Welcome to Cybersecurity Insights and Perspectives

Host Kevin Greene and guest Brian Knapp, industry renowned software developer discuss how speed in DevOps and enormous amount of technical debt impact software development.

Host Kevin Greene and guest Brian Knapp, industry renowned software developer discuss the importance of software engineering in modern software development. Brian discuss the need for “minimalism” in software development to help reduce technical debt, complexity and size of today’s software. Brian shares his thoughts on how organizations approach software development to improve software quality and security.

Host Kevin Greene and guest David Molnar, Computer Science Researcher at Microsoft discuss the importance of Artificial Intelligence (AI) in advancing cyber security practices. David discuss ways organizations can use fuzzing as service on-demand in the Azure Cloud to find critical vulnerabilities in software. David shares his thoughts on how organizations can codify and scale their intuitions into AI for better cyber security capabilities.

Host Kevin Greene and guest Jim Routh, Chief Security Officer at Aetna discuss the importance of developing a software security program designed to help reduce the cost to maintain software by detecting vulnerabilities early in the software development process. Jim discuss key observed software assurance practices and lessons learned from BSIMM that impact improving software security. Jim shares his thoughts on IoT and medical device security in the healthcare industry.

Host Kevin Greene and guest Caroline Wong, Vice President of Security Strategy at Cobalt discuss the challenges organizations face in adopting DevOps practices. Caroline discuss the importance of formulating a security culture and sound security practices for successful DevOps. Caroline draws from her experience with BSIMM as a key maturity model for shaping software assurance and AppSec in DevOps.

Host Kevin Greene and guest Dr. Diana Burley, Cybersecurity Expert and Professor at George Washington University discuss how human and social behaviors impact cybersecurity. Dr. Burley discuss the importance of building and replenishing our cyber workforce through programs like US Cyber Challenge and other activities to enhance cybersecurity skills.

Host Kevin Greene and guest Brian Glas, Director of Strategic Services at nVisium discuss the new changes to the OWASP Top 10. Brian discuss takeaways from the OWASP Global Summit to improve the OWASP Top 10. Learn about the latest changes to the OWASP Top 10.

Host Kevin Greene and guest Brian Glas, Director of Strategic Services at nVisium discuss the community concerns regarding the OWASP Top 10 for 2017. Brian discuss his blog, "Musings on the OWASP Top 10", highlighting some of the major issues with the formulation of the OWASP Top 10.

Host Kevin Greene and guest Ken Modeste, Global Principle Engineer at the Underwriter’s Lab (UL) discuss the status of cyber initiatives underway at the UL for certifying Internet of Things devices. Ken discusses the need to drive good cyber hygiene in products by incorporating secure design principles to reduce the cost to maintain software. Ken also shares ways the community can engage the UL process to help drive adoption.

Host Kevin Greene and guest Steve Marquess, Co-Founder of the OpenSSL Foundation discuss the resource and funding challenges for OpenSSL. In addition, Steve provides updates on the refactored and improved version of OpenSSL 1.1 release

Host Kevin Greene and guest Robert Graham, CEO at Errata Security discuss the growing challenges in security software and the Internet of Things. Graham shares his insights on improving IoT security, the potential impact of software certifications and the role of the community in helping shape the future direction for cyber initiatives. Graham also provides sound advice for establishing minimal security requirements and practices for security software and IoT devices. He discusses the importance of transparency and collaboration for initiatives like the Underwriter’s Lab.

Host Kevin Greene and guest Gavin Reid, vice president of threat Intelligence at Lancope, discuss how federal agencies can improve their threat intelligence, and ways to remove the barriers for information sharing between pubic and private sector. Reid also discusses why detecting lateral movement is so difficult in organizations.

Host Kevin Greene and guest Dr. Ronn Ross of NIST, a fellow at National Institute of Standards and Technology, discuss cybersecurity practices that can improve the way the federal government builds, designs and acquires software systems. Ross shares upcoming improvements federal agencies can expect as part of additions to NIST special publications, in particular NIST 800-53 and NIST 800-160.

Host Kevin Greene and guest Richard Clarke, Chairman and CEO of Good Harbor, discuss the impact of Yahoo’s massive data breach and the growing concern of citizen privacy. Clarke shares his insight on what the government needs to do to protect this nation’s voting and election process. Clarke also provides cybersecurity recommendations that he would like each presidential candidate to address as part of their cybersecurity strategy.

Host Kevin Greene and guest Steve Marquess, Co-Founder of the OpenSSL Foundation, discuss some of the lessons learned from the Heartbleed vulnerability that happened in 2014. Steve shares his insights on moving past Heartbleed, and things the foundation is doing to improve the OpenSSL codebase.

Host Kevin Greene and guest Justine Boone, CEO at MedSec, discuss recent vulnerabilities discovered in St. Jude medical devices (pacemakers and defibrillators) during their cybersecurity research on medical devices. Boone discusses the recent lawsuit filed by St. Jude over the joint vulnerability report by MedSec and Muddy Waters discussing the attack scenarios possible for the existing vulnerabilities.

Host Kevin Greene and guest Chris Wysopal, Co-Founder and CTO at Veracode, discuss the impact of the legendary group L0pht in many cyber security start-ups. Wysopal also discuss how Veracode is working to help organizations deploy software more securely and faster by getting better tools to the developers early in the software development process.

Host Kevin Greene and guest Anup Ghosh, CEO and Founder at Invincea, discuss the importance of machine learning in improving cybersecurity detection capabilities. Ghosh also discusses the future of machine learning and how Invincea plans on evolving its capabilities in a crowded endpoint market, as well as his priorities for the new federal CISO role in improving federal cybersecurity.

Host Kevin Greene and guest Dr. Tim Teitelbaum, Chairman, CEO, and Co-Founder at Grammatech, discuss lessons learned from DARPA’s Cyber Grand Challenge (CGC), the world’s first all-machine hacking challenge. Grammatech was one of the finalists in CGC. Teitelbaum also share his insights on why Grammatech has been very successful at tech transition and commercialization of federal funded research and development.

Host Kevin Greene and guest Amit Yoran, President at RSA Security, discuss why traditional approaches to security “can’t keep out a focused adversary. Greene and Yoran also discuss new strategies, and forward-leaning protecting measures needed to protect and secure systems.

Host Kevin Greene and guest Tony Cole, vice president and global government CTO at FireEye, discuss the lessons learned from FireEye's M-Trends Report of 2016. Cole also talks about the impact of disruptive breaches and ways organizations can better prepare themselves in response. Cole shares his insights on the major cyberthreats to the federal government — and how FireEye is working to bring awareness to these issues.

Host Kevin Greene and guest Paul Black, computer scientist at National Institute of Standards and Technology, discuss the potential impact of Underwriters Laboratories, or UL, certification and assessment for cybersecurity technologies. Black also talks about the role of “formal methods” — referring to mathematical techniques that are used in the design, implementation and testing of complex systems — in our modern software world and discusses various projects at NIST to help improve software security.

Host Kevin Greene and guest Robert Seacord, a secure coding champion, discusses the importance of secure coding practices, the emergence of DevOps and SecDevOps, and barriers many organizations face in implementing these core principles in their software development process. Greene and Seacord also discuss incentives for developers, and the benefits of quality and security in software development.

Host Kevin Greene and guest Jerry Davis, chief information officer of NASA Ames Research Center, discuss cybersecurity challenges federal agencies face — and ways industry, academia and government can work together to improve the nation's cybersecurity posture. Davis also shares some exciting things NASA Ames is doing to lead change in cybersecurity strategy in the federal government.

Host Kevin Greene and guest Katie Moussouris, chief policy officer at HackerOne, explore the potential benefits of formalizing a “bug bounty” program in the federal government, which would allow outside experts to find and report bugs in the secure software that powers the Internet. Moussouris talks about the implications of removing the barriers between the researchers, government and vendor communities to help facilitate such a program.

Host Kevin Greene and guest Arthur Hicken, chief evangelist at Parasoft, discuss challenges in securing the Internet of Things, and best practices for installing and deploying IoT devices. Hicken also talks about Parasoft's static analysis tool and its participation in the Software Assurance Marketplace, a research infrastructure funded by DHS S&T to improve software assurance tools and capabilities. At the same time, he shares what's on tap for Parasoft in 2016 and provides tips to help federal agencies improve their cybersecurity practices.

Host Kevin Greene and guest Stuart McClure, CEO and visionary at Cylance, discuss Operation Cleaver, a report developed by Cylance detailing cyberthreats to the critical infrastructure. McClure — who served as an executive at McAfee before founding Cylance — shares his thoughts on how the threat landscape is changing and offers insight on helping federal agencies prevent cyberattacks. He also talks about how to improve the Department of Homeland Security's Einstein program and gives an update about “Hacking Exposed," a book series for which he is a lead author.

Host Kevin Greene and guest Casey Ellis, CEO at Bugcrowd, discuss how bug bounty programs like Bugcrowd can help find backdoors like the one found in Juniper's ScreenOS. Ellis shares his thoughts on the obstacles to standing up a bug bounty program in the federal government. He also talks about the automation challenges in finding vulnerabilities in software, and ways to use both the human element and automation to improve vulnerability detection in software. Ellis shares his thoughts on hacker trends for 2016 and beyond.

Host Kevin Greene and guest Anita D’Amico, CEO at Code Dx Inc., discuss the importance of commercializing government-funded research. D’Amico shares the challenges and opportunities of building a startup that receives government funds to create innovative cybersecurity technologies, and talks about formalizing software assurance in federal software development environments. She also talks about research her company plans to release.

Host Kevin Greene and guest Joshua Corman, chief technology officer at Sonatype, discuss the importance of secure and trusted software in car cybersafety. Corman talks about the possibilities of self-healing software for securing the Internet of Things. He also discusses the significance of an “underwriters lab” for software to help ensure software integrity and provide visibility in the software supply chain.

Host Kevin Greene and guest James Hill, associate professor of computer science at Indiana University–Purdue University Indianapolis, discuss the state of static analysis tools and capabilities. Hill talks about the challenges and issues — and ways to reduce false-positive rates found in many state-of-the-art static analysis tools. Hill is currently working on research and development projects aimed at improving the performance of these tools.

Host Kevin Greene and guest George Kurtz, president and CEO of Crowdstrike, discuss the role of indicators of compromise in today's threat landscape, and the advantages of using indicators of attack to build proactive defenses. Kurtz also talks about moving beyond traditional antivirus endpoint protection to detecting, preventing and responding to attacks in real time.

Host Kevin Greene and guest Lethia Jackson, professor of computer science at Bowie State University, discuss the success of integrating DHS S&T’s Software Assurance Marketplace, or SWAMP, into the BSU computer science curriculum to improve secure coding practices. SWAMP is a collaborative research infrastructure from the Department of Homeland Security's Science and Technology Directorate that helps developers examine their software code for security bugs.