The Cipher Podcast

The goals and needs of IT and Cybersecurity are different. IT is more focused on uptime and keeping systems running. Cybersecurity is focused on reducing the risk of data breaches, ransomware and other negative impacts from threat actors. The holistic approach to balance these elements can be accomplished with effective Governance, Risk and Compliance (GRC). In this episode we discuss what benefits GRC solutions can bring to companies, how a vCISO can help, and more. Our guest is Cipher's Kevin Kurzawa, who leads GRC in the United States.For more information on Cipher's GRC services, visit www.cipher.com/grc.

The US government has made cybersecurity a key focus for national security. As such, different organizations within the Government have issued guidance related to to cybersecurity standards. The impact of these actions and what it means for private organizations is a complex topic. We break it down with TrustMAPP CTO and CISO Allan Alford.

The blockchain, cryptocurrency, tokenization, social media, gaming, and the metaverse have created a new class of assets unique to the digital world. These assets have made many rich, but they are vulnerable to theft and fraud. We discuss this topic with Prosegur Global Director of Innovation and Product Development José Daniel García Espinel.

Organizations should understand what happens when they are breached, in order to measure the value or their tools and understand how long it takes for them to detect threat actors. SCYTHE is an Adversary Emulation tool that enables organizations to do this in a repeatable and secure way. CTO Jorge Orchilles joins the episode to discuss how this methodology and tool differs from other cybersecurity practices, how it can help organizations improve, and what a Purple Team is.Learn more about SCYTHE at www.scythe.io.

We covered the top trends and stories from 2021 in the world of cybersecurity and related topics in this episode. Read the accompanying blog for links to the articles mentioned and charts of the trends: https://cipher.com/blog/year-in-cybersecurity-recap.

LogRhythm recently released a report on 'Security and the C-Suite: Making: Security Priorities Business Priorities'. In the report, they evaluated the influence of security leaders in enterprise organizations. LogRhythm Chief Security Officer and VP of R&D  James Carder joins the episode to give his expert insights into the topic. Read the report at https://logrhythm.com/making-security-priorities-business-priorities. 

The term Secure Access Service Edge (SASE) was coined in 2019 to describe an emerging security and network framework. Since then, the term has taken off with many companies marketing their solutions as part of the SASE concept.Our guest for today's episode is Nate Smolenski who is the Head of Cyber Intelligence Strategy at Netskope.  Netskope is touted as the SASE Leader. We cut through the acronym soup of the cyber world to identify how organizations benefit by implementing SASE concepts, in terms of both security and productivity. The first week of November is Netskope SASE Week. During this week, cybersecurity professionals can join a variety of free workshops and sessions led by industry experts. 

Nearly every computer that runs Windows has Active Directory (AD). This structure helps organizations manage user identities, privileges, and much more. The power that AD has means threat actors are often targeting it to execute attacks. Our guest for the episode is Christopher Keller, who is Senior Security Engineer at Tenable. We cover the common mistakes admins make with AD, how hackers take advantage, and what companies can do to improve.

The root cause of untold cyber attacks is the age-old technique of social engineering. KnowBe4 Security Awareness Advocate James McQuiggan joins the episode to lend his expert analysis and insight. We discuss the concepts of social engineering and how cybercriminals use it to manipulate people. October is Cybersecurity Awareness Month. One of the themes is Fight the Phish. Social engineering plays into why people fall for phishing emails. The message is “Think before you click on any suspicious emails, links or attachments and make sure to report any suspicious emails if you can!” 

Neste episódio, falamos sobre “SASE – Como conciliar rapidez de resposta e proteção de dados”. Para essa conversa, convidamos o Renato Jager, o nosso CTO LATAM na Cipher.Ouça agora e fique por dentro de mais um episódio!

The threats that organizations are facing today look a lot different than 20 years ago. Cybersecurity concerns are now a core topic. David Fernicola Vice President of Global Risk Services at Prosegur joins this episode to discuss what has changed and how a modern organization should view risk management and security.For more information on Prosegur Global Risk Management, visit www.prosegur.us/security-solutions/global-risk-services. 

In this episode, we go into the core concepts of Zero Trust and how it relates to cybersecurity. AppGuard Chief Product Officer Kristen Gandhi joins the episode. She explains how AppGuard software stops cyber threats using a Zero Trust framework. Tips for becoming more resilient to cybersecurity threats are also covered.

Last May, Colonial Pipeline was hacked. This caused massive impacts around the United States. Recently the Biden Administration took a series of steps to guide companies in the utility industry to improve their cybersecurity. We discuss the topic with Brian Maloney in today's episode. Brian has extensive experience designing cyber solutions for companies in the utility sector.Download our report on the DOE RFI results at https://info.cipher.com/cybersecurity-for-critical-electric-infrastructure.

Cipher recently held a webinar with Cmd on how to secure digital connections. Cmd delivers runtime security for cloud workloads and Linux assets. The session was hosted by Cmd's Chief Security Officer Jake King and Cipher CTO David Rickard. They go over different attack techniques and how to stop them. We present an audio recording of the session now.

Neste episódio, falamos sobre "Gestão de equipes de alta performance em tempos de pandemia”, como realizar a gestão da sua equipe remotamente, quais os desafios, formas de liderança, como ajudar sua equipe com as metas e, outras informações.Para essa conversa, convidamos o David Tudino, que está na Cipher há mais de 10 anos, onde atuou como diretor de MSS e agora assume o cargo de BDM América Latina na Cipher.Ouça agora e fique por dentro de mais um episódio!

Neste episódio, falamos sobre "os riscos da alta exposição de suas informações pessoais”, como se proteger dos golpes de engenharia social, os perigos em publicar a imagem do cartão de vacina da covid-19, como ter uma navegação segura na internet e, outras informações. Para essa conversa, convidados o Fernando Amatte, diretor de red team e cyber intelligence da Cipher.Ouça agora e fique por dentro de mais um episódio!

Neste episódio, falamos sobre como a comunicação e o marketing estão posicionados em tempos de pandemia e em como a Cipher enxerga o crescimento de marketing digital com o mercado de cybersegurança. Para essa conversa, convidados a Patricia Teixeira - diretora de marketing para América Latina da Cipher.Ouça agora e fique por dentro de mais um episódio!

Como as ferramentas de segurança conseguem ajudar as empresas estarem em compliance com a LGPD?Neste episódio, falamos sobre a proteção das informações PII no ambiente integrando outras tecnologias como DAM, SIEM e como saber onde estão as informações que precisam ser protegidas.Apresentação: Wesney Bolzan - Latin America, Information Security and Integration Director.

Our final podcast episode of the year looks at the immense cyber attack that took place recently. SolarWinds software was hacked, which led to government and private organizations being breached. We look at how it happened and what organizations should do to stay secure.Visit NSA and Department of Homeland Security websites for more information: https://cyber.dhs.gov/ed/21-01/. 

Cipher joined forces with the American Health Information Management Association (AHIMA) to present a panel discussion on cybersecurity for healthcare. During the session, our expert panel discussed hot topics of the day related to cybersecurity. This episode presents a recording of the discussion.

PCI-DSS es una certificación que minimiza los riesgos relacionados con el procesamiento, transmisión y almacenamiento inadecuado de las tarjetas de pago, lo cual es obligatorio para todas las empresas que realizan transacciones con tarjetas. 

We dive into the future of IoT and Internet-connected devices in this episode. This episode comes in the form of a recording from a recent live stream with Prosegur USA's Director of IoT Greg Kuhn. Greg and the hosts cover what the use-cases for connected devices exist today, where things are heading, and how cybersecurity factors in.Watch a recording of the streaming session at https://cipher.com/blog/the-future-of-connected-devices/.

Cipher torna-se a primeira empresa brasileira certificadora em segurança de PIN Security.Neste episódio, convidamos os nossos colaboradores do time de GRC para falarmos sobre Pin Security e como funciona essa certificação.

We are kicking off Cybersecurity Awareness Month by investigating a scam technique that has resulted in $26 billion in loss since 2013. This technique is Business Email Compromise (BEC). Attackers compromise or spoof emails and convince victims to give money or perform other negative actions. To dive deep on the topic we welcome FireEye Cybersecurity Engineer Jamie Maxfield. Jamie covers some of the technical safeguards FireEye products have in place to stop scammers from defrauding companies and individuals. The episode also goes into ways people can detect these scams even if the technical safeguards are not present.Learn more about Business Email Compromise in our recent blog post: https://cipher.com/blog/business-email-compromise.

Vulnerability management is a critical task for IT teams. Every day, software companies release patches and new vulnerabilities are discovered. In this episode, we cover the ins and outs of how teams manage vulnerabilities using traditional methods like scanning. Cipher Cyber Intelligence Manager André Pinheiro joins the episode to discuss how Cipher's brand new solution cuts the response time for patching vulnerabilities down significantly. We call the solution Proactive Vulnerability Alerting. It pushes customized notifications of vulnerabilities to companies in hours instead of days.Read more about the new service at https://cipher.com/blog/proactive-vulnerability-alerting/.

Confira mais um episódio do nosso #CipherCast - Vazamento de senha recorrente com o nosso diretor de red team services Fernando Amatte.

Over 300,000 companies in the US could become subject to the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) soon. This new certification is required for companies that do business with the DoD, either directly or as a sub-contractor. Chris Saucier is the CMMC Lead for NetBrain Technologies and he shares his expertise on the topic. The hosts go over what the new certification requires for companies now and how it could change in the future. The primary recommendation for working towards complying with the new model is for companies to start building a culture of cybersecurity awareness across the organization.Learn more about NetBrain's CMMC offering at www.netbraintech.com/automation-for-cmmc-compliance.

Retired Navy Rear Admiral Danelle Barrett joins the podcast to discuss her strategy for managing the cybersecurity landscape of a huge organization like the Navy. She covers her first-hand experience with digital transformation at the Department of Defense. Admiral Barrett strongly advocates thinking like the adversary in order protect networks. Doing this helps leaders at organizations look critically at data collected and analyzed and make the best business and military decisions. She goes over the potential benefits and cybersecurity misconceptions of open-source software. Finally, Admiral Barrett gives career advice. 

Retired Air Force Lieutenant Colonel Vincent Sullivan joins the episode. Mr. Sullivan has extensive front-lines cybersecurity management experience. He gives advice on leadership, professional development and strategies to secure organizations.

Video monitoring and IoT use is on the rise with 5G being rolled out. In addition, security teams are turning to monitoring as buildings continue to be empty due to COVID-19 restrictions. The monitoring goal is to keep the areas secure. The Cybersecurity element of the monitoring should also be secured, or data could be stolen and access disrupted. Prosegur USA's Director of IoT Greg Kuhn joins the episode to discuss both video monitoring and how the devices are secured digitally.  Learn more about Prosegur USA and how they help safeguard companies at www.prosegur.us. Read about YellowBox, which protects IoT devices at www.cipher.com/yellowbox.

In this episode, we present a recording from a live Virtual Tech Talk we held on Cloud Cybersecurity last week. The trio of Cloud Experts went through common cloud misconceptions, tips for securing platforms, working with partners and more.Learn about CipherBox, which is our solution for securing Cloud-connected systems.

In this episode, we look at what the Payment Card Industry (PCI) regulations and compliance is all about. We welcome Principle Cybersecurity Consultant Juan Munera to cover the top questions he encounters regarding PCI. Juan goes over what to look for when picking an Approved Scanning Vendors (ASV) or Qualified Security Assessor Companies (QSAC). He also goes over his top tips for making the process easier. Learn more about Cipher's PCI offerings at https://cipher.com/pci-dss-payment-card-industry-data-security-standard/.

Managing cybersecurity and remote work at a large enterprise is challenging. Archer Daniel Midland (ADM) is a leader in the food industry. They have over 30,000 employees and $60 billion in revenue. ADM CISO Tom Dager joins the podcast to give an expert view on how he manages both his team and the company's cyber posture. Topics covered include work-life balance, Bring Your Own Device (BYOD), Cloud, how to optimize the internal IT architecture, and planning for the future. Learn more about ADM at www.adm.com.

Neste episódio conversamos com nossos colaboradores do time de RH, com algumas dicas e cuidados para entrevistas virtuais e também algumas informações sobre como a empresa está se organizando internamente com um time 100% remoto.

We discuss business resiliency and disaster recovery with the CTO of Webair Sagi Brody in this episode. Confidentially, integrity and availability are the foundation of a successful cybersecurity posture.  Availability is the key aspect covered. Sagi goes into what the difference is between just doing backups and having a robust disaster recovery strategy. The episode also delves into ransomware and how to lessen that threat.Cipher, Webair and Jovia Credit Union will be holding a Virtual Tech Talk on August 12, 2020 on Security in the Cloud. Register at https://attendee.gotowebinar.com/register/4324436814767912975?source=cipher-podcast.

In this episode, we talk with Cipher's Security Operations Center Manager in Portugal, Gonçalo Amaro. He goes over his real-world experience stopping hackers at each step of the cyber kill chain. Frameworks like MITRE ATT&CK are utilized to understand what the attackers are doing and at what stage of an attack they are doing certain malicious activities. Defensive Playbooks for attacks can prepare the cybersecurity experts to more rapidly impede or thwart an attack. Gonçalo also talks about how targeted spear phishing campaigns are hurting companies as well as some of the impacts of remote work on cybersecurity.For more information about Cipher's Managed Security Services, visit www.cipher.com.

Neste episódio, vamos falar de um assunto tem sido cada vez mais comentado nos dias de hoje – o home office em tempos de isolamento social. Convidamos a Vandreia Oliveira, nossa gerente de RH da Cipher Brasil para uma conversa leve e repleta de informações da Cipher com seus colaboradores durante o isolamento social. Confira!

This topic of this episode is Red vs. Blue Team operations. Cipher Director of Technology and SOC Manager Ricardo Encinosa explores Blue Teams, which are tasked with defending a company from cyber attacks. He talks about the different systems used to defend the digital assets of companies and their benefits. Ricardo covers how logs and data paint the picture of a company's cybersecurity posture. Identifying and detecting cybersecurity incidents are the groundwork for defense. The guys also cover popular attack techniques and how Blue Teams perform incident response. Finally Ricardo covers what he looks for as he hires people to join the Cipher Blue Team.For more information about Cipher's Blue Team, which is heart of our Managed Security Services, visit www.cipher.com.

Cipher's Portugal CTO Sergio Alves joins the podcast with an eye-opening episode on penetration testing. He covers the difference between a vulnerability assessment and penetration test. Sergio understands how hackers operate. Then he goes into the Cyber Kill Chain components, including phishing and web server exploits. The guys also go over noteworthy attack techniques and tactics. Finally, Sergio goes over how application security testing works.Learn more about Cipher's penetration testing services on www.cipher.com.

Lanzamiento MDR Latam. 

Prosegur USA CTO Mike Dunn joins the podcast for an episode looking at how cyber and physical security are intertwined. Cipher is the Cybersecurity Division of Prosegur, so the relationship is especially important to understand. Physical devices like entry control and video cameras have a digital footprint. Dunn covers how to properly secure these Internet of Things (IoT) devices.Learn more about IoT security by listening to our previous podcast dedicated to the topic.

Neste episódio vamos falar de um assunto que desperta curiosidade em muitas pessoas sejam elas da área da segurança da informação ou não - Riscos de Segurança em Dispositivos Móveis. Para falar deste místico tema, nós convidamos Alexandre Armellini e Gabriel Barbosa, nossos membros de Red Team Services para América Latina.

Cipher Director of GRC & Data Protection Officer UK Clive Boonzaaier joins the podcast. He talks about why risk is an issue that should be discussed at the board level. Clive says understanding cybersecurity risks faced by an organization is not just the responsibility of IT. The risk is a problem to the whole of a business and deserves attention by top leadership. Clive also looks at how compliance, law and cyber frameworks are related. He also goes into details of ISO 27001, NIST and GDPR in order to look at what they mean for a company and their customers.Learn more about Cipher's Governance, Risk and Compliance offerings by visiting https://cipher.com/grc-governance-risk-and-compliance/.

Cybersecurity is an attractive career path. The demand for talented practitioners is strong. The work is interesting. How can someone join the field? Beyond credentials and certifications, there are some core soft skills and technical know-how that it takes to get into the industry and succeed. Cipher Director of Marketing Bill Bowman joined the guys to discuss what companies look for when hiring. Read our blog post on the same topic to learn more. If you are interested in a position at Cipher, follow up on LinkedIn to see new postings as they are posted.

Uncertainty is the theme of the day. There is an unprecedented amount of unknowns with regards to workforce size, remote work, business demand and more. At the same time, cybersecurity risk has increased. Gareth Jones joins the conversion to comment on how CISOs and business leaders are adapting.Register for our upcoming webinar on the same topic scheduled for June 30, 2020. 

No doubt you have heard the term MDR (Managed Detection and Response), but what exactly is it? Gartner said that “The marketing around MDR is increasingly confusing for buyers.” Separating the hype and buzz from the reality is what this podcast will do. We will compare MDR vs. MSS, look at deployment options and more.Get a Free Trial of CipherBox MDR at www.cipher.com/free-trial.

Delivering exceptional service to customers is what helps business grow. Cipher's VP of North America shares how Cipher is operating to help customers during these unique times. In 2019, Cipher became the Cybersecurity Division of Prosegur. The benefits for customers as a result of this new arrangement are are also covered. Prosegur provides physical security, remote video monitoring and retail security in the US.

On the Dark Web, disinformation, fake cures and offers to sell masks abound. Listen to our head of Red Team Services discuss how threat actors are trying to exploit the COVID-19 crisis.

Desde que a pandêmia foi decretada pela OMS – Organização Mundial da Saúde, estamos vivenciando uma vida diferente e com muitas incertezas. Sabemos que muitas pessoas se aproveitam da fragilidade de muitos para ganhar dinheiro e oferecer produtos milagrosos. Na DarkWeb não é diferente.Nosso diretor de Red Team Services para América Latina, Fernando Amatte, fez uma pesquisa na DarkWeb e encontrou “curiosidades” que valem a pena ser compartilhadas.Iniciamos com a notícia divulgada no dia 28 de Abril, pela CNBC – canal de assinatura da NBCUniversal dedicado a notícias de negócios, informando que a Pfizer – multinacional Americana farmacêutica está se preparando para iniciar a produção de vacinas para o COVID-19.

Cyber Intelligence is a term that is thrown around by people in cybersecurity frequently. In the podcast, we break through the jargon to talk about what cyber intelligence really is and how it helps companies in reality. To accomplish this mission, we welcome special guest André Pinheiro, Cipher Director of Cyber Intelligence. 

In the cybersecurity world, "hardening" refers to making sure the settings, permissions, patches and configurations of various technologies are correct. Both cloud and on-premise environments can and should be hardened. Listen to what cybersecurity practitioners need to know about hardening.