Podcast appearances and mentions of Alex Pinto

Welcome back to another episode of Content Amplified. In this episode, we interview Alex Pinto, a seasoned startup marketer with a rich background in content marketing and writing. What you'll learn in this episode: Insights into the transition from journalism to content marketing and how storytelling remains central. Strategies for finding and utilizing first-party data to differentiate content and engage the target audience. The importance of integrating oneself into various departments within a company to uncover hidden data and insights. Tips for marketers on developing analytical skills and utilizing tools like Excel and Google Sheets to independently analyze data for content creation. The evolving role of marketing in relation to sales and the criticality of tying marketing efforts to data and revenue. Join us as Alex shares his journey and practical advice on harnessing data to tell compelling stories that resonate with audiences and set your content apart.

Join Ryan Kovar and special guest Alex Pinto, Senior Manager of Threat Intelligence at Verizon for an interview about the key takeaways from the 2023 Verizon Data Breach Investigations Report (DBIR). You can watch the livestream of this episode here. Read the DBIR report Follow Alex on Twitter    

Alex Pinto, empresário português na Kiev, descreve sentimento dos ucranianos neste momento. Investigadora Sónia Sénica alerta para perigo de dar "passo em falso" e pede cautela. See omnystudio.com/listener for privacy information.

Continuing on with the UMBowl discussions, this week on the show: my conversation with Drina Hartmann and Alex Pinto, who share their thoughts on the two nights. We start out with:The all night wrong set and what made their ballotThe joy of finally getting Senor MouseHow Umphrey's has helped broaden our musical horizonsWe get into that delicious two song setThe return of Search 4The S2 set, theirs and their friend's contributions and of course Keyboard GalaxyTheir thoughts on UMBowl being two nights 6 sets instead of one night 4 quartersand of course we have to shout Bobby and his shorts, holding up the card before each round during the weekend. If you didn't get the stream and didn't see, you really missed out!Interested in seeing videos of these conversations? Join the Crooked Conversations video community, the only place to watch video from DATC Podcast! Check out the show notes for more or head to datcmediacompany.com to sign up!DATC Media Company: https://datcmediacompany.comCrooked Conversations: https://datcmediacompany.com/some-variations-2Email: droppedamongthiscrowdpod@gmail.comShow Instagram page: https://www.instagram.com/droppedamongthiscrowdpodcast/Show Facebook Page: https://www.facebook.com/droppedamongthiscrowd/Twitter: https://twitter.com/amongthiscrowdBook a conversation on "Dropped among this Crowd":https://datcmediacompany.com/contact/ola/services/be-on-dropped-among-this-crowd-podcast"Dropped Among This Crowd" Official Store: https://datcmediacompany.com/datc-storeWhere you can find this week's guest on social media:Twitter: https://twitter.com/Pat_Dwy3rUmphrey's McGee Tour Dates:https://www.umphreys.com/tour/YOU WALKED UP SHAKING IN YOUR BOOTS BUT YOU STOOD TALL AND LEFT A RAGING BULL - https://merch.umphreys.com/dept/you-walked-up?cp=402_109819YouTube videos from the weekend: https://youtu.be/hcib7ECzYRQWhere you can listen to UMBowl:October 8th:Nugs.net: https://tinyurl.com/ftxbdsnaUMLive: https://tinyurl.com/nwshxxhjRelisten: https://relisten.net/umphreys/2021/10/08Archive.org: https://archive.org/details/um2021-10-08.kldOctober 9th:Nugs.net: https://tinyurl.com/ff47ytpcUMLive: https://tinyurl.com/5cmrnr97Relisten: https://relisten.net/umphreys/2021/10/09Archive.org: https://archive.org/details/um2021-10-09.kldDATC Podcast UMBowl 2021 Playlist: https://2nu.gs/3qmzPY4DATC Podcast 2021 Hall of Fame Contenders Playlist: https://2nu.gs/3pZxU9AWall of "WOW": https://datcmediacompany.com/wall-of-%22wow%22-wednesdayThe Umphrey's "WOW" show on Twitter: https://twitter.com/umWOWshowLast week's episode: https://droppedamongthiscrowdpod.simplecast.com/episodes/datc-podcast-presents-umbowl-2021-complete-coverage-a-conversation-with-pat-dwyer"La Isla Bonita' by Madonna video: https://youtu.be/zpzdgmqIHOQ

A cybersecurity firm published a universal decryption tool to help victims of the REvil ransomware gang recover encrypted files. Anonymous breached a web hosting provider and domain registrar that gave shelter to right-wing websites. And the Department of Justice fined three former NSA employees who worked as hackers-for-hire for a United Arab Emirates firm. Plus, Verizon's Alex Pinto joins to talk about the cybersecurity industry's wittiest report.

22:10 no DBIR is already funny, useful & well-written. Now that it's mapped to the ATT&CK framework, security teams could finally get the holy grail of security: the answer to “Are we doing this right?” Verizon's DBIR is already funny, useful & well-written. DBIR's Alex Pinto and Rich Struse, Director of MITRE Engenuity's Center for Threat Informed Defense (CTID), discuss an enticing future: They say that with the mapping of DBIR to the ATT&CK framework, security teams could finally get the holy grail of security. Namely, the answer to “What's

The Beat podcast is designed for healthcare professionals only and is brought to you by Nutricia.  In this mini-series we explore the world of metabolic medicine, meeting the people from the multi disciplinary team who deliver the service. Through these episodes we hear what a typical day in the life of these experts is like, what they have learnt in their career and what is still to be discovered in the fascinating world of Metabolics.  In this episode of The Beat podcast, host Dr James Nurse, Consultant Paediatrician, is joined by Mr Alex Pinto, Metabolic Research Dietitian, to discuss the important role that research plays in metabolic medicine. They discuss working with patients in a trial setting, insights into collaborating on projects and how healthcare professionals outside of a research role can do their bit to help. 

Neste especial dedicado à Liga NOS, apresentamos e discutimos os jogadores da Liga NOS que destacamos no Guia que lançamos no início do campeonato, um por equipa. Nesta segunda parte, que contou com os comentários dos colaboradores ProScout Afonso Cabral, Miguel Palma e Rodrigo Carvalho, falamos dos seguintes jogadores: Eustáquio, Evanilson, Mantuan, Filipe Soares, Lucas Fernandes, Ryotaro Meshino, Francisco Moura, Alex Pinto, Darwin Nuñez, Nuno Mendes e Noah Holm.

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report. Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/ And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

Alex Pinto from Verizon Enterprise joins Dennis Fisher to discuss the findings of the 2020 Data Breach Investigations Report.

Jay and Wade are joined by Alex Pinto, Dave Hylender, Gabriel Basset and Suzanne Widup, the authors behind the 2019 Verizon Data Breach Investigations Report.

The publication of the Verizon Data Breach Investigations Report is an important event every year for the infosec community, and the 2019 version includes analysis of data from more than 41,000 incidents and more than 2,000 actual breaches. Dennis Fisher talks with Alex Pinto of Verizon Enterprise about the trends in this year's report, how the data is collected, synthesized and analyzed, and what surprises the report holds.

Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: they’re calling it “ElectricFish.” A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this year’s key findings.

After stealing a boat of their own, our heroes are on a quest to find Captain Roberts’s (Alex Pinto) old crew! Alyn (Laura Elizabeth, @elhamstring) negotiates with a group of prisoners, Butthole (Ryan LaPlante, @theryanlaplante) invents the Thaumaturgical cell phone, Quinny (Tyler Hewitt, @Tyler_Hewitt) risks his life to save a random NPC, and Captain Roberts promotes a new first mate! Also featuring our awesome DM Tom McGee (@mcgeetd)! Enjoying Dumb-Dumbs & Dragons? Consider becoming a Patron for as little as $1 a month at www.patreon.com/dumbdumbdice You can also get cool merchandise featuring your favourite Dumb-Dumbs & Dragons characters and catchphrases at www.redbubble.com/people/dumbdumbdice

Welcome to Episode 12 of the Digital Guardian Podcast!

The O’Reilly Security Podcast: Threat hunting’s role in improving security posture, measuring threat hunting success, and the potential for automating threat hunting for the sake of efficiency and consistency.In this episode, I talk with Alex Pinto, chief data scientist at Niddel. We discuss the role of threat hunting in security, the necessity for well-defined process and documentation in threat hunting and other activities, and the potential for automating threat hunting using supervised machine learning.Here are some highlights: Threat hunting’s role in improved detection At the end of the day, threat hunting is proactively searching for malicious activity that your existing security tools and processes missed. In a way, it’s an evolution of the more traditional security monitoring and log analysis that organizations currently use. Experienced workers in security operation center environments or with managed security services providers might say, ‘Well, this is what I've been doing all this time, so maybe I was threat hunting all along.’ The idea behind threat hunting is that you're not entirely confident the tools and processes in place are identifying every single problem you might have. So, you decide to scrutinize your environment and available data, and hopefully grow your detection capability based on what you learn. There are some definitions, which I'm not entirely in agreement with, that say that, ‘It's only threat hunting when it's a human activity. So, the definition of threat hunting is when humans are looking for things that the automation missed.’ I personally think that's very self-serving. I think this human-centric qualifier is a little bit beside the point. We should always be striving to automate the work that we're doing as much as we can. Gauging success by measuring dwell time It's still very challenging to manage productivity and success metrics for threat hunting. This is an activity where it’s easy to spin your wheels and never find anything. There's a great metric called dwell time, which admittedly can be hard to measure. Dwell time measures the average time for the incident response team to find something as opposed to when the machine was originally infected or compromised. How long did it take for the alert to be generated or for the issue to be found via hunting? We’ve all heard vendor pitches saying something along the lines of, ‘Companies take more than 100 days to find specific malware in their environments.’ You should be measuring dwell time within your own environment. If you start to engage in threat hunting and you see this number decrease, you're finding issues sooner, and that means the threat hunting is working. The environments where I've seen the most success with threat hunting utilized their incident response (IR) team for the task or built a threat hunting offshoot from their IR team. These team members were already very comfortable with handling incidents within the organization. They already understood the environment well, knew what to look for, and where they should be looking. IR teams may be able to spend some of their time proactively looking for things and formulating hypotheses of where there could be a blind spot or perhaps poorly configured tools, and then researching those potential problem areas. Documentation is key. By documenting everything, you build organizational knowledge and allow for consistency and measurement of success. The potential for automating threat hunting There's a lot of different factors you can consider in deciding whether something is malicious. The hard part is the actual decision-making process. What really matters is the ability of a human analyst to be able to make a decision whether an activity is malicious or not and how to proceed. Using human analysts to review every scenario doesn't scale, especially given the complexity and number of factors they have to explore in order to make a decision. I’ve been exploring when and how we can automate that decision-making process, specifically in the case of threat hunting. For people who have some familiarity with machine learning, it appears threat hunting would fit well with a supervised machine learning model. You have vast amounts of data, and you have to make a call whether to classify something as good or bad. In any model that you’re training, you should use previous experience to classify benign activities to reduce noise. When we automate as much of this process as possible, we improve efficiency, the use of our team’s time, and consistency. Of course, It’s important to also consider the difficulties in pursuing this automation, and how we can try to circumvent those difficulties.

The O’Reilly Security Podcast: Threat hunting’s role in improving security posture, measuring threat hunting success, and the potential for automating threat hunting for the sake of efficiency and consistency.In this episode, I talk with Alex Pinto, chief data scientist at Niddel. We discuss the role of threat hunting in security, the necessity for well-defined process and documentation in threat hunting and other activities, and the potential for automating threat hunting using supervised machine learning.Here are some highlights: Threat hunting’s role in improved detection At the end of the day, threat hunting is proactively searching for malicious activity that your existing security tools and processes missed. In a way, it’s an evolution of the more traditional security monitoring and log analysis that organizations currently use. Experienced workers in security operation center environments or with managed security services providers might say, ‘Well, this is what I've been doing all this time, so maybe I was threat hunting all along.’ The idea behind threat hunting is that you're not entirely confident the tools and processes in place are identifying every single problem you might have. So, you decide to scrutinize your environment and available data, and hopefully grow your detection capability based on what you learn. There are some definitions, which I'm not entirely in agreement with, that say that, ‘It's only threat hunting when it's a human activity. So, the definition of threat hunting is when humans are looking for things that the automation missed.’ I personally think that's very self-serving. I think this human-centric qualifier is a little bit beside the point. We should always be striving to automate the work that we're doing as much as we can. Gauging success by measuring dwell time It's still very challenging to manage productivity and success metrics for threat hunting. This is an activity where it’s easy to spin your wheels and never find anything. There's a great metric called dwell time, which admittedly can be hard to measure. Dwell time measures the average time for the incident response team to find something as opposed to when the machine was originally infected or compromised. How long did it take for the alert to be generated or for the issue to be found via hunting? We’ve all heard vendor pitches saying something along the lines of, ‘Companies take more than 100 days to find specific malware in their environments.’ You should be measuring dwell time within your own environment. If you start to engage in threat hunting and you see this number decrease, you're finding issues sooner, and that means the threat hunting is working. The environments where I've seen the most success with threat hunting utilized their incident response (IR) team for the task or built a threat hunting offshoot from their IR team. These team members were already very comfortable with handling incidents within the organization. They already understood the environment well, knew what to look for, and where they should be looking. IR teams may be able to spend some of their time proactively looking for things and formulating hypotheses of where there could be a blind spot or perhaps poorly configured tools, and then researching those potential problem areas. Documentation is key. By documenting everything, you build organizational knowledge and allow for consistency and measurement of success. The potential for automating threat hunting There's a lot of different factors you can consider in deciding whether something is malicious. The hard part is the actual decision-making process. What really matters is the ability of a human analyst to be able to make a decision whether an activity is malicious or not and how to proceed. Using human analysts to review every scenario doesn't scale, especially given the complexity and number of factors they have to explore in order to make a decision. I’ve been exploring when and how we can automate that decision-making process, specifically in the case of threat hunting. For people who have some familiarity with machine learning, it appears threat hunting would fit well with a supervised machine learning model. You have vast amounts of data, and you have to make a call whether to classify something as good or bad. In any model that you’re training, you should use previous experience to classify benign activities to reduce noise. When we automate as much of this process as possible, we improve efficiency, the use of our team’s time, and consistency. Of course, It’s important to also consider the difficulties in pursuing this automation, and how we can try to circumvent those difficulties.

Join the interview in progress! Martin chats with Alex Pinto, Chief Data Scientist at Niddel and lead of the MLSec Project on his upcoming presentation, “Beyond Matching: Applying Data Science Techniques to IOC-Based Detection.” Alex talks about the glamorous life of a data scientist and shares some of the key takeaways from his presentation. Alex presents on Monday, June 12 at 11:15-12:00.

Alex Pinto joins Ryan and Tyler to discuss a series of bad monologues that's being advertised as a thriller: "The Circle". This film doesn't understand how privacy laws work, none of the plot adds up, and considering how she acts this might as well be Emma Watson's first movie! Give us a listen and save yourself the cost of a ticket! Enjoying Garbage Town? Join our Patreon for exclusive behind-the-scenes content at patreon.com/dumbdumbdice!

Alex Pinto joins Ryan and Tyler to discuss a movie co-directed by a marketing department: "Suicide Squad". We debate Batman’s qualifications as a lifeguard, Tyler tells Jared Leto what to do with a dead pig, and we review all the scenes the studio cut from the film! Give us a listen and save yourself the cost of a ticket! Enjoying Garbage Town? Join our Patreon for exclusive behind-the-scenes content at patreon.com/dumbdumbdice!

Join the interview in progress! Martin chats with Alex Sierra, CTO of Niddel and Alex Pinto, Chief Data Scientist at Niddel about their presentation, "Sharing is Caring: Understanding and Measuring Sharing Effectiveness." This presentation was delivered at the 28th Annual FIRST Conference in Seoul, South Korea, June 13, 2016.

Presentation Available here: https://defcon.org/images/defcon-22/dc-22-presentations/Pinto-Maxwell/DEFCON-22-Pinto-Maxwell-Secure-Because-Math-Updated.pdf Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring Alex Pinto CHIEF DATA SCIENTIST, MLSEC PROJECT We could all have predicted this with our magical Big Data analytics platforms, but it seems that Machine Learning is the new hotness in Information Security. A great number of startups with ‘cy’ and ‘threat’ in their names that claim that their product will defend or detect more effectively than their neighbour's product "because math". And it should be easy to fool people without a PhD or two that math just works. Indeed, math is powerful and large scale machine learning is an important cornerstone of much of the systems that we use today. However, not all algorithms and techniques are born equal. Machine Learning is a most powerful tool box, but not every tool can be applied to every problem and that’s where the pitfalls lie. This presentation will describe the different techniques available for data analysis and machine learning for information security, and discuss their strengths and caveats. The Ghost of Marketing Past will also show how similar the unfulfilled promises of deterministic and exploratory analysis were, and how to avoid making the same mistakes again. Finally, the presentation will describe the techniques and feature sets that were developed by the presenter on the past year as a part of his ongoing research project on the subject, in particular present some interesting results obtained since the last presentation on DefCon 21, and some ideas that could improve the application of machine learning for use in information security, especially in its use as a helper for security analysts in incident detection and response. Alex Pinto is the Chief Data Scientist of MLSec Project. The goal of the project is to provide a platform for hypothesis testing for people interested in the development of machine learning algorithms to support the information security monitoring practice. He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for way too long. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is almost fully recovered. Twitter: @alexcpsec

Presentation available here: https://defcon.org/images/defcon-22/dc-22-presentations/Pinto-Maxwell/DEFCON-22-Pinto-and-Maxwell-Measuring-the-IQ-of-your-threat-feeds-TIQtest-Updated.pdf Measuring the IQ of your Threat Intelligence feeds Alex Pinto CHIEF DATA SCIENTIST, MLSEC PROJECT Kyle Maxwell RESEARCHER Threat Intelligence feeds are now being touted as the saving grace for SIEM and log management deployments, and as a way to supercharge incident detection and even response practices. We have heard similar promises before as an industry, so it is only fair to try to investigate. Since the actual number of breaches and attacks worldwide is unknown, it is impossible to measure how good threat intelligence feeds really are, right? Enter a new scientific breakthrough developed over the last 300 years: statistics! This presentation will consist of a data-driven analysis of a cross-section of threat intelligence feeds (both open-source and commercial) to measure their statistical bias, overlap, and representability of the unknown population of breaches worldwide. Are they a statistical good measure of the population of "bad stuff" happening out there? Is there even such a thing? How tuned to your specific threat surface are those feeds anyway? Regardless, can we actually make good use of them even if the threats they describe have no overlap with the actual incidents you have been seeing in your environment? We will provide an open-source tool for attendees to extract, normalize and export data from threat intelligence feeds to use in their internal projects and systems. It will be pre-configured with current OSINT network feed and easily extensible for private or commercial feeds. All the statistical code written and research data used (from the open-source feeds) will be made available in the spirit of reproducible research. The tool itself will be able to be used by attendees to perform the same type of tests on their own data. Join Alex and Kyle on a journey through the actual real-world usability of threat intelligence to find out which mix of open source and private feeds are right for your organization. Alex Pinto is the Chief Data Scientist of MLSec Project. The goal of the project is to provide a platform for hypothesis testing for people interested in the development of machine learning algorithms to support the information security monitoring practice. He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for way too long. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is almost fully recovered. Twitter: @alexcpsec Kyle Maxwell is a private-sector threat intelligence analyst and malware researcher working with incident response and security operations. He is a GPL zealot, believes in UNIX uber alles, and supports his local CryptoParty. Kyle holds a degree in Mathematics from the University of Texas at Dallas. Twitter: @kylemaxwell

In this episode what is the promise of automation, and where did we go wrong (or right?) the problems with 'volume' (of logging) and the loss of expressiveness a dive into 'exploratory based monitoring' how does log-based data analysis scale? baselines, and why 'anomaly detection' has failed us does machine learning solve the 'hands on keyboard' (continuous tuning) problem with SIEM? does today's 'threat intelligence' provide value, and is it really useful? decrying the tools - and blaming the victims what is machine learning good at, and what won't it be great at? log everything!   Guest Alex Pinto ( @alexcpsec ) - Alex has almost 15 years dedicated to Information Security solutions architecture, strategic advisory and security monitoring. He has been a speaker at major conferences such as BlackHat USA, DefCon, BSides Las Vegas and BayThreat.He has been researching and exploring the applications of machine learning and predictive analytics into information security data sources, such as logs and threat intelligence feeds.He launched MLSec Project (https://www.mlsecproject.org) in 2013 to develop and provide practical implementations of machine learning algorithms to support the information security monitoring practice. The goal is to use algoritmic automation to fight the challenges that we currently face in trying to make sense of day-to-day usage of SIEM solutions.

Episode 1 In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do a mini-review of the recently published book "Data Smart". Watch along "live" with the un-edited "director's" cut. Topic/resources mentioned in this episode: Russ Thomas - https://twitter.com/mrmeritology - http://exploringpossibilityspace.blogspot.com/ Alex Pinto - https://twitter.com/alexcpsec Michael Roytman - https://twitter.com/mroytman - http://about.me/michaelroytman MLSec Project - https://mlsecproject.org KDD - Knowledge Discovery and Data Mining Conference - http://www.kdd.org/ The (in)famous KDD’99 dataset - http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html Alex's version of the Data Science Venn Diagram - http://l.rud.is/1af3MLS Alex's xkcd shirt - http://store-xkcd-com.myshopify.com/collections/apparel/products/self-reference Measuring vs Modeling - https://www.usenix.org/system/files/login/articles/14_geer-online_0.pdf VCDB: Top 10 Actions by Industry - http://datadrivensecurity.info/blog/posts/2014/Jan/top10-threat-actions/ Wizard Pro - http://www.wizardmac.com/ Julia - http://julialang.org/ The Data Science Venn Diagram - http://drewconway.com/zia/2013/3/26/the-data-science-venn-diagram Data Smart - http://www.amazon.com/Data-Smart-Science-Transform-Information/dp/111866146X Risk I/O - https://www.risk.io/ Make sure to bookmark Data Driven Security blog and podcast and check out the upcoming book.