Pwned: The Information Security Podcast

In this mailbag episode of Pwned, Justin and Jack respond to a listener question that has all the earmarks of a well-known security problem: a new leader starting in an organization with what feels like a random mix of products and problems. By talking through the different elements of the situation, the team offers proven and straightforward suggestions for making the transition more action-oriented, more measurable, and much less stressful. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

This week, Justin and Jack are talking AI with one of the security industry's most well-known experts and influencers, Diana Kelley of Protect AI. The topics, like the growth of AI, are all over the place, from the impacts of AI on security teams to secure AI development, and even a quick mention of the rights of sentient AI. Come hear what's new in ML SecOps and high-integrity AI, and some well-informed predictions for the future. If you want to get in touch with Diana, you can find her LinkedIn here. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this breach of the week episode, Justin and Jack look into the recent attacks targeting the GitHub developer community. Developers are increasingly being targeted by North Korean state-sponsored threat actors to use and execute poison code. Tune in to get the scoop. The DarkReading article can be found here: North Korean Cyberspies Target GitHub Developers (darkreading.com) CISA's request for comment can be found here: Request for Comment on Secure Software Self-Attestation Common Form | CISA Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Multifaceted French security and defense firm, Thales, has acquired longtime application and availability cybersecurity pioneer, Imperva, in a major acquisition from U.S. cybersecurity private equity leader, Thoma Bravo. In this RightSwipes episode of Pwned, Justin and Jack review the histories of both Imperva and Thales, adding valuable context to the market analysis. There's plenty to talk about and factor into this week's thumbs-up/thumbs-down conclusion. Check out the following links for resources mentioned in this episode: Announcement Thales Imperva Thoma Bravo Watch this week's episode: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In Massachusetts, a group of communities are banding together to improve IT acquisition effectiveness. In this episode of Pwned, Justin and Jack explore the benefits of this alliance, ideas on the cybersecurity impact, and the relationship between this effort and other regional and whole-of-state strategies. It's a feel-good episode of Pwned, and the team is bringing positive vibes. Learn more about the North Shore IT Collaborative here: North Shore IT Collaborative | Danvers, MA (danversma.gov) Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode Justin and Jack are taking a question from the mailbag on choosing regional or private security operations centers (SOCs). The conversation quickly turns to finding the best SOC for your needs, the most beneficial preparation before engaging with vendors, and the right of any organization to demand answers in language they can understand and apply. Watch this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

From ChatGPT to predictive analytics, AI techniques are changing all industries and knocking on the door of cybersecurity.  Justin and Jack are answering with an episode examining potential advancements and limitations that we'll likely encounter over the next few years. If you're interested in an experienced, optimistic, but grounded view on what AI can do for your security operation, this is an episode for you. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

The White House has released another statement on their National Cybersecurity Strategy. This time Justin and Jack are supportive of the tone and some of the content. In this episode, hear about the new approach to improving cybersecurity with an emphasis on vendor responsibility, liability, opportunities, and outcomes.  Do you think the President's directive is helpful, or do you think it lacks the specifics for these policies to succeed?   Resources mentioned in this episode:  Policy: FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy | The White House.  Dark Reading: The White House National Cybersecurity Strategy Has a Fatal Flaw (darkreading.com) by Eyal Mamo. Request for Comment on Software Security Attestation: Request for Comment on Secure Software Self-Attestation Common Form | CISA by CISA.    For more insight on federal cybersecurity policy, listen to our 2022 White House Week series:  Presidential Prerogative – “Bulletproof Cybersecurity in One Week or Less”  Another Presidential Push - This Time It's National Washington Week 3 is Spelled SEC   Check out this week's video:   If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this RightSwipes episode, the unexpected union of Proofpoint and Illusive creates an irresistible combination for Justin and Jack. They're talking through the applicability of deception technology, market appetite, and Proofpoint's move to deepen their bench with Illusive. The question remains whether Proofpoint was looking to strengthen identity-based defenses or if there's a broader strategy in motion. As referenced in this episode, you can check out Ericka Chickowski's article on DarkReading here. Watch this week's video here: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack are talking about threat intelligence, from its ideal content mix to the audience, and ways to improve its usefulness and availability. Threat intel is about more than feeds. It's about hunting, sharing, and enriching our understanding of threats whenever we can. Check out our SLED Cybersecurity Priorities Report here to examine top cybersecurity priorities in SLED, what's fueling them, and how you can implement them in your organization. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In part two of “An Old Friend, Some Old Equipment, and New Challenges All Around," we welcome back Zack Borst. Since his departure from NuHarbor Security, Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and now he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. Join the trio for the second part of this eye-opening discussion about technology, threats, aging equipment, critical services, and the troubling mix of kinetic and cybersecurity emergencies. Watch this week's video here: Check out EM Weekly at EM Weekly — The Readiness Lab or on your favorite podcast streaming service. You can find Zack on Linked in here: https://www.linkedin.com/in/zborst/, or by email at zack.borst@dobermanemg.com. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Our latest episode welcomes back Zack Borst, former co-host and co-contributor to PWNED in its earlier seasons. Zack has since embarked on a mission to enhance emergency management, including cyber preparedness, and he's talking with Justin and Jack about the state of cybersecurity systems and subsequent challenges. It's an eye-opening discussion that blends technology, threats, aging, equipment, critical services, and the troubling mix of kinetic and cybersecurity emergencies. Gain insight into an emerging arena and a heightened urgency for cybersecurity improvements. Watch this week's video here: You can find Zack on Linked in here: https://www.linkedin.com/in/zborst/, or by email at zack.borst@dobermanemg.com. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In an episode that is close to Jack's heart and history, he and Justin explore a renewed interest in the security of applications. They discuss the new Application Security Center of Excellence (ASCOE) being built at the Commonwealth of Massachusetts, shifting far left of boom by prioritizing contract language, and the importance of championing the need for application security before implementing any program. Listen in for practical ways to make progress in an area that will only get better by working on the applications you'll see tomorrow. Key moments: 1:51 – Introduction to application security. 8:26 – Application security surrounding AI/ChatGPT. Is open source insecure? 9:38 – Application security = restaurant? 10:39 – In a world where no one wants you to get in front of application security, how do you get in front of it? 18:15 – Strong application security requires healthy communication. 21:38 – Why is application security so important? 25:26 – Application security is not a one-and-done deal; it goes on forever. It's a continuing cycle of Whac-A-Mole. Watch this week's episode here: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack delve into the growing trend toward increased investment in detection and response. With the rise in successful attacks and public breaches, detection and response are getting plenty of love, sometimes at the expense of preventative measures. Tune in as our duo explore the current state of affairs, share their observations on various response tactics, and provide valuable insight for listeners who are considering investing in cybersecurity capabilities to reduce the likelihood or impact of inevitable threats. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this mailbag edition of PWNED, Justin and Jack are presented with a question from a listener who's feeling pressured to justify continuing cybersecurity tooling spend. They've seen this happen repeatedly and offer recommendations for responding with well-articulated tradeoffs and benefits and preparing for budget cuts during the proposal and acquisition process. Ultimately, security leaders do their best when they can maximize value from their existing tooling, or garner support from non-security stakeholders that can translate the negative impacts of reduced security capabilities into business terms. Listen in for practical advice as security teams start to bear more scrutiny and field more requests for spending justification in tight economic times. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack discuss a recent CISO dialogue around the difficulties in replacing staff that move on, and strategies for easing the impact of losing talented folks to competitors or lottery wins. From educating other team members, to succession planning and developing close relationships with vendors there are ways to prevent the unexpected loss of teammates from resulting in a corresponding loss of sleep. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack respond to a note from the mailbag. A listener inquires about successful approaches to recruiting support for security initiatives, and the team shares stories about educating stakeholders, developing champions, and encouraging security program collaborators, especially when planning a multi-year, multi-pronged strategy. Check out this week's video: If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. For general information, you can reach us at info@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following a listener request, Justin Fimlaid and Jack Danahy are talking about successful paths forward when a CISO finds themselves in a role that's a little larger than they expected, or an organization has a well-meaning CISO that needs a little more time to get it right. This happens all the time, and it doesn't have to end with burning out or throwing out an otherwise capable executive. If you find yourself in that oversized chair, sit back and give a listen. Helpful links: The Hunt for the Super CISO Part 1 The Hunt for the Super CISO Part 2 CISO Job Description Download Check out this week's video:   Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following well-publicized comments from Zurich Insurance CEO Mario Greco on the potential demise of cyber insurance, Justin and Jack are digging deep. They describe the challenge to insurers, the potential for unlimited liability, and propose a new and more intentional model that benefits insurers, clients, and the CISOs involved. It's a new take on a thorny problem, with lessons for all players. Links: Are Cyber Attacks Uninsurable? World Economic Forum 2020 Grim Insurance Predictions On a lighter note: Whisky Home - Old Forester | First Bottled Bourbon™   Check out this week's video:   Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this last episode of PWNED Season 3, Justin and Jack are paying off the year's debts from infractions against the Pit of Despair, while analyzing a BlackHat announcement by a leader in the market. There are debts to be paid, and there's a striking new example of the old security tendency to obscure, over-the-top messaging. The season is going out with a bang, and it looks like Season 4 will start with a blank slate but a full list of issues to watch for. As mentioned in this episode, check out the Security Bullshit Generator! Check out this week's video: Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

After much work and a little fanfare, the 2022 SLED Cybersecurity Priorities Report has been publicly released.  Justin and Jack are giving a quick overview of the findings, along with their usual, and unavoidable, take on some of the results. For those of you who have participated in the research or have been following the lead-up to this day, you'll be glad to hear that the result does not disappoint. Here's the announcement: SLED Leaders Find Roadmap for 2023 Success in Groundbreaking Report From NuHarbor Security | Business Wire And here's the CPR: https://info.nuharborsecurity.com/2022-sled-cpr 

In this episode of PWNED, Justin springs an unexpected topic, based on his deep affection for social media. Seeing a post from a security leader who feels he has been unfairly held accountable by his company, he's bringing it to the podcast. We've got victimhood, CISO expectation setting, transparency, and disappointment, all in one episode as Jack and Justin take this common feeling apart. As referenced in this episode, you can find the book, "Can't Hurt Me", by David Goggins here: Can't Hurt Me, David Goggins If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack are talking about the trends, common concerns, and research done to support the soon-to-be-released 2022 SLED Cybersecurity Priorities Report. Input from hundreds of sources has been combined with insights from major vendors and the NuHarbor team to deliver some surprising conclusions about the state of the SLED cybersecurity landscape and the leaders that are transforming protection of public services and public trust. As referenced in this episode, check out this article by Wendy Nather (2011) on the The Security Poverty Line.  If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/  

Following the news that Twitter, now owned by Elon Musk, is charging users for a "blue check" next to their name -- an icon that once signaled a verified and authentic user, Justin and Jack discuss the cybersecurity implications behind this new phenomenon, and clear away the confusion and chaos that comes with it. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this RightSwipes episode of Pwned, Justin and Jack start with an analysis of the recent CrowdStrike acquisition of Reposify, and while they may not agree on the love match, it starts an interesting new debate on "Best-in-Breed" versus "Combined Value" players in cybersecurity. It's an important point of inflexion for companies, and maybe for the cybersecurity market, so listen in. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

  In this final episode with Justin and Jack speaking to a group of state security leaders, the PWNED team is talking about a series of topics from new, more successful awareness campaigns to the challenges of avoiding being a target in the first place. This entire session is driven by audience questions, and you may hear one that you'd have asked were you there. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In their second episode in front of a group of public sector tech execs, Justin and Jack are talking about the challenge and risks of application security, including the cascading exposure from supply chain vulnerabilities like log4j. They also spend some time talking about the attack trend towards automation and the ubiquitous threats that indiscriminately target organizations regardless of size or specialty. It's another episode driven by listener questions and current events, with a focus on the impact to mid-sized organizations and those who serve through the SLED community. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this first installment of a three-part series, Justin and Jack are speaking with public sector leaders about the unique challenges and successes of securing platforms and systems within the State, Local, and higher Ed (SLED) community.  They've got plenty of experience and plenty to say as they answer questions about current threats, new approaches, and the patterns of success that NuHarbor has seen over the past few years. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following another school system breach and some pretty dire reporting, Justin and Jack are reviewing current events and talking about the current environment of risk and impact to K-12. There is plenty to discuss, but the result is a much more balanced view and some thoughts on applying a reasonableness filter to the stories we're hearing. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In a new two-for-one Breach of the Week, Justin and Jack discuss a couple of controversial events from the news this week.  First, the recent disclosures by Twitter's Pieter (Mudge) Zatko and a follow-on article by long-time security icon Edward Amoroso, have our hosts sharing two different points of view on what the story means.  Second, we get back to a harmonious Pwned cast as Justin and Jack discuss the recent LastPass source code breach, which was handled quickly and effectively by the LastPass team. It's a two-fer, combining the role of the CISO and the hyperbole of breach reporting, all in one BOTW episode. Helpful Links: Edward Amoroso's article CNN Business article reporting on Mudge LastPass blog post If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Justin and Jack join John Egan, founder of Mad River Distillers, for a chat about his thoughts on cybersecurity acquisitions, and his own experience as a lawyer in the technology field. Special thank you to John, Mad River Distillers President Mimi Buttenheim, and General Manager/Head Distiller Alex Hilton for welcoming the team and giving their time. To view the Mad River crew, click here. Justin and Jack took the time to write out reviews of some of the beverages from Mad River. Those can be found below: Burnt Rock Bourbon The Burnt Rock Bourbon has a long finish, combining a sweet undertone of vanilla and oak with a distinctive power at the front of the palate. Revolution Rye The Revolution Rye is a spicy entrant, capable of standing up to an ice cube, or even a little mixing, without losing its personality. That's why we featured it in our Old Fashioned Madman cocktail. PX Rum All of the bourbons and even the featured special, a caramel-y rum called the Mad River PX Rum, have a custom feel to them. There is a sense that somebody specifically put that booze in that bottle with thought for who would be drinking it. If you want to reach out to John Egan, you can email him at jegan@goodwinlaw.com, or find him on LinkedIn. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

We've got more mail! Thank you to Mike for sending in this intriguing questions about how to decide what cybersecurity college program to attend to get the most for your future. Justin and Jack have an answer for you, and it's a little more complicated than you would think; take a look at a program's past and present successes to determine what you want your future to be. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

With the release of the new Enterprise Strategy Group (ESG) report, by Jon Oltsik, in late July, Justin and Jack sit down and discuss their thoughts on the research and the importance of consolidating industry-wide terminology and technology. Will they deem the report to be spot-on, or are there just too many unrealistic expectations? Tune in to find out! If you would like to read through the ESG report, please click here. For information on the AWS conference, please click here. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Jack is back at it this time at the National Association of Counties (NACo) conference in Aurora, Colorado. Justin attempts to remotely highjack the microphone to discuss Maslow's Hierarchy of Needs for Cybersecurity with the audience. Justin checks in before and after the presentation to discuss talking points, maturity of an organization, and how the presentation went. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this special Pwned episode, Justin and Jack discuss Almanna Cyber - their new cybersecurity accelerator fund. Almanna, derived from the Old Norse word for "everyone", is just that: a cyber accelerator for everyone. The J's are inviting new cyber startups and individuals with a great ideas to apply for membership in their first cohorts. Sharing over 50 years of experience in the industry, and having built multiple successful cybersecurity businesses, Justin and Jack will help cohort members to grow their own ideas and companies into a strong, successful, cyber business. Pwned content will still be released weekly, but keep an eye out for their new podcast as well: Cyber Engine, which can be found on your favorite podcast streaming apps, or through the Almanna Cyber Website. To listen to the first episode, please click here. For questions regarding Almanna Cyber, please visit www.almannacyber.com, or email Justin at justin@almannacyber.com or Jack at jack@almannacyber.com. If you have any questions or suggestions regarding Pwned, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

US birth rates are the lowest in 40 years, and we may be seeing a spread of that trend into our RightSwipes matchups. With no meaningful Swipes in sight, Jack and Justin are taking a look at the SwipeScene and drawing some conclusions (and predictions) about the Swipeless period we find ourselves in. Is it a return to the bright lights of fundamental analysis showing some of the real faces behind the carefully crafted cosmetics, or is everyone taking a "wait & see" attitude towards the end of the night? Hard to tell, but Justin and Jack are making some prognostications for the quarterly and yearly likely SwipeStats. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this GOGO (Give One, Get One) episode of Pwned, Justin and Jack discuss two recent breaches. The first, a breach of 23 million compromised accounts from CafePress that was disguised to users as a password policy update; and the other a recipe for a hot tub breach with a side of "hot, stinky soup". To access the articles we reference in this episode, check out these links below: Judgment against CafePress CafePress Fined $500,000 After Massive Data Breach CafePress Slammed After Major Breach Affecting 23 Million Hacking Into the Worldwide Jacuzzi SmartTub Network  Jacuzzi Could be Hacked, Turned Into "Hot, Stinky Soup", Researcher Warns If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

An overachieving heart surgeon in Venezuela has turned his hand to ransomware, and it looks like his heart was really in it. Sadly for him, but great for those us losing "patients" with this cottage economy, he was busted by the FBI, and it's Code Blue for his highly-rated, 5-star reviewed, $10K+/month, custom ransomware platform and SDK. Justin and Jack break it down and talk through the details and the factors that are making this type of malpractice possible. For more information on this topic, check out these links: Medical Economics Article by Todd Shyrock SecurityWeek Article If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

As their portfolio companies (and everyone else) are facing a sea change in market and financing conditions, Sequoia Capital has shared their recommendations for surviving the storm. In this episode of Pwned, Justin and Jack provide a Pwned-style interpretation and application of the insights while taking a regretful victory lap over their earlier predictions that this market reset was also coming for cybersecurity. For more information on references we make in this episode, check out the links below: Sequoia Deck Hungry Hungry Hippos Synthetic Unicorns Cybersecurity Company Uncertainty If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Applications are the root of so many things we use on a day-to-day basis. In this episode, Justin and Jack discuss a way more pragmatic approach to application security than securing all data at once. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Justin and Jack are joined by NuHarbor ace recruiter, Olive Robb, for an open discussion of cybersecurity recruiting, the job market, and an employer's view of resumes that show lots of movement. It's a candid conversation, as usual, with some recommendations about making the most out of your own positions and time in the cybersecurity market. Olive is happy to connect directly over email or LinkedIn regarding opportunities here at NuHarbor. Looking for future opportunities or don't see something exactly up your alley? We also have a general careers email if you wish to send along your resume. Olive's LinkedIn: Olive Robb | LinkedIn Olive's email address: orobb@nuharborsecurity.com NuHarbor's general careers email: careers@nuharborsecurity.com If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In the second half of our CISO recruiting series, Justin and Jack are talking about the pressure, about incident handling, and about the importance of intellectual curiosity in this hire. There are tips for candidates, hiring teams, and even executive management in general, on what to expect, and how to look for it. To view our CISO job description write up, click this link.   If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

The first of a two-part series, this episode highlights what qualities make a good Chief Information Security Officer (CISO), along with how to find the perfect candidate and what the right questions are to ensure they meet those capabilities. Make sure you tune in for part 2! If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this Breach of the Week episode, Justin and Jack share the story of how 600 million USDC was stolen from Axie Infinity, as well as some other crypto catastrophes with the purpose of deciding whether cryptocurrency has the stability and safety to move from its current second-class status to a legitimate, recognized, form of practical currency. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following the National Collegiate Cyber Defense Competition (NCCDC), Justin and Jack talk with their director, Dwayne Williams, about the competition, his own history, and some insights on the next generation of security leaders. We even get his well-honed view of the likely future of the cybersecurity space and threats within it. A special thank you Dwayne for taking the time to bring his voice to Pwned, and for his continuing efforts to raise the caliber and quantity of college students moving into cybersecurity. Congratulations to the University of Central Florida on their triumph, and to all the finalists for securing a place in the national competition. If you wish to get in contact with Dwayne, you can email him at dwayne.williams@utsa.edu. For information on the NCCDC, please visit this website. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Justin and Jack are digging into the pressures and practical realities of cybersecurity investing, both from investor and company perspectives. From a need to spend to the evanescence of some valuations, the two J's are taking party hats off of ponies and providing some advice for companies that are currently feeling the pinch of an emerging and more realistic investor appetite. To read the article we referenced in this episode, click here.  The picture we reference can be found below. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this episode of RightSwipes, Justin and Jack take a look at Security Week's article of 40 cybersecurity company acquisitions that took place just in the month of March of 2022. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following up on our January prognostications, Justin and Jack highlight the emergence of the foreshadowed "mXDR" vendors and the causes of the ongoing devolution of security language. All isn't lost, though, as the team recognizes the potential for a beneficial new set of demands from Board-level security voices. To listen to the XDR episode, "Pwned GigaByte -  The Pit of Despair", click here! If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In a Washington Week series where the team has reviewed both private and public sector cybersecurity memoranda from the President, they're now looking at an announcement that really matters; cybersecurity guidelines from the Securities and Exchange Commission. Will this be the catalyst of change? Will these requirements make cybersecurity better? Probably not. If you want to read more about the subject, check out these links below: SEC Rule Announcement SEC Rule Summary Full SEC Rule Sarbanes-Oxley Regret Judge Learned Hand and the Formula for Neglect Forbes Article Harvey Dent Reference If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In the second Pwned Washington Week episode, Justin and Jack are interpreting the President's National Security Memorandum #8 and they're finding more trees than forest. Add to that a call for a different style of advisor to the President, a metaphorical insertion of Harvey Dent, and it's a full basket of Pwned insights. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/  

In the first episode of Pwned's Washington Week series, Justin and Jack lay out the details of the Biden Administration's announcement on protecting national security. Is it too little, too late, too optimistic, or just more political noise? If you're interested in reading the articles we mentioned in this episode, check the links below! Statement by President Biden on our Nation's Security FACT SHEET: Act Now to Protect Against Potential Cyberattacks If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We'll catch you next time. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/