Podcasts about acalvio

Rocky Giglio welcomes Ram Varadarajan, founder and CEO of Acalvio, to discuss the cutting-edge world of deceptive technology. Cloud N Clear episode 168 delves into Acalvio's innovative strategies, its integration with Google Cloud, and how deceptive tech is reshaping cybersecurity.  Discover how Acalvio differentiates itself from traditional HoneyPot methods with help from SADA and what the future holds for this dynamic field. Join this engaging episode, and don't forget to LIKE, SHARE, & SUBSCRIBE for more content! ✅  

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception! Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program! To learn more about Acalvio, go to: http://go.acalvio.com/demo Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit http://securityweekly.com/esw for all the latest episodes!

This week, Paul and John Strand interview John Bradshaw, Senior Director and Solutions Engineer at Acalvio Technologies, to talk about 5 Tenets of Enterprise Deception! In the Enterprise News this week, NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform Achieves VMware Ready Status, SecurityScorecard Announces Partnership with Cybernance to Drive Holistic View of Cyber Risk Across the Enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul and John Strand interview John Bradshaw, Senior Director and Solutions Engineer at Acalvio Technologies, to talk about 5 Tenets of Enterprise Deception! In the Enterprise News this week, NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform Achieves VMware Ready Status, SecurityScorecard Announces Partnership with Cybernance to Drive Holistic View of Cyber Risk Across the Enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception! Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program! To learn more about Acalvio, go to: https://securityweekly.com/acalvio Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit http://securityweekly.com/esw for all the latest episodes!

Acalvio (https://www.acalvio.com/company/#leadership) and is regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry. At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. (In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry. For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber security community, learning from past mistakes, why giving back to the community is so important, why the new generation needs to make their own mistakes, the word hacker, and so much more. Where you can find Chris: LinkedIn (https://www.linkedin.com/in/sidragon1/) Twitter (https://twitter.com/Sidragon1) The Googles (https://www.google.com/search?q=chris+roberts+hacker&source=lnms&sa=X&ved=0ahUKEwiat86l6araAhUM2IMKHV6ZAo4Q_AUICSgA&biw=1920&bih=984&dpr=1)

In this episode: James Johnson, President of ISSA Denver is our guest this week. News from: RedCanary, Webroot, Amazon, Automox, Root9b, GTRI ... and a lot more! Boozy Benefits Did you know that until this week it was illegal to auction alcohol for charity? So all of those wine baskets and bottles of booze you won to help support the local PTA could have landed you in some hot water. Well, lucky for you, Governor Hickenlooper signed a law at the beginning of March to make this practice legal. I guess that means it is time to double down on charitable donations. Also, Amazon is opening a physical bookstore at Park Meadows. We have a couple stories on high school STEM education. RedCanary is wondering if we're going to see criminals move from ransomware to cryptocurrency miners as their primary methods for making money. Webroot is still having double digit growth. Automox has received $2M in funding and GTRI partners with Root9B Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Thank you to Chris Abbey and Andre Gaeta for supporting us on Patreon! Trivia: Congratulations to James W. for getting the answer this week. Did you catch this week's trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Charity booze auctions now legal! Amazon to open physical bookstore in Colorado Top 20 Colorado STEM High Schools Fort Collins High with Science Bowl Will cryptocurrency miners overtake ransomware? Webroot drives 4 years of double digit growth Automox secures $2M in funding GTRI and Root9B partner Job Openings: Ping Identity - GRC Analyst Ping Identity - Application Security Engineer Coalfire - Director, Healthcare Cognizant - Sr. Manager, Corporate Security - GRC ProLogis - IT Risk, Governance, & Compliance Manager Coalfire - Principal, Service Organization Controls Practice Staples - Senior Application Security Engineer ProtectWise - DevOps Engineer CenturyLink - Information Security Engineer I DirectDefense - LogRhythm Security Analyst Pearson - Senior Cloud Security Engineer, DevOps LenderLive - Information Security Analyst Upcoming Events: This Week and Next: ISSA Denver March Meetings - 3/13-14 C-Level @ Mile High - 3/15 ISACA - March Meeting - Combatting Fraud and Corruption with Data Analytics - 3/15 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 3/15 ISC2 Denver - March Meeting - 3/15 ISACA Denver - Certification Training - 3/17 CSA - March Chapter Meeting - 3/20 DenSec - March Meetup - 3/21 ISSA Denver - Happy Hour - 3/22 SecureSet - Capture the Flag: Hackathon - 3/23 Other Notable Upcoming Events Rocky Mountain Information Security Conference - 5/8-10 BSides Denver - 5/11-12 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

In this episode: Kris Kistler, CISO at Centura Health is our guest this week. News from: Firmspace, CDOT, ProtectWise, Coalfire, Ping Identity and a lot more! #10 overall, but #1 in your hearts Whatever formula ranks North Dakota over Colorado has some serious issues huh? But don't miss out that Colorado does rank as the strongest economy. And luxury co-working is on the way to make it even better. Election security is top of mind, and CDOT is still struggling with their ransomware attack. Lots more stories as well. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Trivia: Nobody knew that the Colorado = Security podcast has had no sponsors yet. You guys let Andre Gaeta off the hook last week. Did you catch this week's trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel U.S. News & World Report: Colorado #1 for economy, #10 overall U.S. governors worry about cyberattacks during fall elections Luxury co-working coming to Denver Ransomware strikes CDOT for second time even as agency still recovering from first attack Colorado Leads and Grows as Cybersecurity Hotbed Table of Experts: Cybersecurity/Fraud Analysis of Active Satori Botnet Infections Coalfire blog: New SEC Cyber Risk Disclosure Guidance: What Does It Mean for Public Companies? Job Openings: Ping Identity - GRC Analyst Ping Identity - Application Security Engineer PDC ENERGY - Director, Information Security Crowe Horwarth - IT Audit and Consulting Senior Manager CenturyLink - Senior Information Security Engineer Polycom - Senior Security Analyst Spectrum - Security Engineer I Western Union - Information Security Analyst Home Advisor - Information Security Engineer NREL - Cyber-Physical Systems Security & Resilience Coalfire - Director, Healthcare Blackstone Technology Group - Tier 3 Managed SOC Analyst Upcoming Events: This Week and Next: DenSec - South Meetup - 3/5 CTA - Daybreak Education Series: The Business of IoT - 3/6 SnowFroc - 3/8 ISSA Denver March Meetings - 3/13-14 C-Level @ Mile High - 3/15 ISACA - March Meeting - Combatting Fraud and Corruption with Data Analytics - 3/15 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 3/15 ISC2 Denver - March Meeting - 3/15 Other Notable Upcoming Events Rocky Mountain Information Security Conference - 5/8-10 BSides Denver - 5/11-12 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Well Rick, thanks for joining us. Just introduce yourself.My name is Rick Moy. I'm the chief marketing officer at a company called Acalvio Technologies. We are a Deception 2.0 company. We are creating a distributed deception platform that brings automated deceptions at scale and authenticity to organizations of any size. The goals is to make it easy to manage, deploy, and implement deception strategies in the network in order to do a better job of detecting attackers who have gotten past the prevention that is deployed on the perimeter and on the endpoints. Yeah. Such a great background and experience and fit for some of the conversations that we've been having. We're seeing the realization in the market that static systems aren't secure, they're just not. If an attacker can see what you're doing, they're going to be able to penetrate it.I know you guys have been around a while. Walk through where Deception and changes have happened. What that history looks like.Yeah. Well, so first of all, to set the context like I talked about in my talk this morning, deception has been around for a long time. It exists in nature. You have the Venus Flytrap, the angler fish, you think of those fun things. So, nature's got them. We've used deception in warfare, kinetically, so military use smokescreens, false retreats, fake units, right, during D-Day, we created some inflatable tanks to fool the Germans.In cyber, it really started around 1989 with the German attacker who was breaking into Lawrence Livermore. A guy named Cliff Stoll is one of the first documented deception campaigns, where he actually created fake systems, fake files, and even fake departments logically in the company, and a fake secretary who he gave an account on the system in order to mislead the attacker. So, deception is part of our world, whether we realize it or not.Attackers use deception against us in phishing campaigns, in malware, polymorphic malware. We use deception to sinkhole botnets. We use it to gather threat intelligence externally. The field of honeypots, which most people think about, has been around for 20 years, and that's great. A lot of open source, community level projects. It solves a certain problem, but the change we've noticed over the last few years is that making those enterprise ready, right. What does that mean? No one has time to manage another platform. It takes time to figure out well what kind of campaign do I want to run. There's some manual effort required.The new phase of deception, we call Deception 2.0 has a couple key principals. It's got to be manageable. It's got to be automated. It's got to be authentic. It's got to interoperate with your existing infrastructure fabric. All those things have to be true. That's really only become viable within the last 12, 18 months I would say. There's a lot of Deception offerings that I call more point products. They solve a specific part of the problem, but they aren't as fluid and dynamic as the modern enterprise would like. Keep in mind, developers have been talking about Devops for five years or so now, so that's really become part of the mantra within the CIOs organization. We've gotta be Agile. We've got to adapt to a digital transformation, that's still ongoing.Yeah. You brought up so many good things there. I think that pain point that you talk about where you're already seeing 10,000 threats a day, maybe a million incidents a day, and if you were going to create another system where you're going to create even more incidents. You already are overwhelmed. The idea of how do I handle more when I'm already drinking from the fire hose. How do you guys, both your own technology but what do you see in the market in terms of that filtering, that understanding what is noise on the network and what is the really high-risk elements.That's perfect, right. It's true. There's organizations I've worked with that get millions of alerts a day. That's exactly the problem with the prevention or traditional detection type of technology. Where deception comes in is really a great blessing for the organizations. It's a totally different philosophy.With prevention you're trying to find the bad guy hiding in the crowd. With deception, you've set out fake assets, decoys that will attract them. By definition, anyone whose interacting with that decoy is not following business process. If they're an employee, they're not following the business process. If they're an attacker, they're looking for some data to either steal or ransom back to you. “Deception 2.0 has a couple key principals. It’s got to be manageable. It’s got to be automated. It’s got to be authentic. It’s got to interoperate with your existing infrastructure fabric. ” — Rick Moy The definition of deception is it gives you high-fidelity alerts, so a very small number of them because, in general, they don't occur very often. They're designed specifically to detect lateral movement. Someone who has gotten a foothold on a workstation or a server inside an organization is now trying to pivot and find some of that important treasure to, again, steal or ransom back to you. By doing that, trying to figure out what machines are next to me, what services are in the environment, how do I connect to them ... all those activities could potentially reveal their existence if they connect to them. That's where we come in. Deception's a great compliment to a very noisy existing infrastructure that most organizations already have set up. These two things can be complimentary and used together.Yeah. When you think about when you're creating a network and, essentially, trying to replicate something that looks like your existing environment and putting assets there. How do you do that in a way that's efficient, easy, and that also is believable to an attacker. In many cases, sadly, a lot of organizations don't even know what their network looks like and what's on it. How do you stand one up that's an image of it, a copy of it, that's real ... at least real enough to an attacker?That's a great question. That's exactly one of the shortcomings of the previous generations of honeypot technologies. Modern approaches will allow admins and organizations to use gold images.You can take systems that are actually deployed, dirty images. We call them gold, but a lot of them call them their copper or pewter or their fairly tarnished. They're not necessarily a precious thing. That's exactly what you want. You want to replicate and mimic the actual systems in your environment. If it's too clean, it's going to be suspicious. If it's too locked down, it's probably not going to be a good lure for an attacker. It needs to have the same kinds of flaws that your other systems have.Not to get too technical because we have an audience that spans the range from security professionals to individuals who are tangentially involved, but can you dig in a little bit to one layer deeper in terms of how you do that? Is that done through virtual machines? What's the way you deploy a network?To be honest, there are some that are out of the box that are just standard. There's a whole matrix of different types of deceptions you can deploy. Out of the box, you would get some basic things like SMB file shares, certain Windows operating versions, Windows 7, Windows 8, and Windows 10, Server 2012, etc. Those generally we provide. Others can be virtualized or containerized. We call it in our lingo, "service reflection." The process of wrapping an image that's already in production and then mimicking its existence on different VLANs. We have technology that really simplifies that. It's all about making it easy for an organization to roll out a deception campaign.So you're deploying stuff both on prem as well as in the cloud? How is the deployment typically? “There’s a certain investigative, James Bond nature to it ... what’s going on, who’s inside the castle walls, what information do I have, how can we lay some traps to have that person reveal themselves. ” — Rick Moy Acalvio is a cloud first company. Everything we design is meant for organizations who are going to be moving to the cloud or deploying from the cloud. That same engineering discipline allows us to deploy cloud-ready apps on premises in a very efficient DevOps manner. We've done the design for the hard stuff first, but are also deployable on prem.Where are things going? What's new? What do you think people should be really excited and trying out in this phase? What's cutting edge in deception right now?Cutting edge, I'd have to say it's probably the boring part of just making it operational. A couple of years ago, cutting edge was putting up a lone honeypot on the outside of your network and getting external threat intelligence. Well, that's something that a lot of people know. If you put something on the outside of your network, within about 5 minutes, you're going to start getting attacked, right?What's really critically important to the organization, as well as kind of fun I think and so maybe this is the definition of cutting edge, is finding the bad guys who are already inside your network. There's a certain investigative, James Bond nature to it ... what's going on, who's inside the castle walls, what information do I have, how can we lay some traps to have that person reveal themselves. You get into this detective mode, and you start to think well what tools do I have to do that. There really isn't anything more exciting in my mind than the deception arsenal of tools that you have.The honeypot is your actual server, you can put services out there that maybe just like a FTP service, which was used, for example, in the Sony hack. File sharing ... you can put fake spreadsheets out there. You can have false, misleading data in database servers that would, if that data was ever used in public you would know that you had been breached. There's really creative ways that you can think about marking content that if it's touched or used somewhere else will be an indicator. It really forces you, as the security guy, to think a little more holistically about what business are we in. Are we in healthcare ... is it patient records? Are we financial services ... is it bank account information? Are we a R & D shop designing semiconductors, so then it may be IP around a particular laser etching technology or layout of a microprocessor. I would want to have different strategies around each of those. That's what's interesting, and frankly invigorating, for a security person who maybe last week their top priority was applying a patch or responding to some malware on Jane's computer. Now he gets to think more strategically about the business and the threats that it faces. It's something that's typically reserved for the C-level suite, but in reality it's the people who are hands-on that have to implement that. I think it's a great opportunity from many perspectives.Sounds very cool. As people are thinking about adding deception to their strategies, what would you say is the best way to climb the curve, to educate themselves? Are there some resources out there? Are there some books they should check out? What sort of way to get involved there?Actually it's a great question. It's almost a setup. We actually have a couple of books that we've written.Cool.You can go on Amazon. There's a couple historical books you can look at. The Cuckoo's Egg is one. Kevin Mitnick has written a book about deception.We have two free books. One's a Dummies book, Deception for Dummies. It's a very short read. It's actually quite entertaining.You don't have to be a dummy. It does a really good job of explaining it. Then we have an advanced field guide for the advanced practitioner whose had more experience with some honeypot technologies.Awesome. Thanks for taking the time. This is your opportunity if you've got a soap box ... what would you like the community to know if you had 30 seconds, a minute, to say, "Gosh, you know you really need to be thinking about this." I would encourage the community to recognize that deception is all around us. We use it every day, and it's used against us every day, whether it's in advertising, social relationships, and in cyber it's used. Let’s use deception to change the dynamics. The attackers are using automation and forcing us to do manual review of the problems they've created. Deception is the only platform that allows us to lie back to the attacker and change that dynamic and make them do some work.From that perspective, when you look at the technologies at your disposal ... huge points for that. When you also consider that it's lower cost to deploy than a number of other technologies and more effective and lower noise, there's a lot of reasons to look at it. I'd encourage people to have an open mind and to read up on what Gartner says is the number three of the top technologies for the next year.Yeah. Awesome. This is great. Thanks so much.Thanks for the time. 

In this episode: Cam Williams, Founder & CTO at OverWatchID is our guest this week. News from: Google, Xactly, Gates, Red Canary, LogRhythm and a lot more! Colorado = Security is always a bull market Google is hiring in Colorado (Xactly too). In the blockchain Colorado trusts. Time to mentor. Gates IPO went pretty well. Red Canary's founder hits Forbes. A blog from LogRhythm. And a spotlight on our friend Gail Coury. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Did you catch our trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Google to hire thousands in 9 states (including Colorado) Colorado eyes blockchain to secure government data, legal pot New Cybersecurity Bill - "CONCERNING THE USE OF CYBER CODING CRYPTOLOGY FOR STATE RECORDS" Invest in You: Are you ready to be a mentor? Silicon Valley software firm Xactly expands in Denver Gates says IPO raised nearly $800 million As Featured in Forbes: CEO Brian Beyer on 2018 Cyber Security Trends Integrating Threat Intelligence to Keep up with Today’s Cyberthreats Gail Coury featured in ISSA Journal this month (page 12) Job Openings: Holland & Hart - Information Security Officer BP - Security Architect Arrow - Security Architect - Applications QEP Resources - IT Security Analyst Red Sky Solutions - Senior Systems Engineer Burwood Group - Sr. Network Security Consultant Kivu - Associate Director Kivu - Analyst SecureSet - Vice President of Educational Products and Programming Optiv - Director Content Strategy CyberGRX - Content Marketing Manager Upcoming Events: This Week and Next: Nederland Library - Cyber Security for the Individual - 2/13 ISSA Denver - February Chapter Meetings - 2/13-14 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 2/15 DenSec - North Meetup - 2/15 ISACA - February Meeting - Active Defense: Why Duck when you can Hit back? - 2/15 OWASP Boulder - Automating Offensive and Defensive CyberOps with John Grigg - 2/15 ISSA COS - Mini seminar - 2/17 CSA - February Meeting - 2/20 ISSA COS - February Meetings - 2/20-21 ISSA Denver - Happy Hour - 2/21 CTA - Day at the Capital - 2/21 Other Notable Upcoming Events SnowFROC - 3/8 C-Level @ Mile High - 3/15 Rocky Mountain Information Security Conference - 5/8-10 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

In this episode: Steve Wostal, Director of Security at Starz Entertainment is our guest this week. News from: DISH, Catalyst Accelerator, ProtectWise, CyberGRX, Swimlane, Threat-X, Colorado Matters, Red Canary, Kroll, LogRhythm, Webroot, Optiv, Virtual Armour, zvelo and a lot more! We are Colorado's A-Team of security - or - 'Colorado = Security Stadium' anyone? First Invesco Field, then Sports Authority, next... Colorado = Security Stadium? Works for us. DISH buys ParkiFI, Catalyst Accelerator launches a cohort, Colorado has some great startups (including several in security), Debbi Blyth was on the radio!, GDPR is coming to Colorado, Red Canary partners with Kroll, LogRhythm & Webroot team-up, and a whole lot more! Come join us on the new Colorado = Security Slack channel to meet old and new friends. Did you catch our trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Former Denver Mayor Webb wants to bring back the Mile High Stadium name Dish Network buys Denver parking startup ParkiFi Catalyst Accelerator launches first cohort ChickTech Denver Hopes to Attract More Women to STEM Careers 50 Colorado Tech Startups to Watch Debbi Blyth on Colorado Matters podcast on 1/29 European data-privacy changes send Colorado tech businesses ‘scrambling’ Kroll Announces Exclusive Partnership With Red Canary SecurityBrief NZ - LogRhythm SIEM gets a boost with Webroot threat intelligence & IP reputation services Optiv Blog - Cloud Critical Controls Virtual Armour Blog - Cyber Threats: How Finance Directors Should Prepare zvelo Blog: IoT Cyber Security Is Reaching A Tipping Point Job Openings: Schwab - Director, Risk Analytics Camping World - Director IT Systems and Security Arrow Electronics - Security Architect Convercent - IT Security Engineer Salt Lending - Security Analyst Kudelski Security - Principal Advisor - Strategy & Governance Stroz Friedberg - Vice President, Enterprise Sales Coalfire - Sales Executive - Cloud and Technology Services Cylance - Enterprise Sales Manager - Denver StealthBits - Account Executive Upcoming Events: This Week and Next: Cybersecurity Reception with British Government - 2/5 DenSec - South Meetup - 2/5 Women in Security - 2/6 CTA 101 - 2/7 CTA - Actionable Analytics - 2/7 SecureSet - Career Conversations: Elaine Marino Of Equi.Li - 2/8 CTA - Skill Works: Skills-Based Hiring & Training - 2/8 CTA - Go Code Colorado Kick-Off - 2/8 CTA - Startup Weekend Women Denver - 2/9-11 ISSA Denver - February Chapter Meetings - 2/13-14 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 2/15 DenSec - North Meetup - 2/15 ISACA - February Meeting - Active Defense: Why Duck when you can Hit back? - 2/15 ISSA COS - Mini seminar - 2/17 Other Notable Upcoming Events: CTA - Day at the Capital - 2/21 SnowFROC - 3/8 C-Level @ Mile High - 3/15 Rocky Mountain Information Security Confernce - 5/8-10 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

This episode: Al Barton, president of the Colorado Cloud Security Alliance, is our feature guest this week. News from: Xero, Apple, Secure64, Apex Awards, Optiv, LogRhythm and a lot more! Show Notes: https://www.colorado-security.com/news/2017/10/12/37-1016-al-barton No, women are NOT well represented in leadership Did you catch our trivia question? Be the first to reply to info@colorado-security.com with the right answer and get any $25 item from the Colorado = Security store. Survey shows that 63% of men are bad at math... at least when it comes to evaluating women in the executive suite. Ex-CSA & NSA head Hayden tells us not to get our hopes up for the government to help out. Xero, Apple, Trimble all invest in Denver growth. Secure64 founder tells us that little DNS issues can cause big headaches. Forrester has a crush on Optiv. LogRhythm makes a splash. And a couple of security leaders land in new companies. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. We're continually working to improve the show, and appreciate the feedback from our listeners. If you have any issues, or suggestions for our format, let us know. This week's episode is available on Soundcloud, iTunes, and Google Play. Reach out with questions or comments to info@colorado-security.com Feature interview: Al Barton, president of Colorado's Cloud Security Alliance sat with Robb to talk about the CSA. Al tells a bit about his background, then dives into what the CSA does, who should attend and what the future looks like for the group. Al also gives some advice on doing your own cloud security. Local security news: Colorado = Security store! Buy things now A surprising number of men think women are well represented when just 1 in 10 executives is female Ex-CIA, NSA chief Hayden to business: 'The cavalry ain’t coming' on cyber-attacks Xero claims top floor of new Circa Building on Platte Street Apple hiring software engineers to work in Denver GPS-tech company Trimble doubles down on metro Denver, plans big hiring How to avoid the network outage that could cost you the C-suite Optiv Named a Strong Performer in Two 2017 Forrester Evaluations LogRhythm Unveils Self-Evolving Cloud-Based Analytics to Enhance its Threat Lifecycle Management Platform Merlin Namuth left Red Robin to join ReedGroup as Business Information Security Officer (BISO) Job Openings: Healthgrades - CISO Children’s Hospital - Director Information Security Gates - Security Architect Vail Resorts - Network Security Engineer DaVita - IT Security Risk Analyst CHAN HEALTHCARE - Careers -IT Audit Manager Western Union - Sr Info Security Analyst ManTech - Software Vulnerability Researcher Ball Aerospace - Security Awareness Training & Education (SATE) Coordinator Alchemy Security - Systems Engineer Upcoming Events: This Week and Next: CSA - October Chapter Meeting - 10/17 Become a Threat Hunter - 10/17 ISSA COS - October Chapter Meetings - 10/18-19 ISSA Denver - Government Special Interest Group - 10/19 SecureSet - Cybersecurity Expert Series: Chris Roberts, Acalvio - 10/19 DenSec - Meetup North - 10/19 SecureSet - Hacking 101 Workshop: NetSec - 10/25 CTA - Talent Series: Protecting Your Company's Trade Secrets and Other Confidential Information - 10/25 ISSA Denver - Oil & Gas Special Interest Group - 10/26 InfraGard - Business Email Compromise (BEC) Workshop - 10/27 SecureSet - Capture the flag - 10/27 Other Notable Upcoming Events: SecureWorld Denver - 11/1-2 NCC - Governor's Cyber Symposium - 11/1-3 CTA - APEX Awards - 11/8 2017 CSA-CO Fall Summit - 11/9 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

In this episode: Dave Dufour, VP of Engineering and Cybersecurity at Webroot, is our feature guest this week. News from: AOL, Amazon, ChannelAdvisor, EKS&H, Secure64, Convercent, Ping Identity and a lot more! Full notes here: https://www.colorado-security.com/news/2017/10/6/36-109-dave-dufour Yes Amazon, we REALLY want HQ2 Did you catch our trivia question? Be the first to reply with the right answer and get any

We have spent so much time focusing on Red and the images of security ninjas leaping off tall walls with laptops and grappling tools that the role of "blue" has been left in the dark…it's underrated, nobody wants to do the job and typically it's under appreciated and the unloved discipline…it's time to change that. The focus on red has done nothing to help the industry protect our charges, we are still failing to protect those around us and we're still watching helplessly while companies lose all the data we're meant to protect…so time to change the focus. This talk will go through what's happening in the industry to force this line of thinking, what WE need to do as an industry and where we have to take the concepts of communication and collaboration…We'll look at several scenario's and technologies that are helping reshape security and generally throw the crystal ball out to the future and help everyone understand that change needs to happen... About the speaker: Role: Chief Security Architect, Where: Acalvio TechnologiesTwitter: Sidragon1LinkedIn: Sidragon1Roberts is considered one of the world's foremost experts on counter threat intelligence within the Information security industry. At Acalvio, Roberts helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. With increasingly sophisticated attack vectors, Roberts' unique methods of addressing the evolving threat matrix and experience with a variety of environments - Enterprise, Industrial, and IoT, make Roberts and his team an indispensable partner to organizations that demand robust, reliable, resilient and cost-effective protection.Roberts is credentialed in many of the top IT and INFOSEC disciplines and as a cyber-security advocate and passionate industry voice, Roberts has been featured in several documentaries and is regularly quoted in national newspapers, television news and industry publications. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever's taken his fancy…

LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more enterprise news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://securityweekly.com/esw for all the latest episodes!

Paul, John, and Michael discuss building a bug bounty program. In the news, LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://www.securityweekly.com for all the latest episodes!

LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more enterprise news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://securityweekly.com/esw for all the latest episodes!

Paul, John, and Michael discuss building a bug bounty program. In the news, LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more in this episode of Enterprise Security Weekly!Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://www.securityweekly.com for all the latest episodes!

It’s becoming an old adage: it isn’t a matter of if an attacker will infiltrate your network but when.” With that being the case and with research showing that attackers often reside on an enterprise’s network for many months doing reconnaissance and exfiltrating data before being identified, what are and can enterprises do? The use of autonomous threat deception technologies to identify an intruder once inside the network is being adopted by enterprises seeking preventive and proactive to technologies. As you’ll hear in this conversation with David Cass, Global CISO IBM Cloud and SaaS CISO, and Chris Roberts, Acalvio Chief Security Architect there has been a significant evolution in threat detection technology to allow enterprises to identify intruders quickly. In this sponsored podcast you’ll hear how a new dynamic and smart approach to traditional honeypots is helping enterprises by allowing them to immediately detect lateral movement, shortening the time to discovery.

Chris Roberts is considered one of the world’s foremost experts on counter threat intelligence within the Information security industry. At Acalvio, Chris helps drive Technology Innovation and Product Leadership. All that and more, so stay tuned! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode487#Interview:_Chris_Roberts.2C_Acalvio_Technologies_-_6:00-7:00PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Chris Roberts is considered one of the world’s foremost experts on counter threat intelligence within the Information security industry. At Acalvio, Chris helps drive Technology Innovation and Product Leadership. All that and more, so stay tuned! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode487#Interview:_Chris_Roberts.2C_Acalvio_Technologies_-_6:00-7:00PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

In today's podcast we discuss the posting of more documents swiped from the US Democratic Party, which most consider the work of Russia's Fancy Bear. US officials continue to worry about election hacking. "Periscope skimming" is a new ATM hack. The US government mulls the reorganization of its cyber agencies. Raj Gopalakrishna, Chief Software Architect at Acalvio, provides his insights on machine learning. Ben Yelin from UMD CHHS explains some newly released revelations about Stingray surveillance devices. The new Snowden biopic hits movie theaters.