The Security Detail

Browser security is crucial for protecting personal information and preventing malicious attacks, ensuring safe and private online experiences. In Episode 6 of The Security Detail, Chrome browser customer engineer Fletcher Oliver shares some of the top browser security risks and how to defend against them. We also discuss SURGe research that examines security risks associated with Chrome browser extensions.    Links: - Chrome Safety: https://www.google.com/chrome/safety/ - Chrome Safe Browsing: https://support.google.com/chrome/answer/9890866 - Chrome Enhanced Safe Browsing: https://support.google.com/accounts/answer/11577602 - Chrome Enterprise Core:  https://chromeenterprise.google/ - SURGe research on Chrome browser extension security: https://www.splunk.com/en_us/blog/security/add-to-chrome-part-1-an-analysis-of-chrome-browser-extension-security.html - Google's Permission Risk whitepaper download: https://storage.googleapis.com/support-kms-prod/H67pelgBrKlKSgvA24ooNwVYYx6emmcuJ0LD - Chrome Enterprise Premium: https://chromeenterprise.google/products/chrome-enterprise-premium/ - Splunk integration in Chrome Enterprise Core: https://support.google.com/chrome/a/answer/12325467 - Google Chrome App for Splunk: https://splunkbase.splunk.com/app/6896    

Application security is crucial for protecting sensitive data and ensuring the integrity and trustworthiness of software systems against cyber threats. In this episode, Tanya Janca, head of community and education at Semgrep discusses the importance of “shifting left” in the software development lifecycle, along with the best and worst practices in DevSecOps. Tanya has been coding and working in IT for more than 25 years and is the best-selling author of the book ‘Alice and Bob Learn Application Security'. You can follow Tanya on social media under the handle @SheHacksPurple.   Resources:  Semgrep website: https://semgrep.dev/ 'Alice and Bob Learn Application Security': https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/B097NJSSV8 'Alice and Bob Learn Secure Coding': https://www.wiley.com/en-us/Alice+and+Bob+Learn+Secure+Coding-p-9781394171705 SheHacksPurple YouTube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ SheHacksPurple website: https://shehackspurple.ca/ OWASP Global AppSec Conference: https://sf.globalappsec.org/ CISA Secure by Design: https://www.cisa.gov/securebydesign Tanya's RSAC Talk on DevSecOps worst practices: https://www.rsaconference.com/library/Presentation/USA/2023/DevSecOps%20Worst%20Practices RSAC Presentation: 'The End of DevSecOps?' by DJ Schleen: https://www.rsaconference.com/Library/presentation/usa/2024/the%20end%20of%20devsecops Executive Order on Improving the Nation's Cybersecurity (SBOMs): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/    

International law establishes norms and frameworks to ensure that States conduct their activities in a manner consistent with principles of sovereignty, responsibility, and human rights. In this episode, François Delerue, Assistant Professor of Law at IE University, discusses the application of international law to cyber operations, including the challenges with attribution and the threshold for cyberwarfare.  Resources:  - François Delerue's biography: https://francoisdelerue.eu/ - Cyber Operations and International Law: https://www.cambridge.org/core/books/cyber-operations-and-international-law/74D210E76E46531542AD27CECF07ABDE - Tallinn Manual 2.0: https://www.cambridge.org/core/books/tallinn-manual-20-on-the-international-law-applicable-to-cyber-operations/E4FFD83EA790D7C4C3C28FC9CA2FB6C9 - "Russia Is Fighting for a Treaty That Could Soon Change the Internet Forever" (Newsweek): https://www.newsweek.com/russia-fighting-treaty-that-could-soon-change-internet-forever-1865118 - Microsoft's Digital Geneva Convention Proposal: https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace    

In episode two of The Security Detail, Audra interviews Liz Wharton, founder of Silver Key Strategies, about her research on using large language models (LLMs) to analyze SEC 8-K filings and other public reporting to gain cybersecurity insights. Liz is an attorney who has two decades of legal, public policy, and business experience, including in cybersecurity. The interview also covers the heightened liability security executives face when reporting material incidents to the US Securities and Exchange Commission (SEC).    Resources:  SURGe Minicon talks at .conf24: https://conf.splunk.com/sessions/catalog.html?search=minicon#/ Silver Key Strategies: https://silverkeystrategies.com/about-silver-key Splunk's 2024 State of Security Report: https://www.splunk.com/en_us/campaigns/state-of-security.html

Veterans bring invaluable skills in leadership, problem-solving, and discipline to the field of cybersecurity, making them highly sought-after candidates in the industry. In this episode, Tom Marsland, board chair of VetSec, explains how the non-profit helps veterans and transitioning military members find employment in the industry.  Resources:  VetSec: https://vetsec.org/ Veterans Affairs locations: https://www.va.gov/find-locations/ Til Valhalla Project: https://tilvalhallaproject.com/ Operation Code: https://operationcode.org/ Hiring our Heroes: https://www.hiringourheroes.org/ USO Careers: https://www.uso.org/careers/ Cloud Range: https://www.cloudrangecyber.com/    

In episode 9 of The Security Detail, hear from past interview guests about what they consider to be the most important cybersecurity skill for future practitioners.   

In episode 8 of The Security Detail, hear from past interview guests about their predictions for emerging technology, like artificial intelligence and quantum computing.  Resources:  Cipher Brief article: https://www.thecipherbrief.com/how-ai-is-helping-the-u-s-unravel-chinas-dangerous-hacking-operation  

The MITRE ATT&CK framework provides a standardized taxonomy and knowledge base of adversary tactics, techniques, and procedures (TTPs), enabling organizations to enhance threat detection, response, and mitigation strategies effectively. In this episode, Adam Pennington tells us about the origins of the ATT&CK project, how organizations can effectively leverage it, and the journey that led Adam to his current role as the project's leader.     Resources:  Mitre ATT&CK website: https://attack.mitre.org/ .conf24 agenda: https://conf.splunk.com/  ATT&CKCon Presentations: https://attack.mitre.org/resources/learn-more-about-attack/ ATT&CK Evaluations Program: https://mitre-engenuity.org/cybersecurity/attack-evaluations/ Adam's BSides Talk (Bringing Intelligence into Cyber Deception with MITRE ATT&CK): https://www.youtube.com/watch?v=eL4iLUw1ee8 Adam's DEF CON Talk (Emulating Adversary w Imperfect Intelligence): https://www.youtube.com/watch?v=cXlWY3OnjO0 David Bianco's Pyramid of Pain: https://www.youtube.com/watch?v=3Xrl6ICxKxI  Dr. Fetterman's blog: https://www.splunk.com/en_us/blog/security/revisiting-the-big-picture-macro-level-att-ck-updates-for-2023.html

Cybersecurity is crucial for the electric sector to safeguard critical infrastructure from cyber threats and potential disruptions, ensuring the reliable and secure delivery of electricity to homes, businesses, and essential services. In episode 6, Robert M. Lee, CEO and Co-Founder of Dragos provides an overview of the top cyber threats facing electric utilities and the role that Dragos plays in strengthening ICS and OT resilience.   Resources:  Dragos Community Defense Program: https://www.dragos.com/community/community-defense-program/ Dragos 2023 OT Cybersecurity Year in Review report: https://www.dragos.com/ot-cybersecurity-year-in-review/ SANS Instructor Biography: https://www.sans.org/profiles/robert-m-lee/ Sandworm book: https://www.amazon.com/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405 'U.S. Government Disrupts Botnet People's Republic of China Used to Conceal Hacking of Critical Infrastructure': https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical 'Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation's Main Intelligence Directorate of the General Staff (GRU)': https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian 'A Global Police Operation Just Took Down the Notorious LockBit Ransomware Gang': https://www.wired.com/story/lockbit-ransomware-takedown-website-nca-fbi/ 'Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology': https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology The Five ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ SECURING OPERATIONAL TECHNOLOGY: A DEEP DIVE INTO THE WATER SECTOR: https://homeland.house.gov/hearing/securing-operational-technology-a-deep-dive-into-the-water-sector/

The food and agriculture industry is a critical sector that represents nearly a fifth of US economic activity. Businesses in this sector also rely on other important industries such as water, transportation, and energy. In this episode, Jonathan Braley, director of the Food and Ag-ISAC shares the top cyber threats facing the industry, as well as the various services offered through the ISAC.    Resources:  Food and Agriculture ISAC website: https://www.foodandag-isac.org/ Cybersecurity Guide for Food and Ag Small and Medium Enterprises: https://www.foodandag-isac.org/resources CISA publication on Chinese-manufactured UAS: https://www.cisa.gov/resources-tools/resources/cybersecurity-guidance-chinese-manufactured-uas  

In this episode of The Security Detail, we explore the complex domain of election cybersecurity with Marci Andino, senior director of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC). From international interference threats to localized phishing attacks, discover the varied challenges election offices face and the strategies deployed to safeguard the integrity of electoral processes.   Resources: EI-ISAC Resources: https://www.cisecurity.org/ei-isac Marci Andino Bio: https://safeelections.org/marci-andino/ EI-ISAC's Essential Guide to Election Security: https://essentialguide.docs.cisecurity.org/en/latest/index.html How Investigators Solved the Biden Deepfake Robocall Mystery (Bloomberg): https://www.bloomberg.com/news/newsletters/2024-02-07/how-investigators-solved-the-biden-deepfake-robocall-mystery Splunk research on generative AI spear phishing email translation: https://www.splunk.com/en_us/blog/security/old-school-vs-new-school.html  

Cybersecurity is crucial for journalists and newsrooms to safeguard sensitive information, protect sources, and ensure the integrity of their reporting in an increasingly digital and interconnected media landscape. Episode 3 of The Security Detail features an interview with Runa Sandvik, a security researcher and founder of Granitt, a consulting firm that focuses on digital security for journalists and other at-risk people.   Resources:  Granitt Website Runa's Website Follow Runa on X Runa's blog posts Tor Project Google Summer of Code Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware Columbia Journalism Review profile on Runa Citizen Lab Amnesty International

Water treatment facilities are part of the critical infrastructure that supports essential services. A cyberattack on these facilities could disrupt the supply of clean water, leading to severe consequences for public health, safety, and the economy. In this episode, two representatives from the US Cybersecurity and Infrastructure Security Agency, or CISA, share strategies to defend the water sector from cyberattacks. They also provide an update on CISA's investigation into an Iranian-linked campaign targeting Israeli-made Programmable Logic Controllers (PLCs) at a number of US water utilities. Resources:  CISA Risk and Vulnerability Assessments program CISA Security Advisors Top Ten Cybersecurity Misconfigurations (NSA and CISA Advisory) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA Advisory) CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs (CISA Alert) CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords (CISA Alert) States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (Associated Press) CVE-2023-6448 (NIST NVD) CISA's Known Exploited Vulnerabilities Catalog  Report a cyber issue to CISA Water and Wastewater Cybersecurity toolkit (CISA) China's cyber army is invading critical U.S. services (Washington Post) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Stop Ransomware website (CISA) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Cybersecurity for Rural Water Systems Act Energy Circuit Riders Act    

Season 2 of The Security Detail kicks off with an inside look at Cyber Coalition 2023, NATO's flagship cyber defence exercise. Audra Streetman traveled to Tallinn, Estonia to tour the exercise and interview creators and participants about the knowledge and collaboration needed to defend the Alliance from cyber threats.    Links:  Cyber Coalition 2023 NATO Blog

Wrapping up Season 1 of The Security Detail, episode 14 features interviews with a number of past guests about the best advice they've received in their career along with the failures they've learned the most from.  Stay tuned for Season 2 of The Security Detail, which kicks off on January 3, 2024 with an episode about Cyber Coalition 2023, NATO's flagship cyber defense exercise. Audra Streetman traveled to Tallinn, Estonia to tour the exercise and interview creators and participants about the knowledge and collaboration needed to defend the Alliance from cyber threats. 

Cybersecurity in the energy sector is crucial for safeguarding critical infrastructure, preventing potential disruptions to power grids, and mitigating the risk of cyberattacks that could have severe economic, environmental, and societal consequences. In this episode, Joe Slowik, threat intelligence manager at Huntress, discusses the top cyber threats to the energy sector.    Resources:  Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) Attaining Focus: Evaluating Vulnerabilities In The Current Threat Environment Exorcising the Ghost in the Machine: Debunking Myths Around Supply Chain Intrusions Assessing The Balance Between Visibility & Confidentiality In ICS Network Traffic E-ISAC Cybersecurity Risk Information Sharing Program (CRISP)

Cybersecurity is crucial for the defence industry as it safeguards sensitive information, intellectual property, and critical infrastructure from cyber threats, ensuring the integrity and resilience of military technologies. In this episode, Luke O'Brien, NATO's principal engineer for cyber defence explains NATO's unique approach to cybersecurity.   Resources:  NATO Cyber Defence NATO Malware Information Sharing Platform (MISP) NATO Crisis Management Exercise 2023 (CMX23) 2023 NATO Summit in Vilnius NATO Rapid Reaction Team Albania weighed invoking NATO's Article 5 over Iranian cyberattack (Politico)

Cybersecurity has become a critical element in geopolitics, shaping international relations as nations grapple with the challenges of protecting their digital infrastructures and safeguarding national security in an interconnected world. In this episode, Dmitri Alperovitch, Executive Chairman at Silverado Policy Accelerator, discusses the intersection between cybersecurity and geopolitics and the evolving role of cyber in modern conflict.   Resources: World on the Brink: How America Can Beat China in the Race for the Twenty-First Century Geopolitics Decanted podcast by Silverado Follow Dmitri on X Infamous Chisel report Storm-0558 Report Volt Typhoon Report The Alperovitch Institute Silverado Policy Accelerator

Cybersecurity in aviation is paramount as it safeguards critical systems, ensuring the safety of passengers and the integrity of flight operations. In this episode, Richard Waine, head of SecOps at easyJet, discusses the aviation cyber threat landscape and how easyJet is tackling a range of technical and policy issues.  Resources:  easyJet.com Aviation ISAC

The cyber threat landscape for education has evolved rapidly, with ransomware attacks and data breaches targeting schools and universities, highlighting the critical need for robust cybersecurity measures in the sector. In this episode, Brett Callow, threat analyst at Emsisoft, shares his observations about the cybercrime ecosystem and how schools and universities can best defend against these attacks.    Resources:  Unpacking the MOVEit Breach: Statistics and Analysis (Emsisoft) The State of Ransomware in the US: Report and Statistics 2022 (Emsisoft) Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity (CISA)

Cloud security is essential to safeguarding sensitive data and ensuring the reliability of digital services in an increasingly interconnected and data-driven world. In this episode, Sean Heide shares some of the top threats to cloud computing that he's seeing as technical research director at the Cloud Security Alliance.    Resources: CSA's 2022 Top Threats to Cloud Computing report CIS Critical Security Controls Shared Responsibility Model in the Age of Cloud 

Cybersecurity in the financial sector is of paramount importance due to the highly sensitive and valuable nature of the data and transactions involved. In this episode, Paul Trueman, the executive vice president of segments in cyber and intelligence at Mastercard, shares insights from his extensive experience in the industry and provides advice on navigating challenges.  Resources:  FS-ISAC's Navigating Cyber 2023 report Digital Intelligence Index Digital Trust at the World Economic Forum Oxford Cyber Security for Business Leaders Programme

The cyber threat landscape for the retail and hospitality sector is marked by persistent and sophisticated attacks, targeting both customer data and financial information. With the widespread adoption of e-commerce and digital payment systems, threat actors exploit vulnerabilities in online platforms and point-of-sale systems to steal sensitive data and execute financial fraud. Additionally, the interconnected nature of supply chains in these industries presents further risks, demanding heightened cybersecurity measures to safeguard customer trust and protect against potential disruptions to business operations. In this episode, Suzie Squier, president of the Retail and Hospitality ISAC, shares the top concerns she's hearing from ISAC members and her recommendations to better defend against these threats.    Resources:  RH-ISAC website MISP threat sharing platform RH-ISAC Benchmark Survey 2022 Zscaler ThreatLabz - State of Phishing Report Bluenomicon: The Network Defender's Compendium  

Threat actors continue to exploit vulnerabilities in healthcare systems, leading to data breaches, ransomware incidents, and disruptions in critical medical services. The sector's increased reliance on interconnected devices and electronic health records has amplified the risks, necessitating robust cybersecurity measures and constant vigilance to safeguard patient information and maintain the integrity of healthcare operations. In this episode, Zach Nelson, Assistant Vice President of Health-ISAC's Threat Operations Center, shares his insight on the top cyber threats to the healthcare sector.   Resources:  H-ISAC website FDA Guidance regarding cybersecurity in medical devices MSFT Blog on court order regarding cracked copies of Cobalt Strike  

In this episode of The Security Detail, Kirsty and Audra take a look at the cyber threat landscape for the public sector from an Australian perspective. The episode features an interview with Dan Tripovich, who is currently the Assistant Director-General Standards, Technical Advice and Research (STAR) within the Australian Signals Directorate's Australian Cyber Security Centre Group. STAR Branch delivers ACSC's flagship publications, including the Australian Government Information Security Manual, the Essential Eight and Protective Cyber Security guidance to the Australian public. Dan is also responsible for the delivery of the ACSC's Research, International Standards and Technical Advice capabilities to support the secure operation of Critical, Emerging and Operational Technologies.   Resources: - Australian Cyber Security Centre - An Introduction to Securing Smart Places - Essential Eight - REDSPICE investment    

The manufacturing sector faces targeted attacks on critical infrastructure, including supply chain attacks and industrial espionage, which can lead to production disruptions and intellectual property theft. In this episode, Tim Chase, Program Director at the Global Resilience Federation (GRF), shares threat trends he's observed from his leadership of the manufacturing ISAC.   Resources:  MFG-ISAC: https://www.mfgisac.org/ CPG Supply Chain Security Guides: https://www.mfgisac.org/cpg-supply-chain-security-guides Global Resilience Federation: https://www.grf.org/ CyManII: https://cymanii.org/ Recorded Future 2022 Report: https://www.recordedfuture.com/2022-annual-report KPMG industrial manufacturing technology insights report: https://advisory.kpmg.us/articles/2022/industrial-manufacturing-insights.html

The telecommunications industry is responsible for our modern communications, including internet service providers, cable companies, and mobile operators. In this episode, cybersecurity advisor and ex-CISO Ian Keller explains why this sector is such an attractive target for state-sponsored adversaries along with his advice for CISOs. Ian Keller's website: https://iankeller.online/ The Troublemaker CISO blog: https://iankeller.online/blog/the-ciso-blog/

As Splunk's Chief Cybersecurity Advisor, Paul Kurtz is well-versed in today's cyber threat landscape. In this episode, Kurtz shares lessons learned from his cybersecurity career, which began in the early 1990s in the US government, where he served at the White House on the National Security Council and Homeland Security Council.  Resources:  Paul Kurtz bio: https://www.splunk.com/en_us/blog/author/pkurtz.html Code Red virus: https://www.nsf.gov/discoveries/disc_videos.jsp?org=NSF&cntn_id=100075&media_id=51501 Nimda worm: https://www.sans.org/white-papers/95/ UK NCSC: https://www.ncsc.gov.uk/ CISA: https://www.cisa.gov/ Splunk SURGe: https://www.splunk.com/en_us/surge.html?301=/surge US Infrastructure Investment and Jobs Act: https://www.congress.gov/bill/117th-congress/house-bill/3684 CIS Critical Security Controls: https://www.cisecurity.org/controls/v8_pre