The SecureWorld Sessions

Business Email Compromise (BEC) remains rampant, with annual losses in the billions of dollars. Every type of organization is at risk. During this episode, we discuss key things your organization and people should know about this cybercrime, plus the most effective way to respond in hopes of recovering some of the losses. Our two guests are with the United States Secret Service: •  Stephen Dougherty, Financial Fraud Investigator, Global Investigative Operations Center •  Michael Johns, Assistant Special Agent in Charge Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Check out their cyber mercenary report (very in-depth) below. Resource Links: •  New Trend Micro report, "Void Balaur: Tracking a Cybermercenary's Activities": https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf •  Stephen Dougherty on LinkedIn: https://www.linkedin.com/in/doughertysteve •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

What is a cyber mercenary group and who are they attacking through cyberspace? In this episode, Feike Hacquebord, Sr. Threat Researcher at Trend Micro, reveals extensive details of a cyber mercenary group he has been tracking for more than a year, which he calls Void Balaur. "They target a lot of doctors… they are sending phishing emails to target senior engineers working for phone companies, they are targeting banks, as well. And all of these targets have one thing in common: they have a lot of personal data on people," Hacquebord says. The group is also going after activists, political leaders, and journalists. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Also, check out the cyber mercenary report (very in-depth) below. Resource Links: •  New Trend Micro report, "Void Balaur: Tracking a Cybermercenary's Activities": https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf •  Trend Micro Sr. Threat Researcher Feike Hacquebord: https://www.linkedin.com/in/feike-hacquebord-33902b5/ •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

This discussion on the cybersecurity talent pipeline problem is unlike any other you have heard before. And you and your organization could play a part in growing the future of the cybersecurity workforce. We're talking with the founders of the Last Mile Education Fund: •  Rian Walker, Information Security Analyst, Financial Sector •  Sarah Lee, Director, School of Computing Sciences and Computer Engineering, University of Southern Mississippi •  Ruthe Farmer, CEO & Founder, Last Mile Education Fund Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Last Mile Education Fund: https://www.lastmile-ed.org •  Trend Micro initiative, Cybersecurity Education for Universities: https://www.trendmicro.com/internet-safety/university •  Trend Micro's "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Can brain hacks and cybersecurity habits improve the security posture at your organization? CISO George Finney of Southern Methodist University believes the answer is yes and he makes his case in this episode. Also, here's a big idea: cybersecurity doesn't slow down digital transformation, it speeds it up. Gigamon CTO Shehzad Merchant explains how and looks at Big Data and its underpinning technologies. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Take George Finney's cybersecurity personality test: https://wellawaresecurity.com/cyber-personality-test •  Connect with Shehzad Merchant on LinkedIn: https://www.linkedin.com/in/shehzad-merchant-1674b8 •  Trend Micro "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Andrew "AJ" Jarrett is Applied Cybersecurity Program Manager at the Cyber Readiness Center (CRC) and Texas A&M Engineering Extension Service (TEEX). He's been a wildland firefighter for more than a decade and believes Emergency Response frameworks that save lives can apply to cyber incident response and IT security to help protect organizations. He believes this can help make information security better. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Trend Micro's "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  Connect with Andrew Jarrett on LinkedIn: https://www.linkedin.com/in/andrew-jarrett-tx •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Ed Cabrera is the former CISO of the United States Secret Service and current Chief Cybersecurity Officer at Trend Micro. He believes we are at an inflection point in cybersecurity and is cautiously optimistic. During this conversation with SecureWorld, Cabrera also discusses ransomware, cryptocurrency, threat intelligence, cyber insurance, and more. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Trend Micro "Vision One": https://www.trendmicro.com/en_us/business.html •  Follow Ed Cabrera on Twitter: https://twitter.com/ed_e_cabrera •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this SecureWorld Sessions podcast bonus episode, three Chief Information Security Officers play a game show around modern cyber resilience. What is cyber resiliency, how do you align it with business objectives, and is it possible a unicorn won this battle of the CISOs? Contestants include Ricardo Lafosse, CISO, The Kraft Heinz Company; Michael Boucher, Americas CISO, JLL; and Glenn Kapetansky, Interim CISO, University of Chicago Medical Center, and CSO, Trexin Group. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "Attacks from All Angles: 2021 Midyear Cybersecurity Report": https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/attacks-from-all-angles-2021-midyear-security-roundup •  Ricardo Lafosse on LinkedIn: https://www.linkedin.com/in/ricardolafosse •  Michael Boucher on LinkedIn: https://www.linkedin.com/in/michael-boucher-55771a •  Glenn Kapetansky on LinkedIn: https://www.linkedin.com/in/kapetansky •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Our guest on this episode is Jeremy C. Sheridan, Assistant Director, Office of Investigations, at the United States Secret Service. We discuss the evolution of ransomware in cybercrime, including: advances in technology, cyber insurance, the cryptocurrency challenge, the sophistication of ransomware actors, and much more. Also, thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "A Roadmap to Secure Connected Cars": https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/a-roadmap-to-secure-connected-cars •  Jeremey C. Sheridan, Assistant Director, Office of Investigations, U.S. Secret Service: https://www.linkedin.com/in/jeremysheridan •  United States Secret Service Cyber Investigations page: https://www.secretservice.gov/investigation/cyber •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Princeton University implemented a multi-year program to create a culture of cybersecurity throughout campus. It has already made an impact on the organizational security mindset, including risk reduction, implementing new technologies, broadening security knowledge, and strengthening campus partnerships. In this episode, listen to David Sherry, CISO of Princeton University, and Tara Schaufler, Information Security Awareness and Training Program Manager. They share ideas, inspiration, and lessons learned that can help your organization. Also, thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "A Roadmap to Secure Connected Cars": https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/a-roadmap-to-secure-connected-cars • David Sherry on LinkedIn: https://www.linkedin.com/in/davidsherry/ • Tara Schaufler on LinkedIn: https://www.linkedin.com/in/tarabrelsfordschaufler/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

What can organizations, the U.S. government, and everyday citizens do to stop the surge of ransomware and cyber threats hitting us from overseas? In this episode, we hear from retired Air Force Colonel Cedric Leighton. Leighton is a CNN military analyst who held cyber leadership positions while serving in the Air Force and currently runs the Cedric Leighton International Strategies consultancy. He explains the threats and motives of America's top nation-state cyber enemies. Plus, how we're thinking about the ransomware problem in the wrong way. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "Earth Baku Returns," on the APT's new cyber espionage campaign: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/earth-baku-returns •  Col. Cedric Leighton on LinkedIn: https://www.linkedin.com/in/cedricleighton/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Are CISOs getting sued? Yes. Investors filed a lawsuit that specifically names the CISO of SolarWinds as a defendant. Is this the beginning of a trend to sue the Chief Information Security Officer after a cyber incident? #InfoSec twitter reacts, and so do the experts on today's podcast: Rebecca Rakoski is co-founder and Managing Partner of XPAN Law Partners, and Glenn Kapetansky is Interim CISO at the University of Chicago Medical School and CSO at Trexin. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner, and for providing new research for this episode after analysis of millions of Linux security events. Resource Links: • SecureWorld News story, "Suing the CISO: SolarWinds Fires Back": https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds •  Trend Micro's Linux Threat Report 2021 1H: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this true cybercrime episode, we uncover the case of an insider threat scheme at an AT&T Wireless call center. Court documents reveal how rogue employees collected approximately $1 million in bribes. Plus, Dr. Larry Ponemon discusses the Insider Threat risk, and John Grimm discusses Insider Threat best practices. Resource Links: •  Trend Micro report, Risks in Telecommunications IT: https://www.trendmicro.com/en_us/research/21/g/risks-in-telecommunications-IT.html •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this true cybercrime episode, we interview Myra Rosario-Fuentes, Senior Threat Researcher at Trend Micro, who just completed an in-depth, two-year research project on Dark Web markets, especially those selling exploits that hackers use to take advantage of security holes in networks and devices. How much is a Zero Day exploit worth on the Dark Web? How did COVID-19 impact cybercriminals on the Dark Web? Also, we discuss access-as-a-service on the Dark Web, the latest on ransomware operators and affiliate programs, and more. Resource Links: •  New Trend Micro Report, "The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground": https://newsroom.trendmicro.com/2021-07-13-Nearly-a-Quarter-of-Exploits-Sold-on-Cybercriminal-Underground-Are-More-Than-Three-Years-Old •  Myra Rosario-Fuentes on LinkedIn: https://www.linkedin.com/in/mayra-rosario-fuentes •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this true cybercrime podcast episode, we interview Alexander Urbelis, cyber attorney and threat intelligence expert, who uncovered a cyberattack against the World Health Organization at the start of the coronavirus pandemic. Resource Links: •  Trend Micro phishing and ransomware white paper: https://resources.trendmicro.com/rs/945-CXD-062/images/Reduce-Phishing-Ransomware_Trend-Micro.pdf •  Alexander Urbelis on LinkedIn: https://www.linkedin.com/in/alex-urbelis-25aaab1/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this true cybercrime episode, we interview Cam, who was arrested for hacking when he was 14 years old. One of his focused cyberattacks was against SeaWorld San Diego. Now, he works as a cybersecurity professional. How did he get into cybercrime and then into a role defending against it? It all started with gaming. Resource Links: •  Trend Micro's Close the Gap program: https://www.trendmicro.com/closethegap •  Trend Micro's Zero Day Initiative: https://www.zerodayinitiative.com •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

How can we scale up the development of our collective cybersecurity talent pipeline, and what role can you play in this? How can your organization help develop talent? How can your alma mater or current university play a part in this? Hear about a model for this kind of work underway through partnerships at New York University Tandon School of Engineering. Our expert panelists: 1. Geoff Brown, CISO, City of New York, and Head of NYC Cyber Command 2. Liat Krawczyk, Assistant Vice President of the New York City Economic Development Corporation 3. Nasir Memon, Vice Dean at NYU Tandon, and Founder of NYU's Cybersecurity Program 4. Jim Routh, Former CISO at Mass Mutual, Aetna, and other enterprises 5. Joel Caminer, Sr. Director of Cybersecurity Education, NYU Tandon Resource Links: •  Trend Micro special supported SCORE program: https://www.score.org/technology-resources • NYU Tandon Cybersecurity Program: https://cybersecurity-strategy-masters.nyu.edu/landing-page •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Listen in as U.S. state cybersecurity leaders discuss key topics: •  coming year priority projects •  the ransomware surge and preparing for security incidents •  their organization's security culture and training to deal with issues •  innovative, special projects they are most excited about moving forward Featured presenters on this podcast panel: •  Vinod Brahmapuram, CISO, State of Washington •  Deborah Blyth, CISO, State of Colorado •  Maria Thompson, former Chief Risk Officer, State of North Carolina •  Moderated by Dan Lohrmann, CSO, Security Mentor, and former CSO, State of Michigan Resource Links: •  Trend Micro CISO resource portal: https://www.trendmicro.com/en_us/business/campaigns/art-of-cybersecurity/ciso.html •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Nancy Rainosek is the Chief Information Security Officer (CISO) for the State of Texas. She knows all about ransomware incident response. Her team played a key role in remediation after a coordinated ransomware attack hit 22 state agencies in Texas in a single day. 1. What was that ransomware day like for Rainosek and her team? 2. Was there a common vulnerability among the attacked agencies? 3. What did Texas learn during the ransomware attack that can help your organization now? Resource Links: •  Trend Micro special report on ransomware: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/modern-ransomwares-double-extortion-tactics-and-how-to-protect-enterprises-against-them • Nancy Rainosek on LinkedIn: https://www.linkedin.com/in/nancy-rainosek-4144893 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Josh Jackson is Founder and Executive Director of the AI Association, which advocates for the furtherance of artificial intelligence and automation in the United States. In this wide-ranging discussion about AI, Jackson unpacks the following: 1. How should we define artificial intelligence? 2. Where is the intersection of cybersecurity and AI? 3. What does the AI arms race look like, and what about AI ethics? 4. What if your organization does not have an AI strategy? Resource Links: •  Trend Micro report on ICS Security:  https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/keeping-cyber-risk-under-control-spotting-and-thwarting-ics-threats •  Josh Jackson on LinkedIn:  https://www.linkedin.com/in/joshjacksonco •  SecureWorld virtual conferences:  https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Shawn Tuma is a nationally known "breach quarterback" or "incident response coach" who walks victimized companies through the fallout of a ransomware attack. In this episode, he discusses the following: 1. What stages do organizations and security teams experience during a ransomware attack? 2. Would making ransomware payments illegal disrupt this cybercrime business model? 3. Is the Colonial Pipeline cyberattack a watershed moment for security? Tuma is Co-Chair of the Cybersecurity & Data Privacy Practice Group at Spencer Fane LLP. Resource Links: •  Trend Micro special report, "What We Know About the DarkSide Ransomware and the US Pipeline Attack": https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html • Shawn Tuma on LinkedIn: https://www.linkedin.com/in/shawnetuma •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events •  SecureWorld webinars, eSummits, and online training: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Join a CISO panel for a fast-moving discussion around the following questions: 1. The state of cybersecurity: what can we understand from security's rise and the rise of the CISO? 2. What does the business need more of from security teams? And what about from security leaders? 3. Are InfoSec job postings way out of line with reality? 4. What is something you've learned from a mentor or experience? Featuring these thought leaders: •  Britney Hommertzheim, Director, Cyber Operations, Cardinal Health •  Kevin Hardcastle, Associate CISO, Washington University in St. Louis •  Cindi Carter, CISO, IntSights Resource Links: •  MITRE Engenuity ATT&CK Evaluations by Trend Micro. See the results: https://resources.trendmicro.com/MITRE-Attack-Evaluations.html •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

2020 was a "blender" year, during which data privacy and cybersecurity seemingly took a backseat to the other major, pressing health and social issues. As more and more people are getting vaccinated and we reemerge into a world that looks a lot different (i.e. new laws and regulations, new threats, etc.), we need to consider and refocus on the important data privacy and cybersecurity issues facing organizations. In this episode, join Rebecca Rakoski, co-founder of cyber law firm XPAN Law Partners, and Glenn Kapetansky, Chief Security Officer at Trexin Group, as they discuss: the new threat landscape; new privacy and security laws impacting data collection; and best practices for addressing these evolving issues. Resource Links: •  Trend Micro report mentioned in the podcast, "The Nightmares of Patch Management: The Status Quo and Beyond": https://www.trendmicro.com/vinfo/be/security/news/vulnerabilities-and-exploits/the-nightmares-of-patch-management-the-status-quo-and-beyond •  Connect with Glenn Kapetansky on LinkedIn: https://www.linkedin.com/in/kapetansky/ •  Connect with Rebecca Rakoski on LinkedIn: https://www.linkedin.com/in/rebecca-rakoski-esq-1460b116/ •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

Are you "stuck" somewhere along your cybersecurity career path? Are you planning to pursue your InfoSec career goals "someday" down the road? Belinda Enoma has a cybersecurity and privacy background, and she's a Certified Information Privacy Professional (CIPP) in the U.S. She is also a career advice expert and the Founder of Activate & Implement LLC. In this episode, Belinda shares strategies for overcoming career obstacles. She says: "What did you leave on the back burner? Pick it up and launch. There's no time like now. Utilize the gift of now, of today, do what you've got to do, activate what you need to activate. It is imperative that you don't procrastinate." Resource Links: •  Patching best practices and solutions from Trend Micro: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-nightmares-of-patch-management-the-status-quo-and-beyond  •  Connect with Belinda Enoma on LinkedIn: https://www.linkedin.com/in/belindaenoma •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this episode, Michael Meyer, Chief Risk Officer and Chief Innovation Officer at MRS BPO, exposes three crucial myths around IAM in cloud, especially a multi-cloud environment. Are you believing the myths that stand in the way of properly implementing IAM (Identity and Access Management) in your cloud environments? Also, today's Trend Micro Top 3 is built around the Trend Micro Cloud One platform. Resource Links: •  How Trend Micro Cloud One works for organizations: https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-workload-security.html  •  Connect with Michael Meyer on LinkedIn: https://www.linkedin.com/in/michaelmeyergrcsecurity •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this episode, Mark Eggleston, Vice President and CISO/CPO of Health Partners Plans, speaks with security leaders about cyber resiliency, the return to the workplace, combatting nation-state cyber threats, pandemic lessons that can fuel digital innovation, and mental health in cybersecurity. Panelists include: •  Anahi Santiago, CISO, ChristianaCare Health System •  Joshua Cloud, Director of Information Security, NFI •  Nick Falcone, CISO, University of Pennsylvania •  Todd Bearman, VP & CISO, Global Infrastructure and Security Solutions, TE Connectivity Resource Links: •  Trend Micro publication, Preventing Ransomware While Working from Home  •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

In this episode, social engineering professor, entrepreneur, and author Christopher Hadnagy shares social engineering case studies and explains how these attacks are evolving and how you can protect yourself and your end-users. Hadnagy draws from decades of human behavioral research and his time as "Chief Human Hacker" at Social-Engineer, LLC. Resource Links: •  Christopher Hadnagy's author page: https://www.amazon.com/Christopher-Hadnagy/e/B004D1T9F4 •  Trend Micro on the evolution of social engineering attacks: https://www.trendmicro.com/vinfo/us/security/definition/social-engineering/  •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are discussing lessons learned from a CISO who led the way on her organization's business continuity plan (BCP) and pandemic plan. Milinda Rambel Stone is VP and CISO at Provation Medical. She shares a first-hand account of the planning, implementation, and takeaways from her company's BCP. And buckle up: security teams face more changes ahead as we emerge from the pandemic. Resource Links: •  Milinda Rambel Stone on LinkedIn: https://www.linkedin.com/in/milindastone/ •  Trend Micro paper: Security 101: Virtual Patching and Virtual Shielding •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are discussing a hotly debated topic in cybersecurity: best in breed point solutions versus an all in one type of security platform. Which is the best approach for your organization? And how is this part of the security landscape changing? Our guest is Greg Young, Vice President of Cybersecurity and Corporate Development at Trend Micro, who has watched this information security debate play out within organizations for the last three decades. He also served integral roles in Gartner's Magic Quadrant development over the years. Resource Links: •  Connect with Greg Young on LinkedIn: https://www.linkedin.com/in/

We are talking about how to align information security with the business. And our guest, ISSA International President Candy Alexander, says we may be thinking about this strategy in the wrong way. She is not afraid to be controversial, and in this episode she shares what security and business alignment should look like. Candy is also Chief Information Security Officer at NeuEon. Resource Links: •  Candy Alexander on LinkedIn:  https://www.linkedin.com/in/candyalexander/ •  Trend Micro's Cloud App Security Threat Report 2020: http://bit.ly/TM_Cloud_AppSec •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we start with a dramatization of a ransomware attack, which leads us to the ransomware lifecycle in real life. What is a ransomware attack incident response really like? How should you respond in the first hours? What does a 72-hour ransomware response look like? What should you do in the weeks and months following? Hear real-life examples and learn best practices from attorney Shawn Tuma, Co-Chair of the Data Privacy and Cybersecurity Practice at Spencer Fane. Also, don't miss Trend Micro's 2020 State of Ransomware report, available for free download, below. Resource Links: • Shawn Tuma on LinkedIn: https://www.linkedin.com/in/shawnetuma/ • Trend Micro report, "State of Ransomware: 2020's Catch-22": http://bit.ly/TM_SOR20 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

When an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible chilling effect around a common strategy for testing defenses. Now, Gary and Justin tell their story to the SecureWorld audience during a candid interview. They will take us through what happened to them and share what they learned in the process. Resource Links: •  Trend Micro, "15 Years of the Zero Day Initiative": http://bit.ly/TM_ZDI_15 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

We are asking questions about the SolarWinds data breach fallout. How did the SolarWinds breach impact everything related to legal and compliance? And how does it change the way you should look at Vendor Risk Management? We get answers from Glenn Kapetansky, CSO and Technology Capability Lead, at Trexin Group; and Rebecca Rakoski, Co-Founder and Managing Partner, at XPAN Law Partners, a cybersecurity law firm. Also, don't miss Trend Micro's Incident Response Playbook, available for free download, below. Resource Links: •  Glenn Kapetansky on LinkedIn: https://www.linkedin.com/in/kapetansky •  Rebecca Rakoski on LinkedIn: https://www.linkedin.com/in/rebecca-rakoski-esq-1460b116 •  Trend Micro Incident Response Playbook: https://www.trendmicro.com/vinfo/us/security/news/managed-detection-and-response/cyberattacks-from-the-frontlines-incident-response-playbook-for-beginners •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

"We were not prepared for a SolarWinds type of supply chain attack," says Cedric Leighton, CNN Analyst and U.S. Air Force Colonel (Ret.). In this podcast episode, Leighton examines how wide the impact of the SolarWinds cyberattack might be, possible collateral damage from the attack, and the most likely nation-state behind it all. Plus, Leighton explains the top nation-state cyber threats during 2021. Resource Links: • Cedric Leighton on LinkedIn: https://www.linkedin.com/in/cedricleighton • Trend Micro report, "Turning the Tide: Security Predictions for 2021": https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2021 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Long-term predictions are risky, but Rik Ferguson likes to predict things a decade into the future. Rik is Vice President of Security Research at Trend Micro. Building off his Project 2020, Rik is now working on Project 2030. In our interview, we get a glimpse of the future of AI, the future of malware, the future of wearables, the future of ransomware, and more. Also, we discuss implications of the 2020 SolarWinds data breach. If predictions are your thing, do not miss this episode! Resource Links: • Rik Ferguson on LinkedIn: https://www.linkedin.com/in/rikferguson/ • Trend Micro report fact check-Project 2020 in Review (PDF): https://2020.trendmicro.com/wp-content/uploads/2020/10/REP00_Project_2020_Summary_200928US_Web.pdf •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

What does the 2021 cyber law and privacy law landscape look like? Our first guest is attorney Jordan Fischer of Beckage Law. And how can you ensure total data discovery and then manage that big data with security and compliance in mind? Our second guest is Arun Gandhi, Vice President at 1touch.io, which specializes in this area. Also, we have new research from Trend Micro about 2021 cyber threat trends. Resource Links: •  Jordan Fischer on LinkedIn: https://www.linkedin.com/in/jordan-fischer-cipp-e-cipp-us-cipm-706b4147 • Trend Micro report, "Turning the Tide: Security Predictions for 2021": https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2021 • Arun Ghandi on LinkedIn: https://www.linkedin.com/in/arungandhi/ • 1touch.io and the Inventa platform: https://1touch.io/ •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

What does a resilient and secure organization look like? What are key strategies and technologies these organizations should have? How does a resilient organization empower its employees? In this episode, we glean insights from Adam Leisring, Chief Information Security Officer at Paycor. Also, we have new research from Trend Micro. The latest report is called "Inside the Bulletproof Hosting Business: Cybercriminal Methods and OpSec," and it's a fascinating read. See the link below to download. Thanks to Trend Micro for being our Premiere Podcast Partner. Resource Links: •  Adam Leisring on LinkedIn: https://www.linkedin.com/in/leisring/ • Trend Micro report, "Inside the Bullet Proof Hosting Business": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-bulletproof-hosting-business-cybercrime-methods-opsec •  SecureWorld Virtual Conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are learning about modern cybersecurity leadership. We hear from Yaron Levi, CISO of Blue Cross and Blue Shield of Kansas City. Levi shares about what security professionals need to do now to lead. And he helps us consider the following questions: Why is information security mainly reactive instead of proactive? Why do most organizations view security as a technology problem instead of a business risk problem? How come so many organizations lack a clear security strategy? And why do security leaders fall back on "silver bullet" solutions? There are reasons for all of these things, and as Levi explains, there is a better path for modern cybersecurity leaders to take. Resource Links: •  Yaron Levi on LinkedIn: https://www.linkedin.com/in/yaronrl/ • Trend Micro report on SLUB Malware Watering Hole: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we talk to Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro. 2020 was the cloud's biggest year, and we're talking about securing the cloud into the future. How do we make cloud security usable? How do we make cloud security stable? What does building in this environment look like right now, and what is the state of DevSecOps? What can we do about misconfigurations in the cloud? What are cloud security opportunities and challenges? And are cloud platform security tools enough to secure your data? Resource Links: •  Mark Nunnikhoven on LinkedIn: https://www.linkedin.com/in/marknca/ •  Trend Micro Cloud Migration Best Practices:  https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-migration-security.html •  Trend Micro Cloud One Conformity: https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-conformity.html •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we talk to cybersecurity leaders in the oil and natural gas industry. Experts from the ONG-ISAC (Oil and Natural Gas Information Sharing and Analysis Center) answer the following questions: •  What does the cyber threat landscape look like for the petroleum industry, and what are the potential impacts? •  What are barriers to sharing threat intelligence and benefits of doing so? •  How do you see cyber threats evolving in 2021 and beyond for the energy sector? Also, details on Trend Micro's white paper on the vulnerabilities for the water and energy sectors. Links from the show: •  ONG-ISAC: https://ongisac.org/ • Trend Micro whitepaper, "Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries": https://documents.trendmicro.com/assets/white_papers/wp-exposed-and-vulnerable-critical-infrastructure-the-water-energy-industries.pdf •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we talk to James Goepel about the Cybersecurity Maturity Model Certification (CMMC). He discusses this important new certification for supply chain security within the U.S. Department of Defense (DoD) system, addressing the following: •  Why was the CMMC created? •  Who needs the CMMC? •  How will the CMMC work? •  Will the CMMC spread beyond the DoD? James is a former member of the Board of Directors for the CMMC Accreditation Body, and is now CEO of Fathom Cyber. Also, Trend Micro shares details of its Midyear Security Roundup. Resource Links: •  James Goepel on LinkedIn: https://www.linkedin.com/in/james-goepel-gc-cto-cyber/ • Trend Micro Midyear Security Roundup: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/securing-the-pandemic-disrupted-workplace-trend-micro-2020-midyear-cybersecurity-report •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we talk to Julia Voo, one of the authors of the newly published National Cyber Power Index 2020. Which country is the most powerful in cyberspace? The NCPI takes a "whole of country" approach to measuring cyber power, ranking 30 countries in the context of seven national objectives. Voo is a Cyber Fellow at the Belfer Center for Science and International Affairs at the Harvard Kennedy School. She was the closing keynote at the SecureWorld Detroit-Toronto-Cincinnati virtual conference, and this is an excerpt from her presentation and fireside chat. Resource Links: •  Julia Voo on LinkedIn: https://www.linkedin.com/in/juliavoo/ •  The National Cyber Power Index 2020 report (PDF): https://www.belfercenter.org/publication/national-cyber-power-index-2020 •  Trend Micro Cyber Risk Index: https://www.trendmicro.com/en_us/security-intelligence/breaking-news/cyber-risk-index.html •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we hear from Don McKeown, Information Security Manager at Wolters Kluwer Health. He talks about the various levels of culture within an organization, and the culture of security. Plus, approaches to security: blocking and tackling programs, compliance-based information security programs, and risk-based InfoSec programs. McKeown spoke at the 2020 SecureWorld Boston virtual conference, and this is a part of his presentation. Resource Links: •  Don McKeown on LinkedIn: https://www.linkedin.com/in/donspage/ •  Trend Micro ransomware best practices: https://cybersecurityminute.com/security-blogs/ransom-from-home-how-to-close-the-cyber-front-door-to-remote-working-ransomware-attacks/ •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we hear from Dan Pepper, Partner on BakerHostetler's Privacy and Data Protection team. He frequently handles security incidents, interacting with federal and state agencies and forensic service providers, and has overseen investigations including many cases of ransomware. How are attackers launching their ransomware attacks? Should you pay the ransom or not? Is it legal to pay a hacker's ransom demand? He answers these questions and more. Pepper spoke at the virtual SecureWorld Philadelphia New York and this is a part of his presentation. Resource Links: •  Daniel Pepper on LinkedIn: https://www.linkedin.com/in/danpepperesq •  Trend Micro ransomware best practices: https://www.trendmicro.com/en_us/forHome/campaigns/ransomware-protection.html •  Trend Micro ransomware decryptor: https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are partnering with the non-profit Cybercrime Support Network (CSN) to raise awareness as part of their Youth and Cybercrime Week. We interview Cam, who was arrested for cyberattacks when he was 14 years old and now works as a cybersecurity professional. How did he get into cybercrime and then into a role defending against it? What advice does he have for young people? Also, we speak with Kristin Judge, CEO of Cybercrime Support Network, about how we can help direct kids to use their hacking and cyber skills for good. She also shares how kids, teens, and even college students are becoming victims of cybercrime themselves. Plus, where can individuals and SMBs turn for help if they are victims of cybercrime. Resource Links: •  Cybercrime Support Network: https://cybercrimesupport.org •  Kristin Judge on LinkedIn: https://www.linkedin.com/in/kristin-judge-1108b624 •  Trend Micro's Close the Gap program: https://www.trendmicro.com/closethegap •  Trend Micro's Zero Day Initiative: https://www.zerodayinitiative.com •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we share part of a SecureWorld presentation by Sandy Silk, Director of Information Security Education and Consulting at Harvard University. In her presentation, titled "Hey, InfoSec: Be Part of the Digital Transformation or Be Left Behind!," Silk discusses how security teams need to evolve to deliver the same digital transformation (Dx) value and benefits as other technology and data initiatives within their organizations. Resource Links: •  Trend Micro's Close the Gap initiative: https://www.trendmicro.com/closethegap •  Trend Micro security blog: https://www.trendmicro.com/vinfo/us/security/news •  Sandy Silk on LinkedIn: https://www.linkedin.com/in/sandysilk •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

CISO Milinda Rambel Stone and Human Resources VP Susan Hanson, both of Provation Medical, worked together on a pandemic plan completed just as the COVID-19 pandemic hit the U.S. They discuss these questions: How does a pandemic plan fit with a Business Continuity Plan (BCP)? How did the business, including information security, communicate during this time? How was the plan communicated to executive leadership? How has the BCP helped cybersecurity and other parts of the business work together? And what if your BCP needs some work or you don't have one yet? Resource Links: •  Trend Micro update on COVID-19 cybercrime: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains • Trend Micro Security Blog: https://www.trendmicro.com/vinfo/us/security/news/ • Milinda Rambel Stone on LinkedIn: https://www.linkedin.com/in/milindastone/ •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are speaking with Joshua Cloud, Director of Information Security at NFI, as he answers three important questions for us: 1. What is Artificial Intelligence (AI)? 2. What is Machine Learning (ML)? 3. How can we use AI and ML in cybersecurity and cyber defense? Also, new research, just published by Trend Micro, our premiere podcast partner, on unveiling critical security flaws in programmable industrial machines. Resource Links: •  Research: Trend Micro report, "Hidden Risks of Industrial Automation Programming." https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming •  Joshua Cloud on LinkedIn: https://www.linkedin.com/in/joshua-cloud/ •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events •  SecureWorld Remote Sessions webcast briefings: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are speaking with cybersecurity and technology influencer Chuck Brooks about emerging technologies that can help you defend your organization in cyberspace. Brooks covers everything from the future of quantum computing and the encryption debate to China in tech, election cybersecurity, 5G concerns, and low-hanging cybersecurity fruit companies should address now. Also, new research on device and supply chain security in healthcare from Trend Micro, our premiere podcast partner. RESOURCE LINKS: •  Trend Micro research, "Exposed Devices and Supply Chain Attacks: Overlooked Risks in Healthcare Networks" https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/exposed-medical-devices-and-supply-chain-attacks-in-connected-hospitals •  Chuck Brooks on LinkedIn: https://www.linkedin.com/in/chuckbrooks/ •  SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events •  SecureWorld Remote Sessions webcast briefings: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we hear from Joe Zurba, Chief Information Security Officer at Harvard Medical School. He details the challenging Identity and Access Management landscape the school faces and how it navigates IAM. Zurba was a keynote speaker at the 2020 SecureWorld Boston virtual conference. Also, updates on ThiefQuest (EvilQuest), the quickly-evolving macOS malware. We're sharing new research from Trend Micro, our premiere podcast partner. Resource Links: •  Research: Trend Micro's updates on ThiefQuest malware: https://blog.trendmicro.com/trendlabs-security-intelligence/updates-on-thiefquest-the-quickly-evolving-macos-malware/ •  New SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events •  SecureWorld Remote Sessions webcast briefings: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

In this episode, we are speaking with cybersecurity researcher, pentester, and author Vinny Troia. His new book is "Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques." He explains how he tracked down the alleged hackers behind Gnostic Plays, Shiny Hunters, NSFW, and the The Dark Overlord groups. And it turns out, there are some very tight connections between these groups. Troia reveals the identities of two teenage hackers that he says are responsible for a whopping 42% of all non-payment card data breaches from 2017 to mid-2020. Also, new hacker infrastructure and underground hosting 101 research, just published by Trend Micro, our premiere podcast partner. RESOURCE LINKS: •  Research: Trend Micro's *NEW* Hacker Infrastructure findings: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hacker-infrastructure-and-underground-hosting-101-where-are-cybercriminal-platforms-offered •  Report: The Dark Overlord revealed: www.thedarkoverlord.info •  New SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events •  SecureWorld Remote Sessions webcast briefings: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

What does cybersecurity collaboration look like in the digital realm? What about the future of physical events and conferences for the cybersecurity industry? In this episode, we are speaking with conference creator Brad Graver, Vice President of SecureWorld. Brad and his team have overseen more than 120 cybersecurity conferences across North America over the past 19 years, and have experienced the shift from in-person to online events in the wake of COVID-19. Also, we look at new cloud security resources from Trend Micro, our premiere podcast partner. RESOURCE LINKS: •  Trend Micro's Cloud Security and Misconfiguration Paper: https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security •  New SecureWorld VIRTUAL conferences: https://www.secureworldexpo.com/events •  SecureWorld Remote Sessions webcast briefings: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.