director at cybersecurity talent firm CyberSN. We dig deep into all that is happening the world of cybersecurity with regard to is working where, why they join, why they leave and why even work for someone else at all. From the Great Resignation to the Great Opportunity there has never been a more dynamic time in the world of Cybersecurity. And we have just the expert to navigate these choppy waters… dig it… About Matt Donato Matt Donato is an Executive Direact at CyberSN. He is an accomplished business leader in the field of cybersecurity executive search, staffing, workforce solutions, human capital management, client acquisition, business development, and relationship management. Matt has over 16 years of experience in professional recruiting, talent management, strategic consulting, and staffing experience in all facets within the cybersecurity industry as well as staffing in the security, risk management technology, finance, operations, and engineering sectors. Once upon a time, he played Top Flight college Lacrosse. While he may not do that any more, he still plays a pretty mean guitar. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do.” —Steve Jobs “I skate to where the puck is going to be, not where it has been.” —Wayne Gretzy “If everything seems under control, you're not going fast enough.” —Mario Andretti Sometimes our show has very eloquently prepared blogs that would bring a tear to Shakespeare's eye… sometimes we offer Shonda Rhimes level quippy thoughts that should get us a spot writing for Inventing Anna How bout for today we go with straight up statistics • The Small Business Administration (SBA) defines a "small" business as one with 500 employees or less. • In 2019, the failure rate of startups was around 90%. Research concludes 21.5% of startups fail in the first year, 30% in the second year, 50% in the fifth year, and 70% in their 10th year. Courtesy of Investopedia Who the hell would even want to do this? Who the hell would leave a comfortable position in the corporate world complete with benefits, an expense account and really REALLY good coffee in the breakroom? Beyond that… what kind of lunatic keeps doing it over and over again? Well friends… I your lunatic right here…Today Matt Stephenson welcomes Greg Fitzgerald, co-founder of Sevco Security and sereal startup CMO. Our man isn't that interested if a company has over tons employees. He's here to build, not maintain…Dig it. About Greg Fitzgerald Greg Fitzgerald is the Chief Experience Officer and co-founder of Sevco Security. He is a veteran IT and Security executive with successful tours at TippingPoint, BMC Software, Fortinet and Sourcefire. Fitz was the founding CMO at Cylance and JASK. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as Google, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
It has become appallingly obvious that our technology has exceeded our humanity -- Albert Einstein It is only when they go wrong that machines remind you how powerful they are -- Clive James, writer and poet If future generations are to remember us more with gratitude than sorrow, we must achieve more than just the miracles of technology. We must also leave them a glimpse of the world as it was created, not just as it looked when we got through with it -- Lyndon B. Johnson The advance of technology is based on making it fit in so that you don't really even notice it, so it's part of everyday life.” -- Bill Gates Five years ago, Google ran a Super Bowl ad for its Google Home device… it woke actual devices belonging to users watching the ad. In 2017 Burger King released a TV ad to deliberately trigger Google Home devices to start talking about Whopper burgers. An actor in the ad says directly to the camera, “Okay Google, what is the Whopper burger?” The ad wasn't done in partnership with Google To add some meta-context to this… while doing the research for today's show, a commercial popped up during the media hit our guest did on MSNBC talking about “announcing our preganancy.” In the ad, the newly crowned grampa chirped: Make sure to like and subscribe Nervous yet? I'm not saying you should be… Today's guest has some questions about the role that Big Tech has now assumed in all of our lives… Whether we invite them in or not Today Matt Stephenson welcomes Jamil Jaffer for a loud and rowdy chat about… well… kind of everything that is going on right now. We talk about what is happening in Ukraine and the impact on the world of cybersecurity. We take a stroll down the path of what Big Tech is doing to the fabric of society. I even ask the Pulitzer worthy question: NFTs… Bullshit or not? Dig it. About Jamil Jaffer Jamil Jaffer (@jamil_n_jaffer) is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University. He also sits on the board at IronNet Cybersecurity, a technology products startup founded by Gen (ret.) Keith B. Alexander, the former Director of the National Security Agency and Founding Commander of U.S. Cyber Command. In addition, Jamil is an advisor to Beacon Global Strategies, a strategic advisory firm; 4iQ, a deep and dark web intelligence startup; Duco, a technology platform startup that connects corporations with geopolitical and international business experts; and Amber, a digital authentication and verification startup. Among other things, Jamil currently serves on the Board of Directors for the Greater Washington Board of Trade, the Board of Advisors for the Global Cyber Alliance, and the Advisory Board of the Foundation for the Defense of Democracies' Center on Cyber and Tech Innovation, and is a member of the Center for a New American Security's Artificial Intelligence and National Security Task Force and the CNAS Digital Freedom Forum. Jamil is also affiliated with Stanford University's Center for International Security and Cooperation. Prior to his current positions, Jamil served on Capitol Hill in a variety of roles, including on the leadership team of the Senate Foreign Relations Committee and as a senior staff member of the House Intelligence Committee. Jamil also previously served in the Bush Administration in a number of positions, including on the leadership team of the Justice Department's National Security Division and in the White House as an Associate Counsel to President George W. Bush. Jamil holds degrees with honors from UCLA, the University of Chicago Law School, and the United States Naval War College. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
If you're a founder of a company whose purpose is to tell the story of other companies… how do you tell the story of your own company… and your own story? Jim Garrison : And who killed the President? David Ferrie : Oh man, why don't you fuckin' stop it? Shit, this is too fuckin' big for you, you know that? Who did the president, who killed Kennedy, fuck man! It's a mystery! It's a mystery wrapped in a riddle inside an enigma! The fuckin' shooters don't even know! Don't you get it? -- JFK; 1991, written and directed by Oliver Stone Okay… that is completely out of context, but focus on the last couple of lines and take a walk with me… One of the hardest things to do in cybersecurity is get your message out in a way that people understand Let's go back to the Jared Vennett quote from The Big Short (yes they even made a book out of it) Yeah, you got a soundbite you repeat so you don't sound dumb, but come on… What do you do when your tech is so good, so cutting edge, so relevant… and so hard to get people to understand? You go find the people who specialize in storytelling… and have them craft your story Today Matt Stephenson welcomes Laurie Donato and Ruben Lopez, the founders of nez&pez, a Charlotte based PR & Advertising company for a chat about going down the rabbit hole when it comes to being a startup. When your calling is to help others build their own brand… how do you build your copmany's brand? How do you build your own personal brand? And… as a founder… can you even take time for yourself to just be… yourself? Dig it. About nez&pez nez&pez is a A Charlotte based company focusing on Cybersecurity, Branding, Advertising, Promotional Ideas and Buzz generating Ideas. They are Internationally awarded for their work including multiple Radio Mercury Awards, multiple The One Show awards, Canne Lions (yes… as in the Cannes Film Festival, as well as Clio and Effie Awards. Laurie Donato Laurie Donato is a co-founder at nez&pez. She is a pioneer of the imagination, on an exploration of the mind. Laurie is willing to go where no one has gone before where is always in search of the perfect idea. She has 20 years in the world of marketing and advertising with clients running the gamut from cybersecurity to big restaurant chains to freight hauling. Ruben Lopez Ruben Lopez is a co-founder at nez&pez. He gets inspired by striving for big disruptive ideas that move the needle. That is what gets him up every morning… seizing every opportunity to do kick ass work for any and all brands that have the courage to get noticed He has 20 years in the marketing and advertising world with clients running from to the steel industry, big fruit conglomeratesas well as utitlities About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
"Be Water, My Friend. Empty your mind. Be formless, shapeless, like water. You put water into a cup, it becomes the cup. You put water into a bottle, it becomes the bottle. You put it into a teapot, it becomes the teapot. Now water can flow or it can crash. Be water, my friend." -- Bruce Lee After all of the bullshit of the past couple of years… what do you do? How do you evolve? In these turbulent times, are we reinventing ourselves? Are we reimagining ourselves? Are you a sequel? Are you a reboot? We're stepping well outside the normal conventions of our tech industry chats for this one. Matt Stephenson welcomes back C-Suite Exec and Board Member at Large Bill Hunter to for a free for all chat about what life looks like for an industry leader and corporate executive as we are supposedly entering a post-pandemic world. What do you do to stay sane after the recent insanity? Be Water My Friend… so sayeth the Master. About Bill Hunter Bill Hunter is Strategic and Financial C-Suite Executive and Board Member as well as SPAC leader. He is a respected and experienced Industrial and Renewable Materials Private Equity and C-Suite professional helping to transition companies in an ESG focused environment. Bill is on the Board of Directors at American Battery Metals Corp., AMCI Euro-Holdings BV and Advent Technologies Holdings, Inc. He was previously employed as a President, CEO, CFO & Director by AMCI Acquisition Corp., a Managing Director by Dahlman Rose & Co. LLC, a Vice President by BMO Nesbitt Burns, Inc. (US), an Associate by NatWest Markets Equity Corp., a Financial Analyst by KPMG LLP, a Principal by Jefferies LLC, and a Principal by TD Securities (USA) LLC. He also served on the board at Nomura Securities International, Inc. and Teneo Capital LLC. He received his undergraduate degree from DePaul University, an MBA from Kellstadt Graduate School of Business and an MBA from DePaul University About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radioand wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Brandon Gilmore and Marco Figueroa: Where are the Young Black and Brown Men in Cyberscurity? Photo by F. Scott Schafer Let us begin, what, where, why or when Will all be explained like instructions to a game See I'm not insane, in fact I'm kind of rational When I be asking you, "Who is more dramatical?" This one or that one, the white one or the black one Pick the punk and I'll jump up to attack one -- KRS One; My Philosophy, 1989 Want to have a fun and easy conversation? Let's talk about race in the world if cybersecurity. Let's go with some numbers… According to the International Consortium of Minority Cybersecurity Professionals, the cybersecurity workforce looks like this. 6% African American 7% Hispanic The total U.S. workforce is 11% Black and 15% Latinx by comparison. Who better to jump into this conversation than a right handed, blue-eyed, US born, white straight CIS-male… I don't pretend know much about this… but I know people who do because they have fought the battles and are providing the opportunities. On this episode of pm73media, Matt Stephenson welcomes in Brandon Gilmore and Marco Figueroa for a blunt conversation on opportunities in tech for young Black and Brown men. They are both going to be point blank honest on their experiences, opinions of the industry and what they have done and are doing to make our business look more like the rest of the world that surrounds it. Dig it About Brandon Gilmore Brandon Gilmore has been a noteworthy leader and talent in the public sector industry with experience in cybersecurity and intelligent automation. Led by three core values - faith, family, and collaboration - he regularly engages with decision-makers on initiatives that center around strengthening our nation against digital threats and preparing the 21st-century workforce. You may know him from his work as Federal Marketing Manager at Alteryx, but Brandon is also the founder of Ready Rock Institute of Technology. This non-profit focuses on creating pathways for underprivileged youth through STEM. Creating diversity, shortening the income/wealth gap, and uplifting communities out of poverty. Over the course of his career, Brandon has aided and mentored dozens of young men who have since gone on to college, entered the STEM field, become entrepreneurs, and gone on to play professional sports. He was born and raised in Mansfield Ohio and holds a degree from Ashland University. About Marco Figueroa Marco Figueroa is Head of Product at BreachQuest. His technical expertise includes reverse engineering of malware, incident handling, hacker attacks, tools, techniques, and defenses. Marco has performed numerous security assessments and responded to computer attacks for clients in various market verticals. He has been a speaker at Defcon, Hope, and other security and hacker conferences. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news… pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
How hard is it to do your job when your job involves government, the military and the commercial sector? “The nine most terrifying words in the English language are: I'm from the Government, and I'm here to help” -- Ronald Reagan Does that actually have to be the case? What if you are really good at what you do and you happen to work for the government… Or you are a civilian contractor who does government work… Or insert any of a thousand variables involved with providing products and services for the federal government How do you get good and stay good at what you do? On this episode of pm73media, Carter Schoenberg joins Matt Stephenson for a wide ranging talk about the world of Civilian Contracting, compliance, the Cyberskills gap… a lot of things that profoundly impact every sector of the security and tech worlds, especially when we consider the role of compliance in landing these government contracts. We also talk a bit about how being a Homicide Detective in a massive city applies to life in the world of cybersecurity. Dig it About Carter Schoenberg Carter Schoenberg has 9 years wrangling compliance for contractors working with government. He currently serves as SoundWay's Chief Cybersecurity Officer, Where his role includes building SoundWay Consulting's Cybersecurity Maturity Model Certification (CMMC) program leveraging lessons learned as to how to translate cyber threats into business risk Carter is also SoundWay's Vice President of Cybersecurity which means he is responsible for designing, selling, and management of B2B solutions for the B2B marketspace, specifically focusing on the Cybersecurity Maturity Model Certification (CMMC) Finally… way back when… and this is true… he was a Homicide Detective in metro Atlanta! About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radioand wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Have you heard the cliché about sharks? The one that says if they don't keep swimming they'll die? Turns out it's pretty much true… stick around for the metaphor -- I believe that one defines oneself by reinvention. To not be like your parents. To not be like your friends. To be yourself. To cut yourself out of stone. -- Henry Rollins On this episode of pm73media, Matt Stephenson sat down with Epiphany Systems co-founder and ZZ Top Level beard sophisticant Rob Bathurst for a chat about why he continues to live this startup life as opposed to staying comfortable under a large corporate or government umbrella. If you know Rob, this is a fun walk with him… if you haven't met him yet, dig it… you'll want to meet him when you see him at DEFCON… and believe me, you'll recognize him the moment you see him. Dig it About Rob Bathurst Rob Bathurst is the co-founder and Chief Technology Officer at Epiphany Systems. In his 20-year career as an offensive cybersecurity expert, solution developer, and technology leader, Rob has led cybersecurity initiatives for Fortune 100 companies and major government agencies. He specializes in secure system design, device security, and risk mitigation. At Epiphany, Rob is responsible for technology strategy, solution development, and market positioning. He oversees the engineering and product management teams, and acts as “chief client advocate.” Previously, Rob was Managing Director of Embedded Systems Security at Blackberry Cylance; Principal Architect for Clinical Security and Cyber Risk at the Mayo Clinic; Cyber Exploitation Specialist for the US DOE; Lead Engineer for the US Information Systems Agency; and Cyber/Physical Security Expert at Foundstone. Rob earned a PgD in Software and Systems Security at the University of Oxford, and undergraduate degrees in Organizational Technology and Programming/Software Development at the University of Toledo. Rob was also Technical Lead for Cyber Evaluation for the US Air Force. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seek out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radioand wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Brian Haugli: Applying the NIST Protocols to Human Sanity Some serious people have worked very hard to create the protocols put in place to secure the world's networks… why don't we take to same amount of time and energy to secure the physical, mental and emotional health of our business leaders? I'm funny all the time… I'm not happy all the time… but at least I'm funny. I mean… if you're gonna be anything all the time… you might as well be funny -- Henry Rollins Let's acknowledge up front… I prounce Brian's last name incorrectly throughout the show. It is prounced /HOAG lee/… not /HOW lee/ That's on me… but Brian could have let me know at the beginning… MOVING ON… On this episode of pm73media, Matt Stephenson grabbed some time with SideChannel founder and #CISOlife creator Brian Haugli for a chat about all things involved with founding a company, bringing CISOs into small and mid-market companies and some other industry nerditry as well. He is omnipresent online helping companies figure out their security posture, but also has a lot to say about the notion of sanity for founders and key decision makers… Dig it About Brian Haugli Brian Haugli (@BrianHaugli) is a Co-Founder of SideChannel. He is also the creator and host of #CISOLife on YouTube. Brian has been driving security programs for two decades and brings a true practitioner's approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seak out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
CAFFEE: I need to shake him, put him on the defensive and lead him right where he's dying to go. WEINBERG: That's it? That's the plan? CAFFEE: That's the plan. WEINBERG: How you gonna do it? CAFFEE: I have NO idea -- A Few Good Men, 1992: written by Aaron Sorkin, directed by Rob Reiner When you look back over the last 10+ years of what has happened in the world of Cybersecurity, something that is incredibly important is how the stories are portrayed. That's a key word: story. We get news all day every day to the point that it becomes white noise, even to those affected by it. What cannot be denied is that when cybersecurity events unfold, the information has to get out to the public in a way that they understand, can digest it, then act and react accordingly Anthony Freed is a pioneer in getting that graduate level calculus into a format that all of us can understand in order to take the appropriate actions to ensure that we are protected. About Anthony Freed Anthony Freed (@anthonymfreed) is the Senior Director of Corporate Communications for Cybereason, and was previously a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble. About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seak out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great new…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radioand wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Tom Pace: Pick Your Frustrating If you're going to anything interesting… you're gonna have to go hard -- Henry Rollins Welcome to the premier episode of the pm73media podcast! For those of you who have been with me for awhile you will recall the era of Insecurity where we had some fabulous guests. Our brief stint as the No Name Security Podcast had its moments but is kind of the Timothy Dalton James Bond if you feel me… Lots of great things are in motion and I am back on the schedule so make sure you stick around and check it out. There will be some names you know as well as some really interesting new faces as well. The best part is that it will be an unfiltered and raw story from some really interesting people across the security world, tech at large and then sometimes just some awesome randos who are really fun to talk to. You ready? LET'S GO!!! On the inaugural episode of pm73media, Matt Stephenson sits down with NetRise co-founder to talk about the impact of founding a startup. This isn't your average tale of VCs and getting customers. We dig into what kind of impact founding a startup has on your mind and body… might even get a little spiritual. This is the first in a series as look to talk about the things you may not find in the tech rags and business journals. Dig it. About Tom Pace Tom Pace (@TommyPastry) is the co-founder and CEO of NetRise, an automated, cloud-based platform that provides comprehensive insight into the risks present in a firmware image. Prior to founding NetRise, Tom spent 16 years working in security across multiple roles and disciplines. From serving in the United States Marine Corps, being responsible for ICS security within the Department of Energy and most recently serving as Global Vice President for Cylance, he has been a leader and innovator within cybersecurity. Tom has also responded to hundreds of security incidents globally and shared his experience at multiple security conferences such as RSA and Black Hat. About Scott Scheferman About Matt Stephenson My name is Matt Stephenson (@packmatt73) and I have hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. pm73media is my first solo endeavor. On this platform and others to come, I will continue to expand upon the tradition we started with the Insecurity podcast as I seak out the leading minds in the tech industry and beyond. I am always looking for fun people who may break things every now and again. In 20 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Whether in person, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of technology and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great new…! pm73media is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Messenger of Sympathy and Love Servant of Parted Friends Consoler of the Lonely Bond of the Scattered Family Enlarger of the Common Life Carrier of News and Knowledge Instrument of Trade and Industry Promoter of Mutual Acquaintance Of Peace and of Goodwill Among Men and Nations -- Inscription found on the the Smithsonian Institution's National Postal Museum Победить и вернуться -- Motto of the Federal Security Service of the Russian Federation Imagine being in charge of securing an enterprise comprised of over 450,000 connected devices spread over 31,000 locations worldwide. The United States Postal Service is a pretty serious organization when it comes to the amount of data that flows through its network. It would take a pretty cool individual to stand up to the daily pressure of an organization that big and that diverse. Imagine cold calling the Federal Security Service of the Russian Federation and asking to speak with their head of Information Security in order to share the information you have uncovered regarding tens of thousands of incidents of mail and cyberfraud committed by Russian criminals. They took the call… It would take a pretty cool individual would have to be pretty cool to accept the FSB's invitation to sit face to face in Odessa at FSB headquarters. Now imagine that individual is the same person. The good news? You don't have to imagine. On today's No Name Security Podcast, Matt Stephenson welcomes Greg Crabb, founder of TenEight Cyber where he consults with CISOs and organizations needing CISO levels of expertise. With 25 years in law enforcement specializing in mail and cyber fraud as well as 6 years as CISO of the United States Postal Service, Greg has learned some things about security. Want to hear about the time he worked with the Russian FSB on a particularly large fraud case? Stick around… About Greg Crabb Greg Crabb is the founder of 10-8, LLC. With more than 25 years of law enforcement and security experience, he specializes in providing consultation to cybersecurity leaders and organizations to help protect their digital assets against evolving cyberthreats. Greg focuses specifically on delivering advisory services to C-suite executives, their boards, and other leaders responsible for securing their organization's operations, products, and services. For six years as the U.S. Postal Service's chief information security officer, Greg secured the agency's technology and information assets against nation-state threat actors. These efforts helped protect military mail globally and the unprecedented 2020 U.S. elections. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
On this Very Special Episode, Matt Stephenson welcomes Elisa Costante, VP of Research and Ellen Sundra, Chief Customer Officer at Forescout for a discussion about the vulnerabilities that plague Operational Technology and Critical Infrastructure. With nearly 40 years of combined experience finding, understanding and solving the security issues that can cripple a nation, our guests bring some very esoteric knowledge in a way that the rest of us can understand. Dig it… About Elisa Costante Elisa Costante (@ElisaCostante) is the Vice President of Research at Forescout Technologies. Previously, she has been a part of Security Matters - a Forescout company, where she worked as Chief Technology Officer and Head of Research. Elisa holds a PhD degree in Mathematics and Computer Science from Eindhoven University of Technology. About Ellen Sundra Ellen Sundra (LNSundra) is the Chief Customer Officers at Forescout. Previously, Ellen was Sr Vice President of Ssytems Engineering and Enablement when she helped to build a global organization responsible for designing customized security solutions for commectial and public sector customers. Ellen has over 25 years of experience in the cybersecurity industry and was recently named one of the Top 25 Women in Cybersecurity by Cyber Defense Magazine. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
On this Very Special Episode, Matt Stephenson brings in ThreatGEN Founder/CEO and Hacking Exposed: Industrial Control Systems author Clint Bodungen alongside Forescout Technologies Inc. Principal OT Strategist Brian Proctor for a sit-down. We take a hard look at the state of security for Operational Technology, Blue and Red teaming for OT, the cybersecurity Skills Gap and a few other things. About Clint Bodungen Clint Bodungen (@R1ngZer0) is a world-renowned industrial cybersecurity expert, public speaker, published author, and cybersecurity gamification pioneer. He is the lead author of Hacking Exposed: Industrial Control Systems, and creator of the ThreatGEN Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran, has been a cybersecurity professional for more than 25 years, and is an active part of the cybersecurity community, especially in ICS/OT (BEER-ISAC #046). Focusing exclusively on ICS/OT cybersecurity since 2003, he has helped many of the world's largest energy companies, worked for cybersecurity companies such as Symantec, Kaspersky Lab, and Industrial Defender, and has published multiple technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management. Clint hopes to revolutionize the industry approach to cybersecurity education, and help usher in the next generation of cybersecurity professionals, using gamification. His flagship product, ThreatGEN Red vs. Blue, is the world's first online multiplayer cybersecurity computer game, designed to teach real-world cybersecurity. About Brian Proctor Brian Proctor (@brianproctor67) is the Principal OT Strategist at Forescout. He spent the majority of his previous professional life as an ICS/SCADA cybersecurity engineer and cybersecurity team lead working for two progressive California Investor Owned Utilities (IOUs). In joined an ICS security startup which was then acquired by Forescout Technologies. Brian jumped to the vendor side to promote the benefits ICS/SCADA/DCS threat detection, network security monitoring, and visualization capabilities can bring critical infrastructure asset owners. He is passionate about helping the ICS security community in any way possible and trying to make a difference for the greater good of our industry and country. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Once upon a time, Gartner predicted that by 2020, more than 25 percent of cyberattacks in healthcare delivery organizations would involve some kind of IoT device. In medical terms, that means wirelessly connected and digitally monitored implantable medical devices like pacemakers, deep brain neurostimulators and insulin pumps. These aren't the esoteric things that mioght make the world go round, but are difficult to explain to the layperson. But the people who are literally kept alive by these devices, it their continued functionality is literally a matter of life and death. You feel me? In 2018 Cybesecurity Ventures released research stating that medical devices have an average of 6.2 vulnerabilities each. Furthers, they found that 60% of medical devices were at end-of-life stage with no patches or upgrades available. The scariest of all cyber malintent in the healthcare space may lie ahead. Researchers in Israel announced last year that they'd created a computer virus capable of adding tumors into CT and MRI scans. They are talking about malware designed to fool doctors into misdiagnosing high-profile patients, according to a story by Kim Zetter in The Washington Post. So what do we do? On today's No Name Security Podcast, Matt Stephenson welcomes Mitch Greenfield, Director of Core Security Architecture at Humana. We go all over the healthcare security map in a chat ranging from returning to work to securing telehealth operations to the intricacies of securing a wildly diverse enterprise... we might even squeeze in a little bit of pickle ball. Yeah… you read that right. Great stuff this on this episode! Check it out… About Mitch Greenfield Mitch Greenfield is Director of Core Security Architecture at Humana. He's been there for over 13 years and has served in previous roles which included ethical hacking and penetration testing for Humana as well as their partners and aqcuisitions. Mitch is a Certified Ethical Hacker and Licensed Penetration Tester, among many other things. He also co-hosts the Collaboration Chronicles podcast About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
INFRA:HALT vulnerabilities impact the closed source TCP/IP stack NicheStack that is used in millions of Operational Technologies and Industrial Control Systems, especially in the discrete and process manufacturing industries. Among the vulnerabilities are DNS cache poisoning, TCP spoofing, Denial of Service and Remote Code Execution. Successful attacks can result in taking OT and ICS devices offline and having their logic hijacked. Hijacked devices can spread malware to where they communicate on the network. Forescout Research Labs partnered with JFrog Security Research to disclose INFRA:HALT, a set of 14 new vulnerabilities affecting the HCC-owned, closed source TCP/IP stack NicheStack. NicheStack was originally developed by InterNiche Technologies and has been in use for 20 years across critical infrastructure sectors. Nearly all major industrial automation vendors incorporate NicheStack in their products and solutions. On today's No Name Security Podcast, Matt Stephenson welcomes Forescout Researchers Daniel dos Santos, Stanislav Dashevskyi and Engineer Anil Mahale for a discussion of Forescout's and JFrog's joint research project INFRA:HALT. We dive into what the NicheStack TCP/IP stack is, how it is vulnerable and what that means to the cybersecurity world and you. Seems like some pretty esoteric stuff, yeah? You'll be surprised how much this impacts your life. About Daniel dos Santos Daniel dos Santos is a Research Manager at Forescout Technologies, where he leads a vulnerability and threat research team. He also collaborates on the research and development of innovative features for network security monitoring. Daniel holds a PhD in computer science from the University of Trento, Italy, and has published over 30 journal and conference papers on cybersecurity. He has experience in software development, security testing, and research About Stanislav Dashevskyi Stanislav Dashevskyi is a Sr. Security Researcher at Forescout Research Labs. His main research interests are network and software security. He is usually happiest doing vulnerability research. Stan earned his Master's degree in Automation and Control Systems from the National Mining University of Ukraine, and his Ph.D. from the International Doctorate School in Information and Communication Technologies at the University of Trento About Anil Mahale Anil Mahale is a Software Engineering Manager at Forescout Technologies. He has over 10 years in the cybersecurity industry both on the product development and engineering side as well as threat and vulnerability research. Anil earned his Masters in Computer Science at the University of Texas at Dallas and his Bachelors in Electronics and Communications Engineering at Visvesvaraya Technological University About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away. -- Antoine de Saint-Exupéry; French writer, poet, aristocrat, journalist and pioneering aviator Me with nothing left to lose, plotting my big revenge in the spotlight. Give me violent revenge fantasies as a coping mechanism -- Chuck Palahniuk; author We've been looking for the enemy for some time now. We've finally found him. We're surrounded. That simplifies things -- Chesty Puller, US Marines Matt Stephenson welcomes Ampere Industrial Security CEO Patrick Miller and Forescout Principal OT Strategist in for a chat about what is left to hack in the world of Critical Infrastructure. Because Critical Infrastructure seems to be a term that evolves every day, we run all over the place talking about what is vulnerable and why… what is safe and how to protect everything in between. And just to make sure you know we are authentic… Proctor was broadcasting from the floor of a manufacturing facility in full OSHA required protective gear (literally a hard hat, goggles and a day-glo vest) About Patrick Miller Patrick Miller (@patrickcmiller) shares over 35 years of IT/OT experience through his consulting services as an independent security and regulatory advisor for the Critical Infrastructure and Key Resource sectors. He is currently the CEO of Ampere Industrial Security, an industrial security consultancy based in Portland, OR USA. Patrick is also the founder, president emeritus and currently serves on the board of directors for the Energy Sector Security Consortium, Inc, nonprofit organization in Portland, OR as well as the US Coordinator for the Industrial Cybersecurity Center, based in Spain. Patrick is currently an instructor for the SANS ICS456 training on the NERC CIP standards. About Brian Proctor Brian Proctor (@brianproctor67) is the Principal OT Strategist at Forescout. He spent the majority of his previous professional life as an ICS/SCADA cybersecurity engineer and cybersecurity team lead working for two progressive California Investor Owned Utilities (IOUs). In joined an ICS security startup which was then acquired by Forescout Technologies. Brian jumped to the vendor side to promote the benefits ICS/SCADA/DCS threat detection, network security monitoring, and visualization capabilities can bring critical infrastructure asset owners. He is passionate about helping the ICS security community in any way possible and trying to make a difference for the greater good of our industry and country. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Coolness is an aesthetic of attitude, behavior, comportment, appearance and style which is generally admired. Because of the varied and changing connotations of cool, as well as its subjective nature, the word has no single meaning. It has associations of composure and self-control and often is used as an expression of admiration or approval. Although commonly regarded as slang, it is widely used among disparate social groups and has endured in usage for generations. -- Wikipedia On today's No Name Security Podcast, Matt Stephenson welcomes 3 people doing very cool things in a very cool industry… and… they happen to be to very cool people. Kurtis Minder is the co-founder and CEO at GroupSense, Tom Pace is the co-founder and CEO at NetRise and Scott Scheferman is the Chief Strategist at Eclypsium. They are each legendary incident response types who were at Black Hat for a multitude of reasons. Why were they there…? Stick around and find out! About Kurtis Minder Kurtis Minder (@kurtisminder) is the founder of GroupSense, a threat intelligence company. He leads a team of analysts and technologists providing custom cybersecurity intelligence to brands around the globe. The company's analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. He arrived at GroupSense after more than 20 years in role-spanning operations, design and business development at companies such as Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO). About Tom Pace Tom Pace (@TommyPastry) is the co-founder and CEO of NetRise, an automated, cloud-based platform that provides comprehensive insight into the risks present in a firmware image. Prior to founding NetRise, Tom spent 16 years working in security across multiple roles and disciplines. From serving in the United States Marine Corps, being responsible for ICS security within the Department of Energy and most recently serving as Global Vice President for Cylance, he has been a leader and innovator within cybersecurity. Tom has also responded to hundreds of security incidents globally and shared his experience at multiple security conferences such as RSA and Black Hat. About Scott Scheferman Scott Scheferman (@transhackerism) is the founder of Armanda Intelligence, LLC, with a mission of providing CxO/board advisement, strategy and threat intelligence. He is also Principal Strategist for Eclypsium, Inc. Scott keeps a hyper-current beat on the threat landscape and how it continues to fundamentally change business and mission cyber risk dynamics. Battle-hardened from years of red-teaming, incident response and cyber consulting, as well as having served as the technical lead and final security risk determination for the Navy's Certification Authority (thousands of systems per year, with over 800 validators and 30 risk analysts feeding these risk determinations), Scott draws his perspective from significant real-world high-stakes (multi-billion dollar programs and Fortune 10 enterprise) experience. If you want the truth about what is happening in the world of cybersecurity, Scott is a voice you want to be listening to. If you can't handle the truth… he may not be your guy… but that doesn't mean he won't keep telling it. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“In the best conversations, you don't even remember what you talked about, only how it felt. It felt like we were in some place your body can't visit, some place with no ceiling and no walls and no floor and no instruments” ― John Green, Turtles All the Way Down For Episode Two of our Black Hat coverage, we sat down for a chat with two Founders to see what their experience of Black Hat 2021 looked like. This was a raw, real conversation… no edits… no podcast host questions… just an ear into the types of conversations that we have missed out on over the past 19 months. Today's No Name Security Podcast sees Matt Stephenson joined by People By Mimi founder Mimi Gross and Cyvatar Co-Founder and CEO Corey White having a chat about all that is going on that week. We dig into what Cyvatar is doing to change the cybersecurity industry and how People By Mimi is changing the cybersecurity recruiting game with their approach to uniting people and companies by considering that releationship from a completely different POV. Think they don't have anything in common? Think again… check it out! About Mimi Gross Mimi Gross (@MimiGross13) is the Founder and CEO of People by Mimi. About Corey White Corey White is the Chief Executive and Experience Officer at Cyvatar. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Elijah Snow: It's a strange world Jakita Wagner: Let's keep it that way" -- Planetary: Warren Ellis & John Cassaday Black Hat 2021 was unlike any other previous edition and likely will be unlike any that follow. The rise of the Delta Variant of COVID-19 put the world back on edge after we had been slowly creeping toward something that felt like normalcy. When the show was announced, the cybersecurity industry rejoiced as this meant it was time to really get back to how we had been doing things… that meant Black Hat and DEFCON. Delta decided to throw us a curve and as a result, many companies, SMEs and potential attendees made the informed decision to skip this year's show out of justifiable concerns about the repurcussions of their attendance. Some of us made the informed decision to take the risk, do the needful and attend Black Hat 2021 in person. It was hot. Like… for real hot… one day was 119F. However, we would not be deterred from getting out there and squeezing the Black Hat fruit for all the juice we could get. For sure, it was smaller than usual. Far fewer vendors, far fewer in-person sessions, far fewer attendees… and while they aren't nearly as relevant… the parties and events still carried on, albeit in smaller and COVID-responsible fashion. There were some great things that came out of attending Black Hat in person. In no way does this cast aspersions upon those who chose not to attend for whatever reason. If you could not be there, we worked to bring the kinds of conversations that we have all been a part of or overheard in previous shows. We're going to get back to it. And our industry will be better and stronger for the lessons we have learned over the past 19 months. For Episode One of our Black Hat coverage, we spoke with a range of cybersecurity professionals to get they takes on a myriad of topics. Scott Scheferman: Chief Strategist at Eclypsium Mike Bova: Enterprise Account Executive at Acronis Cameron Zink: Manager of Technology Infrastructure at Campbell Global Shaun Walsh: Vice President Product Marketing at SecurityScorecard Mackenzie Kyle: Head of Product and Rohith Kondeti: Forward Deployed Engineer; both at Anvilogic This week's No Name Security Podcast is a mixtape of interviews Matt Stephenson conducted live on the show floor at Black Hat 2021. We run the gamut from hardcore security for firmware, to personnel management for first-time managers to the role of backup/recovery in a security posture to the evolution of SOC analysts out into the world of product development and customer facing engineering. There was still a LOT of action at Black Hat 2021, even if it was radically different from previous years… dig it! About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
-- Calvin and Hobbes courtesy of Bill Waterson None of us wants to be judged by our worst act on our worst day, and we consistently judge Burr for that. He was not a perfect man, but he's not a villain. He's a dude, just a guy. -- Leslie Odom, Jr. What if the worst day of your life ended up being just another Zoom meeting on someone else's calendar? What if that day ended up being a part of a data breach due to a cyberattack from someone half a world away who didn't know or care anything about you or the impact it would have on your life and the lives of those around you? How important are the people who are protecting the mechanisms of judicial branch of government? It may not be something that we cared about when everything worked the way we were used to… but when anyone with a good internet connection and a a few hacking tools can become part of the justice system… things get a bit more complicated. On this week's No Name Security podcast Matt Stephenson welcomes New Jersey Courts CISO Sajed Naseem for a chat about what it takes to secure an operation that affects the daily lives of over 10,000 employees, 100,000+ attorneys, police officers and government officials… and, not for nothin'… the entire population of the state of New Jersey. Think a CISO's job is tough? How about being the CISO who is protecting the data of an entire state… while being a Knicks fan. About Sajed Naseem Sajed Naseem is the Chief Information Security Officer of New Jersey Courts. Saj has over 20 years of experience with information security and information technology. As the CISO of the New Jersey Courts, Naseem has focused on cybersecurity readiness and performance, information governance, and network security. He holds master degrees from St. John's University and Columbia University. Saj is routinely a speaker at cybersecurity conferences across the country, Europe, and with the New Jersey Bar Association. He is also an Adjunct Professor at St. John's University in information security since 2010 and a native of New York City. Saj is a Knicks fan and thinks that they may have actually turned the corner… but… he is also a realist, so he's waiting to see what happens next. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
-- Photo credit: Huss Harden When you lived on the wrong side of the law, information, however vague or apparently meaningless, was everything. It gave you leverage. And leverage was power -- Top Dog; 2014, written by Dougie Brimson Ransomware is the biggest buzzword in the news right now, and rightfully so. You can't turn on a network police procedural without someone getting extorted for $100,000 in Bitcoin. But are the news agencies getting the story completely accurate? Yes, the money is always a nice prize to take home, but there is a larger looming question out there… What are these ransomware attacks really all about? Matt Stephenson welcomes Eclypsium Chief Strategist Scott Scheferman to the No Name Security podcast for a long overdue discussion on the impact of ransomware on the overall approach of the cybersecurity industry and those who rely on us for defense, protection and prevention. After fighting the good fight together at Cylance, Scott finally joins Matt for a chat about all the bad things the bad guys are getting up to… the mistakes the good guys tend to make… and how we can fix them in order to protect those who really need it. About Scott Scheferman Scott Scheferman (@transhackerism) is the founder of Armanda Intelligence, LLC, with a mission of providing CxO/board advisement, strategy and threat intelligence. He is also Principal Strategist for Eclypsium, Inc. Scott keeps a hyper-current beat on the threat landscape and how it continues to fundamentally change business and mission cyber risk dynamics. Battle-hardened from years of red-teaming, incident response and cyber consulting, as well as having served as the technical lead and final security risk determination for the Navy's Certification Authority (thousands of systems per year, with over 800 validators and 30 risk analysts feeding these risk determinations), Scott draws his perspective from significant real-world high-stakes (multi-billion dollar programs and Fortune 10 enterprise) experience. If you want the truth about what is happening in the world of cybersecurity, Scott is a voice you want to be listening to. If you can't handle the truth… he may not be your guy… but that doesn't mean he won't keep telling it. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“The bad guys know they are bad guys—they are trying to pretend to be businesspeople… as long as you pretend with them that this is just a normal business transaction, it goes better.” -- Kurtis Minder; Fortune, 01 June 2021 If you have been reading about or watching news shows discussing ransomware, more than likely, you have seen Kurtis Minder. He has been nearly omnipresent across multiple platforms because his team at Groupsense has been putting in the work to help the victims of ransomware attacks negotiate with attackers in order to get their data back. Here's the best part… we're not talking about that. Not that it's not important, but there is a lot more that Kurtis and his team have been up to. Kurtis has brought the knowledge on that specific topic to television, podcasts and many other mediums in order to spread the word. He has a lot more to say about the state of cybersecurity. That is what we are here to talk about. Okay… we do talk about ransomware negotiation a bit, BUT… we dig deep into so much more. Matt Stephenson welcomes Groupsense CEO and co-founder Kurtis Minder for a discussion about the Seven Dirty Words of Cybersecurity. Depending on your definition of a Dirty Word, this may be a cautionary or inspirational tale. Either way, Kurtis and his team are busting their asses to help secure the data, prevent attacks and… in the worst case scenario… help victims get their data back so they can continue to do their work. And he may be doing it while riding cross country on a motorcycle… About Kurtis Minder Kurtis Minder (@kurtisminder) is the founder of GroupSense, a threat intelligence company. He leads a team of analysts and technologists providing custom cybersecurity intelligence to brands around the globe. The company's analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. He arrived at GroupSense after more than 20 years in role-spanning operations, design and business development at companies such as Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO). About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
How at Risk Are Our Healthcare Networks? Civilian hospitals organized to give care to the wounded and sick, the infirm and maternity cases, may in no circumstances be the object of attack, but shall at all times be respected and protected by the Parties to the conflict. -- Geneva Conventions; Article 18, Section 3, Fourth Geneva Convention Even at humanity's worst, we could reach agreements on the kind of behavior that was acceptable in times of war. Attacks on healthcare delivery organizations around the world are ramping and it appears that the attackers have little regard for the collateral damage ransomware attacks cause. How can the industry evolve to ensure that devices that are integral to keeping people alive are also protected from attackers Matt Stephenson welcomes CynergisTek Executive Vice President David Finn alongside Forescout Senior Director of Healthcare Tony Douglas for an in-depth discussion of what is happening in the world of securing Healthcare Delivery organizations. We talk about leveraging the native complexity of healthcare technology and what can be done to mitigate risk in order to protect the lives of patients as well as the data inside the networks. About David Finn David Finn (@DavidSFinn) is the Executive Vice President, External Affairs, Information Systems & Security at CynergisTek. He has been involved in leading the planning, management and control of enterprise-wide, mission-critical information technology and business processes for more than 30 years. He was Vice President, CIO and Privacy/Information Officer at Texas Children's Hospital for nearly eight years. This unique experience in risk management and control objectives of technology (including audit, security, and privacy) allows him a distinctive perspective in the design and implementation of business applications and the processes that the technology must support. He is known for creatively engaging all types of audiences, conveying messages that even change-resistant users listen to and remember. David is a member of the Health Management Technology Editorial Advisory Board. True story… David presented Ray Charles with his 40th birthday cake. That is a thing that happened. About Tony Douglas Tony Douglas is the Senior Director of Healthcare at Forescout. He is an accomplished IT professional with over 19 years of experience, focused in the vertical markets, namely the healthcare industry. Tony operates as strategic partner with the Executive team, where he is passionate about the role of information technology and the possibilities it offers for improving the quality and efficiency of patient care. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
When the DarkSide hacking group attacked the Colonial Pipeline, they may have gotten a bit more than they bargained for. Colonial has acknowledged paying $4.4 million in ransom in order to bring their systems back online as quickly as possible. It was a decision they had to make quickly, but had to consider a myriad of variables in the process. Joseph Blount, Colonial CEO stated “I know that’s a highly controversial decision… I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this… But it was the right thing to do for the country,” Pundits everywhere weighed in with thoughts about how long the pipeline could be down, the impact on pricing, shortages of petroleum products ranging from gas to heating fuel. Other questions bubbled up as well. How did the do it? Was it politically motivated? How easy would it be for the next attack? Over the last few days, we have seen some pretty remarkable blowback on DarkSide. Even their fellow bad guys don’t want to play with them any more. So… now what? Matt Stephenson welcomes Duke Energy Technology Manager David Lawrence alongside Forescout Principal OT Strategist Brian Proctor and Sr Systems Engineer Shawn Taylor for a lively chat about the attack on Colonial and the impact it may have on the worlds of critical infrastructure and operational technology. This isn’t just another academic discussion of security… we have a harmonica! Seriously… we do… check it out! About David Lawrence David Lawrence is the Tehchnology Manager of the Emerging Tchnology at Duke Energy. There he provides leadership on a portfolio of technologies for the Future Grid, including development of use cases and requirements, architectures and designs, and technology test plans. He works in defining and executing technology evaluations, and providing change management support. David is currently focused on Grid distributed autonomous functions, edge analytics, and security for distributed technologies. He has 38 years of experience in the energy industry. He has worked in research and development and IT management for electric metering, transformer, and switchgear product manufacturing. His roles included embedded systems and protocol development, engineering management, global engineering information systems, manufacturing execution and scheduling systems, product lifecycle management, and IT management. About Brian Proctor Brian Proctor (@brianproctor67) is the Principal OT Strategist at Forescout. He spent the majority of his previous professional life as an ICS/SCADA cybersecurity engineer and cybersecurity team lead working for two progressive California Investor Owned Utilities (IOUs). In joined an ICS security startup which was then acquired by Forescout Technologies. Brian jumped to the vendor side to promote the benefits ICS/SCADA/DCS threat detection, network security monitoring, and visualization capabilities can bring critical infrastructure asset owners. He is passionate about helping the ICS security community in any way possible and trying to make a difference for the greater good of our industry and country. About Shawn Taylor Shawn Taylor (@smtaylor12) is a Senior Systems Engineer at Forescout. He is an accomplished and well-respected Public Speaker and Systems Engineer. With a strong mix of technical acumen, architectural experience, and sales savvy Shawn is a trusted advisor the customers he's worked with over his 20-year career. His background includes Cybersecurity, Biometrics and Identity Management, IT Operations and Service Management and IT Asset Management. As a ForeScout Systems Engineer, Shawn expanded his technical knowledge into cybersecurity, while still leveraging his foundation of IT Operations and Service Management. He is responsible for integrating the ForeScout CounterACT solution with many of the industry-leading Cybersecurity products while in support of sales opportunities. Shawn has spoken at industry events around the country and too many online events to list. Additionally, Shawn helps to drive thought leadership around Forescout and continuous visibility being foundational to enterprise ITSM initiatives by authoring White Papers and blogs. About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, as the host of the InSecurity I have been talking with experts about every corner of the cybersecurity landscape. In 10 years in the world of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you are listener to Insecurity, there’s great news! An all new show is coming bringing the same kind of energy and array of guests you know and love. Best part? We’re still at the spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“I'm telling you a lie in a vicious effort that you will repeat my lie over and over until it becomes true” -- Lady Gaga “The point of modern propaganda isn't only to misinform or push an agenda. It is to exhaust your critical thinking, to annihilate truth.” -- Garry Kasparov In this week’s Very Special Episode, Matt Stephenson shares a LinkedIn LIVE event featuring Jamil Jaffer and Brandon Soroudi for a chat about the role cybersecurity has and must play in the ongoing battle against Disinformation, Misinformation and Propaganda. Are they the same? How do we know the difference? Where does social manipulation come into the conversation? That’s what we are about to find out… About Jamil Jaffer Jamil Jaffer (@jamil_n_jaffer) is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University. Jamil is also the Vice President for Strategy, Partnerships & Corporate Development at IronNet Cybersecurity, a technology products startup founded by Gen (ret.) Keith B. Alexander, the former Director of the National Security Agency and Founding Commander of U.S. Cyber Command. In addition, Jamil is an advisor to Beacon Global Strategies, a strategic advisory firm; 4iQ, a deep and dark web intelligence startup; Duco, a technology platform startup that connects corporations with geopolitical and international business experts; and Amber, a digital authentication and verification startup. Among other things, Jamil currently serves on the Board of Directors for the Greater Washington Board of Trade, the Board of Advisors for the Global Cyber Alliance, and the Advisory Board of the Foundation for the Defense of Democracies’ Center on Cyber and Tech Innovation, and is a member of the Center for a New American Security’s Artificial Intelligence and National Security Task Force and the CNAS Digital Freedom Forum. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation. Prior to his current positions, Jamil served on Capitol Hill in a variety of roles, including on the leadership team of the Senate Foreign Relations Committee and as a senior staff member of the House Intelligence Committee. Jamil also previously served in the Bush Administration in a number of positions, including on the leadership team of the Justice Department’s National Security Division and in the White House as an Associate Counsel to President George W. Bush. Jamil holds degrees with honors from UCLA, the University of Chicago Law School, and the United States Naval War College. About Brandon Sorouti Brandon Soroudi is an experienced security engineer, and system administrator with over 9 years of experience. He currently is a Consultant on BlackBerry’s ThreatZERO team. We’d tell you more if we could, but since he is an experienced security engineer, that’s all he would tell us. He did write the original post that inspired this talk… https://lnkd.in/gwG7N-v About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“I would like to see people, the public and the press and other athletes in general just realise and respect women for who we are, what we are and what we do… I’ve been working at this since I was three years old… Basically my whole life I’ve been doing this and I haven’t had a life and I don’t think I deserve to be paid less because of my sex. Or anyone else for that matter, in any job.” -- Serena Williams On this Very Special Episode, Matt Stephenson moderated a discussion among some of the superstar women who are working across the top levels at BlackBerry. They are instrumental across the spectrum of the company, leading teams ranging from Product Management and Development to Human Resources to key Legal teams. We sat down for a chat about where the cybersecurity industry is in 2021. When it comes to diversity and inclusionave we gotten better? Let’s see what the leaders think… The All-Star Panel Karen Murdock - Senior Director, Legal Counsel Jennifer Bramhill - Vice President, Employee Relations & HR Business Partner Pooja Kohli - Vice President, Product Management Yasmine Aggarwal - Director, Enterprise Software Testing About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
I believe that we should be teaching our kids, students and employees when and how to lie -- Maurice Schweitzer; professor, Wharton School at the University of Pennsylvania And, after all, what is a lie? 'Tis but The truth in masquerade. -- Lord Byron; Don Juan, Canto 11 This week, Matt Stephenson welcomes Attivo Networks CTO Tony Cole to InSecurity for chat about the role deception techniques play in security. But that’s not all… we get into how the privatization of space will impact cybersecurity… where cybersecurity fits into Black Swan events like the Wall Street Bets brouhaha… even a bit of Pink Floyd works into the mix! About Tony Cole Tony Cole (@NoHackn) is a cyber expert with over thirty-five years of experience as a strategist, risk expert, advisor, and board member. Today, he is the CTO at Attivo Networks, the global leader in lateral movement attack detection and privilege escalation prevention, working to defend enterprises from the impact of cyber-attacks. Prior to joining Attivo Networks, Tony held executive positions at FireEye, McAfee and Symantec. He is retired from the U.S. Army, where he worked in intelligence, communications, and cryptography around the world including building out the Network Security Services at the Pentagon. Tony served previously on numerous boards and government committees including (ISC)² Board of Directors as Treasurer and Chair of Audit and Risk, the NASA Advisory Council under appointment by the NASA Administrator, and the FCC CSRIC (Communications Security, Reliability, and Interoperability Council). Today he serves on the Gula Tech Foundation Grant Advisory Board helping the Foundation give back to the community and drive a more diverse cyber workforce. In 2014, Tony received the Government Computer News Industry IT Executive of the Year award, and in 2015 he was inducted into the Wash 100 by Executive Mosaic as one of the most influential executives impacting Government. In 2018 he was awarded the Reboot Leadership Influencer Award by SC Media. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas - things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy. -- James Comey I'm a hacker, but I'm the good kind of hackers. And I've never been a criminal. -- Mikko Hypponen What happens on InSecurity when Matt Stephenson sits down with Rob Willis, a top-flight ethical hacker, red-teamer and all around cybersecurity expert to talk about… comic books? You get a brand new comic universe created by hackers for hackers that it rooted in actual technology and hacking. The Paraneon Universe is as much cyber-fact as it is science fiction. When you get bored with the same capes, cowls and armor… come check out what the real future is going to look like in Paraneon… where you can’t punch your way out of everything. About Rob Willis Rob Willis (@rej_ex)’s entire life has been centered around comic books and tech. If he wasn't a cybersecurity professional, there is zero doubt that he would be working in comics full-time. To date Rob has self-funded the creation of these titles and other Paraneon assets and will continue to create and expand the Universe with exciting characters and storylines pressure. By day he is an InfoSec professional. Rob runs consulting at 1337 Inc among other things. He is a Red team, Blue team, and purple team professional. He isnt just breaking into things for clients, he’s also building and running security programs. He is also a part of the hacking collective Sakura Samurai. You may not know them yet, but you’ve likely read about their work already. Rob is featured in the popular Tribe of Hackers series from Wiley. He has appeared in the original Tribe of Hackers and new book Tribe of Hackers: Blue Team. In a Previous life, Rob was a Researcher at the Breach and Attack Simulation Pioneer ThreatCare. He has worked places he can’t disclose, but which I have personally verified… It’s legitimate, as crazy as that sounds. His most mind numbing accomplishments cannot be talked about publicly, but if you become his friend he will likely show you some insane stuff -- as long as it doesnt compromise national security. About Paraneon Paraneon (@paraneonU) develops and publishes stories from a cyberpunk future. For hackers, by hackers. The Paraneon Universe is comprised of technocentric cities, underground worker colonies, and apocalyptic 'drylands'. All factories and production has been moved to Mars due to pollution, and there's more Androids on Mars than Humans. The Hive Network The Hive is a massive incubator-like structure that humans are placed inside of while their minds integrate with a virtual reality world. Joining the Hive is voluntary, and requires each member to purchase their spot within it. Those in the Hive decided to be added to it, to ‘retire’ after working many years as a lower-class member of society, where most of their time was spent training — then working — in a specialized trade associated with the underground worker colony they were born into. The world is advanced with technocentric cities, but living in a city requires decades of saving for a colony member who hopes to purchase citizenship in one. The class system dictates the resources and quality of life more than any period throughout history, and aside from the tribal peoples of the desolate drylands, colony members are the lowest part of society. Why would someone choose to be a member of the Hive? It’s not a hard decision for someone to live the remainder of their life in a world where they can have and be whatever they choose. It may not be real, but over time it becomes difficult to imagine virtual reality as anything but reality. For this reason many refer to the Hive as the ‘great equalizer’, convinced that their lives in reality are nothing but a painful stepping stone on the path to their digital salvation. Portals Portals takes place in the drylands. The 'drylanders' do not take kindly to tech or strangers. The first story arc introduces an undercover police officer from one of the cities who enters the drylands in an attempt to blend in, all while searching for 'dangerous' fugitives. Neon Skyline Sudo is a talented hacker who is placed in a research program surrounding bio-hacking on Mars. He uncovers a massive conspiracy when accidentally finding that many androids, billed as 'next-gen AI' are actually cyborgs, implanted with human brain tissue. Can he sound the alarm and 'free' the cyborgs before he gets killed? About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“You got ninety percent of the American public out there with little or no net worth. I create nothing. I own. We make the rules, pal. The news, war, peace, famine, upheaval, the price per paper clip. We pick that rabbit out of the hat while everybody sits out there wondering how the hell we did it. Now you're not naive enough to think we're living in a democracy, are you buddy? It's the free market. And you're a part of it. You've got that killer instinct. Stick around pal, I've still got a lot to teach you” -- Gordon Gekko; Wall Street, Oliver Stone, 1987 We’re stepping outside the normal conventions of cybersecurity for this one. Matt Stephenson welcomes in Advent Technologies President and CFO Bill Hunter to discuss the recent madness in the stock market. When Redditors started flexing their ability to move markets with tools like rocket emojis and a lexicon that brought “tendies” and “diamond hands” to the common language… was that a Hack? Take a listen and decide for your self. About William Hunter William Hunter is Chief Financial Officer & Director at Advent Technologies Holdings, Inc. He is on the Board of Directors at American Battery Metals Corp. (Nevada), AMCI Euro-Holdings BV, Ridley Terminals, Inc. and Advent Technologies Holdings, Inc. Mr. Hunter was previously employed as a President, CEO, CFO & Director by AMCI Acquisition Corp., a Managing Director by Dahlman Rose & Co. LLC, a Vice President by BMO Nesbitt Burns, Inc. (US), an Associate by NatWest Markets Equity Corp., a Financial Analyst by KPMG LLP, a Principal by Jefferies LLC, and a Principal by TD Securities (USA) LLC. He also served on the board at Nomura Securities International, Inc. and Teneo Capital LLC. He received his undergraduate degree from DePaul University, an MBA from Kellstadt Graduate School of Business and an MBA from DePaul University About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Securing embedded systems presents unique and complex challenges when it comes to organizing and assessing software assets during assurance activities. The closed source nature of the supply chain and volume of differing components has made this a onerous and costly activity -- IIOT World On this Very Special Episode of InSecurity, Matt Stephenson spoke with BlackBerry CTO Adam Boulton and IoT Security Services Lead Ian Todd about protecting embedded systems and how that applies to the automotive world and national public infrastructure. Do you know how to protect embedded systems? Do you know what they are? Do you know what that has to do with your water supply? These folks do… dig it About Adam Boulton Adam Boulton is a highly experienced and qualified software security professional, with over 15 years’ experience within security engineering. Having successfully accelerated through career progression, Adam is employed as the Chief Technology Officer for BlackBerry Technology Solutions About Ian Todd Ian Todd leads the BlackBerry IoT security services practice which has developed a set of security solutions for embedded systems across industries such as automotive, industrial, medical, defence and aerospace, transportation and robotics globally. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Together we stand, divided we fall Come on now people, let's get on the ball and work together Come on, come on let's work together, now now people Because together we will stand, every boy every girl and a man -- Let’s Work Together, Canned Heat A truly rollicking episode of InSecurity finds Matt Stephenson trying to keep up with National Security Institute Director Jamil Jaffer as we run all over the cybersecurity world. The private sector isn’t charged with defending their skies and shores, should they be responsible for defending their data and users? What can we learn from the US Capital Riots? Is there value in an offensive cybersecurity posture? Why would anyone play Goat Simulator? Yeah, we talk about that and more. Dig it… About Jamil Jaffer Jamil Jaffer (@jamil_n_jaffer) is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University. Jamil is also the Vice President for Strategy, Partnerships & Corporate Development at IronNet Cybersecurity, a technology products startup founded by Gen (ret.) Keith B. Alexander, the former Director of the National Security Agency and Founding Commander of U.S. Cyber Command. In addition, Jamil is an advisor to Beacon Global Strategies, a strategic advisory firm; 4iQ, a deep and dark web intelligence startup; Duco, a technology platform startup that connects corporations with geopolitical and international business experts; and Amber, a digital authentication and verification startup. Among other things, Jamil currently serves on the Board of Directors for the Greater Washington Board of Trade, the Board of Advisors for the Global Cyber Alliance, and the Advisory Board of the Foundation for the Defense of Democracies’ Center on Cyber and Tech Innovation, and is a member of the Center for a New American Security’s Artificial Intelligence and National Security Task Force and the CNAS Digital Freedom Forum. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation. Prior to his current positions, Jamil served on Capitol Hill in a variety of roles, including on the leadership team of the Senate Foreign Relations Committee and as a senior staff member of the House Intelligence Committee. Jamil also previously served in the Bush Administration in a number of positions, including on the leadership team of the Justice Department’s National Security Division and in the White House as an Associate Counsel to President George W. Bush. Jamil holds degrees with honors from UCLA, the University of Chicago Law School, and the United States Naval War College. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple, Amazon Music & Audible as well as ThreatVector, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
The diversity of the global supply chain that makes it critical to modern society also makes it very difficult to know where all of the components of a device came from. Who designed each part, who made it, who put it into a device, who sold it, and who bought it? Inside the sheet metal or plastic shells of our personal and business equipment is a fractal maze of assemblies and subassemblies reaching down to the nanometer scale and beyond into the virtual world. Securely Capitalize on the Global Supply Chain with Digital Bill of Materials Chris Blask, Jan 28, 2020 On this episode of InSecurity, Matt Stephenson welcomes Chris Blask back for a deep dive look into the Digital Bill of Materials (DBOM). What is it? Why do it? Who should care and why the should care? We also go deeper into issues like security, privacy and even storage that compound the degree of difficult in creating and storing a digital record of EVERYTHING. The DBOM could be one of the most important projects you’ve never heard of. Dig it. About Chris Blask Chris Blask’s (@chrisblask) career spans the breadth of the cybersecurity industry for more than 25 years. He invented one of the first firewall products, built a multi-billion dollar firewall business at Cisco System, co-founded an early SIEM vendor, authored the first book on SIEM, founded an information sharing center for critical infrastructures, and has advised public and private organizations in every sector around the world. In his role within the Office of Innovation at Unisys, Chris created and leads the Operational Technology and IoT practices, invented the Digital Bill of Materials (DBoM) structure, and established the Unisys Marine Living Research Center. Today he chairs a range of non-profit cybersecurity organizations and contributes to a wide range of global security efforts. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
I was a peripheral visionary I could see the future, but only way off to the side -- Steven Wright, 1990 A Very Special Episode of InSecurity… Matt Stephenson hosted a web event with BlackBerry Senior Leadership including CTO John McClurg, Chief Evangelist Brian Robison, VP Research Operations Tony Lee and Director Threat Hunting & Research Claudiu Teodorescu. We had a chat about what they were looking at in the cybersecurity universe for 2021. They are particularly interested in the rolls that Cyber Attacks, People and Technology will play when it comes to securing the world’s data. About our Panel John McClurg: CISO, BlackBerry Tony Lee: VP Research Operations, BlackBerry Claudiu Teodorescu: Director Threat Hunting & Research, BlackBerry Brian Robison: Chief Evangelist, BlackBerry About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“It's just a straight sequence, which is mind-numbing to me… This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you're first learning how web servers work. I wouldn't even call it a rookie mistake because, as a professional, you would never write something like this." -- Kenneth White, codirector of the Open Crypto Audit Project On this episode of InSecurity, Matt Stephenson sits down with Richard Stiennon for a chat about a LOT of things. He has a new book coming, dropped TWO books in 2020 and we find time to take a look at recent security events unfolding around social media site Parler and the cyber attack on the US Government. Could these events have been prevented with a better approach? The Parler breach was ludicrously simple. The Solarwinds event was infinitely more complicated, but would a CI/CD approach have made a difference? Find out what an industry expert thinks… About Curmudgeon: How to Succeed as an Industry Analyst Curmudgeon is the first (and only) book on how to become and excel as an industry analyst. It is written by a 20 year veteran of the business, the author of UP and to the RIGHT: Strategy and tactics of Analyst Influence. In addition to Stiennon's first hand experience at Gartner, then as an independent analyst covering the cybersecurity industry, there are contributions from analysts such as Tom Austin, Bob Hafner, Jon Oltsik, and others. If you have ever considered becoming an analyst this is the book you should read. If you interact with analysts you should read Curmudgeon to inform your understanding of the analyst life. About Security Yearbook 2021 Security Yearbook 2021 is the second edition of an annual publication that records the history of the IT Security industry and provides a complete catalog of all the vendors. Thousands of copies will be in the hands of media, analysts, and most importantly, security technology buyers. The industry directory is updated to reflect the changes to the vendorscape in 2020 including M&A, launches, and new funding. Over 3,000 vendors are listed by country and category. Each entry includes the number of employees and growth from the previous year. Security Yearbook 2021 is the only place this data is published. Security Yearbook is an indispensable desk reference for IT security practitioners, marketers, CISOs, and investors. About Richard Stiennon Richard Stiennon (@stiennon) is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 29 countries on six continents. Richard is the author of Secure Cloud Transformation: The CIO'S Journey, Surviving Cyberwar and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes and The Analyst Syndicate. In previous lives, he was Chief Strategy Officer for Blancco Technology Group, Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. Richard has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
This is not the end - it's just another song It's only one opinion, right or wrong Open up your heart - just one more time for me Before we turn to face reality Don't stop to think This perfect chance may never come again This is not the end Let me use your ears - just for a little while I've got to find a way to make you smile This is not my fault, I'm not responsible These tiny grooves can only take so much There's only one more thing I have to say to you So long for now, be sure to keep in touch This is not the end -- Agent Orange; This Is Not the End, 1986 We did it… We finished the Worst Year EVAR! 4th Quarter 2020 seemed a fitting end for the wildest year on record. All year we spoke with the experts around the spectrum of security. From stopping stupid behavior among humans to securely developing applications to the role of insurance in pre and post breach events, we found the right people with the inside dope. We also stepped out of security into the notion of leadership, who is doing what in the world of international relations and how that can impact the security of our economy, elections and government. 2021 has to be better… right? Ira Winkler: You CAN Stop Stupid Jillian Lappetito: Fearlessly Authentic Leadership in a Time of Fear and Fake News Stanton Gatewood and Jeffrey Smith: Is Cyber Insurance Really a Thing? John McClurg: Securing Our Democracy Ryan Chapman and John Wood: Anatomy of a Breach George Finney and Rich Thompson: The Effect Users’ Habits Have on Cybersecurity Mike Fraser: Can DevSecOps Really Be Radically Simple? Grace Chi and Dan Sherry: Is Open Source the Future of Security? Ted Harrington: You Need to Secure Your App… then PROVE It Alan Pentz: What is the Long Competition? About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
ABC "A", always "B", be "C", closing ALWAYS BE CLOSING Always be closing. -- Blake; GlenGarry GlenRoss, David Mamet, 1992 Now we are taking some liberties there with that bit… but apply that philosophy to secure code development… now swap in Integrating or Developing for Closing… ABD… "A", always. "B", be. “D” Developing… or… well you get the point On this episode of InSecurity, Matt Stephenson speaks with Manish Gupta, CEO of ShiftLeft about the importance of dynamic software development. Can focusing on Continuous Integration/Continuous Development prevent more scenarios like what we saw with Solarwinds? Manish has helped build some of the most important security solutions in the world. The bad guys are only getting better, so we need to make sure we are doing it better and faster than they are. About Manish Gupta Manish Gupta is the CEO of ShiftLeft, a company specializing in NextGen Static Analysis. He was previously the Chief Product and Strategy Officer at FireEye, helping grow the company from approximately $70 million to more than $700 million in revenue, growing the product portfolio from 2 to more than 20 products. Prior to that, he was VP of Product Management for Cisco’s $2 billion security portfolio. He also served as a VP/GM at McAfee and iPolicy networks. Manish has an MBA from the Kellogg Graduate School of Management, MS in Engineering from the University of Maryland and a BS in Engineering from the Delhi College of Engineering. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Planets are lining up California's gonna slide into the sea It's the third great woe It's the thousand-year peace (Spin your partner while you can) No one wants to hear Spoon-feed me the good news forget about the rest Lemmings never fear I repeat, this is only a test I'm much better now I was down there for awhile, I guess I saw the light Oh, it was crazy, anyhow It's no worse than before, I guess you folks were right Yeah, I'm much better now Pass me the chips, turn up the radio I guess I saw the light It's five more miles 'til we get to Idaho -- Worse; Too Much Joy, 1988 And the hits just keep oooonnnnn comin’! 3rd quarter only got weirder. We tried to return to a degree of normalcy with restaurants, theme parks and even sports re-opening in various forms. One thing that never stopped was the need to secure our data, companies and families. We also needed to figure out how to get people healthy. We talked about how risk and trust relate to controlling the chaos that can be part of security as well as the language and culture of security. We even had time to learn how to connect patients with the healthcare they need. Chris Blask and Fred Cohen: A Single Tweet Can Destroy Faith in Government Agencies John McClurg: Combating Cyber Chaos with Unified Endpoint Security Chris Morin: How Cybersecurity Physical Security Influence Each Other? Amar Singh: How Do We Rank Trust, Security and Control? Dr Jessica Barker: Language and Culture Have a Profound Impact on Cybersecurity Scott Schober: Bringing Cybersecurity Expertise to the Masses Via Television Robert Willis: Who or What is the Most Choice Hacking Target? Dave Brown and Luke Hull: Defense in Depth: Cliché or Cornerstone of Cybersecurity? Pete Fronte: Helping Patients Understand and Find Relevant Healthcare About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Hard times spreading just like the flu Watch out homeboy, don't let it catch you P-p-p-prices go up, don't let your pocket go down When you got short money you're stuck on the ground Turn around, get ready, keep your eye on the clock And be on point for the future shock -- Run DMC; Hard Times, 1983 Back for more! The 2nd quarter of 2020 saw the world go into full lockdown. We all had to learn to live in a world where busines and personal happened at the same time in the same place… quite often the kitchen. How did we adapt? How did me move home and secure it for serious business? Meanwhile, life went on. We had to secure elections, keep kids safe online and even advance careers. Oh… PS… diseases like cancer didn’t go away… we had to keep fighting them too. Take a listen to the warriors… Alex Willis and Zach Beimes: Securely Enable Remote Workers Harri Hursti and Dan Webber: The Cyber War on America’s Elections Theresa Payton and Doug Citizen: Who Do You Trust? Ron Ross: Bringing the NIST Framework Home Pat Craven: Garfield and The Center Keep Kids Safe Online Chris Blask and Fred Cohen: DBOM and the Record of Everything Kevin Coppins: Shrinking the Data Security Target Kip Boyle: How Do I Break into Cybersecurity? Anna-Lisa Miller: Bulding a Culture of Security Matthew Zachary: Hacking Cancer About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of light, it was the season of darkness, it was the spring of hope, it was the winter of despair. -- Charles Dickens, A Tale of Two Cities It’s that time again! Time to take a look back on the year that was. This episode takes a look at the time from January through the end of March. Ah yes… simpler times… still optimistic and curious. We chat about the value of design, electric motorcycles that go 200 mph, autonomous vehicles and the role of technology in a then newly blooming pandemic… among other things. The guests are some of the most important thinkers in the IT world. It’s interesting to hear their thoughts then, filtered through the prims of what we know now. Jordan DeVries: Yes Design Really is That Important Derek Dorresteyn: A 200 mph ELECTRIC Superbike? Damon Motorcycles Builds Those Ryan Permeh: Leading the AI Journey from Cylance to BlackBerry Kip Boyle: Virtual CISO at Your Service Richard Steinon: Security Yearbook 2020 Jeff Davis: Smart Mobility Is More than Just Autonomous Vehicles Joseph Menn: Malware Is More Interesting than I Thought Ted Claypoole: Does AI Have Rights? Dr Saif Abed: The Role of Technology in a Global Healthcare Crisis Dr Jessica Barker, Cheryl Biswas, Sherri Davidoff and Theresa Payton: Perspectives on the New Normal About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones -- Albert Einstein If we wish to fight, the enemy can be forced to an engagement even though he be sheltered behind a high rampart and a deep ditch. All we need do is attack some other place that he will be obliged to relieve. If we do not wish to fight, we can prevent the enemy from engaging us even though the lines of our encampment be merely traced out on the ground. All we need do is to throw something odd and unaccountable in his way. -- Sun Tzu, The Art of War On the new InSecurity, Matt Stephenson has a chat with author and Corner Alliance CEO Alan Pentz about playing the long game with China. When your rival has 4000 years of history and a BILLION more people, the contest takes on some different parameters. As we move into the 4th Industrial Revolution, who will better leverage technology like 5G, AI, automation and augmented reality? We’re bringing someone who is boots on the ground in the campaign to improve how government can work with private industry. About Alan Pentz Alan Pentz (@apentz) is the CEO of Corner Alliance. He has over twenty years of experience in government consulting with Corner Alliance, SRA, Touchstone Consulting, and Witt O'Brien's, and has worked with government leaders in the R&D and innovation communities across DHS, Commerce, NIH, state and local government, and the non-profit sector among others. Before consulting, Alan served as a speechwriter and press secretary for former U.S. Senator Max Baucus and as a legislative assistant for former U.S. Representative Paul Kanjorski. He holds an MBA from the University of Texas at Austin. Alan is a life long fan of the Philadelphia Eagles (yes, they booed Santa Claus) and his hero is Ben Franklin, a famous polymath, patriot, diplomat, scientist, politician, and was still the founding father you most want to have a beer with. Winning the Long Competition: The Key to the Next American Century For the first time since the Space Race, the United States is facing a serious competitor with a plan to achieve technological dominance: China. Between China 2025 and the Belt and Road Initiative, it’s become clear that the Chinese government is determined to capture the economic power that new technologies like AI, automation, 5G, and the cloud represent. And with economic power comes military power, and then political power. To win this competition, the US must return to the historical model it used to build the interstate highway system, put a man on the moon, and build the computer and the Internet—but has become an afterthought over the past few decades. In Winning the Long Competition, Alan Pentz lays out a roadmap for increasing our investment and innovation in core areas. He shows government managers where to invest and points innovators to areas where the funding will be plentiful. As we move into the next American century, the only way forward is to harness all the resources and creativity of both our public and private sectors. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
ELLIE: How do you know you’re not deluding yourself? As for me, I’d need proof. PALMER: Proof. Did you love your father? ELLIE: Huh? PALMER: Your Dad, did you love him? ELLIE: Yes, very much. PALMER: Prove it. That is, of course, Jodie Foster as Ellie Arroway and Matthew McConaughey as Palmer Joss in Robert Zemeckis’s 1997 adaptation of Carl Sagan’s 1984 novel Contact On this week’s InSecurity, Matt Stephenson got some time with ethical hacker Ted Harrington, author. He is the author HACKABLE: How to Do Application Security Right, Exec Partner at Independent Security Evaluators and co-creator of IoT Village at DEFCON and beyond! If you need more reasons to listen, he’s just awesome and has some really interesting insight into what developers, companies and even regular people need to consider in keeping their assets secure… dig it About Ted Harrington Ted Harrington (@SecurityTed) is the Executive Partner at Independent Security Evaluators (ISE). ISE is a company of ethical hackers most commonly known for their work hacking cars, medical devices, web applications, and password managers. ISE is a leader of ethical hackers, helping companies build better, more secure software. Ted is an author, keynote speaker, consultant, and podcast host, specializing in penetration testing, secure software development, and related areas of cybersecurity. He recently published the best-selling book HACKABLE: How to Do Application Security Right. ISE has helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix. Ted and his team also founded and continue to organize IoT Village, an event whose hacking contest is a three-time DEF CON Black Badge winner. Hackable: How to Do Application Security Right If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too. Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong. To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
“Diversity and independence are important because the best collective decisions are the product of disagreement and contest, not consensus or compromise.” -- The Wisdom of Crowds; James Surowiecki, On this week’s InSecurity, Matt Stephenson has a chat with Pulsedive co-founders Grace Chi and Dan Sherry about the joy and pain of security startup life. In the world of the Threat Intelligence research, the best people are often looking for the best tools. Why not build a community around some stellar tools so the Wisdom of the Crowd can push security in the directions it needs to go? Grace and Dan want to help heard the cats to solve the problems About Grace Chi Grace Chi (@euphoricfall) is Co-Founder and COO of Pulsedive. Her wealth of experience includes directing complex growth campaigns and operations across technology, cybersecurity, and real estate markets. She draws on interdisciplinary interests, fearlessness in the face of criticism, and history in product marketing, strategic development, and customer success to identify and execute on the most impactful areas for growth. Grace is an avid watercolorist on weekends and a hyper-serious cooperative board gamer. About Dan Sherry Dan Sherry (@netbroom) is Co-Founder and CEO of Pulsedive. He has years of industry experience doing incident response, security engineering, and security operations across both government and Fortune 500 financial services. He is all too familiar with the struggles of filtering noise from open source threat intelligence, and sees Pulsedive as the first step to solving this problem. Dan’s top advisors are his three cats. He plays the ukulele when he’s not staying up all night debugging Pulsedive. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
DevSecOps? SecDevOps? Jeff… Kevin? Wait… what? On this episode of InSecurity, Matt Stephenson has a chat with Refactr co-founder & CEO Mike Fraser about the World of DevSecOps and the role it plays in contemporary Cybersecurity ecosphere. We dig into the relevance of low-code/no-code and FINALLY get handle on Conway’s Law as it applies to security. No idea what we're talking about? Tune in and find out… About Mike Fraser Mike Fraser (@itascode) is the Co-founder, CEO, Chief Architect of Refactr. He started his career in the US Air Force working on F-15 weapon systems and later as a cybersecurity engineer. Mike has founded multiple tech companies and is a regular speaker at industry events, including Hashiconf, various Microsoft events, Red Hat AnsibleFest and All Day DevOps. He has published several articles including on TechCrunch, RSA 365, CRN, and The New Stack, and appeared on the cover of Channel Pro Magazine. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Science is what you know Philosophy is what you don’t know -- Bertand Russell For the things we have to learn before we can do them, we learn by doing them. -- Aristotle On this Very Special Episode of InSecurity, Matt Stephenson moderated a chat between SMU CISO George Finney and BlackBerry Global VP of Engineering Rich Thompson. We covered a range of topics, but narrowed the field to the Big Ideas of Habit, Neuroscience & Artificial Intelligence and Behavior & Technology. The notion was to consider how those things influence our approach to Cybersecurity. Dig it… About George Finney George Finney (@WellAwareSecure) is the CSO for SMU in Dallas, Texas and is the author of the new book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future as well as several others. He is a Chief Information Security Officer that believes that people are the key to solving our cybersecurity challenges. George has worked in Cybersecurity for nearly 20 years and has helped startups, global telecommunications firms, and nonprofits improve their security posture. As a part of his passion for education, George has taught cybersecurity at Southern Methodist University and is the author of several cybersecurity books including No More Magic Wands: Transformative Cybersecurity Change for Everyone. He has been recognized by Security Magazine as one of their top cybersecurity leaders in 2018 and is a part of the Texas CISO Council, is a member of the Board of Directors for the Palo Alto Networks FUEL User Group, and is an Advisory Board member for SecureWorld. George holds a Juris Doctorate from Southern Methodist University and a Bachelor of Arts from St. John’s College and as well as multiple cybersecurity certifications including the CISSP, CISM, and CIPP. About Rich Thompson Rich Thompson (@TheRichThompson) is Vice President of Sales Engineering, North America at BlackBerry. He has 25+ years of experience in security. This includes 21 years leading security efforts at the regional and national level in the retail industry, including stops at Big Lots, Toys Я Us, ESPRIT, J Crew… shoutout to 90s fashion. From there, Rich spent 5 years leading Sales Engineering and Professional Services efforts in the enterprise software industry. He has experience in forensics, incident response, electronic discovery, information risk management and governance. Rich joined Cylance in October 2014 in order to help Cylance in the vision of protecting every endpoint under the sun. He also has surprisingly wide-ranging musical tastes. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Anatomy is to physiology as geography is to history; it describes the theatre of events. -- Jean Fernel; Legendary French physician Those who cannot remember the past are condemned to repeat it -- George Santayana; The Life of Reason: The Phases of Human Progress, 1905 Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones -- Donald Rumsfeld; US Secretary of Defense, 2002 The World Economic Forum considered a Massive incident of data fraud/theft the FOURTH biggest risk facing THE WORLD for 2019, behind major natural disasters and ahead of man-made environmental damage including massive oil-spills or massive ration leaks. 2020 said… hold my beer. Just last week, the Wisconsin Republican Party was attacked by bad actors and suffered the theft of $2,300,000.00 in payments that were due various vendors to their organization. How did the bad guys get in? The most basic, tried and true way of ingress: email phishing. Was the motivation to damage national and state-wide election campaigns? Was it to sew more discord in an already tumultuous election season? Was it TWO POINT THREE MILLION DOLLARS? Do we even care? What cannot be disputed is that bad guys came into their system with bad intent and left with a lot of other peoples’ money. When is a breach a breach? When is it a data leak? When is it simply a server left exposed? On this edition of InSecurity, Matt Stephenson talks with veteran Incident Response Consultants John Wood and Ryan Chapman about what happens once the bad guys break in and what the good guys can and must do when dealing with the results of a cyber-attack. Plus: PORT 3389! Dig it… About John Wood John Wood is Technical Director for BlackBerry’s (Previously Cylance) Incident Response practice. He leads teams of Incident Responders in large-scale and small-scale breaches across a variety of industries. John is responsible for evaluating and improving the tools and methodologies used by the practice and ensuring quality control across all engagements. Prior to joining Cylance, John retired as an FBI special Agent after 23 years. During his time in the FBI, John served in six field offices where he was a computer forensic examiner and cybercrime investigator. He was involved in several high-profile cases to include being the lead forensic examiner on the Edward Snowden espionage case, the Ardit Ferizi terrorism case, the “Russian voter hacking”, and several Advanced Persistent Threat (APT) cases. He was also a SWAT operator, a bomb tech, a firearms instructor, and has also testified as an expert witness in the United States Southern District of Texas, The Eastern District of Missouri, The Eastern District of Virginia, and The Northern District of Florida. About Ryan Chapman Ryan Chapman (@rj_chap) is Principle Forensics Consultant at BlackBerry. An Information Security professional with over 18 years of experience in the IT realm, Ryan sees the security industry as an ever-evolving creature where nothing is stale and there is always something new to learn. He has worked in SOC and CIRT roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through PCAPs; analyzing malware; and performing host and network forensics are all things his passions. One of Ryan’s primary interests is the exciting world of reverse engineering. Malware has become pervasive, so he relishes the ability to dissect, understand, and protect against evolving threats. He is always on the lookout for the new tricks that malware authors use to circumvent security appliances. Ryan has presented at DefCon, SANS Summits, BSides Las Vegas and San Francisco, CactusCon, Splunk.conf and Splunk Live! About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
On 19 October, the United States Federal prosecutors unsealed charges against six Russian intelligence officers accused of engaging in some of the most destructive cyberattacks of recent years operations that knocked out Ukraine’s energy grid exposed emails from the French president’s party damaged global systems in the 2017 NotPetya attack U.S. Charges Six Russian Intelligence Officers With Hacking Wall Street Journal; 20 October, 2020; Dustin Volz Sun Tzu famously said, “all warfare is based on deception.” He could hardly have anticipated how his words would ultimately be substantiated—particularly in the tactics of today’s cybercriminals. Even after 30 years in the trenches, John McClurg is still surprised by their innovative tactics. Sun Tzu reportedly also said, “it’s not an admission of defeat to recognize and respect the strengths of your enemy; rather, it’s a necessary precondition to victory”. What the hell are we even talking about? Stick around my friends… you shall hear and be heard… Once Again Back It’s the Incredible…! Sorry… a little Public Enemy for you there… Time for another Very Special Episode of InSecurity, Matt Stephenson has a chat with BlackBerry SVP/CISO John McClurg about what is going on in the world of securing the electoral process of the United States elections. This is not a podcast about politics, it is a podcast about securing the processes and mechanisms. Regardless of where you fall on the political spectrum, the vote you cast should be the vote that is recorded. How do we protect that process? Tune in and find out… About John McClurg John McClurg (@JohnMcClurg) is a Sr Vice President and CISO at BlackBerry. He spent his early career with the US government, serving as both a supervisory special agent and branch chief for the FBI as well as a deputy branch chief for the CIA. In these roles, McClurg was involved in the capturing of both Kevin Poulsen and Harold James Nicholson. Following his public service, John has served as a vice-president and Chief Security Officer for Lucent, Honeywelland Dell. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
62% of businesses experienced phishing and social engineering attacks in 2018. 68% of business leaders feel their cybersecurity risks are increasing. Only 5% of companies’ folders are properly protected, on average. Data breaches exposed 4.1 billion records in the first half of 2019. 71% of breaches were financially motivated and 25% were motivated by espionage. (Verizon) According to a study from our friends at Adroit Market Research, global Cyber security insurance market size was $3.89 billion in 2017, expected to grow to $23.07 billion in 2025 What kind of preparation before applying for Cyber Insurance can produce the outcomes you need? What are the underwriters looking for when they evaluate and calculate cyber insurance premiums? What changes and technologies can an organization implement to lower those costs? Just like personal life insurance, the preparations and choices you make before and during the underwriting process will lead to vastly different outcomes in the cost of your premiums. On another Very Special Episode of InSecurity, Matt Stephenson moderates a discussion between Stanton Gatewood, former CISO for the State of Georgia and previous skeptic on the notion of Cyber Insurance and Jeffrey Smith, Managing Partner at CyberRisk Underwriters, a company specializing in Cyber Insurance. This ain’t your normal cable news shoutfest, but rather an informed discussion on a misunderstood tool of data protection. Think you don’t need Cyber Insurance? Do you feel the same way when you get in your car or go to the doctor? See where we’re going here…? About Stanton Gatewood Stanton Gatewood is an experienced and successful cyber security professional and information technology leader, with more than 35 years of experience in the Federal, State and local government, higher education and public sector. He has been recognized over the years for his contributions to the State of Georgia and the University System of Georgia. Additionally, Stan, enjoys helping his peers increase their Cyber Knowledge, Skills, Abilities + experience with his work in NASCIO. About Jeffrey Smith Jeffrey Smith founded Cyber Risk Underwriters to simplify the access to cyber insurance and cyber warranty products via a network of insurance agents, cyber security vendors and infosec investors. In this role, Jeffrey is building a business model to educate clients about the catastrophic nature of cyber security risks, generate alternative distribution channels for cyber insurance products, and custom program for unique customers. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe. I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know... Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!