POPULARITY
Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesLondon as the Backdrop for Innovation and CultureThe conversation kicked off with reflections on London's vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city's knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It's this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat.Sean and Marco's admiration for the city wasn't just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion.Black Hat's Expanding Global ReachSean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat's international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts.Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force.Celebrating Local Voices in Global ConversationsOne of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat's dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events.The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive.Sean and Marco's Chemistry: Informal Yet InsightfulBeyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London's chilly December weather. Marco's love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions.It's this blend of professional insight and personal charm that makes their discussions so engaging. Whether they're debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back.Looking AheadAs the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community's stories to light remains steadfast. Whether you're attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all.Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesLondon as the Backdrop for Innovation and CultureThe conversation kicked off with reflections on London's vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city's knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It's this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat.Sean and Marco's admiration for the city wasn't just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion.Black Hat's Expanding Global ReachSean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat's international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts.Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force.Celebrating Local Voices in Global ConversationsOne of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat's dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events.The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive.Sean and Marco's Chemistry: Informal Yet InsightfulBeyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London's chilly December weather. Marco's love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions.It's this blend of professional insight and personal charm that makes their discussions so engaging. Whether they're debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back.Looking AheadAs the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community's stories to light remains steadfast. Whether you're attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all.Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Black Hat Hacker Summer Camp: A Meeting Ground for Security MindsAs Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes.Returning to Basics: The Unending Challenge of SecuritySean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged.Introducing AppSoc: The New Kid on the BlockSean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Praveen Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence.The Importance of Prioritization and Orchestrated RemediationWilly explains how AppSoc's "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly.Leveraging AI for Better Prioritization and Security PostureThe use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices.Real-world Applications: A Day in the Life with AppSocWilly shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc's efficacy in providing actionable insights promptly.The Shift-Left Strategy and DevSecOps CollaborationThe conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams.ConclusionSean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape.Learn more about AppSOC: https://itspm.ag/appsoc-z45xNote: This story contains promotional content. Learn more.Guest: Willy Leichter, Chief Marketing Officer, AppSOC [@appsoc_inc]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsocView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Black Hat Hacker Summer Camp: A Meeting Ground for Security MindsAs Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes.Returning to Basics: The Unending Challenge of SecuritySean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged.Introducing AppSoc: The New Kid on the BlockSean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Pravin Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence.The Importance of Prioritization and Orchestrated RemediationWilly explains how AppSoc's "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly.Leveraging AI for Better Prioritization and Security PostureThe use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices.Real-world Applications: A Day in the Life with AppSocWilly shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc's efficacy in providing actionable insights promptly.The Shift-Left Strategy and DevSecOps CollaborationThe conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams.ConclusionSean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape.Learn more about AppSOC: https://itspm.ag/appsoc-z45xNote: This story contains promotional content. Learn more.Guest: Willy Leichter, Chief Marketing Officer, AppSOC [@appsoc_inc]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsocView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue.Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We're here in Las Vegas for Black Hat USA 2024, and I'm thrilled to be joined by Theresa Lanowitz. Theresa, how are you?”Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs.Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.”The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on.Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience.Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience.Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they're not, achieving cyber resilience becomes very difficult.”The Pandemic's Impact on Cybersecurity Reflecting on the pandemic's effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach.Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance.Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you're going to be proactive rather than reactive.”The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures.Sean Martin: “By working with a trusted partner, you're not giving up your creative ideas but rather ensuring they play out effectively and securely.”The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity.Sean Martin: “It always comes back to the people, doesn't it?”Conclusion The episode wraps up with Sean expressing gratitude for Theresa's insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue.Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We're here in Las Vegas for Black Hat USA 2024, and I'm thrilled to be joined by Theresa Lanowitz. Theresa, how are you?”Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs.Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.”The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on.Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience.Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience.Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they're not, achieving cyber resilience becomes very difficult.”The Pandemic's Impact on Cybersecurity Reflecting on the pandemic's effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach.Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance.Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you're going to be proactive rather than reactive.”The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures.Sean Martin: “By working with a trusted partner, you're not giving up your creative ideas but rather ensuring they play out effectively and securely.”The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity.Sean Martin: “It always comes back to the people, doesn't it?”Conclusion The episode wraps up with Sean expressing gratitude for Theresa's insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guests: Vas Mavroudis, Principal Research Scientist, The Alan Turing InstituteWebsite | https://mavroud.is/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757Jamie Gawith, Assistant Professor of Electrical Engineering, University of BathOn LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
Guests: Vas Mavroudis, Principal Research Scientist, The Alan Turing InstituteWebsite | https://mavroud.is/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757Jamie Gawith, Assistant Professor of Electrical Engineering, University of BathOn LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year's coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year's event.Getting Ready for Black Hat 2024The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.Introducing Jeswin Mathai and SquareXJeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product's efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.The Birth of SquareXSean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.Addressing Security GapsJeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.Innovative Security SolutionsSquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.A Scalable and Privacy-Safe SolutionMarco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.Real-World Use CasesTo illustrate SquareX's capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.Looking Ahead to Black Hat and DEF CONThe discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today's cybersecurity challenges and solutions.ConclusionIn conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/jeswinmathai/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year's coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year's event.Getting Ready for Black Hat 2024The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.Introducing Jeswin Mathai and SquareXJeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product's efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.The Birth of SquareXSean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.Addressing Security GapsJeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.Innovative Security SolutionsSquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.A Scalable and Privacy-Safe SolutionMarco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.Real-World Use CasesTo illustrate SquareX's capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.Looking Ahead to Black Hat and DEF CONThe discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today's cybersecurity challenges and solutions.ConclusionIn conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/jeswinmathai/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesVroom Vroom! The Black Hat Tradition with Sean and MarcoIt's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat.A Decade of ITSP Magazine and Black HatMarco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection.What to Expect at Black Hat USA 2024Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions.Key HighlightsExpanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events.More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets.Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience.Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences.Deep Dives and Panel DiscussionsSteve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year's heavy election schedule and the growing influence of AI.Fireside Chat with Moxie MarlinspikeAnother unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape.Arsenal and the NOC: Fan Favorites ReturnSean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection.Wrapping UpAs Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesVroom Vroom! The Black Hat Tradition with Sean and MarcoIt's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat.A Decade of ITSP Magazine and Black HatMarco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection.What to Expect at Black Hat USA 2024Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions.Key HighlightsExpanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events.More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets.Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience.Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences.Deep Dives and Panel DiscussionsSteve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year's heavy election schedule and the growing influence of AI.Fireside Chat with Moxie MarlinspikeAnother unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape.Arsenal and the NOC: Fan Favorites ReturnSean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection.Wrapping UpAs Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie]On LinkedIn | https://www.linkedin.com/in/jess-nall/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs the countdown to Black Hat 2024 begins, ITSP Magazine's “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today.The Dodgeball Analogy: Setting the StageThe conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges.Legacy Technology vs. Modern CybersecurityDrawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today's cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually.ITSP Magazine's Milestone and Black Hat ConnectionsThis episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication's mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration.Introducing Jess Nall: Expertise and ExperienceJess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles.The Internet's Troubled History and Its ImpactMarco steers the conversation towards the Internet's troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes.The Perfect Storm: AI and CybersecurityThe discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever.Regulation and Legislation: A Critical ExaminationMarco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively.Looking Ahead: Black Hat 2024As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall's presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles.Stay Tuned with ITSP MagazineSean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie]On LinkedIn | https://www.linkedin.com/in/jess-nall/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs the countdown to Black Hat 2024 begins, ITSP Magazine's “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today.The Dodgeball Analogy: Setting the StageThe conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges.Legacy Technology vs. Modern CybersecurityDrawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today's cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually.ITSP Magazine's Milestone and Black Hat ConnectionsThis episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication's mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration.Introducing Jess Nall: Expertise and ExperienceJess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles.The Internet's Troubled History and Its ImpactMarco steers the conversation towards the Internet's troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes.The Perfect Storm: AI and CybersecurityThe discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever.Regulation and Legislation: A Critical ExaminationMarco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively.Looking Ahead: Black Hat 2024As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall's presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles.Stay Tuned with ITSP MagazineSean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:
The Question of the Week- I heard there is a new iPhone coming out, should I upgrade? The Big Stories: Black Hat 2023 Good Guys, researchers and enthusiast collaborating for the good of the Cyber community FBI, CIA, NSA & DHS are there to recruit Hacking into a Tesla Las Vegas turned off the Globe during the conference to remove the target Call for Transparency NSA Dir. Gets heckled
This episode reports on the hack of Hub International, advantages of honeypots, artificial intelligence and more
OUTLINE of today's show with TIMECODESUsing free speech to free the world -.0:21Gop senators say they'll block military funding unless vaccine mandate is scrapped. Better very, very late than never, but will it work?2:33Court orders across multiple lawsuits have blocked the distribution of any student debt relief under the plan since late October. Another blow to dictator Biden8:28Democrats in Illinois say they have the votes to IMMEDIATELY enact sweeping gun control measures. Here's what's in it.10:54New financial reports (for FinCEN) are about to go into effect for a lot of people mandated for SMALLER companies.18:05New York is looking for a Rat Czar. It pays very well. Do YOU qualify?25:15Downward death spiral of the Green MacGuffin. The rising cost of European energy makes no more battery plants on feasible, says Volkswagen CEO. 27:45Kanye & Alex Jones: Clowns Mugging for Attention. Kanye wants to rebrand Christianity with his own brand of lunacy and racism37:22Kanye praises Hitler's architecture? Der Fuhrer's "architecture" looks like bombed out buildings.44:16Stewart Rhodes: 40 years for trusting Trump, grifting with Trump and being betrayed by Trump51:19Musk bans Kanye on Twitter for posting a symbol from the UFO cult, that calls itself Raelians. Do neither of the celebrity billionaires know what it is?59:53Goattree joins. Why did Musk & Apple end their feud? Did it have anything to do with the danger presented by wireless earbuds like the AirPods? Whatever, you need to understand the health risk of wireless earbuds1:09:31How about wireless tech INSIDE your head? That's what Neuralink will be1:22:07Will Musk's Neuralink be able to let the blind see? Will it fulfill the CIA's long dream of Remote Viewing?1:27:21The story of Barnaby Jack and his sudden death at Black Hat Conference and the Achilles heel of Neuralink or any kind of wireless BCI (brain computer interface). 1:45:04NATO moves to confront China on the Taiwan issue.1:57:27Gerald Celente, TrendsJournal.com, joins. 2:01:39Russia Says US Is Directly Involved in Ukraine War.2:06:25What do you think is going to happen in China - Zero Covid & riots?2:10:25Gerald's take on Black Friday, the economy, interest rates2:19:07Gerald on how CBDC will be rolled out and how soon2:25:49If you would like to support the show and our family please consider subscribing monthly here: SubscribeStar https://www.subscribestar.com/the-david-knight-show Or you can send a donation throughZelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Mail: David Knight POB 994 Kodak, TN 37764Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silver
OUTLINE of today's show with TIMECODESUsing free speech to free the world -.0:21Gop senators say they'll block military funding unless vaccine mandate is scrapped. Better very, very late than never, but will it work?2:33Court orders across multiple lawsuits have blocked the distribution of any student debt relief under the plan since late October. Another blow to dictator Biden8:28Democrats in Illinois say they have the votes to IMMEDIATELY enact sweeping gun control measures. Here's what's in it.10:54New financial reports (for FinCEN) are about to go into effect for a lot of people mandated for SMALLER companies.18:05New York is looking for a Rat Czar. It pays very well. Do YOU qualify?25:15Downward death spiral of the Green MacGuffin. The rising cost of European energy makes no more battery plants on feasible, says Volkswagen CEO. 27:45Kanye & Alex Jones: Clowns Mugging for Attention. Kanye wants to rebrand Christianity with his own brand of lunacy and racism37:22Kanye praises Hitler's architecture? Der Fuhrer's "architecture" looks like bombed out buildings.44:16Stewart Rhodes: 40 years for trusting Trump, grifting with Trump and being betrayed by Trump51:19Musk bans Kanye on Twitter for posting a symbol from the UFO cult, that calls itself Raelians. Do neither of the celebrity billionaires know what it is?59:53Goattree joins. Why did Musk & Apple end their feud? Did it have anything to do with the danger presented by wireless earbuds like the AirPods? Whatever, you need to understand the health risk of wireless earbuds1:09:31How about wireless tech INSIDE your head? That's what Neuralink will be1:22:07Will Musk's Neuralink be able to let the blind see? Will it fulfill the CIA's long dream of Remote Viewing?1:27:21The story of Barnaby Jack and his sudden death at Black Hat Conference and the Achilles heel of Neuralink or any kind of wireless BCI (brain computer interface). 1:45:04NATO moves to confront China on the Taiwan issue.1:57:27Gerald Celente, TrendsJournal.com, joins. 2:01:39Russia Says US Is Directly Involved in Ukraine War.2:06:25What do you think is going to happen in China - Zero Covid & riots?2:10:25Gerald's take on Black Friday, the economy, interest rates2:19:07Gerald on how CBDC will be rolled out and how soon2:25:49If you would like to support the show and our family please consider subscribing monthly here: SubscribeStar https://www.subscribestar.com/the-david-knight-show Or you can send a donation throughZelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Mail: David Knight POB 994 Kodak, TN 37764Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silver
This week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club. All of this and more. Please like, subscribe and share. Story links and chapter listing is below. Serial Swatter Who Caused Death Gets Five Years in Prison https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/ Kaseya obtains universal decryptor for REvil ransomware victims https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/ Hackers reportedly demand $50m from Saudi Aramco over data leak https://www.bbc.com/news/business-57924355 New MosaicLoader malware targets software pirates via online ads https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/ An insurtech startup exposed thousands of sensitive insurance applications https://techcrunch.com/2021/07/16/backnine-insurance-applications-exposed/ Other mentions: Dark Patterns https://www.darkpatterns.org/ (ISC)2 Learning Portal https://learn.isc2.org Contents of this video: 00:00 - Javvad's Minecraft-esque Intro 02:22 - Black Hat Conference and COVID Thoughts 06:00 - Serial Swatter Who Caused Death Gets Five Years in Prison 10:32 - Kaseya obtains universal decryptor for REvil ransomware victims 14:54 - Hackers reportedly demand $50m from Saudi Aramco over data leak 20:05 - New MosaicLoader malware targets software pirates via online ads 25:54 - The (ISC)2 Learning Portal and What They Are Doing Right 30:38 - An insurtech startup exposed thousands of sensitive insurance applications 34:53 - Closing and Profound Insight from Erich
Kicking off our third season on Crucial Tech is an in depth look at #electiion #security. I attended the virtual Black Hat USA conference last week and got an education on how hostile foreign governments mare interfering with national elections, including ours. It's really not about how vulnerablemour election technology is. It is but that isn't the problem. The problem is how media is manipulated to hack the voter. This episode is a high-level look at how pervasive the problem is. in Part two, we will look at how it is done. You may be very surprised. --- Support this podcast: https://anchor.fm/crucialtech/support
Are you concerned about how social media seems to know exactly what you are thinking about? Are you’re that they are listening to you and your friends on mobile devices? Well, they don’t and they aren’t. You’ve been freely telling them what your concerns are and what you want to buy. But all that may be coming to an end. Find out how in the next episode of Crucial Tech. --- Support this podcast: https://anchor.fm/crucialtech/support
About the Lecture: Technologist Eric Fulton will discuss “How Nation States Attack High Value Assets,” with an emphasis on Chinese action. He will draw from his extensive experience in technology, hacking, and internet related issues, including his work in China. About the Speaker: Mr. Eric Fulton is a business owner and technologist. His first job was hacking international corporations, helping them identify and secure their information systems. During that time, Eric presented independent research at universities, the prestigious Black Hat Conference, and the world's largest hacker conference, DEFCON. Eric went on to start a local Internet Service Provider in Montana with the goal of helping solve the problem of rural broadband. Taking the skills, he learned in Montana, Eric then built a successful global banking network with a strong presence in Asia. With over 10 years of experience advocating for privacy and Internet freedom, Eric continues his mission of contributing to a secure, free, open Internet, working as the Identity Evangelist for Keybase, a company dedicated to solving identity and encrypted communication.
George Mason University professor Duminda Wijesekera talks about the Black Hat cybersecurity conference and the presentation he gave at Black Hat on the vulnerabilities found in electric motors. Learn more about your ad choices. Visit megaphone.fm/adchoices
Dan likes Skype. We hope everyone had a good 4th of July. 1st annual 9 mm Hustle. Liar's club is huge. Fact or Crap: Batting 1000 this week. Yahoo! Mail Bag: Two from Thom: 1) Reparations for slavery, polls suggest Americans are not convinced about the idea. 2) Republican Will Hurd: I was "disinvited" to the Black Hat Conference. Two from Joe: 1) Phoenix Mayor apologizes after police draw gun on family after child takes doll. 2) Diocese of Madison hires firm to review clergy files. The Rest of the Show: All email show this week.
Podcast: Down the Security Rabbithole PodcastEpisode: DtSR Episode 254 - Lowdown and Dirty ICSPub date: 2017-07-25This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics. Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago. Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector. Thanks again for joining us, Sergio!The podcast and artwork embedded on this page are from Rafal Los (Wh1t3Rabbit), which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
ITSPmagazine’s John Dasher sat down at Black Hat 2018 with Willy Leichter, Vice President of Marketing at Virsec to talk about how Virsec protects enterprises from advanced memory-based attacks at near 100% accuracy with a novel approach. Virsec takes a unique approach to security – they’re trying to secure applications from the inside out, as opposed to the traditional “outside in” security model where you’re trying to catch all the bad stuff that could potentially make its way in. They do this by looking at the execution of the application, specifically a lot of areas around fileless attacks, memory-based attacks, and other subtle, insidious attacks. Attackers are not sending conventional payloads, they’re sending scripts or bits and pieces that get re-assembled. Imagine that you take a 3D laser printed gun, disassemble it into parts and you bring it through security via different people at different times – it’s just pieces of plastic. It’s really not a gun until it’s reassembled. This may be a bit of a stretch, but they’re seeing similar things where attackers are coming in, and not just dropping a huge payload, but gaining a foothold through a vulnerability perhaps, and then leveraging that so they don’t actually weaponize things until the application is running. So how do they know what ‘normal’ looks like? Do they have to ‘fingerprint’ applications? They have a process in which they create an ‘app map’ – when an application is loaded into runtime memory, all the memory jumps are assigned in that moment, which are all predictable – and then they monitor all these jumps in real-time. So it’s really not a machine learning process per se; it’s a mapping process based on the current version of the software. For any operating system that their solution can run on, they can protect all the apps on it. They chat about all this and more — so take a listen and enjoy! Learn more about Virsec: https://itspm.ag/itspvrssdir
ITSPmagazine’s John Dasher chats with Dana Tamir, VP Market Strategy, Silverfort, at Black Hat 2018 about multi-factor authentication, how it’s changed with the shift to the cloud, hybrid environments, and disappearing perimeters, and how Silverfort enables strong MFA across the entire network without modifications to endpoints and servers. The problem with authentication – which is not new; it’s been available for a long time – is that phone credentials are used for 81% of the breaches we see today. MFA solutions strengthen authentication, but it’s not available for every system. It’s a very effective way to validate that you are who you say you are, but if you can’t apply it to all systems in an organization, you’re still left with many exposed systems. The way that networks have changed in recent years – moving to the cloud, the hybrid environments that we have, disappearing perimeters – this requires us to shift the way we treat identify and trust within the organization. Silverfort is an authentication company that comes up with next-generation solutions; they enable strong authentication for any sensitive asset across entire networks and cloud environments without any modifications to endpoints and servers. And they can apply this to systems that until today were thought to be unprotectable, like SCADA systems, commonly found in industrial applications, power plants, and critical infrastructure. Learn more about Silverfort: https://itspm.ag/itspslvrdir
ITSPmagazine’s John Dasher sat down at Black Hat 2018 with Jonathan Sander of STEALTHbits to chat about unstructured data, protecting credentials, ransomware, machine learning – and Sylvester Stallone. Plus, he explains how STEALTHbits can help protect an organization’s sensitive data from insider threats and automate security and compliance tasks. The number one move in the world of unstructured data and active directory is: delete. Jonathan puts this into perspective by mentioning the Sony hack: one of the things that was exposed was Sylvester Stallone’s social security number from a contract that was 14 years old. It was collateral damage that could’ve been completely eliminated with deletion. They also touch on machine learning, automation and more in the context that there are still 1 million successful ransomware attacks per month.
ITSPmagazine’s John Dasher sat down at Black Hat 2018 with Tal Guest of Bomgar to talk about privileged access management. Bomgar specializes in privileged access management (PAM) and has products that help support these types of use cases. Their recent acquisition of Avecto, an endpoint privilege management company is the perfect complement to Bomgar’s existing PAM solutions. You need privileges to move around in the environment and with Avecto’s additional layer of defense at the endpoint, Bomgar customers can remove excess admin rights throughout their organizations and only elevate privileges for approved applications and actions. The effect that you can have on mitigating and remediating a potential breach within your environment just by having a process in place so that you can change all the privilege credentials within the organization – you can respond to just about any threat that you are faced with. They also touch on the cloud and how it has impacted businesses, both the problem and the solutions.
ITSPmagazine’s John Dasher sat down at Black Hat 2018 with Nick Bilgorskiy from Juniper Networks to chat about malware, ransomware, new cryptocurrency attacks (“crypto jacking”) and how Juniper can help protect you by keeping your network clean and clear. Nick is a cybersecurity strategist and his specialty is malware — and now cryptocurrency attacks like ransomware and crypto jacking. While ransomware attacks take your data hostage and make you pay with bitcoins to get it back, crypto jacking involves the attacker taking over your CPU and exploiting it to mine cryptocurrency on your machine and then selling it. There are a lot of new innovations with cryptocurrency — previously they’ve seen malwartising/malvertising, but now cyber criminals have become very innovative about how they get that Monero. For example, they install plugins in browsers at Internet cafes and that way everyone who comes in to use those computers, they’re actually mining Monero for them. Juniper Networks offers high-performance network solutions (including routers, switches, network management software, network security products and software-defined networking technology) to help service providers, enterprises and the public sector create value and accelerate success. Learn more about Juniper Networks: https://itspm.ag/itspjnprdir
As per research to be released soon by the Brian Reed and his team at NowSecure, 10-15% of the top 50 apps in any category in your favorite mobile App Store have one or more critical vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 8 or higher. And we’re talking production apps from Fortune 500 companies here folks. How is this possible? According to Reed, a few things stand out: *There has been an increase in the use of 3rd-party libraries; this is coupled with an increase in the number of vulnerabilities in these libraries. *Companies are NOT updating and re-submitting their applications that use these libraries, even though the patches exist. *The above assumes that the company is aware of the vulnerabilities; many code-based assessment tools delivered through SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) models can’t get at the behavioral aspects uncovered via a binary assessment. When app developers work with NowSecure, they get the benefit of having a solution that leverages the mindset of an attacker. The behavioral-based assessment of the binary performed by NowSecure not only looks for vulnerabilities in the reverse-engineered source code, but also in how the application functions at runtime — which can present itself uniquely on different flavors and different versions of the mobile OS. As Reed explains, his clients can now hire creative people to use the tools available to them from NowSecure, enabling their analysts to tackle harder problems and their developers to focus on building better applications with automated testing that takes care of the security assessment part of their DevSecOps lifecycle.
We discuss some ways to check your Mac's hardware to make sure everything is working correctly, and we discussed some recent security issues, and a new way that wi-fi will be protected in the future. Episode 13: Is My Computer's CPU Secure? Black Hat Conference (https://www.blackhat.com/us-18/) Hyper-threading (Wikipedia) (https://en.wikipedia.org/wiki/Hyper-threading) TLBleed is latest Intel CPU flaw to surface: But don't expect it to be fixed (https://www.zdnet.com/article/tlbleed-is-latest-intel-cpu-flaw-to-surface-but-dont-expect-it-to-be-fixed/) Wi-Fi security is starting to get its biggest upgrade in over a decade (https://www.theverge.com/circuitbreaker/2018/6/26/17501594/wpa3-wifi-security-certification) Apple to Prevent iTunes Payment Info Changes on Very Old Versions of iOS, OS X, and Apple TV Software (https://www.macrumors.com/2018/06/28/apple-itunes-payment-info-email/) macOS 'Quick Look' Bug Can Leak Encrypted Data Through Thumbnail Caches (https://www.macrumors.com/2018/06/18/macos-quick-look-encrypted-data-bug/) How to Verify Your Mac’s Hardware Is Working Properly Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the second part of our interview, Benenson offers very practical advice on dealing with employee phishing and also discusses some of the consequences of IoT hacking. Transcript [Inside Out Security] Zinaida Benenson is a senior researcher at the University of Erlangen-Nuremberg. Her research focuses on the human factors connections in privacy and security, and she also explores IoT security, two topics which we are also very interested in at the Inside Out Security blog. Zinaida recently completed research into phishing. If you were at last year's Black Hat Conference, you heard her discuss these results in a session called How To Make People Click On Dangerous Links Despite Their Security Awareness. So, welcome Zinaida. [Zinaida Benenson] Okay. So my group is called Human Factors In Security And Privacy. But also, as you said, we are also doing technical research on the internet of things. And mostly when we are talking about human factors, we think about how people make decisions when they are confronted with security or privacy problems, and how can we help them in making those decisions better. [IOS] What brought you to my attention was the phishing study you presented at Black Hat, I think that was last year. And it was just so disturbing, after reading some of your conclusions and some of the results. But before we talk about them, can you describe that specific experiment you ran phishing college students using both email and Facebook? The Experiment [ZB] So in a nutshell, we sent, to over 1,000 university students, an email or a personal Facebook message from non-existing persons with popular German names. And these messages referred to a party last week and contained a link to supposed pictures from the party. In reality, this link led to an “access denied” page, but the links were individual. So we could see who clicked, and how many times they clicked. And later, we sent to them a questionnaire where we asked for reasons of their clicking or not clicking. [IOS] Right. So basically, they were told that they would be in an experiment but they weren't told that they would be phished. [ZB] Yes. So recruiting people for, you know, cyber security experiments is always tricky because you can't tell them the real goal of the experiment — otherwise, they would be extra vigilant. But on the other hand, you can't just send to them something without recruiting them. So this is an ethical problem. It's usually solved by recruiting people for something similar. So in our case, it was a survey for... about the internet habits. [IOS] And after the experiment, you did tell them what the purpose was? [ZB] Yes, yes. So this is called a debriefing and this also a special part of ethical requirements. So we sent to them an email where we described the experiment and also some preliminary results, and also described why it could be dangerous to click on a link in an email or a Facebook message. [IOS] Getting back to the actual phish content, the phish messaging content, in the paper I saw, you showed the actual template you used. And it looked — I mean, as we all get lots of spam – to my eyes and I think a lot of people's eyes, it just looked like really obvious spam. Yet, you achieved like very respectable click rates, and I think for Facebook, you got a very high rate – almost, was it 40% – of people clicking what looked like junk mail! [ZB] We had a bare IP address in the link, which should have alerted some people. I think it actually alerted some who didn't click.. But, yes, depending on the formulation of the message, we had 20% to over 50% of email users clicking. And independently on the formulation of the message, we had around 40% of users clicking. So in all cases, it's enough, for example, to get a company infected with malware! 50% Clicked on Emails [IOS] That is surprising! But then you also learned by surveying them, the reasons they were clicking. And I was wondering if you can share some of those, some of the results you found? [ZB] So the reasons. The most important or most frequently stated reason for clicking was curiosity. People were amused that the message was not addressed to them, but they were interested in the pictures. And the next most frequently stated reason was that the message actually was plausible because people actually went to a party last week, and there were people there that they did not know. And so they decided that it's quite plausible to receive such a message. [IOS] However, it was kind of a very generic looking message. So it's a little hard to believe, to me, that they thought it somehow related to them! [ZB] We should always consider the targeting audience. And this was students, and students communicate informally. Quite often, people have friends and even don't know their last names. And of course, I wouldn't send … if I was sending such a phishing email to, say employees of a company, or to general population, I wouldn't formulate it like this. So our targeting actually worked quite well. [IOS] So it was almost intentional that it looked...it was intentional that it looked informal and something that a college student might send to another one. "Hey, I saw you at a party." Now, I forget, was the name of the person receiving the email mentioned in the content or not? It just said, "Hey"? [ZB] We had actually two waves of the experiment. In the first wave, we mentioned people's names and we got over 50% of email recipients' click. And this was very surprising for us because we actually expected that on Facebook, people would click more just because people share pictures on Facebook, and it's easier to find a person on Facebook, or they know, okay, there is a student, it is a student and say, her first name is Sabrina or whatever. And so we were absolutely surprised to learn that over 50% of email recipients clicked in the first wave of the experiment! And we thought, "Okay, why could this be?" And we decided that maybe it was because we addressed people by their first names. So it was like, "Hey, Anna." And so we decided to have the second wave of the experiment where we did not address people by their first names, but just said, "Hey." And so we got the same, or almost the same, clicking rate on Facebook. But a much lower clicking rate on email. [IOS] And I think you had an explanation for that, if you had a theory about why that may be, why the rates were similar [for Facebook]? [ZB] Yeah. So on Facebook, it seems that it doesn't matter if people are addressed by name. Because as I said, the names of people on Facebook are very salient. So when you are looking up somebody, you can see their names. But if somebody knows my email address and knows my name, it might seem to some people …. more plausible. But this is just ... we actually didn't have any people explaining this in the messages. Also, we got a couple of people saying on email that, "Yeah, well, we didn't click that. Oh, well it didn't address me by name, so it looked like spam to me." So actually … names in emails seem to be important, even if at our university, email addresses consist of first name, point, second name, at university domain. [IOS] I thought you also suggested that because Facebook is a community, that there's sort of a higher level of trust in Facebook than in just getting an email. Or am I misreading that? [ZB] Well, it might be. It might be like this. But we did not check for this. And actually, there are different research. So some other people did some research on how well people trust Facebook and Facebook members. And yeah, people defer quite a lot, and I think that people use Facebook, not because they particularly trust it, but because it's very convenient and very helpful for them. Curiosity and Good Moods [IOS] Okay. And so what do you make of this curiosity as a first reason for clicking? [ZB] Well, first of all, we were surprised how honestly people answered. And saying, "Oh, I was curious about pictures of unknown people and an unknown party." It's a negative personality trait, yeah? So it was very good that we had an anonymous questionnaire. Maybe it made people, you know, answering more honestly. And I think that curiosity is, in this case, it was kind of negative, a negative personality trait. But actually, if you think about it, it's a very positive personality trait. Because curiosity and interest motivate us to, for example, to study and to get a good job, and to be good in our job. And they are also directly connected to creativity and interaction. [IOS] But on the other hand, curiosity can have some bad results. I think you also mentioned that even for those who were security aware, it didn't really make a difference. [ZB] Well, we asked people if they know — in the questionnaire —we asked them before we revealed the experiment, and asked them whether they clicked or not. We asked them a couple of questions that are related to security awareness like, "Can one be infected by a virus if one clicks on an attachment in an email, or on a link?" And when we tried to correlate, statistically correlate, the answers to this question, to this link clicking question, with people's report on whether they clicked or not, we didn't find any correlation. So this result is preliminary, yeah. We can't say with certainty, but it seems like awareness doesn't help a lot. And again, I have a hypothesis about this, but no proof so far. [IOS] And what is that? What is your theory? [ZB] My theory is that people can't be vigilant all the time. And psychological research actually showed that interaction, creativity, and good mood are connected to increased gullibility. And on the other hand, the same line of research showed that vigilance, and suspicion, and an analytical approach to solving problems is connected to bad mood and increased effort. So if we apply this, it means that being constantly vigilant is connected to being in a bad mood, which we don't want! And which is also not good for atmosphere, for example, in a firm. And with increased effort, which means that we are just tiring. And when we...at some time, we have to relax. And if the message arrives at this time, it's quite plausible for everybody, and I mean really for everybody including me, you, and every security expert in the world, to click on something! [IOS] It also has some sort of implications for hackers, I suppose. If they know that a company just went IPO … or everyone got raises in the group, then you start phishing them and sort of leverage off their good moods! Be Prepared: Secondary Defenses [IOS] What would you suggest to an IT Security Group using this research in terms of improving security in the company? [ZB] Well, I would suggest firstly to, you know, to make sure that they understand the users and the humans on the whole, yeah? We security people tend to consider users as you know, as nuisance, like, ‘Okay they're always doing the wrong things.’ Actually, we as security experts should protect people! And if the employees in the company were not there, then we wouldn't have our job, yeah? So what is important is to let humans be humans … And with all their positive but also negative characteristics and something like curiosity, for example, can be both. And to turn to technical defense I would say. Because to infect a company, one click is enough, yeah? And one should just assume that it will happen because of all these things I was saying even if people are security aware. The question is, what happens after the click? And there are not many examples of, you know, companies telling how they mitigate such things. So the only one I was able to find was the [inaudiable] security incident in 2011. I don't know if you remember. They were hacked and had to change, actually to exchange all the security tokens. And they, at least they published at least a part of what happened. And yeah, that was a very tiny phishing wave that maybe reached around 10 employees and only one of them clicked. So they got infected, but they noticed, they say that they noticed it quite quickly because of other security measures. I would say that that's what one should actually expect and that's what is the best outcome one can hope for. Yes, if one notices in time. [IOS] I agree that IT should be aware that this will happen and that the hackers and some will get in and you should have some secondary defenses. But I was also wondering, does it also suggest that perhaps some people should not have access to email? I mean … does this lead to a test … .and if some employees are just, you know, a little too curious, you just think, "You know what, maybe we take the email away from you for a while?" [ZB] Well you know, you can. I mean a company can try this if they can sustain the business consequences of this, yeah? So if people don't have emails then maybe some business processes will become less efficient and also employees might become disgruntled which is also not good. I would suggest that ... I think that it's not going to work! And at least it's not a good trade off. It might work but it's not a good trade off because, you know, all this for...If you implement a security measure that, that impairs business processes, it makes people dissatisfied! Then you have to count in the consequences. [IOS] I agree that IT should be aware that this will happen and that the hackers will get in and you should have some secondary defenses. But I was also wondering, does it also suggest that perhaps some people should not have access to email? I mean ... does this lead to a test where if some employees are just, you know, a little too curious you just say, ‘You know what? Maybe we take the e-mail away from you for a while.’ [ZB] Well, you know, you can. I mean, a company can try this if they can, you know, if they can sustain the business costs and consequences of this, yeah? So if people don't have emails then maybe some business processes will become less efficient and yeah, and also employees might become disgruntled which is also not good. I would suggest that, I think that it's not going to work! And at least it's not a good trade off. It might work, but it's not a good trade off because, you know, all this for...if you implement security measure that impairs our business processes and makes people dissatisfied, then you have to count in the consequences. [IOS] I'm agreeing with you that the best defense I think is awareness really and then taking other steps. I wanted to ask you one or two more questions. One of them is about what they call whale phishing or spear phishing perhaps is another way to say it, which is just going after not just any employee, but usually high-level executives. And at least from some anecdotes I've heard, executives are also prone to clicking on spam just like anybody else, but your research also suggests that some of the more context you provide, the more likely you'll get these executives to click. [ZB] Okay, so if you get more context of course you can make the email more plausible, and of course if you are targeting a particular person, there is a lot of possibilities to get information about them, and especially if it's somebody well-known like an executive of a company. And I think that there are also some personality traits of executives that might make them more likely to click. Because, you know, they didn't get their positions by being especially cautious and not taking risk and saying all safety first! I think that executives maybe even more risk-taking than, you know, average employee and more sure of themselves, and this might get a problem even more difficult. So it also may be even to not like being told by anybody about any kind of their behavior. IoT and Inferred Preferences [IOS] I have one more question since it's so interesting that you also do research on IoT privacy and security. Over in the EU, we know that the new General Data Protection Regulation, which I guess is going to take place in another year, actually has a very broad definition of what sensitive data is. I'm wondering if you can just talk about some of the implications of this? [ZB] Well, of course IoT data is everything's that is collected in our environment about us can be used to infer our preferences with quite a good precision. So… for example we had an experiment where we were able just from room climate data, so from temperature enter the age of humidity to determine if a person is, you know, staying or sitting. And this kind of data of course can be used to target messages even more precisely So for example if you can infer a person's mood and if you suppose if you buy from the psychological research that people in good moods are more likely to click, you might try to target people in better mood, yeah? Through the IOT data available to you or through IOT data available to you through the company that you hacked. Yeah … point is, you know, that targeting already works very well. Yeah, you just need to know the name of the person and maybe the company this person is dealing with! [IOS] Zinaida this was a very fascinating conversation and really has a lot of implications for how IT security goes about their job. So I'd like to thank you for joining us on this podcast! [ZB] You're welcome. Thank you for inviting me!
This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance to sit down across the microphone from Jason Garbis of Cryptzone to talk about a the software defined perimeter. SDP is a relatively new space many of us in security aren't familiar with, so we decided we'd record a primer on the topic, narrated by someone who is expertly involved in the practitioner side (through the CSA, Cloud Security Alliance) developing the standards and the provider side (Cryptzone) developing products and services towards the specification. This is a more technical-focused podcast than many of our others, so sit back, grab a notepad and get ready to learn something. For more of Jason's work, check out this link: https://insight.cryptzone.com/author/jason-garbis/ Guest Jason Garbis - Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.
Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the "Human Factors in Security and Privacy" group. She and her colleagues conducted a fascinating study into why people click on what appears to be obvious email spam. In the first part of our interview with Benenson, we discusses how she collected her results, and why curiosity seems to override security concerns when dealing with phish mail. Transcript [Inside Out Security] Zinaida Benenson is a senior researcher at the University of Erlangen-Nuremberg. Her research focuses on the human factors connections in privacy and security, and she also explores IoT security, two topics which we are also very interested in at the Inside Out Security blog. Zinaida recently completed research into phishing. If you were at last year's Black Hat Conference, you heard her discuss these results in a session called How To Make People Click On Dangerous Links Despite Their Security Awareness. So, welcome Zinaida. [Zinaida Benenson] Okay. So my group is called Human Factors In Security And Privacy. But also, as you said, we are also doing technical research on the internet of things. And mostly when we are talking about human factors, we think about how people make decisions when they are confronted with security or privacy problems, and how can we help them in making those decisions better. [IOS] What brought you to my attention was the phishing study you presented at Black Hat, I think that was last year. And it was just so disturbing, after reading some of your conclusions and some of the results. But before we talk about them, can you describe that specific experiment you ran phishing college students using both email and Facebook? The Experiment [ZB] So in a nutshell, we sent, to over 1,000 university students, an email or a personal Facebook message from non-existing persons with popular German names. And these messages referred to a party last week and contained a link to supposed pictures from the party. In reality, this link led to an “access denied” page, but the links were individual. So we could see who clicked, and how many times they clicked. And later, we sent to them a questionnaire where we asked for reasons of their clicking or not clicking. [IOS] Right. So basically, they were told that they would be in an experiment but they weren't told that they would be phished. [ZB] Yes. So recruiting people for, you know, cyber security experiments is always tricky because you can't tell them the real goal of the experiment — otherwise, they would be extra vigilant. But on the other hand, you can't just send to them something without recruiting them. So this is an ethical problem. It's usually solved by recruiting people for something similar. So in our case, it was a survey for... about the internet habits. [IOS] And after the experiment, you did tell them what the purpose was? [ZB] Yes, yes. So this is called a debriefing and this also a special part of ethical requirements. So we sent to them an email where we described the experiment and also some preliminary results, and also described why it could be dangerous to click on a link in an email or a Facebook message. [IOS] Getting back to the actual phish content, the phish messaging content, in the paper I saw, you showed the actual template you used. And it looked — I mean, as we all get lots of spam – to my eyes and I think a lot of people's eyes, it just looked like really obvious spam. Yet, you achieved like very respectable click rates, and I think for Facebook, you got a very high rate – almost, was it 40% – of people clicking what looked like junk mail! [ZB] We had a bare IP address in the link, which should have alerted some people. I think it actually alerted some who didn't click.. But, yes, depending on the formulation of the message, we had 20% to over 50% of email users clicking. And independently on the formulation of the message, we had around 40% of users clicking. So in all cases, it's enough, for example, to get a company infected with malware! 50% Clicked on Emails [IOS] That is surprising! But then you also learned by surveying them, the reasons they were clicking. And I was wondering if you can share some of those, some of the results you found? [ZB] So the reasons. The most important or most frequently stated reason for clicking was curiosity. People were amused that the message was not addressed to them, but they were interested in the pictures. And the next most frequently stated reason was that the message actually was plausible because people actually went to a party last week, and there were people there that they did not know. And so they decided that it's quite plausible to receive such a message. [IOS] However, it was kind of a very generic looking message. So it's a little hard to believe, to me, that they thought it somehow related to them! [ZB] We should always consider the targeting audience. And this was students, and students communicate informally. Quite often, people have friends and even don't know their last names. And of course, I wouldn't send … if I was sending such a phishing email to, say employees of a company, or to general population, I wouldn't formulate it like this. So our targeting actually worked quite well. [IOS] So it was almost intentional that it looked...it was intentional that it looked informal and something that a college student might send to another one. "Hey, I saw you at a party." Now, I forget, was the name of the person receiving the email mentioned in the content or not? It just said, "Hey"? [ZB] We had actually two waves of the experiment. In the first wave, we mentioned people's names and we got over 50% of email recipients' click. And this was very surprising for us because we actually expected that on Facebook, people would click more just because people share pictures on Facebook, and it's easier to find a person on Facebook, or they know, okay, there is a student, it is a student and say, her first name is Sabrina or whatever. And so we were absolutely surprised to learn that over 50% of email recipients clicked in the first wave of the experiment! And we thought, "Okay, why could this be?" And we decided that maybe it was because we addressed people by their first names. So it was like, "Hey, Anna." And so we decided to have the second wave of the experiment where we did not address people by their first names, but just said, "Hey." And so we got the same, or almost the same, clicking rate on Facebook. But a much lower clicking rate on email. [IOS] And I think you had an explanation for that, if you had a theory about why that may be, why the rates were similar [for Facebook]? [ZB] Yeah. So on Facebook, it seems that it doesn't matter if people are addressed by name. Because as I said, the names of people on Facebook are very salient. So when you are looking up somebody, you can see their names. But if somebody knows my email address and knows my name, it might seem to some people …. more plausible. But this is just ... we actually didn't have any people explaining this in the messages. Also, we got a couple of people saying on email that, "Yeah, well, we didn't click that. Oh, well it didn't address me by name, so it looked like spam to me." So actually … names in emails seem to be important, even if at our university, email addresses consist of first name, point, second name, at university domain. [IOS] I thought you also suggested that because Facebook is a community, that there's sort of a higher level of trust in Facebook than in just getting an email. Or am I misreading that? [ZB] Well, it might be. It might be like this. But we did not check for this. And actually, there are different research. So some other people did some research on how well people trust Facebook and Facebook members. And yeah, people defer quite a lot, and I think that people use Facebook, not because they particularly trust it, but because it's very convenient and very helpful for them. Curiosity and Good Moods [IOS] Okay. And so what do you make of this curiosity as a first reason for clicking? [ZB] Well, first of all, we were surprised how honestly people answered. And saying, "Oh, I was curious about pictures of unknown people and an unknown party." It's a negative personality trait, yeah? So it was very good that we had an anonymous questionnaire. Maybe it made people, you know, answering more honestly. And I think that curiosity is, in this case, it was kind of negative, a negative personality trait. But actually, if you think about it, it's a very positive personality trait. Because curiosity and interest motivate us to, for example, to study and to get a good job, and to be good in our job. And they are also directly connected to creativity and interaction. [IOS] But on the other hand, curiosity can have some bad results. I think you also mentioned that even for those who were security aware, it didn't really make a difference. [ZB] Well, we asked people if they know — in the questionnaire —we asked them before we revealed the experiment, and asked them whether they clicked or not. We asked them a couple of questions that are related to security awareness like, "Can one be infected by a virus if one clicks on an attachment in an email, or on a link?" And when we tried to correlate, statistically correlate, the answers to this question, to this link clicking question, with people's report on whether they clicked or not, we didn't find any correlation. So this result is preliminary, yeah. We can't say with certainty, but it seems like awareness doesn't help a lot. And again, I have a hypothesis about this, but no proof so far. [IOS] And what is that? What is your theory? [ZB] My theory is that people can't be vigilant all the time. And psychological research actually showed that interaction, creativity, and good mood are connected to increased gullibility. And on the other hand, the same line of research showed that vigilance, and suspicion, and an analytical approach to solving problems is connected to bad mood and increased effort. So if we apply this, it means that being constantly vigilant is connected to being in a bad mood, which we don't want! And which is also not good for atmosphere, for example, in a firm. And with increased effort, which means that we are just tiring. And when we...at some time, we have to relax. And if the message arrives at this time, it's quite plausible for everybody, and I mean really for everybody including me, you, and every security expert in the world, to click on something! [IOS] It also has some sort of implications for hackers, I suppose. If they know that a company just went IPO … or everyone got raises in the group, then you start phishing them and sort of leverage off their good moods! Be Prepared: Secondary Defenses [IOS] What would you suggest to an IT Security Group using this research in terms of improving security in the company? [ZB] Well, I would suggest firstly to, you know, to make sure that they understand the users and the humans on the whole, yeah? We security people tend to consider users as you know, as nuisance, like, ‘Okay they're always doing the wrong things.’ Actually, we as security experts should protect people! And if the employees in the company were not there, then we wouldn't have our job, yeah? So what is important is to let humans be humans … And with all their positive but also negative characteristics and something like curiosity, for example, can be both. And to turn to technical defense I would say. Because to infect a company, one click is enough, yeah? And one should just assume that it will happen because of all these things I was saying even if people are security aware. The question is, what happens after the click? And there are not many examples of, you know, companies telling how they mitigate such things. So the only one I was able to find was the [inaudiable] security incident in 2011. I don't know if you remember. They were hacked and had to change, actually to exchange all the security tokens. And they, at least they published at least a part of what happened. And yeah, that was a very tiny phishing wave that maybe reached around 10 employees and only one of them clicked. So they got infected, but they noticed, they say that they noticed it quite quickly because of other security measures. I would say that that's what one should actually expect and that's what is the best outcome one can hope for. Yes, if one notices in time. [IOS] I agree that IT should be aware that this will happen and that the hackers and some will get in and you should have some secondary defenses. But I was also wondering, does it also suggest that perhaps some people should not have access to email? I mean … does this lead to a test … .and if some employees are just, you know, a little too curious, you just think, "You know what, maybe we take the email away from you for a while?" [ZB] Well you know, you can. I mean a company can try this if they can sustain the business consequences of this, yeah? So if people don't have emails then maybe some business processes will become less efficient and also employees might become disgruntled which is also not good. I would suggest that ... I think that it's not going to work! And at least it's not a good trade off. It might work but it's not a good trade off because, you know, all this for...If you implement a security measure that, that impairs business processes, it makes people dissatisfied! Then you have to count in the consequences. [IOS] I agree that IT should be aware that this will happen and that the hackers will get in and you should have some secondary defenses. But I was also wondering, does it also suggest that perhaps some people should not have access to email? I mean ... does this lead to a test where if some employees are just, you know, a little too curious you just say, ‘You know what? Maybe we take the e-mail away from you for a while.’ [ZB] Well, you know, you can. I mean, a company can try this if they can, you know, if they can sustain the business costs and consequences of this, yeah? So if people don't have emails then maybe some business processes will become less efficient and yeah, and also employees might become disgruntled which is also not good. I would suggest that, I think that it's not going to work! And at least it's not a good trade off. It might work, but it's not a good trade off because, you know, all this for...if you implement security measure that impairs our business processes and makes people dissatisfied, then you have to count in the consequences. [IOS] I'm agreeing with you that the best defense I think is awareness really and then taking other steps. I wanted to ask you one or two more questions. One of them is about what they call whale phishing or spear phishing perhaps is another way to say it, which is just going after not just any employee, but usually high-level executives. And at least from some anecdotes I've heard, executives are also prone to clicking on spam just like anybody else, but your research also suggests that some of the more context you provide, the more likely you'll get these executives to click. [ZB] Okay, so if you get more context of course you can make the email more plausible, and of course if you are targeting a particular person, there is a lot of possibilities to get information about them, and especially if it's somebody well-known like an executive of a company. And I think that there are also some personality traits of executives that might make them more likely to click. Because, you know, they didn't get their positions by being especially cautious and not taking risk and saying all safety first! I think that executives maybe even more risk-taking than, you know, average employee and more sure of themselves, and this might get a problem even more difficult. So it also may be even to not like being told by anybody about any kind of their behavior. IoT and Inferred Preferences [IOS] I have one more question since it's so interesting that you also do research on IoT privacy and security. Over in the EU, we know that the new General Data Protection Regulation, which I guess is going to take place in another year, actually has a very broad definition of what sensitive data is. I'm wondering if you can just talk about some of the implications of this? [ZB] Well, of course IoT data is everything's that is collected in our environment about us can be used to infer our preferences with quite a good precision. So… for example we had an experiment where we were able just from room climate data, so from temperature enter the age of humidity to determine if a person is, you know, staying or sitting. And this kind of data of course can be used to target messages even more precisely So for example if you can infer a person's mood and if you suppose if you buy from the psychological research that people in good moods are more likely to click, you might try to target people in better mood, yeah? Through the IOT data available to you or through IOT data available to you through the company that you hacked. Yeah … point is, you know, that targeting already works very well. Yeah, you just need to know the name of the person and maybe the company this person is dealing with! [IOS] Zinaida this was a very fascinating conversation and really has a lot of implications for how IT security goes about their job. So I'd like to thank you for joining us on this podcast! [ZB] You're welcome. Thank you for inviting me!
This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics. Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago. Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector. Thanks again for joining us, Sergio!
Security Current podcast - for IT security, networking, risk, compliance and privacy professionals
In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah. An early adopter of threat intelligence, Masserini notes its challenges and asks Meftah what AlienVault is seeing in the market and how threat intelligence is being integrated into companies’ security organizations. Meftah talks about the need to efficiently aggregate information while noting that it is more important to synthesize the information to ensure it is easily consumable and actionable. He describes AlienVault’s crowdsourcing approach and how it is helping SMBs centralize and simplify their threat detection and response. They were speaking in this sponsored podcast at the Black Hat Conference in Las Vegas earlier this month.
Welcome to episode 18 of the EdTech Situation Room from August 3, 2016, where technology news meets educational analysis. This week Jason Neiffer (@techsavvyteach) and Wesley Fryer (@wfryer) discussed the impacts of cell phone availability for refugees in Greece, security and a new hack announced at the Black Hat Conference, millenial preferences for Microsoft Word over Google Docs for individual projects, the present and future of eBooks, the DNA revolution and DIY genomics. Geeks of the week included Paperpile (a software tool for research citations) and the @pfsense SG-2220 router. Follow us on Twitter @edtechSR to stay up to date on our live shows. If you listen to the show and especially if you like it, please reach out to us via Twitter and let us know! Check out our shownotes on http://edtechsr.com/links.
7 AM - Anthony Weiner won't drop out of the mayoral race; Justin Bieber won't be charged for assaulting photographer; George Zimmerman pulled over by police in Texas; The Smithsonian wants Trayon Martin's hoodie; Alex Rodriguez might or might not get banned from baseball; We talk to Larry Magid about the Black Hat conference and the NSA.
Buying a laptop for college, VM Password advice, securing your online medical account, Facebook privacy, Profiles in IT (Anthony M Fadell, father of the Apple iPod), BART cuts wireless service to stop protest, World Wide Web turn 20 (Tim Berner-Lee launched the first website August 6, 1991 at CERN), IBM PC turns 20 (PC announced in Waldorf Astoria on August 12, 1981, cost $1,565, 4.77 MHz Intel 8088, 16 kB RAM), Perseid Meteor Shower (peak nights this weekend, images available via webcam for first time), DARPA lostes Mach 20 aircraft (reached speeds 20 times the speed of sound, telemetry failure after 13 minutes), and Black Hat Conference (held in Las Vegas, many security vulnerabilities discusses included certifcate authority system, UPNP on wireless routers, new phishing techniques). This show originally aired on Saturday, August 13, 2011, at 9:00 AM EST on WFED (1500 AM).
Buying a laptop for college, VM Password advice, securing your online medical account, Facebook privacy, Profiles in IT (Anthony M Fadell, father of the Apple iPod), BART cuts wireless service to stop protest, World Wide Web turn 20 (Tim Berner-Lee launched the first website August 6, 1991 at CERN), IBM PC turns 20 (PC announced in Waldorf Astoria on August 12, 1981, cost $1,565, 4.77 MHz Intel 8088, 16 kB RAM), Perseid Meteor Shower (peak nights this weekend, images available via webcam for first time), DARPA lostes Mach 20 aircraft (reached speeds 20 times the speed of sound, telemetry failure after 13 minutes), and Black Hat Conference (held in Las Vegas, many security vulnerabilities discusses included certifcate authority system, UPNP on wireless routers, new phishing techniques). This show originally aired on Saturday, August 13, 2011, at 9:00 AM EST on WFED (1500 AM).
Domain name owernership and IP address lookup, resetting wireless router defaults, multiple devices on one iTunes account, Profiles in IT (Rob Glaser, founder of RealNetworks), infrastructure controls vulnerable to hacking (many SCADA devices improperly configured, easily located with Google, featured at Black Hat Conference), Website of the Week (www.shodanhq.com, database of vulnerable Internet devices), FCC finds broadband advertising to be mostly accurate (substantial improvement over 2009 results), RIM releases Blackberry OS 7 (hopes to compete with iPhone and Android, may be too late), National Archives hires first Wikepedian in Residence (will make holdings available on Wikipedia), DHS develops software security tools to help agencies audit security, ATT requires voicemail passwords (responding to UK voicemail hacking scandal, follows Verizon lead), and SpaceX to provide 12 International Space Station cargo missions (funded with $1.6B contract). This show originally aired on Saturday, August 6, 2011, at 9:00 AM EST on WFED (1500 AM).
Domain name owernership and IP address lookup, resetting wireless router defaults, multiple devices on one iTunes account, Profiles in IT (Rob Glaser, founder of RealNetworks), infrastructure controls vulnerable to hacking (many SCADA devices improperly configured, easily located with Google, featured at Black Hat Conference), Website of the Week (www.shodanhq.com, database of vulnerable Internet devices), FCC finds broadband advertising to be mostly accurate (substantial improvement over 2009 results), RIM releases Blackberry OS 7 (hopes to compete with iPhone and Android, may be too late), National Archives hires first Wikepedian in Residence (will make holdings available on Wikipedia), DHS develops software security tools to help agencies audit security, ATT requires voicemail passwords (responding to UK voicemail hacking scandal, follows Verizon lead), and SpaceX to provide 12 International Space Station cargo missions (funded with $1.6B contract). This show originally aired on Saturday, August 6, 2011, at 9:00 AM EST on WFED (1500 AM).
Fixing disk errors (chkdsk, Spinrite), Profiles in IT (Robert Noyce and Gordon Moore, co-founders Intel), cyber attack preceded Georgian invasion by Russia, Air Force Cyber Command established, teaching malware in college (George Ledin called the AQ Khan of the Internet by security companies), MIT students hack Boston subway fare card system (paper at Defcon blocked by courts), Windows Vista security breached (methods used for .NET dlls in browsers not secure, paper presented at Black Hat Conference), identify theft at Olympics a real threat (change passwords frequently, beware of wireless connections and public computers), Chinese use RFID chips for 3 million Olympic passes, GPS for tracking (used by police without warrant), bypassing the Great Chinese Firewall (Global Internet Freedom Consortium to the rescue), and Food Science (two types of pickling, salt and vinegar). This show originally aired on Saturday, August 16, 2008, at 9:00 AM EST on 3WT Radio (WWWT).
Fixing disk errors (chkdsk, Spinrite), Profiles in IT (Robert Noyce and Gordon Moore, co-founders Intel), cyber attack preceded Georgian invasion by Russia, Air Force Cyber Command established, teaching malware in college (George Ledin called the AQ Khan of the Internet by security companies), MIT students hack Boston subway fare card system (paper at Defcon blocked by courts), Windows Vista security breached (methods used for .NET dlls in browsers not secure, paper presented at Black Hat Conference), identify theft at Olympics a real threat (change passwords frequently, beware of wireless connections and public computers), Chinese use RFID chips for 3 million Olympic passes, GPS for tracking (used by police without warrant), bypassing the Great Chinese Firewall (Global Internet Freedom Consortium to the rescue), and Food Science (two types of pickling, salt and vinegar). This show originally aired on Saturday, August 16, 2008, at 9:00 AM EST on 3WT Radio (WWWT).
Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference
Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.
Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference
Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.