Podcasts about CSO

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard
  • 741PODCASTS
  • 1,715EPISODES
  • 46mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Oct 18, 2021LATEST

POPULARITY

20112012201320142015201620172018201920202021


Best podcasts about CSO

Show all podcasts related to cso

Latest podcast episodes about CSO

Task Force 7 Cyber Security Radio
Ep. #196: Cyber Security Sales: A Buyers and Sellers Guide

Task Force 7 Cyber Security Radio

Play Episode Listen Later Oct 18, 2021 59:43


Managing Partner of Delve Risk Anthony Johnson joins co-host Andy Bonillo to discuss the current state of cyber security sales. Anthony dives deep into both sides of the table to help the CISO understand the world of the salesperson and to enable the salesperson to successfully engage with security executives. Anthony also shared his perspective on the CISO role, the difference between a big C and a little C in the CISO title. We finished up the show with Anthony sharing how he decided to leave his enterprise cyber security executive role to become an entrepreneur and his advice for those looking to start a business. All this and much much more on Episode #196 of Task Force 7 Radio.

Local Pulse with Joe DiBiase
Show 374 - 10.16.2021

Local Pulse with Joe DiBiase

Play Episode Listen Later Oct 16, 2021 64:10


James Kelcourse - Sate Representative

Cloud Talk
Staying Ahead of Cybercriminals Through Cyber Testing

Cloud Talk

Play Episode Listen Later Oct 15, 2021 44:57


Today's organizations face an ever-increasing number of cyberthreats. This means they must deploy a number of increasingly effective cyber defense tools — including cyber testing. Effective testing requires a number of steps from having a clear plan to getting buy-in to acting on the results. Special Guests: Brandon Jaster, Karen O'Reilly-Smith, and Thomas Dowling.

2-Bit Idiots
EP8: Stay Humble Stack Yachts - Why Fat Lazy Brendo Won't Clean His Pool

2-Bit Idiots

Play Episode Listen Later Oct 15, 2021 76:29


In this episode we talk Bitcoin freestyle. No plan, just see where it takes us. We end up talking about: The housing ‘boom'. Why you think you're getting rich but aren't. Hats love for Jeff Booth, and why the ‘growth forever' system is unsustainable. Skirting around the ‘C' word. Inflation and why the CPI metric looks bad but doesn't even tell the whole bad story. Depression, and how Bitcoin can help you regain hope. Also, being “overwhelmed” by all the people you can't save. Domains, and how we're not just stacking sats. Elon Musk talking shit, but still owning Bitcoin, owning stackingsats.com and moving Telsa to the Bitcoin capital of the world, Austin. Hats meets Jagger and Brendo meets Thor. Murrayfield is a stadium and not someone from the Wiggles. Taking 20 years for 1.8m Salvadorans to be banked, and 20 days for 2.2m Salvadorans to have a Bitcoin wallet. Why Bitcoiners are not pumping their own bags. Why the bottom 55% of the population might only have 6348 sats. Why Bitcoin is not included in The Big Picture report! Why $18 trillion is spent on negative yielding bonds. And our new favourite feature...Dick of the Day. Pod Shout-outs https://twitter.com/StarfuryFlames Meme/gif god https://twitter.com/JeffBooth (Author, The Price of Tomorrow) https://amzn.to/3mY0dnM https://twitter.com/saylor (Michael Saylor, Microstrategy) https://twitter.com/gladstein (Alex Gladstein, CSO, Human Rights Foundation) https://twitter.com/MichaelRihani (Bitcoin PM, CashApp) https://twitter.com/charliebilello (CEO, Compound Capital Advisors) https://twitter.com/DeadpoolBitcoin (Twitter nym) https://twitter.com/glennhodl (Node Operator) https://twitter.com/jamesviggy (jamesviggy.com) https://twitter.com/samcallah (Writer, Swan Bitcoin) Contact Us www.twitter.com/2BitIdiots (here if you'd like to be a Pod guest) www.twitter.com/BitcoinBrendo www.twitter.com/StackingHats Or visit our website: www.2bitidiots.com for links to the pod on your favourite podcast app. Thanks for listening.

The Tech Blog Writer Podcast
1751: LogRhythm - Why It's Time for the CSO to Report Directly to the CEO

The Tech Blog Writer Podcast

Play Episode Listen Later Oct 15, 2021 22:32


In the wake of major breaches over the last few months, organizations across industries are re-evaluating their cybersecurity strategies, with many realigning priorities to ensure their security team and technology solutions can meet the needs of an evolving threat landscape. Mark Logan, CEO of LogRhythm, talks about the importance of the CSO reporting directly to the CEO. Mark explains why this reporting structure demonstrates the value a company places on cybersecurity as an enabler of business performance at a time when cyber breach headlines are top of mind for the public and maintaining trust is crucial. Cybersecurity is now a board-level initiative for all companies, not just those in the software and security spaces. We talk about why enterprises that do not get on board with this shift in organizational structure that brings CSOs to the forefront could lose out on key talent. Perhaps more concerningly, they also stand to see a weakening of consumer trust and business value, especially if the organization ultimately experiences a damaging breach because security was not prioritized. Mark discusses how this reporting structure fosters trust among consumers and future business partners that security and data privacy are taken seriously and given the highest priority within the company. Podcast Sponsor  Download Hirect, the free app is trusted by 10,000+ startups who chat directly with ideal candidates and accelerate their hiring process 10x faster than traditional ways.   

CSO Audio Program Notes
CSO Program Notes: Shostakovich, Schubert 3 & Prokofiev Piano Concerto No. 1

CSO Audio Program Notes

Play Episode Listen Later Oct 13, 2021 19:03


Ukrainian-born piano powerhouse Alexander Gavrylyuk presents Prokofiev's iridescent and rhythmically animated First Piano Concerto, the work with which the composer made his CSO performance debut, in 1918, as part of its U.S. premiere. James Conlon leads this program framed by Shostakovich's steely Chamber Symphony, an adaptation of his elegiac Eighth String Quartet, and Schubert's mercurial Symphony No. 3, which shines with youthful vigor. Michael Tilson Thomas has withdrawn from these performances due to health reasons. Learn more: https://cso.org/performances/21-22/cso-classical/shostakovich-schubert-3-prokofiev-piano-concerto-no-1/

Wild Wimmin
Bonus Cast - Owen Wells full chat

Wild Wimmin

Play Episode Listen Later Oct 12, 2021 39:22


Hello, and welcome to Wild Wimmin the Wild Swimming Podcast,   I'm Laura Macdonald.Owen Wells is a swimmer, Green town councillor and all round excellent fellow and we chatted back in April about his life as an outdoor swimmer and the achievements that he gained in later life. During Lockdown Owen has been swimming in the River Wharfe upstream of Ilkley and so we chatted about his relationship to the river and the really sh**ty problems that bathers, anglers and others who enjoy the river, are encountering with river pollutionI spoke to Owen Wells originally for the episode about the Ilkley Clean River Group and If you want to hear more about their work and the problems with river pollution in the UK then please go back and listen to that episode in full once you're done here.  Just to make those of you with sensitive ears aware there are a couple of sweary moments.Links:Ilkley Clean River Group website, Facebook and Instagram.  There is a 'how to' section if you are interested in starting your own campaign.SurfersAgainstSewage are doing a huge amount of work in this area and their website has a lot of excellent resources as well as links to campaigns with which you can get involved.Guardian article about the 2020 Environment Agency data on CSO spillages.The Rivers Trust - Rivers Fit to Swim In and  map of CSO locationsYou can support the podcast via Patreon for as little as £3 a month. Patrons will get access to exclusive Wild Wimmin content and (eventually…) merch! You will be helping to shape the future of the podcast.Please take a minute to like,  subscribe and review. It helps other swimmers to find the podcast. Massive thanks to The Housecoat Project for allowing me to use their song Wild Wimmin as the theme music. "Wild Wimmin" : words + music by Meri St. Mary (Instagram). Performed by Housecoat Project @1988 Wide Eye Doo Dat on Subterranean Records: https://youtu.be/k5D2h-B-qDUYou can follow Wild Wimmin on Instagram @WildWimminPod and FacebookFollow Laura @The_YellowBrolly on Instagram 

CISO-Security Vendor Relationship Podcast
A Quick Way to Tell Which Vendors You Should Avoid

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Oct 12, 2021 34:30


All links and images for this episode can be found on CISO Series Do you really need hundreds of questions to know if you want to work with a vendor? Won't just two or three well-pointed questions really give you a good idea? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nick Selby (@fuzztech), CSO, Paxos Trust Company and co-host of Tech Debt Burndown podcast. Thanks to our podcast sponsor, Kenna Security In this episode: How do you suss out security vendors to make sure they're not a risk? How do you battle a typosquatter? What types of preparations do you have in place to know you're well prepared for an incident? How should CISOs and CIOs share cybersecurity ownership?

TechTimeRadio
Why Window 11 is destined to fail, the extensive segment on Laura Meile with EA. Why Facebook is key to people worldwide, and of course, The Facebook Outage, and our technology segment reading phishing attempts in [Letters] Air Date: 10/9 - 10/15/21

TechTimeRadio

Play Episode Listen Later Oct 11, 2021 112:10


This week on the show, Why Window 11 is destined to fail, Facebook and associated apps were down not once but twice this week. Next, Holograms are "REAL" l as a startup creates objects out of light and thin air. Next, we cover EA's new COO, Laura Miele, in our segment [Things You Didn't Know]. Then, we are excited to have Gwen Way on our [Gadgets and Gear] segment. Finally, we have "Mike's Mesmerizing Moment" brought to us by StoriCoffee® along with our Whiskey Tastings, all on hour one of the show. "Welcome to TechTime with Nathan Mumm, the show that makes you go "Hummmm" technology news of the week for October 9th - 15th, 2021. The technology show for the everyday common person, that will impact your future with insightful segments, weeks ahead of the mainstream media."Episode 69: Hour 1 Starts at 3:22--- [Now on Today's Show]: Starts at 6:40--- [Loaded Question Of The Day]: Starts at 10:02--- [Top Stories in 5 Minutes]: Starts at 11:39Windows 11 is Released but you might have to wait to mid-2022 to get it for your PC. WHAT? - https://tinyurl.com/3k74vcsd If you own an AMD Processor on your computer "Do not load Window 11" - AMD Warns of 'Reduced Performance' for Ryzen Chips on Windows 11 - https://tinyurl.com/46c5bxe5 Holograms get real: Startup creates objects out of light and thin air - https://tinyurl.com/tc2uxx8b Facebook has apologized after again reporting problems with its services. --- [Pick of the Day - Whiskey Tasting Review]: Starts at 21:35W.L. Weller Special Reserve| 90 Proof | $125.00--- [Story's You Didn't Know]: Starts at 23:34EA promotes Laura Miele to COO, making her one of the most powerful women in gaming. We have a special highlight segment on her career at EA. --- [Gadgets and Gear]: Starts at 36:14Gwen Way talks about this new item- SPLAY that easily transforms between the largest portable display and the only ultra-short-throw pico projector.  --- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 51:12--- [Pick of the Day]: Starts at 54:23W.L. Weller Special Reserve| 90 Proof | $125.00Nathan: Thumbs Up | Mike: Thumbs UpEpisode 69: Hour 2 - Starts at 59:00 On the Second Hour, we have our [Letters] segment, which includes scams, phishing emails, and all-out mistruths disguised as legitimate emails sent to our host. We then move to [Ask the Experts] as we bring back one of our favorite guests, Nick Espinosa, the CSO and founder of Security Fanatics, who will talk with us about Facebook being down twice this week, and compromised Twitch Streamer accounts. Finally, we look at why Facebook is key to people worldwide, and we get a different perspective on the large company making a better society for all of us. --- [Now on Today's Show]: Starts at 1:01:32 --- [Love Shack Question]: Starts at 1:06:04--- [Letters]: Starts at 1:12:16Mike and Nathan read emails sent to him that include scams, phishing emails, and all-out mistruths disguised as legitimate emails sent to our host --- [Facebook, WhatsApp, and Instagram are Hero's in South America]: Starts at 1:22:21--- [Ask the Expert]: Starts at  1:26:59Facebook's official stance on the outage. Team Zuckerberg also claims there is "no evidence of user data [being] compromised as a result of this downtime."  - but why do you need to say this if it was just a configuration issue? We have our expert Nick Espinosa, join us to explain all of this. --- [This Day in History]: Starts at  1:47:58

CSO Audio Program Notes
Virtual Preconcert Conversation: Shostakovich, Schubert 3 & Prokofiev Piano Concerto No. 1

CSO Audio Program Notes

Play Episode Listen Later Oct 8, 2021 37:07


Ukrainian-born piano powerhouse Alexander Gavrylyuk presents Prokofiev's iridescent and rhythmically animated First Piano Concerto, the work with which the composer made his CSO performance debut, in 1918, as part of its U.S. premiere. James Conlon leads this program framed by Shostakovich's steely Chamber Symphony, an adaptation of his elegiac Eighth String Quartet, and Schubert's mercurial Symphony No. 3, which shines with youthful vigor. Michael Tilson Thomas has withdrawn from these performances due to health reasons.

CSO Audio Program Notes
CSO Program Notes: Saint-Saëns & Schumann

CSO Audio Program Notes

Play Episode Listen Later Oct 8, 2021 12:25


Composer Augusta Holmès broke gender barriers in 19th-century Paris, studying with Romantic master César Franck and writing symphonic works on a heroic scale. The sumptuous Night and Love offers a snapshot of her remarkable talents. Saint-Saëns' richly melodic concerto highlights CSO Principal Cello John Sharp, and Schumann's Second Symphony expresses triumph after his struggles with illness and depression. Learn more: https://cso.org/performances/21-22/cso-classical/saint-saens-schumann/

CSO Audio Program Notes
Virtual Preconcert Conversation: Saint-Saëns & Schumann

CSO Audio Program Notes

Play Episode Listen Later Oct 8, 2021 36:19


Composer Augusta Holmès broke gender barriers in 19th-century Paris, studying with Romantic master César Franck and writing symphonic works on a heroic scale. The sumptuous Night and Love offers a snapshot of her remarkable talents. Saint-Saëns' richly melodic concerto highlights CSO Principal Cello John Sharp, and Schumann's Second Symphony expresses triumph after his struggles with illness and depression. Learn more: https://cso.org/performances/21-22/cso-classical/saint-saens-schumann/

SaaS District
How to use AI for the Perfect Content Marketing Strategy with Jeff Coyle # 144

SaaS District

Play Episode Listen Later Oct 6, 2021 55:44


Jeff is the Co-Founder & CSO at MarketMuse, an AI-Powered Content Marketing service that collects and analyses your content and prioritizes the best opportunities based on Authority & ROI, and helps you build topic models for you to write and create the best content for your strategy. Prior to starting MarketMuse in 2015, Jeff was a marketing consultant in Atlanta and led the Traffic, Search, and Engagement team for seven years at TechTarget, a leader in B2B technology publishing and lead generation.  Jeff frequently speaks at content marketing conferences including ContentTECH, Marketing AI Conference, LavaCon, Content Marketing Conference, and much more. During this interview we cover: 00:00 Oribi.io Smarter Data-Driven Data & Analytics Decisions 01:02 - Intro 02:21 - What is AI Marketing & What does it Mean to Integrate AI Techniques 09:31 - Writing Quality Content vs Focusing on the Technical Side, Ranking for Keywords  18:17 - Domain Authority, a Correlative Derivative Metric 25:34 - SaaS Needs Timely Results, How To Become a Leader? 32:24 - Actionable Insights for a More Personalized Customer Journey 37:39 - Barriers or Obstacles for Adopting AI in your Marketing Strategy 43:39 - How is Jeff Measuring His Own Leadership Success & Within His Team 46:30 - Advice Jeff Would Tell His 25 Years Old Self 49:04 - Instrumental Resources For Jeff's Success  52:32 - What Does Success Mean To Jeff Today 53:58 - Get in Touch With Jeff Mentions: https://www.facebook.com/groups/rhodiumcommunity/ (Rhodium Community For Online Entrepreneurs ) People:  https://www.linkedin.com/in/kevinpetersen1/ (Kevin Petersen) https://www.linkedin.com/in/akibalogh/ (Aki Balogh) Books: https://matthewdicks.com/ (Mathew Dicks) Get In Touch With Jeff: jeff@marketmuse.com https://www.linkedin.com/in/jeffcoyle/ (Jeff's LinkedIn) https://hopin.com/events/csc-live (The Content Strategy Collective) Tag us & follow: https://www.facebook.com/HorizenCapitalOfficial/ (Facebook) https://www.linkedin.com/company/horizen-capital (LinkedIn) https://www.instagram.com/saasdistrict/ (Instagram) More about Akeel: Twitter - https://twitter.com/AkeelJabber (https://twitter.com/AkeelJabber) LinkedIn - https://linkedin.com/in/akeel-jabbar (https://linkedin.com/in/akeel-jabbar) More Podcast Sessions - https://horizencapital.com/saas-podcast (https://horizencapital.com/saas-podcast)

Finding Mastery
Dr. Gil Blander: Optimizing Wellness from the Inside Out

Finding Mastery

Play Episode Listen Later Oct 6, 2021 67:51


This week's conversation is with Dr. Gil Blander, an expert in nutrition, biomarker analytics, athletic performance, biochemistry, and aging research.Gil holds numerous patents and has published peer-reviewed articles in these fields. He received his PhD in biology from the Weizmann Institute of Science, and undertook postgraduate research on aging at MIT. Gil is also the Founder and CSO of InsideTracker, a personalized health and performance analytics company created by a team of scientists, physicians, nutritionists and exercise physiologists from MIT, Harvard, and Tufts University.InsideTracker has been a longtime partner of ours and I love the actionable insights I've gathered from the personalized data they've provided me to help optimize my health.InsideTracker has been a longtime partner of ours and I love the personalized data and actionable insights they support me with to optimize my health.I wanted to have Gil on to learn more about why he founded InsideTracker and the difference it can make for longevity.We discuss how different variables such as nutrition, movement, psychology, and genetics not only impact your life span, but more importantly your health span - the amount of time you're able to live life in a high quality manner.----Please support our partners!We're able to keep growing and creating content for YOU because of their support. We believe in their mission and would appreciate you supporting them in return!!To take advantage of deals from our partners, head to http://www.findingmastery.net/partners where you'll find all discount links and codes mentioned in the podcast.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Sales POP! Podcasts
How To Be An Authentic Social Seller with Bill McCormick

Sales POP! Podcasts

Play Episode Listen Later Oct 5, 2021 20:25


Being an authentic social seller means slowing down your outreach to speed up your outcome. In this Expert Insight Interview, we welcome Bill McCormick, an expert in social selling and the CSO of Social Sales Link.

DNA Today: A Genetics Podcast
#158 Mark Kiel on ALS Genetics

DNA Today: A Genetics Podcast

Play Episode Listen Later Oct 1, 2021


In this episode we are exploring the genetics of ALS with Mark Kiel, the Chief Science Officer and Co-Founder of Genomenon. Genomenon is an AI-driven genomics company that keeps pace with the constant advancements made in genomics and connects that research to patient DNA to help diagnose and treat patients with rare genetic diseases and cancer. Mark Kiel completed his M.D., Ph.D., and Molecular Genetic Pathology Fellowship at the University of Michigan, where his research focused on stem cell biology, genomic profiling of hematopoietic malignancies, and clinical bioinformatics. He is the founder and CSO of Genomenon, where he oversees the company's scientific direction and product development. Mark has extensive experience in genome-sequencing and clinical data analysis. On This Episode We Discuss:Overview of ALSHow ALS is diagnosedCauses of ALSGenetic testing for pathogenic variants Expansion of the list of causative genes and variants for ALSUncovered trends in age at onset and rate of progressionNew data on the prevalence of gene mutations in ALSValidation of the novel utility of the genomic landscape for ALSTo learn more about Genomenon and the findings from their comprehensive Genomic Landscape for ALS, visit their website, or check them out on Twitter and LinkedIn. Stay tuned for the next new episode of DNA Today on October 15th where we welcome Erika Stallings and Dena Goldberg to discuss the organization, Black Cancer Genes, in honor of breast cancer awareness month! New episodes are released on the first and third Friday of the month. In the meantime, you can binge over 150 other episodes on Apple Podcasts, Spotify, streaming on the website, or any other podcast player by searching, “DNA Today”. Episodes in 2021 are also recorded with video which you can watch on our YouTube channel. See what else we are up to on Twitter, Instagram, Facebook, YouTube and our website, DNApodcast.com. Questions/inquiries can be sent to info@DNApodcast.com.Do you or someone you know have Prader-Willi syndrome? Harmony Biosciences is looking for people with Prader-Willi syndrome to enroll in a new clinical study in the United States. Harmony Biosciences will be studying the safety and impact of an investigational medication on excessive daytime sleepiness, cognition, and behavioral function in people with Prader Willi syndrome. Learn more about the clinical study and refer a patient to a study center here. (SPONSORED)Do you work in a lab? Want to receive rewards when you order supplies? Check out Thermo Fisher Scientific's Aspire program, it's a rewards program created with scientists, like you, in mind. All members receive a free full size trial product every year. Points are earned every time you use or purchase products. Rewards include science themed apparel like a zip up DNA hoodie! Check it out at ThermoFisher.com/aspire-DNAtoday and for a limited time receive 500 bonus points. See the show notes for terms and conditions and that link. Terms and Conditions: Open only to eligible participants in the US (excluding Puerto Rico) and Canada (excluding Quebec). Eligible participants must complete the enrollment process for the Aspire member program in order to be enrolled in the program and receive rewards and benefits. Enrollees must confirm their health care professional or government employment status during time of enrollment. For full terms and conditions of the program, go to thermofisher.com/aspire/tc. Offer is void where prohibited, licensed, or restricted by federal, state, provincial, or local laws or regulation or agency/institutional policy. Other restrictions may apply. (SPONSORED)

Screaming in the Cloud
Security Challenges and Working for President Biden with Jackie Singh

Screaming in the Cloud

Play Episode Listen Later Sep 30, 2021 41:45


About JackieJackie Singh is an Information Security professional with more than 20 years of hacking experience, beginning in her preteen years. She began her career in the US Army, and deployed to Iraq in 2003. Jackie subsequently spent several years in Iraq and Africa in cleared roles for the Department of Defense.Since making the shift to the commercial world in 2012, Jackie has held a number of significant roles in operational cybersecurity, including Principal Consultant at Mandiant and FireEye, Global Director of Incident Response at Intel Security and McAfee, and CEO/Cofounder of a boutique consultancy, Spyglass Security.Jackie is currently Director of Technology and Operations at the Surveillance Technology Oversight Project (S.T.O.P.), a 501(C)(3), non-profit advocacy organization and legal services provider. S.T.O.P. litigates and advocates to abolish local governments' systems of mass surveillance.Jackie lives in New York City with her partner, their daughters, and their dog Ziggy.Links: Disclose.io: https://disclose.io Twitter: https://twitter.com/hackingbutlegal TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at VMware. Let's be honest—the past year has been far from easy. Due to, well, everything. It caused us to rush cloud migrations and digital transformation, which of course means long hours refactoring your apps, surprises on your cloud bill, misconfigurations and headache for everyone trying manage disparate and fractured cloud environments. VMware has an answer for this. With VMware multi-cloud solutions, organizations have the choice, speed, and control to migrate and optimizeapplications seamlessly without recoding, take the fastest path to modern infrastructure, and operate consistently across the data center, the edge, and any cloud. I urge to take a look at vmware.com/go/multicloud. You know my opinions on multi cloud by now, but there's a lot of stuff in here that works on any cloud. But don't take it from me thats: VMware.com/go/multicloud and my thanks to them again for sponsoring my ridiculous nonsense.Corey: This episode is sponsored in part by “you”—gabyte. Distributed technologies like Kubernetes are great, citation very much needed, because they make it easier to have resilient, scalable, systems. SQL databases haven't kept pace though, certainly not like no SQL databases have like Route 53, the world's greatest database. We're still, other than that, using legacy monolithic databases that require ever growing instances of compute. Sometimes we'll try and bolt them together to make them more resilient and scalable, but let's be honest it never works out well. Consider Yugabyte DB, its a distributed SQL database that solves basically all of this. It is 100% open source, and there's not asterisk next to the “open” on that one. And its designed to be resilient and scalable out of the box so you don't have to charge yourself to death. It's compatible with PostgreSQL, or “postgresqueal” as I insist on pronouncing it, so you can use it right away without having to learn a new language and refactor everything. And you can distribute it wherever your applications take you, from across availability zones to other regions or even other cloud providers should one of those happen to exist. Go to yugabyte.com, thats Y-U-G-A-B-Y-T-E dot com and try their free beta of Yugabyte Cloud, where they host and manage it for you. Or see what the open source project looks like—its effortless distributed SQL for global apps. My thanks to Yu—gabyte for sponsoring this episode.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. The best part about being me—well, there's a lot of great things about being me, but from my perspective, the absolute best part is that I get to interview people on the show who have done awesome and impressive things. Therefore by osmosis, you tend to assume that I'm smart slash know-what-the-living-hell-I'm-talking-about. This is proveably untrue, but that's okay.Even when I say it outright, this will fade into the depths of your mind and not take hold permanently. Today is, of course, no exception. My guest is Jackie Singh, who's an information security professional, which is probably the least interesting way to describe who she is and what she does. Most recently, she was a senior cybersecurity staffer at the Biden campaign. Thank you so much for joining me. What was that like?Jackie: Thank you so much for having me. What was that like? The most difficult and high-pressure, high-stress job I've ever had in my life. And, you know, I spent most of my early 20s in Iraq and Africa. [laugh].Corey: It's interesting, you're not the first person to make the observation that, “Well, I was in the military, and things are blowing up all around, and what I'm doing next to me is like—‘oh, the site is down and can't show ads to people?' Bah, that's not pressure.” You're going the other direction. It's like, yeah, this was higher stress than that. And that right there is not a common sentiment.Jackie: I couldn't anticipate, when I was contacted for the role—for which I had applied to through the front door like everyone else, sent in my resume, thought it looked pretty cool—I didn't expect to be contacted. And when I was interviewed and got through the interviews and accepted the role, I still did not properly anticipate how this would change my life and how it would modify my life in the span of just a few months; I was on the campaign for five to six months.Corey: Now, there's a couple of interesting elements to this. The first is it's rare that people will say, “Oh, I had a job for five to six months,” and, a, put it on their resume because that sounds like, “Ah, are you one of those job-hopper types?” But when you go into a political campaign, it's very clearly, win or lose, we're out of jobs in November. Ish. And that is something that is really neat from the perspective of career management and career planning. Usually is, “Hey, do you want a six-month job?” It's, “Why? Because I'm going to rage quit at the end of it. That seems a little on the weird side.” But with a campaign, it's a very different story. It seems like a different universe in some respects.Jackie: Yes, absolutely. It was different than any other role I'd ever had. And being a political dilettante, [laugh] essentially, walking into this, I couldn't possibly anticipate what that environment would be like. And, frankly, it is a bit gatekept in the sense that if you haven't participated on a campaign before, you really don't have any idea what to expect, and they're all a bit different to, like, their own special snowflake, based on the people who are there, and the moment in time during which you are campaigning, and who you are campaigning for. And it really does change a perspective on civic life and what you can do with your time if you chose to spend it doing something a little bigger than your typical TechOps.Corey: It also is a great answer, too, when people don't pay close enough attention. “So, why'd you leave your last job?” “He won.” Seems like a pretty—Jackie: [laugh].Corey: —easy answer to give, on some level.Jackie: Yes, absolutely. But imagine the opposite. Imagine if our candidate had lost, or if we had had data walk out the door like in 2016. The Democratic National Convention was breached in 2016 and some unflattering information was out the door, emails were hacked. And so it was difficult to anticipate… what we had control over and how much control we could actually exert over the process itself, knowing that if we failed, the repercussions would be extremely severe.Corey: It's a different story than a lot of InfoSec gigs. Companies love to talk like it is the end of the universe if they wind up having a data breach, in some effect. They talk about that the world ends because for them it kind of does because you have an ablative CSO who tries to also armor themselves with ablative interns that they can blame—if your SolarWinds. But the idea being that, “Oh yeah, if we get breached we are dunzo.”And it's, first, not really. Let's not inflate the risks here. Let's be honest; we're talking about something like you're a retailer; if you get breached, people lose a bunch of credit card numbers, the credit card companies have to reissue it to everyone, you get slapped with a fine, and you get dragged in the press, but statistically, look at your stock price a year later, it will be higher than at the time of the breach in almost every case. This is not the end of the world. You're talking about something though that has impacts that have impossible-to-calculate repercussions.We're talking about an entire administration shift; US foreign policy, domestic policy, how the world works and functions is in no small part tied to data security. That's a different level of stress than I think most security folks, if you get them honest enough, are going to admit that, yeah, what I do isn't that important from an InfoSec perspective. What you did is.Jackie: I appreciate that, especially having worked in the military. Since I left the military, I was always looking for a greater purpose and a larger mission to serve. And in this instance, the scope of work was somewhat limited, but the impact of failing would have been quite wide-ranging, as you've correctly identified. And walking into that role, I knew there was a limited time window to get the work done. I knew that as we progressed and got closer and closer to election day, we would have more resources, more money rolls in, more folks feel secure in the campaign and understand what the candidate stands for, and want to pump money into the coffers. And so you're also in an interesting situation because your resourcing is increasing, proportional to the threat, which is very time-bound.Corey: An inherent challenge is that unlike in a corporate environment, in many respects, where engineers can guard access to things and give the business clear lines of access to things and handle all of it in the background, one of the challenges with a campaign is that you are responsible for data security in a variety of different ways, and the interfaces to that data explode geometrically and to people with effectively no level whatsoever of technical sophistication. I'm not talking about the candidate necessarily—though that's of course, a concern—but I'm talking organizers, I'm talking volunteers, I'm talking folks who are lifelong political operatives, but they tend not to think in terms of, “Oh, I should enable multi-factor authentication on everything that I have,” because that is not what they are graded on; it's pass-fail. So, it's one of those things where it is not the number one priority for anyone else in your organization, but it is yours and you not only have to get things into fighting shape, you have to furthermore convince people to do the things that get them there. How do you approach that?Jackie: Security awareness [laugh] in a nutshell. We were lucky to work with Bob Lord, who is former CSO at Yahoo, OAuth, Rapid7, and has held a number of really important roles that were very wide in their scope, and responsible for very massive data sets. And we were lucky enough to, in the democratic ecosystem, have a CSO who really understood the nature of the problem, and the way that you described it just now is incredibly apt. You're working with folks that have no understanding or very limited understanding of what the threat actors were interested in breaching the campaign, what their capability set is, and how they might attempt to breach an organization. But you also had some positives out of that.When you're working with a campaign that is distributed, your workforce is distributed, and your systems are also distributed. And when you lose that centralization that many enterprises rely on to get the job done, you also reduce opportunities for attackers to compromise one system or one user and move laterally. So, that was something that we had working for us. So, security awareness was incredibly important. My boss worked on that quite a bit.We had an incredible IT help desk who really focused on connecting with users and running them through a checklist so everyone in the campaign had been onboarded with a specific set of capabilities and an understanding of what the security setup was and how to go about their business in a secure way. And luckily, very good decisions had been made on the IT side prior to the security team joining the organization, which set the stage for a strong architecture that was resistant to attack. So, I think a lot of the really solid decisions and security awareness propagation had occurred prior to myself and my boss joining the campaign.Corey: One of the things that I find interesting is that before you started that role—you mentioned you came in through the front door, which personally I've never successfully gotten a job like that; I always have to weasel my way in because I have an eighth-grade education and my resume—Jackie: [laugh].Corey: —well, tenure-wise, kind of, looks like a whole bunch of political campaigns. And that's fine, but before that, you were running your own company that was a focused security consultancy. Before that, your resume is a collection of impressive names. You were a principal consultant at Mandiant, you were at Accenture. You know what you're talking about.You were at McAfee slash Intel. You've done an awful lot of corporate world stuff. What made you decide to just wake up one day and decide, “You know what sounds awesome? Politics because the level of civil discourse there is awesome, and everyone treats everyone with respect and empathy, and no one gets heated or makes ridiculous arguments and the rest. That's the area I want to go into.” What flipped that switch for you?Jackie: If I'm completely honest, it was pure boredom. [laugh]. I started my business, Spyglass Security, with my co-founder, Jason [Shore 00:11:11]. And our purpose was to deliver boutique consulting services in a way that was efficient, in a way that built on prior work, and in a way that helped advance the security maturity of an organization without a lot of complex terminology, 150-page management consulting reports, right? What are the most effective operational changes we can make to an organization in how they work, in order to lead to some measurable improvement?And we had a good success at the New York City Board of Elections where we were a subcontractor to a large security firm. And we were in there for about a year, building them a vulnerability management program, which was great. But generally speaking, I have found myself bored with having the same conversations about cybersecurity again and again, at the startup level and really even at the enterprise level. And I was looking for something new to do, and the role was posted in a Slack that I co-founded that is full of digital forensics and information security folks, incident responders, those types of people.And I didn't hear of anyone else applying for the role. And I just thought, “Wow, maybe this is the kind of opportunity that I won't see again.” And I honestly sent my resume and didn't expect to hear anything back, so it was incredible to be contacted by the chief information security officer about a month after he was hired.Corey: One of the things that made it very clear that you were doing good work was the fact that there was a hit piece taken out on you in one of the absolute worst right-wing rags. I didn't remember what it was. It's one of those, oh, I'd been following you on Twitter for a bit before that, but it was one of those okay, but I tend to shortcut to figuring out who I align with based upon who yells at them. It's one of those—to extend it a bit further—I'm lazy, politically speaking. I wind up looking at two sides yelling at each other, I find out what side the actual literal flag-waving Nazis are on, and then I go to the other side because I don't ever want someone to mistake me for one of those people. And same story here. It's okay, you're clearly doing good work because people have bothered to yell at you in what we will very generously term ‘journalism.'Jackie: Yeah, I wouldn't refer to any of those folks—it was actually just one quote-unquote journalist from a Washington tabloid who decided to write a hit piece the week after I announced on Twitter that I'd had this role. And I took two months or so to think about whether I would announce my position at the campaign. I kept it very quiet, told a couple of my friends, but I was really busy and I wasn't sure if that was something I wanted to do. You know, as an InfoSec professional, that you need to keep your mouth shut about most things that happened in the workplace, period. It's a sensitive type of role and your discretion is critical.But Kamala really changed my mind. Kamala became the nominee and, you know, I have a similar background to hers. I'm half Dominican—my mother's from the Dominican Republic and my father is from India, so I have a similar background where I'm South Asian and Afro-Caribbean—and it just felt like the right time to bolster her profile by sharing that the Biden campaign was really interested in putting diverse candidates in the world of politics, and making sure that people like me have a seat at the table. I have three young daughters. I have a seven-year-old, a two-year-old, and a one-year-old.And the thing I want for them to know in their heart of hearts is that they can do anything they want. And so it felt really important and powerful for me to make a small public statement on Twitter about the role I had been in for a couple of months. And once I did that, Corey, all hell broke loose. I mean, I was suddenly the target of conspiracy theorists, I had people trying to reach out to me in every possible way. My LinkedIn messages, it just became a morass of—you know, on one hand, I had a lot of folks congratulate me and say nice things and provide support, and on the other, I just had a lot of, you know, kind of nutty folks reach out and have an idea of what I was working to accomplish that maybe was a bit off base.So yeah, I really wasn't surprised to find out that a right-wing or alt-right tabloid had attempted to write a hit piece on me. But at the end of the day, I had to keep moving even though it was difficult to be targeted like that. I mean, it's just not typical. You don't take a job and tell people you got a job, [laugh] and then get attacked for it on the national stage. It was really unsurprising on one hand, yet really quite shocking on another; something I had to adjust to very quickly. I did cry at work. I did get on the phone with legal and HR and cry like a baby. [laugh].Corey: Oh, yeah.Jackie: Yeah. It was scary.Corey: I guess this is an example of my naivete, but I do not understand people on the other side of the issue of InfoSec for a political campaign—and I want to be clear, I include that to every side of an aisle—I think there are some quote-unquote, “Political positions” that are absolutely abhorrent, but I also in the same breath will tell you that they should have and deserve data security and quality InfoSec representation. In a defensive capacity, to be clear. If you're—“I'm the offensive InfoSec coordinator for a campaign,” that's a different story. And we can have a nuanced argument about that.Jackie: [laugh].Corey: Also to be very clear, for the longest time—I would say almost all of my career until a few years ago—I was of the impression whatever I do, I keep my politics to myself. I don't talk about it in public because all I would realistically be doing is alienating potentially half of my audience. And what shifted that is two things. One of them, for me at least, is past a certain point, let's be very clear here: silence is consent. And I don't ever want to be even mistaken at a glance for being on the wrong side of some of these issues.On another, it's, I don't accept, frankly, that a lot of the things that are currently considered partisan are in fact, political issues. I can have a nuanced political debate on either side of the aisle on actual political issues—talking about things like tax policy, talking about foreign policy, talking about how we interact with the world, and how we fund things we care about and things that we don't—I can have those discussions. But I will not engage and I will not accept that, who gets to be people is a political issue. I will not accept that treating people with respect, regardless of how high or low their station, is a political issue. I will not accept that giving voice to our worst darkest impulses is a political position.I just won't take it. And maybe that makes me a dreamer. I don't consider myself a political animal. I really don't. I am not active in local politics. Or any politics for that matter. It's just, I will not compromise on treating people as people. And I never thought, until recently, that would be a political position, but apparently, it is.Jackie: Well, we were all taught the golden rule is children.Corey: There's a lot of weird things that were taught as children that it turns out, don't actually map to the real world. The classic example of that is sharing. It's so important that we teach the kids to share, and always share your toys and the rest. And now we're adults, how often do we actually share things with other people that aren't members of our immediate family? Turns out not that often. It's one of those lessons that ideally should take root and lead into being decent people and expressing some form of empathy, but the actual execution of it, it's yeah, sharing is not really a thing that we value in society.Jackie: Not in American society.Corey: Well, there is that. And that's the challenge, is we're always viewing the world through the lens of our own experiences, both culturally and personally, and it's easy to fall into the trap that is pernicious and it's always there, that our view of the world is objective and correct, and everyone else is seeing things from a perspective that is not nearly as rational and logical as our own. It's a spectrum of experience. No one wakes up in the morning and thinks that they are the villain in the story unless they work for Facebook's ethics department. It's one of those areas of just people have a vision of themselves that they generally try to live up to, and let's be honest people fell in love with one vision of themselves, it's the cognitive dissonance thing where people will shift their beliefs instead of their behavior because it's easier to do that, and reframe the narrative.It's strange how we got to this conversation from a starting position of, “Let's talk about InfoSec,” but it does come back around. It comes down to understanding the InfoSec posture of a political campaign. It's one of those things that until I started tracking who you were and what you were doing, it wasn't something really crossed my mind. Of course, now you think about, of course there's a whole InfoSec operation for every campaign, ever. But you don't think about it; it's behind the scenes; it's below the level of awareness that most people have.Now, what's really interesting to me, and I'm curious if you can talk about this, is historically the people working on the guts of a campaign—as it were—don't make public statements, they don't have public personas, they either don't use Twitter or turn their accounts private and the rest during the course of the campaign. You were active and engaging with people and identifying as someone who is active in the Biden campaign's InfoSec group. What made you decide to do that?Jackie: Well, on one hand, it did not feel useful to cut myself off from the world during the campaign because I have so many relationships in the cybersecurity community. And I was able to leverage those by connecting with folks who had useful information for me; folks outside of your organization often have useful information to bring back, for example, bug bounties and vulnerability disclosure programs that are established by companies in order to give hackers a outlet. If you find something on hardwarestore.com, and you want to share that with the company because you're a white hat hacker and you think that's the right thing to do, hopefully, there's some sort of a structure for you to be able to do that. And so, in the world of campaigning, I think information security is a relatively new development.It has been, maybe, given more resources in this past year on the presidential level than ever before. I think that we're going to continue to see an increase in the amount of resources given to the information security department on every campaign. But I'm also a public person. I really do appreciate the opportunity to interact with my community, to share and receive information about what it is that we do and what's happening in the world and what affects us from tech and information security perspective.Corey: It's just astonishing for me to see from the outside because you are working on something that is foundationally critically important. Meanwhile, people working on getting people to click ads or whatnot over at Amazon have to put ‘opinions my own' in their Twitter profile, whereas you were very outspoken about what you believe and who you are. And that's a valuable thing.Jackie: I think it's important. I think we often allow corporations to dictate our personality, we allow our jobs to dictate our personality, we allow corporate mores to dictate our behavior. And we have to ask ourselves who we want to be at the end of the day and what type of energy we want to put out into the world, and that's a choice that we make every day. So, what I can say is that it was a conscious decision. I can say that I worked 14 hours a day, or something, for five, six months. There were no weekends; there was no time off; there were a couple of overnights.Corey: “So, what do you get to sleep?” “November.”Jackie: Yeah. [laugh]. My partner took care of the kids. He was an absolute beast. I mean, he made sure that the house ran, and I paid no attention to it. I was just not a mom for those several months, in my own home.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense. Corey: Back in 2019, I gave a talk at re:Invent—which is always one of those things that's going to occasion comment—and the topic that we covered was building a vulnerability disclosure program built upon the story of a vulnerability that I reported into AWS. And it was a decent enough experience that I suggested at some point that you should talk about this publicly, and they said, “You should come talk about it with us.” And I did and it was a blast. But it suddenly became very clear, during the research for that talk and talking to people who've set those programs up is that look, one way or another, people are going to find vulnerabilities in what you do and how you do them. And if you don't give them an easy way to report them to you, that's okay.You'll find out about them in other scenarios when they're on the front page of the New York Times. So, you kind of want to be out there and accessible to people. Now, there's a whole story we can go into about the pros and cons of things like bug bounties and the rest, and of course, it's a nuanced issue, but the idea of at least making it easy for people to wind up reporting things from that perspective is one of those key areas of outreach. Back in the early days of InfoSec, people would explore different areas of systems that they had access to, and very often they were charged criminally. Intel wound up having charges against one of their—I believe it was their employee or something, who wound up founding something and reporting it in an ethical way.The idea of doing something like that is just ludicrous. You're in that space a lot more than I am. Do you still see that sort of chilling effect slash completely not getting it when someone is trying to, in good faith, report security issues? Or has the world largely moved on from that level of foolishness?Jackie: Both. The larger organizations that have mature security programs, and frankly, the organizations that have experienced a significant public breach, the organizations that have experienced pain are those that know better at this point and realize they do need to have a program, they do need to have a process and a procedure, and they need to have some kind of framework for folks to share information with them in a way that doesn't cause them to respond with, “Are you extorting me? Is this blackmail?” As a cybersecurity professional working at my own security firm and also doing security research, I have reported dozens of vulnerabilities that I've identified, open buckets, for example. My partner at Spyglass and I built a SaaS application called Data Drifter a few years ago.We were interviewed by NBC about this and NBC followed up on quite a few of our vulnerability disclosures and published an article. But what the software did was look for open buckets on Azure, AWS, and GCP and provide an analyst interface that allows a human to trawl through very large datasets and understand what they're looking at. So, for example, one of the finds that we had was that musical.ly—musical-dot-L-Y, which was purchased by TikTok, eventually—had a big, large open bucket with a lot of data, and we couldn't figure out how to report it properly. And they eventually took it down.But you really had to try to understand what you were looking at; if you have a big bucket full of different data types, you don't have a name on the bucket, and you don't know who it belongs to because you're not Google, or Amazon, or Microsoft, what do you do with this information? And so we spent a lot of time trying to reconcile open buckets with their owners and then contacting those owners. So, we've received a gamut of ranges of responses to vulnerability disclosure. On one hand, there is an established process at an organization that is visible by the way they respond and how they handle your inquiry. Some folks have ticketing systems, some folks respond directly to you from the security team, which is great, and you can really see and get an example of what their routing is inside the company.And then other organizations really have no point of reference for that kind of thing, and when something comes into either their support channels or even directly into the cybersecurity team, they're often scrambling for an effective way to respond to this. And it could go either way; it could get pretty messy at times. I've been threatened legally and I've been accused of extortion, even when we weren't trying to offer some type of a service. I mean, you really never walk into a vulnerability disclosure scenario and then offer consulting services because they are going to see it as a marketing ploy and you never want to make that a marketing ploy. I mean, it's just not… it's not effective and it's not ethical, it's not the right thing to do.So, it's been interesting. [laugh]. I would recommend, if you are a person listening to this podcast who has some sort of pull in the information security department at your organization, I would recommend that you start with disclose.io, which was put together by Casey John Ellis and some other folks over at Bugcrowd and some other volunteers. It's a really great starting point for understanding how to implement a vulnerability disclosure program and making sure that you are able to receive the information in a way that prevents a PR disaster.Corey: My approach is controversial—I know this—but I believe that the way that you're approaching this was entirely fatally flawed, of trying to report to people that they have an open S3 bucket. The proper way to do it is to upload reams of data to it because my operating theory is that they're going to ignore a politely worded note from a security researcher, but they're not going to ignore a $4 million surprise bill at the end of the month from AWS. That'll get fixed tout suite. To be clear to the audience, I am kidding on this. Don't do it. There's a great argument that you can be charged criminally for doing such a thing. I'm kidding. It's a fun joke. Don't do it. I cannot stress that enough. We now go to Jackie for her laughter at that comment.Jackie: [laugh].Corey: There we go.Jackie: I'm on cue. Well, a great thing about Data Drifter, that SaaS application that allowed analysts to review the contents of these open buckets, was that it was all JavaScript on the client-side, and so we weren't actually hosting any of that data ourselves. So, they must have noticed some transfer fees that were excessive, but if you're not looking at security and you have an infrastructure that isn't well monitored, you may not be looking at costs either.Corey: Costs are one of those things that are very aligned spiritually with security. It's a trailing function that you don't care about until right after you really should have cared about it. With security, it's a bit of a disaster when it hits, whereas with those surprise bills, “Oh, okay. We wasted some money.” That's usually, a, not front-page material and, b, it's okay, let's be responsible and fix that up where it makes sense, but it's something that is never a priority. It's never a ‘summon the board' story for anything short of complete and utter disaster. So, I do feel a sense of spiritual alignment here.Jackie: [laugh]. I can see that. That makes perfect sense.Corey: Before we call this an episode, one other area that you've been active within is something called ‘threat modeling.' What is it?Jackie: So, threat modeling is a way to think strategically about cybersecurity. You want to defend, effectively, by understanding your organization as a collection of people, and you want to help non-technical staff support the cybersecurity program. So, the way to do that is potentially to give a human-centric focus to threat modeling activities. Threat modeling is a methodology for linking humans to an effective set of prioritized defenses for the most likely types of adversaries that they might face. And so essentially the process is identifying your subject and defining the scope of what you would like to protect.Are you looking to protect this person's personal life? Are you exclusively protecting their professional life or what they're doing in relation to an organization? And you want to iterate through a few questions and document an attack tree. Then you would research some tactics and vulnerabilities, and implement defensive controls. So, in a nutshell, we want to know what assets does your subject have or have access to, that someone might want to spy, steal, or harm; you want to get an idea of what types of adversaries you can expect based on those assets or accesses that they have, and you then want to understand what tactics those adversaries are likely to use to compromise those assets or accesses, and you then transform that into the most effective defenses against those likely tactics.So, using that in practice, you would typically build an attack tree that starts with the human at the center and lists out all of their assets and accesses. And then off of those, each of those assets or accesses, you would want to map out their adversary personas. So, for example, if I work at a bank and I work on wire transfers, my likely adversary would be a financially motivated cybercriminal, right? Pretty standard stuff. And we want to understand what are the methods that these actors are going to employ in order to get the job done.So, in a common case, in a business email compromised context, folks might rely on a signer at a company to sign off on a wire transfer, and if the threat actor has an opportunity to gain access to that person's email address or the mechanism by which they make that approval, then they may be able to redirect funds to their own wallet that was intended for someone else or a partner of the company. Adversaries tend to employ the least difficult approach; whatever the easiest way in is what they're going to employ. I mean, we spend a lot of time in the field of information security and researching the latest vulnerabilities and attack paths and what are all the different ways that a system or a person or an application can be compromised, but in reality, the simplest stuff is usually what works, and that's what they're looking for. They're looking for the easiest way in. And you can really observe that with ransomware, where attackers are employing a spray and pray methodology.They're looking for whatever they can find in terms of open attack surface on the net, and then they're targeting organizations based on who they can compromise after the fact. So, they don't start with an organization in mind, they might start with a type of system that they know they can easily compromise and then they look for those, and then they decide whether they're going to ransomware that organization or not. So, it's really a useful way, when you're thinking about human-centric threat modeling, it's really a useful way to completely map your valuables and your critical assets to the most effective ways to protect those. I hope that makes sense.Corey: It very much does. It's understanding the nature of where you start, where you stop, what is reasonable, what is not reasonable. Because like a lot of different areas—DR, for example—security is one of those areas you could hurl infinite money into and still never be done. It's where do you consider it reasonable to start? Where do you consider it reasonable to stop? And without having an idea of what the model of threat you're guarding against is, the answer is, “All the money,” which it turns out, boards are surprisingly reluctant to greenlight.Jackie: Absolutely. We have a recurring problem and information security where we cannot measure return on investment. And so it becomes really difficult to try to validate a negative. It's kind of like the TSA; the TSA can say that they've spent a lot of money and that nothing has happened or that any incidents have been limited in their scope due to the work that they've done, but can we really quantify the amount of money that DHS has absorbed for the TSA's mission, and turned that into a really wonderful and measurable understanding of how we spent that money, and whether it was worth it? No, we can't really. And so we're always struggling with that insecurity, and I don't think we'll have an answer for it in the next ten years or so.Corey: No, I suspect not, on some level. It's one of those areas where I think the only people who are really going to have a holistic perspective on this are historians.Jackie: I agree.Corey: And sadly I'm not a cloud historian; I'm a cloud economist, a completely different thing I made up.Jackie: [laugh]. Well, from my perspective, I think it's a great title. And I agree with your thought about historians, and I look forward to finding out how they felt about what we did in the information security space, both political and non-political, 20, 30, and 40 years from now.Corey: I hope to live long enough to see that. Jackie, thank you so much for taking the time to speak with me today. If people want to learn more about what you're up to and how you view things, where can they find you?Jackie: You can find me on Twitter at @hackingbutlegal.Corey: Great handle. I love it.Jackie: Thank you so much for having me.Corey: Oh, of course. It is always great to talk with you. Jackie Singh, principal threat analyst, and incident responder at the Biden campaign. Obviously not there anymore. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast provider of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment expressing an incoherent bigoted tirade that you will, of course, classify as a political opinion, and get you evicted from said podcast provider.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

The Disney Story Origins Podcast
CSO 02a The Secret of NIMH Part 1

The Disney Story Origins Podcast

Play Episode Listen Later Sep 29, 2021 112:01


Comparing and contrasting Aurora Productions and Don Bluth Studios' “The Secret of NIMH” with “Mrs Frisby and the Rats of NIMH” by Robert C. O'Brien   This podcast contains certain copyrighted works that were not specifically authorized to be used by the copyright holder(s), but which we believe in good faith are protected by federal law […] The post CSO 02a The Secret of NIMH Part 1 first appeared on Cinema Story Origins Podcast.

Esri & The Science of Where
Climate Resilience in America's Hottest City

Esri & The Science of Where

Play Episode Listen Later Sep 28, 2021 19:54


Mark Hartman, CSO for the City of Phoenix, Arizona, talks about the importance of leveraging technology to create sustainable cities.

CISO to CISO Cybersecurity Talk
CISO to CISO with Bob Lord of the DNC and Michael Coates, CEO of Altitude Networks

CISO to CISO Cybersecurity Talk

Play Episode Listen Later Sep 28, 2021 43:28


Bob Lord, former CSO of the Democratic National Committee, and Michael Coates, CEO of Altitude Networks, discuss the state of cybersecurity today - what's working, what isn't working, and the biggest challenges in the security industry.

TechTimeRadio
We talk about Apple security issues, updates on Steam Deck, and the Switch along with PS4 News. Our Special guests Trina Martin and Nick Espinosa talk tech. Finally is your boss watching as you work from home? Air Date: 9/25 - 10/1/21

TechTimeRadio

Play Episode Listen Later Sep 26, 2021 112:37


This week on the show, Will Apple be able to overcome the European Union discussion on chargers? When will AI be able to file patents? In addition, we have our featured Guest, Trina Martin, as she shares information regarding business chat tools while highlighting SLACK. Next, Sony's recent PlayStation 4 firmware upgrade is explained on [Gamer Time], covering the Nintendo Switch new news and its competitor, the new upcoming steam deck. Finally, we have "Mike's Mesmerizing Moment" brought to us by StoriCoffee® along with our NFT and Whiskey Tastings, all of this on the first hour of the show.We have our [Letters] segment on the Second Hour, which includes scams, phishing emails, and all-out mistruths disguised as legitimate emails sent to our host. We then move to [Ask the Experts] as we bring back one of our favorite guests, Nick Espinosa, the CSO and founder of Security Fanatics, who talks all about the significant Apple Breaches we have had over the last few weeks. Finally, we look at what businesses are doing to spy on their employees as they work from home. Welcome to two hours of TechTime, with your Host Nathan Mumm and Co-Host Mike Gorday"Welcome to TechTime with Nathan Mumm, the show that makes you go "Hummmm" technology news of the week for September 25th - October 1st, 2021. The technology show for the everyday common person, that will impact your future with insightful segments, weeks ahead of the mainstream media." Episode 67: Hour 1--- [Loaded Question Of The Day]: Starts at 10:33--- [Top Stories in 5 Minutes]: Starts at 11:29Sick of iPhone chargers? So is the EU -  https://tinyurl.com/cdsfmjwnAI cannot be the inventor of a patent, appeals court rules -  https://tinyurl.com/9dvt2e7m Self-driving tech returns to California racetrack -  https://tinyurl.com/96t9s6ze  --- [Pick of the Day - Whiskey Tasting Review]: Starts at 19:19Blanton's Kentucky Single Barrel Bourbon | 93 Proof | $69.00 --- [Technology Insider]: Starts at 20:46Our Guest, Trina Martin joins us to talk about the excellent communication application known as "SLACK." Why should you need to get this application for your personal life. --- [Gamer Time]: Starts at 38:18Nintendo 64 and Sega Genesis games come to Switch OnlineSteam Deck's biggest hurdles just disappearedPS4 Update for the battery issue. --- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 48:22 --- [Pick of the Day]: Starts at 51:22Blanton's Kentucky Single Barrel Bourbon | 93 Proof | $69.00Nathan: Thumbs Up | Mike: Thumbs UpEpisode 67: Hour 2 - Starts at 1:01:12--- [Love Shack Question]: Starts at 1:05:09--- [Letters]: Starts at 1:09:27The reading of emails scams received during the week, including phishing emails and all-out mistruths disguised as legitimate emails.--- [Ask the Expert]: Starts at 1:23:35We talk all about the significant Apple Breaches we have had over the last few weeks with our guest Nick Espinosa.--- [Protect Yourself Today]: Starts at 1:47:54The boss may be watching long after the pandemic ends what workers should know about corporate surveillance software as companies consider permanent remote work policies.Podcorn: Podcast influencer marketplace The leading podcast marketplace. Connecting unique voices to unique brands for native advertising.

CSO Audio Program Notes
Virtual Preconcert Conversation: Muti Conducts Mazzoli & Tchaikovsky Pathétique

CSO Audio Program Notes

Play Episode Listen Later Sep 22, 2021 34:29


Tchaikovsky called his Pathétique Symphony “the best and especially the most open-hearted of my works.” Riccardo Muti leads this masterful and deeply tragic score, which was the last of Tchaikovsky's works to be premiered during his lifetime. It is preceded by Liadov's luminous nighttime scene and former Mead Composer-in-Residence Missy Mazzoli's evocative meditation on her father's experiences as a soldier in Vietnam. Learn more: https://order.cso.org/21933/

CSO Audio Program Notes
CSO Program Notes: Muti, Kavakos & Beethoven 7

CSO Audio Program Notes

Play Episode Listen Later Sep 22, 2021 15:11


Greek virtuoso Leonidas Kavakos performs Brahms' Violin Concerto, a work that he has recorded with a “wonderful poise and instinctive elegance” (The Guardian). A cornerstone of the violin repertoire, the concerto brims with orchestral drama, rapturous melodies and earthy folk-dance rhythms. Riccardo Muti concludes the program with Beethoven's exhilarating Seventh Symphony. Learn more: https://order.cso.org/21924/

Peggy Smedley Show
Automotive, Mobility, and Mega Trends

Peggy Smedley Show

Play Episode Listen Later Sep 22, 2021 44:32


Peggy and Henry Bzeih, CTO/CSO, automotive & transportation, Microsoft, talk about the latest automotive advances at the company. He talks about mega trends, saying mobility is the movement of people and the movement of goods. They also discuss: The software-defined vehicle approach. How Microsoft sees the ecosystem and is making autonomous for the masses. An example of how OEMs can morph from physical to visual with HoloLens. The biggest trends with electrification and how sustainability is top of mind. How traditional OEMs are evolving and the new entrants. The Future of Automotive Industry Solutions | Microsoft Industry  (9/21/21 - 738) IoT, Internet of Things, Peggy Smedley, artificial intelligence, machine learning, big data, digital transformation, cybersecurity, blockchain, 5G cloud, sustainability, future of work, podcast, Henry Bzeih, Microsoft

CSO Audio Program Notes
Program Notes: Muti Conducts Saint-Georges, Price & Beethoven 3

CSO Audio Program Notes

Play Episode Listen Later Sep 18, 2021 22:45


Riccardo Muti and the CSO reunite! Their first performance together since February 2020 features Beethoven's stirring Eroica Symphony. The program opens with music from the only surviving opera by Joseph Bologne, Chevalier de Saint-Georges, the Guadeloupe-born composer, violinist and champion fencer who dazzled 18th-century Parisian society. Also featured is an enchanting, lyrical gem from the String Quartet in G Major by Florence Price, the first African American woman to have her music played by a major American orchestra — the CSO in 1933. Learn more: https://order.cso.org/21851/

The CyberWire
A CSO's 9/11 Story: CSO Perspectives Bonus.

The CyberWire

Play Episode Listen Later Sep 17, 2021 28:33


For the 20th anniversary of 9/11, Rick Howard, the Cyberwire's CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center.

Cell & Gene: The Podcast
Gene Therapies for Spinal Cord-Related Disorders with SwanBio's CEO

Cell & Gene: The Podcast

Play Episode Listen Later Sep 16, 2021 20:15


Karen Kozarsky, Ph.D., Co-Founder and CSO of SwanBio, explains how the company is pioneering a deep and varied pipeline of gene therapies for genetically defined neurological diseases with a focus on the spinal cord.

Screaming in the Cloud
Security in the New Normal with Ev Kontsevoy

Screaming in the Cloud

Play Episode Listen Later Sep 15, 2021 44:18


About EvEv Kontsevoy is Co-Founder and CEO of Teleport. An engineer by training, Kontsevoy launched Teleport in 2015 to provide other engineers solutions that allow them to quickly access and run any computing resource anywhere on the planet without having to worry about security and compliance issues. A serial entrepreneur, Ev was CEO and co-founder of Mailgun, which he successfully sold to Rackspace. Prior to Mailgun, Ev has had a variety of engineering roles. He holds a BS degree in Mathematics from Siberian Federal University, and has a passion for trains and vintage-film cameras.Links: Teleport: https://goteleport.com Teleport GitHub: https://github.com/gravitational/teleport Teleport Slack: https://goteleport.slack.com/join/shared_invite/zt-midnn9bn-AQKcq5NNDs9ojELKlgwJUA Previous episode with Ev Kontsevoy: https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/the-gravitational-pull-of-simplicity-with-ev-kontsevoy/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at VMware. Let's be honest—the past year has been far from easy. Due to, well, everything. It caused us to rush cloud migrations and digital transformation, which of course means long hours refactoring your apps, surprises on your cloud bill, misconfigurations and headache for everyone trying manage disparate and fractured cloud environments. VMware has an answer for this. With VMware multi-cloud solutions, organizations have the choice, speed, and control to migrate and optimizeapplications seamlessly without recoding, take the fastest path to modern infrastructure, and operate consistently across the data center, the edge, and any cloud. I urge to take a look at vmware.com/go/multicloud. You know my opinions on multi cloud by now, but there's a lot of stuff in here that works on any cloud. But don't take it from me thats: vmware.com/go/multicloud and my thanks to them again for sponsoring my ridiculous nonsense.Corey: You could build you go ahead and build your own coding and mapping notification system, but it takes time, and it sucks! Alternately, consider Courier, who is sponsoring this episode. They make it easy. You can call a single send API for all of your notifications and channels. You can control the complexity around routing, retries, and deliverability and simplify your notification sequences with automation rules. Visit courier.com today and get started for free. If you wind up talking to them, tell them I sent you and watch them wince—because everyone does when you bring up my name. Thats the glorious part of being me. Once again, you could build your own notification system but why on god's flat earth would you do that?Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Roughly a year ago, I had a promoted guest episode featuring Ev Kontsevoy, the co-founder and CEO of Teleport.A year has passed and what a year it's been. Ev is back to tell us more about what they've been up to for the past year and, ideally, how things may have changed over in the security space. Ev, thank you for coming back to suffer the slings and arrows I will no doubt be hurling your way almost immediately.Ev: Thanks for having me back, Corey.Corey: So, it's been a heck of a year. We were basically settling into the pandemic when last we recorded, and people's security requirements when everyone is remote were dramatically changing. A year later, what's changed? It seems like the frantic, grab a bucket and start bailing philosophy has largely been accepted with something that feels almost like a new normal, ish. What are you seeing?Ev: Yes, we're seeing exact same thing, that it's really hard to tell what is normal. So, at the beginning of the pandemic, our company, Teleport was, so we were about 25 people. And then once we got the vaccines, and the government restrictions started to, kind of, disappear, people started to ask, “So, when are we going to go back to normal?” But the thing is, we're 100 employees now, which means that three-quarters of the company, they joined us during the pandemic, so we have no normal to go back to. So, now we have to redefine—not redefined, we just basically need to get comfortable with this new, fully remote culture with fully remote identity that we have, and become comfortable with it. And that's what we're doing.Corey: Beyond what, I guess, you're seeing, as far as the culture goes, internally as well, it feels like there's been a distinct shift in the past year or so, the entire security industry. I mean, I can sit here and talk about what I've seen, but again, I'm all over the place and I deal with a very select series of conversations. And I try not to confuse anecdotes with data. Anecdata is not the most reliable thing. You're working in this space. That is the entire industry you're in. How has the conversation in the industry around security shifted? What's new? What trends are emerging?Ev: So, there are several things actually happening. So, first of all, I wouldn't call ourselves, like, we do all of security. So, we're experts in access; like, how do you act this everything that you have in your cloud or in your data centers? And that space has been going through one transformation after another. It's been basically under the same scaling stress as the rest of cloud computing industry.And we can talk about historical changes that have been happening, and then we can talk a little bit about, kind of, latest and greatest. And in terms of what challenges companies have with secure access, maybe it helps if I just quickly describe what ‘access' actually means.Corey: Please, by all means. It's one of those words that everyone knows, but if you ask three people to define it, you'll get five definitions—Ev: [laugh]. Exactly.Corey: —and they don't really align. So please, you're the expert on this; I am here to listen because I guarantee you I am guilty of misusing the term at least once so far, today.Ev: Can't blame you. Can't blame you. We are—I was same way until I got into this space. So, access basically means four things. So, if you want to have access done properly into your cloud resources, you need to think about four things.First is connectivity. That's basically a physical ability to deliver an encrypted packet from a client to destination, to a resource whatever that is, could be database, could be, like, SSH machine, or whatever it is you're connecting to. So, connectivity is number one. So, then you need to authenticate. Authentication, that's when the resource decides if you should have access or not, based on who you are, hopefully.So, then authorization, that's the third component. Authorization, the difference—like, sometimes people confuse the two—the difference between authentication and authorization is that authorization is when you already authenticated, but the resource decides what actions you are allowed to perform. The typical example is, like, is it read-only or read-write access? So, that's authorization, deciding on which actions you're allowed to perform. And the final component of having access properly is having audit or visibility which is, again, it could be real-time and historical.So ideally, you need to have both. So, once you have those two solved, then you solved your access problem. And historically, if you look at how access has been done—so we had these giant machines, then we had microcomputers, then we had PCs, and they all have these things. So, you login into your Mac, and then if you try to delete certain file, you might get access denied. So, you see there is connectivity—in this case, it's physical, a keyboard is physically connected to the [laugh] actual machine; so then you have authentication that you log in in the beginning; then authorization, if you can or cannot do certain things in your machine; and finally, your Mac keeps an audit log.But then once the industry, we got the internet, we got all these clouds, so amount of these components that we're now operating on, we have hundreds of thousands of servers, and load-balancers, and databases, and Kubernetes clusters, and dashboards, all of these things, all of them implement these four things: connectivity, authentication, authorization, audit.Corey: Let me drive into that for a minute first, to make sure I'm clear on something. Connectivity makes sense. The network is the computer, et cetera. When you don't have a network to something, it may as well not exist. I get that.And the last one you mentioned, audit of a trail of who done it and who did what, when, that makes sense to me. But authentication and authorization are the two slippery ones in my mind that tend to converge a fair bit. Can you dive a little bit in delineate what the difference is between those two, please?Ev: So authentication, if you try to authenticate into a database, database needs to check if you are on the list of people who should be allowed to access. That's authentication, you need to prove that you are who you claim you are.Corey: Do you have an account and credentials to get into that account?Ev: Correct. And they're good ways to do authentication and bad ways to do authentication. So, bad way to do authentication—and a lot of companies actually guilty of that—if you're using shared credentials. Let's say you have a user called ‘admin' and that user has a password, and those are stored in some kind of stored—in, like 1Password, or something like Vault, some kind of encrypted Vault, and then when someone needs to access a database, they go and borrow this credentials and they go and do that. So, that is an awful way to do authentication.Corey: Now, another way I've seen that's terrible as been also, “Oh, if you're connecting from this network, you must be allowed in,” which is just… yeee.Ev: Oh, yeah. That's a different sin. And that's a perimeter security sin. But a much better way to do authentication is what is called identity-based authentication. Identity means that you always use your identity of who you are within the company.So, you would go in through corporate SSO, something like Okta, or Active Directory, or even Google, or GitHub, and then based on that information, you're given access. So, the resource in this case database, [unintelligible 00:07:39] say, “Oh, it's Corey. And Corey is a member of this group, and also a member of that group.” And based on that it allows you to get in, but that's where authentication ends. And now, if you want to do something, like let's say you want to delete some data, now a database needs to check, ah, can you actually perform that action? That is the authorization process.And to do that, usually, we use some mechanism like role-based access control. It will look into which group are you in. Oh, you are an admin, so admins have more privileges than regular people. So, then that's the process of authorization.And the importance of separating the two, and important to use identity because remember, audit is another important component of implementing access properly. So, if you're sharing credentials, for example, you will see in your audit log, “Admin did this. Admin did that.” It's exact same admin, but you don't know who actually was behind that action. So, by sharing credentials, you're also obscuring your own audit which is why it's not really a good thing.And going back to this industry trends is that because the amount of these resources, like databases and servers and so on, in the cloud has gotten so huge, so we now have this hardware pain, we just have too many things that need access. And all of these things, the software itself is getting more complicated, so now we have a software pain as well, that you have so many different layers in your stack that they need to access. That's another dimension for introducing access pain. And also, we just have more developers, and the development teams are getting bigger and bigger, the software is eating the world, so there is a people-ware pain. So, on the one hand, you have these four problems you need to solve—connectivity, authentication, authorization, access—and on the other hand, you have more hardware, more software, more people, these pain points.And so you need to consolidate, and that's really what we do is that we allow you to have a single place where you can do connectivity, authentication, authorization, and audit, for everything that you have in the cloud. We basically believe that the future is going to be like metaverse, like in those books. So, all of these cloud resources are slowly converging into this one giant planetary-scale computer.Corey: Suddenly, “I live on Twitter,” is no longer going to be quite as much of a metaphor as it is today.Ev: [laugh]. No, no. Yeah, I think we're getting better. If you look into what is actually happening on our computing devices that we buy, the answer is not the lot, so everything is running in data centers, the paradigm of thin client seems to be winning. Let's just embrace that.Corey: Yeah. You're never going to be able to shove data centers worth compute into a phone. By the time you can get there, data centers will have gotten better. It's the constant question of where do you want things to live? How do you want that to interact?I talk periodically about multi-cloud, I talk about lock-in, everyone is concerned about vendor lock-in, but the thing that people tend to mostly ignore is that you're already locked in throught a variety of different ways. And one way is both the networking side of it as well as the identity management piece because every cloud handles that differently and equating those same things between different providers that work different ways is monstrous. Is that the story of what you're approaching from a Teleport perspective? Is that the primary use case, is that an ancillary use case, or are we thinking about this in too small a term?Ev: So, you're absolutely right, being locked in, in and—like, by itself is not a bad thing. It's a trade-off. So, if you lack expertise in something and you outsourcing certain capability to a provider, then you're developing that dependency, you may call it lock-in or not, but that needs to be a conscious decision. Like, well, you didn't know how to do it, then someone else was doing it for you, so you should be okay with the lock-in. However, there is a danger, that, kind of, industry-wide danger about everyone relying on one single provider.So, that is really what we all try to avoid. And with identity specifically, I feel like we're in a really good spot that fairly early, I don't see a single provider emerging as owning everyone's identity. You know, some people use Okta; others totally happy tying everything to Google Apps. So, then you have people that rely on Amazon AWS native credentials, then plenty of smaller companies, they totally happy having all of their engineers authenticate through GitHub, so they use GitHub as a source of identity. And the fact that all of these providers are more or less compatible with each other—so we have protocols like OpenID Connect and SAML, so I'm not that concerned that identity itself is getting captured by a single player.And Teleport is not even playing in that space; we don't keep your identity. We integrate with everybody because, at the end of the day, we want to be the solution of choice for a company, regardless of which identity platform they're using. And some of them using several, like all of the developers might be authenticating via GitHub, but everyone else goes through Google Apps, for example.Corey: And the different product problem. Oh, my stars, I was at a relatively small startup going through an acquisition at one point in my career, and, “All right. Let's list all of the SaaS vendors that we use.” And the answer was something on an average of five per employee by the time you did the numbers out, and—there were hundreds of them—and most of them because it started off small, and great, everyone has their own individual account, we set it up there. I mean, my identity management system here for what most of what I do is LastPass.I have individual accounts there, two-factor auth enabled for anything that supports it, and that is it. Some vendors don't support that: we have to use shared accounts, which is just terrifying. We make sure that we don't use those for anything that's important. But it comes down to, from our perspective, that everyone has their own ridiculous series of approaches, and even if we were to, “All right, it's time to grow up and be a responsible business, and go for a single-sign-on approach.” Which is inevitable as companies scale, and there's nothing wrong with that—but there's still so many of these edge cases and corner case stories that don't integrate.So, it makes the problem smaller, but it's still there rather persistently. And that doesn't even get into the fact that for a lot of these tools, “Oh, you want SAML integration? Smells like enterprise to us.” And suddenly they wind up having an additional surcharge on top of that for accessing it via a federated source of identity, which means there are active incentives early on to not do that. So it's—Ev: It's absolutely insane. Yeah, you're right. You're right. It's almost like you get penalized for being small, like, in the early days. It's not that easy if you have a small project you're working on. Say it's a company of three people and they're just cranking in the garage, and it's just so easy to default to using shared credentials and storing them in LastPass or 1Password. And then the interesting way—like, the longer you wait, the harder it is to go back to use a proper SSO for everything. Yeah.Corey: I do want to call out that Teleport has a free and open-source community edition that supports GitHub SSO, and in order to support enterprise SSO, you have to go to your paid offering. I have no problem with this, to be clear, that you have to at least be our customer before we'll integrate with your SSO solution makes perfect sense, but you don't have a tiering system where, “Oh, you want to add that other SSO thing? And well, then it's going to go from X dollars per employee to Y dollars.” Which is the path that I don't like. I think it's very reasonable to say that their features flat-out you don't get as a free user. And even then you do offer SSO just not the one that some people will want to pick.Ev: Correct. So, the open-source version of Teleport supports SSO that smaller companies use, versus our enterprise offering, we shaped it to be more appealing for companies at certain scale.Corey: Yeah. And you've absolutely nailed it. There are a number of companies in the security space who enraged people about how they wind up doing their differentiation around things like SSO or, God forbid, two-factor auth, or once upon a time, SSL. This is not that problem. I just want to be explicitly clear on that, that is not what I'm talking about. But please, continue.Ev: Look, we see it the same way. We sometimes say that we do not charge for security, like, top-level security you get, is available even in the open-source. And look, it's a common problem for most startups who, when you have an open-source offering, where do you draw the line? And sometimes you can find answers in very unexpected places. For example, let's look into security space.One common reason that companies get compromised is, unfortunately, human factor. You could use the best tool in the world, but if you just by mistake, like, just put a comma in the wrong place and one of your config files just suddenly is out of shape, right, so—Corey: People make mistakes and you can't say, “Never make a mistake.” If you can get your entire company compromised by someone in your office clicking on the wrong link, the solution is not to teach people not to click on links; it's to mitigate the damage and blast radius of someone clicking on a link that they shouldn't. That is resilience that understand their human factors at play.Ev: Yep, exactly. And here's an enterprise feature that was basically given to us by customer requests. So, they would say we want to have FedRAMP compliance because we want to work with federal government, or maybe because we want to work with financial institutions who require us to have that level of compliance. And we tell them, “Yeah, sure. You can configure Teleport to be compliant. Look, here's all the different things that you need to tweak in the config file.”And the answer is, “Well, what if we make a mistake? It's just too costly. Can we have Teleport just automatically works in that mode?” In other words, if you feed it the config file with an error, it will just refuse to work. So basically, you take your product, and you chop off things that are not compliant, which means that it's impossible to feed an incorrect config file into it, and here you got an enterprise edition.It's a version that we call its FIPS mode. So, when it runs FIPS mode, it has different runtime inside, it basically doesn't even have a crypto that is not approved, which you can turn on by mistake. It will just not work.Corey: By the time we're talking about different levels of regulatory compliance, yeah, we are long past the point where I'm going to have any comments in the slightest is about differentiation of pricing tiers and the rest. Yeah, your free tier doesn't support FedRAMP is one of those ludicrous things that—who would say that [laugh] actually be sincere [insane 00:18:28]?Ev: [laugh].Corey: That's just mind-boggling to me.Ev: Hold on a second. I don't want anyone to be misinformed. You can be FedRAMP compliant with the free tier; you just need to configure it properly. Like the enterprise feature, in this case, we give you a thing that only works in this mode; it is impossible to misconfigure it.Corey: It's an attestation and it's a control that you need—Ev: Yep. Yep.Corey: —in order to demonstrate compliance because half the joy of regulatory compliance is not doing the thing, it's proving you do the thing. That is a joy, and those of you who've worked in regulated environments know exactly what I'm talking about. And those of you who have not, are happy but please—Ev: Frankly, I think anyone can do it using some other open-source tools. You can even take, like, OpenSSH, sshd, and then you can probably build a different makefile for just the build pipeline that changes the linking, that it doesn't even have the crypto that is not on the approved list. So, then if someone feeds a config file into it that has, like, a hashing function that is not approved, it will simply refuse to work. So, maybe you can even turn it into something that you could say here's a hardened version of sshd, or whatever. So, same thing.Corey: I see now you're talking about the four aspects of this, the connectivity, the authentication, the authorization, and the audit components of access. How does that map to a software product, if that makes sense? Because it sounds like a series of principles, great, it's good to understand and hold those in your head both, separately and distinct, but also combining to mean access both [technical 00:19:51] and the common parlance. How do you express that in Teleport?Ev: So, Teleport doesn't really add authorization, for example, to something that doesn't have it natively. The problem that we have is just the overall increasing complexity of computing environments. So, when you're deploying something into, let's say, AWS East region, so what is it that you have there? You have some virtual machines, then you have something like Kubernetes on top, then you have Docker registry, so you have these containers running inside, then you have maybe MongoDB, then you might have some web UI to manage MongoDB and Grafana dashboard. So, all of that is software; we're only consuming more and more of it so that our own code that we're deploying, it's icing on a really, really tall cake.And every layer in that layer cake is listening on a socket; it needs encryption; it has a login, so it has authentication; it has its own idea of role-based access control; it has its own config file. So, if you want to do cloud computing properly, so you got to have this expertise on your team, how to configure those four pillars of access for every layer in your stack. That is really the pain. And the Teleport value is that we're letting you do it in one place. We're saying, consolidate all of this four-axis pillars in one location.That's really what we do. It's not like we invented a better way to authorize, or authenticate; no, we natively integrate with the cake, with all of these different layers. But consolidation, that is the key value of Teleport because we simply remove so much pain associated with configuring all of these things. Like, think of someone like—I'm trying not to disclose any names or customers, but let's pick, uh, I don't know, something like Tesla. So, Tesla has compute all over the world.So, how can you implement authentication, authorization, audit log, and connectivity, too, for every vehicle that's on the road? Because all of these things need software updates, they're all components of a giant machine—Corey: They're all intermittent. You can't say, “Oh, at this time of the day, we should absolutely make sure everything in the world is connected to the internet and ready to grab the update.” It doesn't work that way; you've got to be… understand that connectivity is fickle.Ev: So, most—and because computers growing generally, you could expect most companies in the future to be more like Tesla, so companies like that will probably want to look into Teleport technology.Corey: This episode is sponsored in part by “you”—gabyte. Distributed technologies like Kubernetes are great, citation very much needed, because they make it easier to have resilient, scalable, systems. SQL databases haven't kept pace though, certainly not like no SQL databases have like Route 53, the world's greatest database. We're still, other than that, using legacy monolithic databases that require ever growing instances of compute. Sometimes we'll try and bolt them together to make them more resilient and scalable, but let's be honest it never works out well. Consider Yugabyte DB, its a distributed SQL database that solves basically all of this. It is 100% open source, and there's not asterisk next to the “open” on that one. And its designed to be resilient and scalable out of the box so you don't have to charge yourself to death. It's compatible with PostgreSQL, or “postgresqueal” as I insist on pronouncing it, so you can use it right away without having to learn a new language and refactor everything. And you can distribute it wherever your applications take you, from across availability zones to other regions or even other cloud providers should one of those happen to exist. Go to yugabyte.com, thats Y-U-G-A-B-Y-T-E dot com and try their free beta of Yugabyte Cloud, where they host and manage it for you. Or see what the open source project looks like—its effortless distributed SQL for global apps. My thanks to Yu—gabyte for sponsoring this episode.Corey: If we take a look at the four tenets that you've identified—connectivity, authentication, authorization, and audit—it makes perfect sense. It is something that goes back to the days when computers were basically glorified pocket calculators as opposed to my pocket calculator now being basically a supercomputer. Does that change as you hit cloud-scale where we have companies that are doing what seem to be relatively pedestrian things, but also having 100,000 EC2 instances hanging out in AWS? Does this add additional levels of complexity on top of those four things?Ev: Yes. So, there is one that I should have mentioned earlier. So, in addition to software, hardware, and people-ware—so those are three things that are exploding, more compute, more software, more engineers needing access—there is one more dimension that is kind of unique, now, at the scale that we're in today, and that's time. So, let's just say that you are a member of really privileged group like you're a DBA, or maybe you are a chief security officer, so you should have access to a certain privileged database. But do you really use that access 24/7, all the time? No, but you have it.So, your laptop has an ability, if you type certain things into it, to actually receive credentials, like, certificates to go and talk to this database all the time. It's an anti-pattern that is now getting noticed. So, the new approach to access is to make a tie to an intent. So, by default, no one in an organization has access to anything. So, if you want to access a database, or a server, or Kubernetes cluster, you need to issue what's called ‘access request.'It's similar to pull request if you're trying to commit code into Git. So, you send an access request—using Teleport for example; you could probably do it some other way—and it will go into something like Slack or PagerDuty, so your team members will see that, “Oh, Corey is trying to access that database, and he listed a ticket number, like, some issue he is trying to troubleshoot with that particular database instance. Yeah, we'll approve access for 30 minutes.” So, then you go and do that, and the access is revoked automatically after 30 minutes. So, that is this new trend that's happening in our space, and it makes you feel nice, too, it means that if someone hacks into your laptop at this very second, right after you finished authenticating and authorization, you're still okay because there is no access; access will be created for you if you request it based on the intent, so it dramatically reduces the attack surface, using time as additional dimension.Corey: The minimum viable permission to do a thing. In principle, least-access is important in these areas. It's like, “Oh, yeah, my user account, you mean root?” “Yeah, I guess that works in a developer environment,” looks like a Docker container that will be done as soon as you're finished, but for most use cases—and probably even that one—that's not the direction to go in. Having things scoped down and—Ev: Exactly.Corey: —not just by what the permission is, but by time.Ev: Exactly.Corey: Yeah.Ev: This system basically allows you to move away from root-type accounts completely, for everything. So, which means that there is no root to attack anymore.Corey: What really strikes me is how, I guess, different aspects of technology that this winds up getting to. And to illustrate that in the form of question, let me go back to my own history because, you know, let's make it about me here. I've mentioned it before on the show, but I started off my technical career as someone who specialized in large-scale email systems. That was a niche I found really interesting, and I got into it. So did you.I worked on running email servers, and you were the CEO and co-founder of Mailgun, which later you sold the Rackspace. You're a slightly bigger scale than I am, but it was clear to me that even then, in the 2006 era when I was doing this, that there was not going to be the same need going forward for an email admin at every company; the cloudification of email had begun, and I realized I could either dig my heels in and fight the tide, or I could find other things to specialize in. And I've told that part of the story, but what I haven't told is that it was challenging at first as I tried to do that because all the jobs I talked to looked at my resume and said, “Ah, you're the email admin. Great. We don't need one of those.”It was a matter of almost being pigeonholed or boxed into the idea of being the email person. I would argue that Teleport is not synonymous with email in any meaningful sense as far as how it is perceived in the industry; you are very clearly no longer the email guy. Does the idea being boxed in, I guess—Ev: [laugh].Corey: —[unintelligible 00:27:05] resonate at all with you? And if so, how did you get past it?Ev: Absolutely. The interesting thing is, before starting the Mailgun, I was not an email person. I would just say that I was just general-purpose technologist, and I always enjoyed building infrastructure frameworks. Basically, I always enjoyed building tools for other engineers. But then gotten into this email space, and even though Mailgun was a software product, which actually had surprisingly huge, kind of, scalability requirements early on because email is much heavier than HTTP traffic; people just send a lot of data via emails.So, we were solving interesting technical challenges, but when I would meet other engineers, I would experience the exact same thing you did. They would put me into this box of, “That's an email guy. He knows email technology, but seemingly doesn't know much about scaling web apps.” Which was totally not true. And it bothered me a little bit.Frankly, it was one of the reasons we decided to get acquired by Rackspace because they effectively said, “Why don't you come join us and we'll continue to operate as independent company, but you can join our cloud team and help us reinvent cloud computing.” It was really appealing. So, I actually moved to Texas after acquisition; I worked on the Rackspace cloud team for a while. So, that's how my transition from this being in the email box happened. So, I went from an email expert to just generally cloud computing expert. And cloud computing expert sounds awesome, and it allows me to work—Corey: I promise, it's not awesome—Ev: [laugh].Corey: —for people listening to this. Also, it's one of those, are you a cloud expert? Everyone says no to that because who in the world would claim that? It's so broad in so many different expressions of it. Because you know the follow-up question to anyone who says, “Yeah,” is going to be some esoteric thing about a system you've never heard of before because there's so many ridiculous services across totally different providers, of course, it's probably a thing. Maybe it's actually a Pokemon, we don't know. But it's hard to consider yourself an expert in this. It's like, “Well, I have some damage from [laugh] getting smacked around by clouds and, yeah, we'll call that expertise; why not?”Ev: Exactly. And also how frequently people mispronounce, like, cloud with clown. And it's like, “Oh, I'm clown computing expert.” [laugh].Corey: People mostly call me a loud computing expert. But that's a separate problem.Ev: But the point is that if you work on a product that's called cloud, so you definitely get to claim expertise of that. And the interesting thing that Mailgun being, effectively, an infrastructure-level product—so it's part of the platform—every company builds their own cloud platform and runs it, and so Teleport is part of that. So, that allowed us to get out of the box. So, if you working on, right now we're in the access space, so we're working closely with Kubernetes community, with Linux kernel community, with databases, so by extension, we have expertise in all of these different areas, and it actually feels much nicer. So, if you are computing security access company, people tend to look at you, it's like, “Yeah, you know, a little bit of everything.” So, that feels pretty nice.Corey: It's of those cross-functional things—Ev: Yeah, yeah.Corey: —whereas on some level, you just assume, well, email isn't either, but let's face it: email is the default API that everything, there's very little that you cannot configure to send email. The hard part is how to get them to stop emailing you. But it started off as far—from my world at least—the idea that all roads lead to email. In fact, we want to talk security, a long time ago the internet collectively decided one day that our email inbox was the entire cornerstone of our online identity. Give me access to your email, I, for all intents and purposes, can become you on the internet without some serious controls around this.So, those conversations, I feel like they were heading in that direction by the time I left email world, but it's very clear to me that what you're doing now at Teleport is a much clearer ability to cross boundaries into other areas where you have to touch an awful lot of different things because security touches everything, and I still maintain it has to be baked-in and an intentional thing, rather than, “Oh yeah, we're going to bolt security on after the fact.” It's, yeah, you hear about companies that do that, usually in headlines about data breaches, or worse. It's a hard problem.Ev: Actually, it's an interesting dilemma you're talking about. Is security built-in into everything or is it an add-on? And logically—talk to anyone, and most people say, “Yeah, it needs to be a core component of whatever it is you're building; making security as an add-on is not possible.” But then reality hits in, and the reality is that we're running on—we're standing on the shoulder of giants.There is so much legacy technologies that we built this cloud monster on top of… no, nothing was built in, so we actually need to be very crafty at adding security on top of what we already have, if we want to take advantage of all this pre-existing things that we've built for decades. So, that's really what's happening, I think, with security and access. So, if you ask me if Teleport is a bolt-on security, I say, “Yes, we are, but it works really well.” And it's extremely pragmatic and reasonable, and it gives you security compliance, but most of all, very, very good user experience out of the box.Corey: It's amazing to me how few security products focus on user experience out of the box, but they have to. You cannot launch or maintain a security product successfully—to my mind—without making it non-adversarial to the user. The [days of security is no 00:32:26] are gone.Ev: Because of that human element insecurity. If you make something complicated, if you make something that's hard to reason about, then it will never be secure.Corey: Yeah.Ev: Don't copy-paste IP table rules without understanding what they do. [laugh].Corey: Yeah, I think we all have been around long enough in data center universes remember those middle of the night drives to the data center for exactly that sort of thing. Yeah, it's one of those hindsight things of, set a cron job to reset the IP table rules for, you know, ten minutes from now in case you get this hilariously wrong. It's the sort of thing that you learn right after you really could have used that knowledge. Same story. But those are the easy, safe examples of I screwed up on a security thing. The worst ones can be company-ending.Ev: Exactly, yeah. So, in this sense, when it comes to security, and access specifically, so this old Python rule that there is only one way to do something, it's the most important thing you can do. So, when it comes to security and access, we basically—it's one of the things that Teleport is designed around, that for all protocols, for all different resources, from SSH to Kubernetes to web apps to databases; we never support passwords. It's not even in the codebase. No, you cannot configure Teleport to use passwords.We never support things like public keys, for example, because it's just another form of a password. It's just extremely long password. So, we have this approach that certificates, it's the best method because it supports both authentication and authorization, and then you have to do it for everything, just one way of doing everything. And then you apply this to connectivity: so there is a single proxy that speaks all protocols and everyone goes to that proxy. Then you apply the same principle to audit: there is one audit where everything goes into.So, that's how this consolidation, that's where the simplicity comes down to. So, one way of doing something; one way of configuring everything. So, that's where you get both ease of use and security at the same time.Corey: One last question that I want to ask you before we wind up calling this an episode is that I've been using Teleport as a reference for a while when I talk to companies, generally in the security space, as an example of what you can do to tell a story about a product that isn't built on fear, uncertainty, and doubt. And for those who are listening who don't know what I'm referring specifically, I'm talking about pick any random security company and pull up their website and see what it is that they talk about and how they talk about themselves. Very often, you'll see stories where, “Data breaches will cost you extraordinary piles of money,” or they'll play into the shame of what will happen to your career if you're named in the New York Times for being the CSO when the data gets breached, and whatnot. But everything that I've seen from Teleport to date has instead not even gone slightly in that direction; it talks again and again, in what I see on your site, about how quickly it is to access things, access that doesn't get in the way, easily implement security and compliance, visibility into access and behavior. It's all about user experience and smoothing the way and not explaining to people what the dire problems that they're going to face are if they don't care about security in general and buy your product specifically. It is such a refreshing way of viewing storytelling around a security product. How did you get there? And how do I make other people do it, too?Ev: I think it just happened organically. Teleport originally—the interesting story of Teleport, it was not built to be sold. Teleport was built as a side project that we started for another system that we were working on at the time. So, there was a autonomous Kubernetes platform called Grá—it doesn't really matter in this context, but we had this problem that we had a lot of remote sites with a lot of infrastructure on them, with extremely strict security and compliance requirements, and we needed to access those sites or build tools to access those sites. So, Teleport was built like, okay, it's way better than just stitching a bunch of open-source components together because it's faster and easier to use, so we're optimizing for that.And as a side effect of that simplification, consolidation, and better user experience is a security compliance. And then the interesting thing that happened is that people who we're trying to sell the big platform to, they started to notice about, “Oh, this access thing you have is actually pretty awesome. Can we just use that separately?” And that's how it turned into a product. So, we built an amazing secure access solution almost by accident because there was only one customer in mind, and that was us, in the early days. So yeah, that's how you do it, [laugh] basically. But it's surprisingly similar to Slack, right? Why is Slack awesome? Because the team behind it was a gaming company in the beginning.Corey: They were trying to build a game. Yeah.Ev: Yeah, they built for themselves. They—[laugh] I guess that's the trick: make yourself happy.Corey: I think the team founded Flickr before that, and they were trying to build a game. And like, the joke I heard is, like, “All right, the year is 2040. Stuart and his team have now raised $8 billion trying to build a game, and yet again it fails upward into another productivity tool company, or something else entirely that”—but it's a recurring pattern. Someday they'll get their game made; I have faith in them. But yeah, building a tool that scratches your own itch is either a great path or a terrible mistake, depending entirely upon whether you first check and see if there's an existing solution that solves the problem for you. The failure mode of this is, “Ah, we're going to build our own database engine,” in almost every case.Ev: Yeah. So just, kind of like, interesting story about the two, people will [unintelligible 00:38:07] surprised that Teleport is a single binary. It's basically a drop-in replacement that you put on a box, and it runs instead of sshd. But it wasn't initially this way. Initially, it was [unintelligible 00:38:16], like, few files in different parts of a file system. But because internally, I really wanted to run it on a bunch of Raspberry Pi's at home, and it would have been a lot easier if it was just a single file because then I just could quickly update them all. So, it just took a little bit of effort to compress it down to a single binary that can run in different modes depending on the key. And now look at that; it's a major benefit that a lot of people who deploy Teleport on hundreds of thousands of pieces of infrastructure, they definitely taking advantage of the fact that it's that simple.Corey: Simplicity is the only thing that scales. As soon as it gets complex, it's more things to break. Ev, thank you so much for taking the time to sit with me, yet again, to talk about Teleport and how you're approaching things. If people want to learn more about you, about the company, about the product in all likelihood, where can they go?Ev: The easiest place to go would be goteleport.com where you can find everything, but we're also on GitHub. If you search for Teleport in GitHub, you'll find this there. So, join our Slack channel, join our community mailing list and most importantly, download Teleport, put it on your Raspberry Pi, play with it and see how awesome it is to have the best industry, best security practice, that don't get in the way.Corey: I love the tagline. Thank you so much, once again. Ev Kontsevoy, co-founder and CEO of Teleport. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment that goes into a deranged rant about how I'm completely wrong, and the only way to sell security products—specifically yours—is by threatening me with the New York Times data breach story.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Sports, Clicks & Politics
EP66: LIVE Interview Kevin McKernan COVID Science, Testing, Masks, Vaccines, Boosters, Ivermectin, Hospital Crisis in NY

Sports, Clicks & Politics

Play Episode Listen Later Sep 13, 2021 86:52


Join hosts Shawn Hannon and Ben Hussong as they separate the latest news from the noise. EP66: Interview Kevin McKernan, Ivermectin, Fauci Lied, Hospital Staffing Crisis Guest: Kevin McKernan is the Chief Science Officer of Medicinal Genomics. Twitter: @Kevin_McKernan McKernan is a scientist and entrepreneur, who's founded multiple companies in the world of biological sciences. His previous works include running a research lab at MIT for the Human Genome Project. He currently serves as the CSO for Medical Genomics studying the genome of Cannabis. In the interview we ask McKernan to discuss the science of COVID. We specifically touch on Testing, Masks & Asymptomatic Spread, Vaccines & Boosters along with Ivermectin & Early Treatment. El Salvador Buys Bitcoin https://www.zerohedge.com/markets/el-salvador-becomes-first-country-officially-accept-bitcoin-legal-tender Cornell https://www.thecollegefix.com/despite-95-vaccination-rate-cornell-today-has-five-times-more-covid-cases-than-it-did-this-time-last-year/?fbclid=IwAR04MDcYS2hMZk4qnk9o0qqZi1lIddSO12oLmJz6da_IBeK4l2BcAcVyywU Hospital crisis https://www.msn.com/en-us/news/us/hospital-to-stop-delivering-babies-as-maternity-workers-resign-over-vaccine-mandate/ar-AAOiVWV?fbclid=IwAR16oULqNPPAHDipy9x0QbcuaQw9dQQe35oMPPXUrOyvJwyBfhuCXKYl7HQ & https://13wham.com/news/local/canandaigua-hospital-ceo-says-vaccine-mandate-could-cripple-health-care-systems?fbclid=IwAR0jkSwM-svIjbo7xmK9fVhRDGUx6KMqisZXHsYZGoA0tkShWV4apYGSCqM ## About the Sports, Clicks & Politics Podcast SCAPP is a weekly podcast with a Livestream every Monday at 12pm eastern. Join hosts Shawn Hannon and Ben Hussong as they separate the latest news from the noise. The podcast has frequent guest interviews for additional perspectives in the worlds or sports, politics and beyond! Follow the show on social media Website: scappodcast.com Facebook: facebook.com/scappodcast Twitter: @SCAPPodcast Follow Shawn & Ben on social media Facebook: facebook.com/hannon44 Twitter: @hannon44 Facebook: facebook.com/ben.hussong.3 Twitter: @benhussong --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/scapp/support

BFM :: General
WAO Malaysia - Just A Call Away

BFM :: General

Play Episode Listen Later Sep 10, 2021 34:32


It's said that women have borne much of the brunt of the fallout of the COVID-19 pandemic. According to UN Women, one in three women experienced physical or sexual violence, mostly by an intimate partner in prepandemic times. During the pandemic, there has been a dramatic increase of violence against women and girls, particularly of domestic violence, as lockdown measures also saw women with violent partners increasingly isolated from people and resources that could help them. The post-pandemic economic impact has further limited women’s opportunities to escape violent situations. This “Shadow Pandemic”, as defined by UN Women is growing, and here in Malaysia, the Women's Aid Organisation is one of the many CSO's helping women experiencing domestic violence. We catch up with Sumitra Visvanathan, the Executive Director of WAO, to discuss this and also why we must prioritize the eradication of gender-based violence, even in times of austerity. If you or anyone you know are experiencing domestic violence, call the 24-hour WAO hotline at 03-3000 8858 or SMS/WhatsApp 018-988 8058.

The Chris Knott Podcast
Blood Markers & DNA Testing For Maximal Strength & Muscle Development

The Chris Knott Podcast

Play Episode Listen Later Sep 9, 2021 55:51


Episode #180 - Dr Gil Blander***Dr Blander, CSO of Insider Tracker joins me on the show to discussThe ageing process, how we age and what we can do to prevent itThe most important blood markers to focus on when having a test doneWhat markers are most important to pay attention to for strength and hypertrophy gainsFasting and carbohydrate managementThe role of genetics in blood testing and how it impacts resultsThe best and worst supplements to takeThe future of DNA testing and what he thinks will be available in 10 & 50 years time

The Big Bid Theory
Cybercriminals Would Appreciate You Not Listen to This Episode. Two Ways to Improve Your Cybersecurity.

The Big Bid Theory

Play Episode Listen Later Sep 8, 2021 30:04


Cybersecurity continues to be a challenge for individuals, business, and governments. You? Roger Grimes, from KnowBe4, explains how social engineering poses an enormous threat to your IT assets and outlines what you need to prioritize to protect against cybercriminals. Are your efforts futile? Listen, as Grimes provides insights to help you tackle the problems… it isn't a long to-do list. In Crazy Bids, Rick Jennings tips his cap to fans of the movie, Forrest Gump. Yum!All of that and more. A lot more!Our Guest: Roger GrimesData-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 12 books and over 1,000 national magazine articles. He frequently consults with the world's largest and smallest companies, and militaries, and he has seen what does and doesn't work. Grimes was a weekly security columnist for InfoWorld and CSO magazines from 2005 - 2019. He regularly presents at national computer security conferences, and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR's All Things Considered. Roger is known for his often contrarian, fact-filled viewpoints.Grimes' twitter: @rogeragrimesKnowBe4: https://www.knowbe4.com/

Capes On the Couch - Where Comics Get Counseling

Intro New #BecauseComics moment per episode Background (2:58) Crystalia Amaquelin created by Stan Lee and Jack Kirby in Fantastic Four #45 (Dec. 1965) She is unique among Marvel characters in that she has been a member of the Fantastic Four, Avengers, and Inhumans, as well as tangentially related to the X-Men Crystal is a member of the Inhuman Royal Family, sister to Queen Medusa, with the ability to control the elements She first encountered the Fantastic Four on the run from the Seeker, who wanted to destroy the Royal Family - saved by Johnny Storm, the two quickly fell in love When Sue Storm Richards was pregnant with Franklin and left the team, Crystal served as her replacement Left the team after discovering that her stay on Earth was poisoning her, as her Inhuman body could not handle the Earth's atmosphere, and she returned to Attilan, breaking up with Johnny In the process of Lockjaw teleporting her home, she encountered Quicksilver, who was injured battling Sentinels - she brought him home to the Great Refuge to help him recover, and over time they fell in love and announced their marriage They had a baby girl, Luna, who exhibited no powers - Crystal forced Pietro to agree that Luna would grow up normally Pietro's temper grates on Crystal, and she has an affair with Wanda & Vision's realtor, a human named Norman Webster - Norman ends the affair when he realizes Crystal is married, and Pietro initially refuses to attempt reconciliation She attempted to renew her relationship with Johnny, but she found he was married to Alicia Masters (actually a Skrull in disguise #BecauseComics), and when an Inhuman crisis endangered the entire family, she and Pietro eventually reconciled Joined the Avengers, and moved into the mansion with Luna and her nanny, Marilla During her tenure, she became close with Dane Whitman, the Black Knight, who was himself the target of Sersi's affections, all while Crystal and Pietro were working on reestablishing their relationship - this love quadrangle created many difficult situations, until Dane & Sersi were sent to another dimension After Heroes Reborn, Crystal and Pietro were reunited, but Dane also returned to the universe, and when Dane and Pietro later fought over Crystal, she left them both to return to Attilan to think After House of M, Pietro stole Terrigen Mists and exposed Luna, granting her powers - this act led to Black Bolt annulling the marriage She was then betrothed to Ronan (by Medusa) as part of an alliance between the Inhumans and the Kree - the marriage was quickly ended, however, as a deal was struck with Black Bolt and the Supreme Intelligence Made an Inhuman ambassador by Queen Medusa, leads the Royal Inhuman Diplomatic Mission Issues (9:10) Jeanine: Stepping away from royal family In the shadow of her older sister (19:17) Difficulty of being a super parent (25:12) Break (30:44) Plugs for BetterHelp, Scotch N Sports, and Al Ewing Treatment (32:42) In-universe - Bring in Captain Planet as a mentor Out of universe - Focus on emotional impact of making those important decisions (35:14) Skit (41:52)  Doc: Hello Crystal, I'm Dr. Issues.  Crystal: Hi Doctor. D: Thank you for meeting with me. I'm a little sad to see Luna's not here, though. C: She's with my family. For better or worse I have no shortage of babysitters. It helps to know so many folks with superpowers. D: Yes, you do have quite the list of friends and colleagues.  C: Which is one of the things I wanted to talk to you about. D: OK, shoot.  C: I've been an Avenger, a member of the Fantastic Four, one of the Inhuman Royal Family, and affiliated with the X-Men. I hardly have any peers who have those kinds of connections. And my powerset means I can control all of the elements. Yet I always feel like I'm not taken seriously enough. I'm either Medusa's kid sister, or worse yet Pietro's ex. D: So your primary issue is that of establishing an identity separate from those around you? C: Yes, exactly! D: I see. Well, my first thing I want to make clear is that being part of these groups isn't necessarily a bad thing, and- C: Oh I'm well aware, and I apologize if it came across as such. I'm proud to be included in these rosters. The relationships I've built over the years mean the world to me, and I wouldn't trade them for anything. It's just… that's not *all* of who I am. D: That's certainly frustrating, and I see why- C: And that's what few people understand. Pietro understood that...understands that? I don't know...we've gone back and forth so many times. He's so impulsive. I want him to slow down sometimes, but that's not who he is, and then that makes me realize that I wasn't understanding him...oh, it burns me up inside! *flame sound effect* D: Relationships that are frayed don't have to be completely incinerated...like you just did to that insurance form. Can we -  C: Oh no! I didn't mean to take it out on your possessions! That reminds me of when I talk to Johnny. It's weird. We work as great friends, but I sometimes go down a ‘what-if' rabbit hole if I had built something special with him. But that's not fair to him either. My mind is a tornado right now *wind noises* D: I see...how demonstrative. *clearly frustrated* I'll just restack those files a bit later. It sounds like you have tied so many parts of who you are to other people, that it even becomes tiresome for you to differentiate your motivations from those around you. How do you cope with that? C: I make time for myself. At least, I used to. I'm not an absentee parent. Luna comes first. When I get a chance like this, I seem to be out of sorts. *water effects gently throughout her speech* I get flooded with thoughts of how she's doing, if I'm missing something, if I should have pushed for more co-parenting, If I'm pawning her off too much. Am I making any sense? D: *barely hiding his frustration* I am awash with inspiration on how to help you...and so are my shoes. The anxiety of parenting never goes away, but rest assured that one of the best things you can show your child is letting them face some of their own challenges. C: *angry* Challenges?! She was kidnapped before! Caring for Lockjaw is a challenge! No, I won't be a helicopter parent, but do you know what it's like to lose the most important thing to your soul? You question reality. *earthquake effects* The ground you walk on might as well swallow you whole. Everyone judges you left and right. You judge yourself...harshly. It's not fair. It's not fair to her, or to me. I can stand on my own without a royal say-so- D: CRYSTAL! STOP!  C: Huh? D: *Exhausted, but calm* Please...stop. I got the message. I've never had a patient connect so viscerally to everything that's going on in their psyche. This is a private session, but it may be the greatest public example of what makes you...you! C: So it's just my powers? D: NO! No. It's the emotional intelligence fluidity. You are able to adapt to those around you and feel just as comfortable on a new team as well as with old friends. New bonds are capable of being as strong, or stronger, than prior relationships. That's a trait that not everyone comes by easily. But there's an obvious peril with that. You're always navigating a shifting hierarchy of personal priorities. That can be exhausting. C: *sarcastic* You don't say? I just… I don't want to BE my sister, but sometimes I envy the straightforward manner with which she deals with situations. She's the queen. Everyone knows that, so there's no wishy-washiness. With me, it all depends on who it is and what they need. I know you're saying that's a good thing, but uggghhhh is it draining. D: I get that. And I'm grateful that wasn't accompanied by another power flux. What I would encourage you to do is to take a look at each relationship in your life, and determine how important it is to you. You don't have to rank each one individually, maybe just use a few tiers. Then, if you're in a situation where you have a choice to make, utilize the tiers to determine which one takes precedence. And let's not forget about your own needs as well. C: Hmm. Interesting idea. Well, it can't be any worse than what I've been doing so far. Which is winging it. D: Much of life is winging it, but with a bit more wisdom each time. The course corrections are less tricky with every turn. C: I understand. Thanks for the advice, and sorry for the damage to the office. You can send the bill to Black Bolt. At least we know he won't yell about it *heehee* Ending (47:32) Recommended reading: Avengers: Bloodties, War of Kings Next episodes: Emma Frost, Starfire, Children of super villains Plugs for social References: Medusa episode - Anthony (4:02) South Park “Feelin' good on a Wednesday” - Anthony (9:06) Don Cheadle is Captain Planet - Anthony (34:04) Apple Podcasts: here Google Play: here Stitcher: here TuneIn: here iHeartRadio: here Spotify: here Twitter Facebook Patreon TeePublic Discord

Task Force 7 Cyber Security Radio
Encore: Ep. 168: A CISO's Insights on Global Trust

Task Force 7 Cyber Security Radio

Play Episode Listen Later Sep 6, 2021 60:59


Renowned Global CISO and Privacy Officer Dr. Rebecca Wynn joins co-host Andy Bonillo on Episode #168 of Task Force Radio to provide insights on global trust, the importance of wellbeing, and a recap of privacy month. Dr. Wynn also discusses her perspective on communicating to boards, the importance of efficiency and ROI metrics, as well as the importance of focusing on making sure a hacker does not ride the rails of a third party into your network. All this and much, much more on Episode #168 of Task Force 7 Radio...

Task Force 7 Cyber Security Radio
Ep. 192: Why Are Ransomware Attacks So Successful

Task Force 7 Cyber Security Radio

Play Episode Listen Later Aug 30, 2021 60:00


The Chief Technology Officer of Inquest, Pedram Amini joins host George Rettas on Episode #192 of Task Force Radio to talk about the recent high profile ransomware attacks, why ransomware attacks are so successful, both from an attacker perspective and the practitioner's perspective, and he also breaks down what companies can do to harden then security postures against these types of the attacks. Amini also broke down the Trystero Project and his passion for research and development into the most recent malware tactics the bad guys are using. All this and much, much more on Episode #192 of Task Force 7 Radio.

The Third Wave
Jeffrey Becker, M.D. The Science of Ketamine: What's Really Going on in Your Brain?

The Third Wave

Play Episode Listen Later Aug 29, 2021 73:19


As one of the earliest researchers and advocates for ketamine's use in healing pain, depression, and addiction, Jeffrey Becker, M.D., is on the forefront of harnessing ketamine's massive untapped potential. In addition to his personal functional psychiatry practice, Jeff is the co-founder and CSO of Bexson Biomedical, which has created a subcutaneous ketamine infusion pump for safe, at-home pain management. In this episode, Jeff and Paul enjoy a wide-ranging discussion about responsible use of psychedelics, the connections between mysticism and science, and the fragile future of these powerful substances.

Mighty Buildings Podcast
Mighty Buildings Podcast featuring Chris Coulter

Mighty Buildings Podcast

Play Episode Listen Later Aug 27, 2021 22:27


Chris has substantive international experience having lived in North America, Europe, and Asia and works with GlobeScan clients in all regions of the world. He is a member of Walgreens' Corporate Responsibility Advisory Board, The Test of Corporate Purpose Advisory Board, and the Multinational Subcommittee of B Lab's Standards Advisory Council. He is also the Chair of Canadian Business for Social Responsibility, and is the author of the new book, All In: The Future of Business Leadership. 

The Healthcare Security Cast
Episode 117 - Interview with WIll Plummer

The Healthcare Security Cast

Play Episode Listen Later Aug 25, 2021 28:12


HOW IS YOUR ORGANIZATION ADDRESSING THE CHALLENGE OF MAIL THREATS? On this episode we're joined by Will Plummer, CSO of RaySecur discussing how mail threats have impacted healthcare facilities since the beginning of the pandemic. With the increase of threats to executives in healthcare organizations mail has become another focal point for organizations. We discuss some of the unique challenges, problems commonly encountered, who is being impacted and of course solutions that are available and currently being used in healthcare facilities. Will's contact info: will@raysecur.com RaySecur's website: https://raysecur.com Sponsors and Collaborators: 3D Network Technology, Genetec, The Change Execution Group and 360 LIFE TRANSFORMATIONS, Canadian Security and Omnigo. For more places to listen, to be a guest on the podcast, become a sponsor or follow our social media pages check out: https://linktr.ee/brinehamilton

כל תכני עושים היסטוריה
Kill the Spreadsheet [The Industrial Security Podcast]

כל תכני עושים היסטוריה

Play Episode Listen Later Aug 18, 2021 31:32


No one person has all the answers. Bill Lawrence, CSO at SecurityGate.io joins us to look at industrial risk assessments in modern, complex environments.

Rock The Podcast
Podcast Interview Strategy with Scott Schober

Rock The Podcast

Play Episode Listen Later Aug 16, 2021 34:35


On this special episode of Monetize the Mic, Booking Agent and Team Lead Riley gets the chance to sit down with Scott Schober to talk all about podcast interview strategy! Scott is the President and CEO of Berkeley Varitronics Systems, a 48-year-old, New Jersey-based provider of advanced, world-class wireless test and security solutions. He is the author of three best-selling security books: Hacked Again, Cybersecurity is Everybody's Business, and Senior Cyber. Scott is a highly sought-after author and expert for live security events, media appearances, and commentary on the topics of ransomware, wireless threats, drone surveillance and hacking, cybersecurity for consumers, and small business. He is often seen on ABC News, Bloomberg TV, Al Jazeera America, CBS This Morning News, CNN, Fox Business, and many more networks. Scott also serves as the CSO and Chief Media Commentator for Cybersecurity Ventures and sits on several cyber advisory boards for various companies. Riley asks Scott about the preparation process for all of his media appearances and podcast interviews. How does Scott create a structure around such a busy process? Scott's first piece of advice is, it's never good to be too comfortable. Once you feel like you're in your comfort zone, you should try to get out of it. It's great to be confident but you still want to have some butterflies. If you're too confident, sometimes you won't know what to say.  He also highly recommends spending the time to educate yourself and prepare. Before any media appearance or podcast interview, Scott always reads a few articles about the topic he wants to discuss. He then digests it and meditates on it. When he goes on a podcast, he always likes to make it a goal to have three stats that he can remember off the top of his head. Scott will weave in a statistic to bring home the point in his interviews! Most importantly, Scott explains that you have to be true to yourself and be authentic. While doing this, you can apply practical tips that are not too complex. By doing that, people will walk away and have learned something that they can apply in their own lives. It's so important to always share something, impart some knowledge, and teach something. That will make your interviews more effective and it will help grow your brand! Scott has an incredibly busy schedule and busy life. Riley helped Scott right away by recommending that he start tracking all his interviews. Scott has over 50 interviews in his Interview Connections package, so organization is key. Scott encourages everyone listening to track their podcast interviews!  He also recommends preparing for an interview 24 hours in advance and keeping it topical. For Scott, education is key to being the best expert he can be. Before going on a podcast, Scott always listens to who is going to be interviewing him. He listens to the show and gets a sense of their style. The more natural the interview, the better it is. It may seem obvious, but Scott always thanks the person who interviewed him! He likes to write a little thank you note, and point out something specific and positive about the experience.  Hosting a podcast isn't easy work, and a host will appreciate it! Scott also always shares and promotes the podcast episodes he's been on. It's not just about you, sharing your interviews is also about thanking the host and building a foundation with them. Scott also reminds listeners to make sure that they have decent quality equipment before their podcast interview. Don't show up unprepared. About half of the podcasts Scott does are video, he's always ready to potentially be on video. He reminds us that if you fumble on the technical side, you lose your focus. You want to focus on the interview! Scott also keeps a physical checklist of everything he needs for the interview. This helps to frame things, and makes him a better guest.  Riley asks if Scott can speak to the importance of improvisation and staying on your feet as a podcast guest.  This skill is fundamental, explains Scott. He stresses the importance of being able to read the audience. To be a great podcast guest, you have to know your audience and have the flexibility to pivot if necessary. Put yourself in their shoes!  Scott reminds us that a podcast host is giving you an opportunity to speak and share your expertise. They're giving you the power of the mic, and you should be gracious. Thank them for the privilege that you're there! He also recommends that if you don't know the answer to a question, don't try to fake it. That breaks down your credibility and hurts the podcast. Stay true to yourself and do the research!   A fascinating effect that Scott has noticed is the more podcasts you do, the more opportunities you have. As he's been doing dozens of podcast interviews, Scott has now received opportunities for radio, speaking, conferences, TV, and more. Scott really believes in the service mindset of a podcast guest. For Scott, the more you do for other people, the more it comes back indirectly. Whatever you give away will come back to you twofold. Put yourself out there, you don't know what's going to happen! You can find Scott at his website, scottschober.com, and on his podcast, What Keeps You Up at Night!

The CyberWire
Rick Howard: Give people resources. [CSO] [Career Notes]

The CyberWire

Play Episode Listen Later Aug 15, 2021 8:09


Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us.

Career Notes
Rick Howard: Give people resources. [CSO]

Career Notes

Play Episode Listen Later Aug 15, 2021 8:09


Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us.

Orchestrating Change by Canton Symphony Orchestra
Season 2, Episode 10 | The Next Generation with OCLP Participants

Orchestrating Change by Canton Symphony Orchestra

Play Episode Listen Later Aug 13, 2021 70:20


This episode marks the end of the first Orchestrating Change Leadership Program and Season 2 of the Orchestrating Change podcast. All summer, 9 college students met via Zoom on Tuesdays and Thursdays to discuss issues of diversity, equity, and inclusion; network with over 30 industry professionals; and develop skills to become to next leaders in the field of music. Along with this learning, the OCLP students worked together to create an educational program that would seek to actively combat issues of accessibility and inequality in our Canton community. Their final presentation left the staff and board of the CSO, along with community members, excited for what the future will hold here at the symphony. We cannot wait for 2022 and the next Orchestrating Change Leadership Program! We would like to thank OCLP participants Samaria Hill, Valerie Mathis, and Irene Guggenheim-Triana for lending their voices for this episode. "...it definitely lived up to its name, "Orchestrating Change". We as a collective group actually put something together, networked, and made something happen, which pleasantly surprises me. I feel like I contributed to something very important in the world of music and I'm very proud and blessed to have been a part of this!" - 2021 OCLP Participant Orchestrating Change is available wherever you get your podcasts. Go to www.cantonsymphony.org/orchestrating-change/ to sign-up for email reminders, view past episodes, and see the various channels where you can view our content. For more information about everything else we are offering at this time, please visit www.cantonsymphony.org.

Online Success Journey
#312: Bill McCormick

Online Success Journey

Play Episode Listen Later Aug 12, 2021 29:01


Bill McCormick discovered the power of LinkedIn and social selling when he and his wife started their advertising specialty company over 5 years ago. With only a handful of clients, he quickly became a student of social selling, discovering how to find leads and generate sales. Now, Bill's passion is to take what he's learned and pass that on to those in sales, helping them leverage LinkedIn to build stronger relationships, taking connections from the digital space to the face-to-face. Bill is the CSO of Social Sales Link as well as a member of The Sales Experts Channel where he co-hosts a weekly show, Making Sales Social which will be released as a podcast in the very near future.

CI&T Podcast
Innovation | New Look: How startups and technology change our lives

CI&T Podcast

Play Episode Listen Later Aug 12, 2021 30:16


Innovation in the startup world goes far beyond trends and "unicorns" – it has the power to continually change our lives. In this new episode of the CI&T Podcast, Rishi Taparia, Managing Partner at Garuda, joins Bob Wollheim, CSO at CI&T, in a 3-part conversation that covers the essential unseen elements of technology, investments, startups, and innovation: Part 1- Investments and Startups Part 2- Consumer and Business Behavior Part 3- Corporate Innovation

The Tech Blog Writer Podcast
1681: ex-Googler, Ryan Gurney Joins YL Ventures as CISO-in-Residence

The Tech Blog Writer Podcast

Play Episode Listen Later Aug 9, 2021 20:56


After several years of serving on YL Ventures' Venture Advisory Board among 100 global CISOs and cybersecurity executives from Fortune 100 and high-growth companies, Ryan Gurney is now looking to take a more active role in fostering the success of early-stage startups as a full-time CISO-in-Residence. He brings the experience of holding leading security roles in both startups and global enterprises to provide Israeli cybersecurity entrepreneurs with unparalleled guidance on achieving product-market fit and customer success. Ryan is also the Former Chief Security Officer (CSO) at Looker, a business intelligence software and big data analytics platform acquired by Google for $2.6B, now part of the Google Cloud Platform. Prior to the acquisition, Gurney served as Looker's CSO, leading security and compliance and helping Google and Looker integrate and centralize key security processes post-acquisition. Previously, he also led all security functions at Zendesk in his role as VP of Information Security, where he played a key role in the company's successful IPO. Additionally, he held security leadership roles at Engine Yard, eBay and PwC. Ryan shares his story and career in tech. We talk about supply chain management and explore where customer and company data is going, who administers it, how it's protected, and what it costs. We also discuss IP protection, API security, and much more.  

The Tech Blog Writer Podcast
1671: Ericom - ZTEdge, Zero Trust Cloud Solution for MSEs & SMBs

The Tech Blog Writer Podcast

Play Episode Listen Later Jul 30, 2021 16:24


Ericom Software recently announced the release of ZTEdge, an all-in-one zero trust cloud security platform designed specifically for midsize enterprises, a market underserved yet highly vulnerable to cyberattacks. Ericom's CSO, Chase Cunningham joins me on the Tech Talks Daily Podcast to discusses the market, positioning, and why this product is an industry-first for midsize enterprises. Large enterprises have accelerated their adoption of zero-trust security in response to the increased levels of cyberattacks experienced during the pandemic. Equally vulnerable, midsized enterprises and small businesses have the same need for zero-trust security protection. Still, existing solutions are too complex, too expensive, and too resource-intensive for many of them to adopt. ZTEdge provides a solution that is right-sized for the needs of this market. It offers a comprehensive solution that reduces cyber risk, cuts complexity, and improves performance, all at price points dramatically lower than competitive offerings. We explore the following key areas: Identifying Users and Authenticating Devices: connects the right people and devices to the right apps and resources by using password-based or passwordless authorization and multi-factor authentication. Secure Web and Internet Access: protect users as they interact with the web and email by leveraging URL filtering, anti-virus scanning, anti-phishing protection, remote browser isolation (RBI), and more. Secure Remote Private Application Access: provides a simple way to connect remote workers with private cloud or on-premises applications, using Zero Trust Network Access (ZTNA) capabilities. SaaS Application Access Control: offers dedicated ZTEdge tenant IP addresses allowing organizations to enforce IP-based access policies to secure apps like Office 365 or Salesforce, thereby eliminating credential theft risks. Network Protection and Monitoring: segments and monitors networks using machine learning-powered micro-segmentation and granular network traffic analysis – stopping threats from spreading. User-Branch-Internet Connectivity: integrated SD-WAN capabilities allow an organization to securely connect users and offices and securely route branch traffic directly to the ZTEdge cloud and internet, eliminating the need to backhaul branch traffic over costly MPLS circuits.  

Defense in Depth
Measuring the Success of Cloud Security

Defense in Depth

Play Episode Listen Later Jul 29, 2021 27:17


All links and images for this episode can be found on CISO Series How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams? Check out this post and this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest Matthew Chiodi (@mattchiodi), CSO, public cloud, Palo Alto Networks. Thanks to our podcast sponsor, Palo Alto Networks If you're doing cloud security right, no one knows if you've done anything. When you do it wrong, well, you end up on Cybersecurity Headlines. Prisma Cloud from Palo Alto Networks helps ensure your security stays in the quietly appreciated group. It's a single security platform that delivers comprehensive protection from code to cloud. Learn more at paloaltonetworks.com/prisma/cloud. In this episode What requirements need to be measured? Measuring against compliance Building a company-specific guardrails framework Measuring team performance by number of opened and closed issues

Paul's Security Weekly
Nefarious Drivers - PSW #703

Paul's Security Weekly

Play Episode Listen Later Jul 23, 2021 204:54


This week, we kick off the show with an interview featuring Jeff Tinsley, CEO of RealMe, to talk about The Online Safety and Security as it Pertains to Dating Apps and Online Marketplaces! Next up, we welcome Gordon Draper, Founder and CEO of CyberMarket.com, to talk about the Democratisation and Globalisation of CyberSecurity Consulting! In the Security News, Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!   Show Notes: https://securityweekly.com/psw703 Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found.   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly
Use Your Network - BSW #224

Paul's Security Weekly

Play Episode Listen Later Jul 21, 2021 58:17


In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O'Reilly, Co-Founder and CPO of CyberSaint discusses what he's learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it's CyberStrong platform.   In the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more!   Show Notes: https://securityweekly.com/bsw224 To learn more about CyberSaint, please visit: https://securityweekly.com/cybersaint Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly