Podcasts about cybersecurity canon

Recorded live at Blu Ventures' Cyber Venture Forum! I got the chance to speak with Rick Howard, previously Chief Security Officer at Palo Alto Networks from 2013 to 2019. Rick has a wealth of cybersecurity industry experience, and he wrote a book called Cybersecurity First Principles and maintains the cybersecurity book hall of fame, called the Cybersecurity Canon. In this episode we discussed his perspective on the fundamental themes of cybersecurity with a lens to how entrepreneurs and investors can leverage these ideas.Cybersecurity Canon WebsiteCybersecurity First Principles on AmazonSponsored by VulnCheck!

I think, therefore I am, is René Descartes'first principle. But how does that relate to cybersecurity?  In this episode of Threat Talks, hostLieuwe Jan Koning is joined by Rick Howard – former Commander of the US Army'sComputer Emergency Response Team and former CSO of Palo Alto Networks – todiscuss the first principle of cybersecurity.  ❓What's the difference between cybersecurity strategy and tactics?❓How come some random geezers are better at cybersecurity forecastingthan industry pros?❓Is resilience the ultimate cybersecurity strategy?❓Why does Rick Howard think Zero Trust is a passive strategy?   And for the book lovers amongst us – over500 cybersecurity books are published each year. Wanna know which are worthyour time?  Rick Howard's Cybersecurity Canon has gotyou covered: https://icdt.osu.edu/about-cybersecurity-canon

Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.” References: Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads. Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University. Rick Howard Cybersecurity Canon Concierge Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon's Hall of Fame and Candidate books. If you're looking for recommendations, we have some ideas for you. RSA Conference Bookstore JC Vega: May 6, 2024  | 02:00 PM PDT Rick Howard: May 7, 2024  | 02:00 PM PDT Helen Patton: May 8, 2024  | 02:00 PM PDT Rick Howard RSA Birds of a Feather Session:  I'm hosting a small group discussion called  “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford's Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion. If you want to engage in a lively discussion about the infosec profession, this is the event for you.  May. 7, 2024 | 9:40 AM - 10:30 AM PT Rick Howard RSA Book Signing I published my book at last year's RSA Conference. If you're looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you. RSA Conference Bookstore May 8, 2024 | 02:00 PM PDT Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard Cyware Panel:  The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103 May 8, 2024 | 8:30am-11am PST Simone Petrella and Rick Howard RSA Presentation:  Location: Moscone South Esplanade level May. 9, 2024 | 9:40 AM - 10:30 AM PT Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.

Rick Howard, N2K's CSO and The Cyberwire's Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. RSA Presentation:  May. 9, 2024 | 9:40 AM - 10:30 AM PT Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.

Rick Howard, N2K's CSO and The Cyberwire's Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. RSA Presentation:  May. 9, 2024 | 9:40 AM - 10:30 AM PT Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, interviews Dan Gardner about this 2023 Cybersecurity Canon Hall of Fame book: “Superforecasting: The Art and Science of Prediction.”

Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, interviews Nicole Perlroth about her 2023 Cybersecurity Canon Hall of Fame book: “This Is How They Tell Me the World Ends.”

Rick Howard, N2K's CSO and The Cyberwire's Chief Analyst and Senior Fellow, and Andy Hall, Cybersecurity Canon Committee Member, discuss the 2023 Cybersecurity Canon Hall of Fame book inductee: “The Hacker and the State” by Ben Buchanan.

Jim and Jeff talk with Helen Patton, Chief Information Security Officer for the CISCO Security Business Group, about her views on a range of IAM topics through her eyes as a CISO. Connect with Helen: https://www.linkedin.com/in/helenpatton/ Visit her website: https://www.cisohelen.com/ Cybersecurity Canon: https://cybersecuritycanon.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dr. George Shea, the Chief Technologist of the Transformative Cyber Innovation Lab (also known as the TCIL or the Lab) of the Foundation for Defense of Democracies (FDD), a nonprofit, nonpartisan 501(c)(3) research institute that concentrates on foreign policy and national security. George is also a member of the Operational Resilience Framework (ORF) Task Force, Cybersecurity Canon, and a contributor at The CyberWire.    Together, Eric and George examine the continuous visibility that SBOM brings to software supply chains, the push for SBOM's adoption and use, and the thorny questions that enterprises face when they adopt this critical tool.    Interview with Dr. George Shea    Dr. George Shea, Chief Technologist at FDD, has made vast contributions in SBOM research and thought leadership and to the wider discussion of how to advance cybersecurity. Prior to joining FDD, George served as a Chief Engineer at MITRE, leading initiatives to improve the technical integrity and quality of the products and deliverables of the IT services and consulting leader. She holds a Doctor of Computer Science degree from Colorado Technical University and an MS in Computer and Information Sciences and Support Services from Regis University.    In this episode, Eric and George discuss: How the SBOM offers critical visibility into the supply chain vulnerabilities of existing software deployments The source of the push for SBOM's adoption and use: government or private sector?  Regulators' slow walk toward requiring SBOM as a cybersecurity practice The thorny questions that come with adopting SBOM: how to generate, deploy, and use an SBOM Critical next-step SBOM considerations such as formats, required fields, ensuring its reporting integrity, and building a mechanism to follow through on its results   Find George on LinkedIn: Dr. George Shea: https://www.linkedin.com/in/drgeorgeshea/   Learn more about the Foundation for Defense of Democracies (FDD): https://www.linkedin.com/company/foundation-for-defense-of-democracies/   To see Dr. Shea's Working Draft of the SBOM Lifecycle and Landscape and the SBOM Use Case with RMF that she references on this episode, please see this link.    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

Veteran cybersecurity journalist and author Joseph Menn, now at the Washington Post, talks about his books and the best reporting on hacking and defense today. Since he began writing on the subject in 1999, Menn has broken some of the biggest stories in the industry and written two of most widely read books in the Cybersecurity Canon.   Segment Resources: https://www.amazon.com/Joseph-Menn/e/B001HD1MF6%3Fref=dbs_a_mng_rwt_scns_share https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/ https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/ https://www.reuters.com/article/us-usa-security-rsa/exclusive-secret-contract-tied-nsa-and-security-industry-pioneer-idUSBRE9BJ1C220131220 https://www.reuters.com/article/microsoft-china/insight-microsoft-failed-to-warn-victims-of-chinese-email-hack-former-employees-idUKL1N14I1LU20151231 https://www.wired.com/story/cult-of-the-dead-cow-at-stake-hackers-excerpt/   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw746

Veteran cybersecurity journalist and author Joseph Menn, now at the Washington Post, talks about his books and the best reporting on hacking and defense today. Since he began writing on the subject in 1999, Menn has broken some of the biggest stories in the industry and written two of most widely read books in the Cybersecurity Canon.   Segment Resources: https://www.amazon.com/Joseph-Menn/e/B001HD1MF6%3Fref=dbs_a_mng_rwt_scns_share https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/ https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/ https://www.reuters.com/article/us-usa-security-rsa/exclusive-secret-contract-tied-nsa-and-security-industry-pioneer-idUSBRE9BJ1C220131220 https://www.reuters.com/article/microsoft-china/insight-microsoft-failed-to-warn-victims-of-chinese-email-hack-former-employees-idUKL1N14I1LU20151231 https://www.wired.com/story/cult-of-the-dead-cow-at-stake-hackers-excerpt/   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw746

Enjoy this sample of CSO Perspectives, a CyberWire Pro podcast. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. On this episode, host Rick Howard discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table.  S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019.  “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.

Two members of the CyberWire's Hash Table of experts, Gary McAlum, USAA CSO and Don Welch, Penn State CIO, join Rick Howard to discuss the SolarWinds attack. Resources: S1E6: 11 MAY: Cybersecurity first principles. S1E7: 18 MAY: Cybersecurity first principles: zero trust. S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles: resilience. S1E11: 15 JUN: Cybersecurity first principles: risk assessment. S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. “Cybersecurity Canon,” by Ohio State University. “Do I Need a Third-Party Security Audit?” By Rachel Phillips, Bleeping Computer, 2 March 2018.  “SolarWinds hack officially blamed on Russia: What you need to know,” by Laura Hautala, Cnet, 5 January 2021. “Sunburst backdoor – code overlaps with Kazuar,” by SecureList, Kaspersky, 11 January 2021.

In this episode we review and discuss a book that was nominated to the Cybersecurity Canon, but not accepted - Daemon by Daniel Suarez. We start off spoiler free, but quickly go deep into spoiler territory and discuss the plot of the book, the technology used in the book, the hacking seen, and the future that the Daemon plans for us all. Links:Cybersecurity CanonDaemon by Daniel Suarez As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do

Rick discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table.  S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019.  “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.

Helen Patton joins Tech Done Different to provide insights from her new book and explain the Cybersecurity Canon, a collection of books to help security professionals.As an advisory CISO and published author, Helen Patton advocates for how to get people into the security industry, and how to navigate a career in the field. She joins Tech Done Different to provide insights from her new book and explain the Cybersecurity Canon, a collection of books to help security professionals.You'll learn:why writing a book enables you to "mentor at scale"why we should hire based on potential, not demonstrated experiencewhy recruiting for security should include going to middle and high schoolswhy self care is so important in a security careerwhy you need to understand your "why"why security is a business enabler________________________________GuestHelen PattonOn Linkedin | https://www.linkedin.com/in/helenpatton/On Twitter | https://twitter.com/CisoHelen________________________________HostTed HarringtonOn ITSPmagazine  

Helen Patton joins Tech Done Different to provide insights from her new book and explain the Cybersecurity Canon, a collection of books to help security professionals.As an advisory CISO and published author, Helen Patton advocates for how to get people into the security industry, and how to navigate a career in the field. She joins Tech Done Different to provide insights from her new book and explain the Cybersecurity Canon, a collection of books to help security professionals.You'll learn:why writing a book enables you to "mentor at scale"why we should hire based on potential, not demonstrated experiencewhy recruiting for security should include going to middle and high schoolswhy self care is so important in a security careerwhy you need to understand your "why"why security is a business enabler________________________________GuestHelen PattonOn Linkedin | https://www.linkedin.com/in/helenpatton/On Twitter | https://twitter.com/CisoHelen________________________________HostTed HarringtonOn ITSPmagazine  

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021. Segment Resources: https://icdt.osu.edu/cybercanon   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

This week, Paul Battista, CEO of Polarity, joins us for an interview to talk about Polarity’s Power-up Sessions! Then, Rick Howard the CSO of The CyberWire, joins us to talk about the CyberSecurity Canon! In the Security News: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, & security by design!   Show Notes: https://securityweekly.com/psw696 Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8 https://icdt.osu.edu/cybercanon   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul Battista, CEO of Polarity, joins us for an interview to talk about Polarity’s Power-up Sessions! Then, Rick Howard the CSO of The CyberWire, joins us to talk about the CyberSecurity Canon! In the Security News: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, & security by design!   Show Notes: https://securityweekly.com/psw696 Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8 https://icdt.osu.edu/cybercanon   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021. Segment Resources: https://icdt.osu.edu/cybercanon   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Jack Jones is one of the most well respected thought leaders in risk management and information security. During his 30 years in the industry he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management. Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack was also on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification. Today, Jack is in charge of Research at RiskLens, Inc. and is a sought after speaker at national conferences and universities like Carnegie Mellon and Ohio State University. He is also the Chairman of The FAIR Institute (http://www.fairinstitute.org/), a non-profit organization led by information risk officers, CISOs and business executives to develop standard information risk management practices based on FAIR.

Bill Bonney is a well known figure in the security community having co-authored the CISO Desk Reference Guide with Matt Stamper & Gary Hayslip. Their book series is a meant to be a practical guide to help modern CISO's take on many challenges including executive leadership, communication, and business savvy. So of course, right in our wheelhouse. The books recently been published into the Cybersecurity Canon, the leading authority of cybersecurity content and books managed by Palo Alto Networks and The Ohio State University. During today's discussion, Bill and I discuss: How security leaders can conduct 'walk-about's' to position themselves as business enablers with the intent to listen and learn rather than describe how you support them CISO's forming a mentor relationship with a seasoned business leader within your organization The role digital transformation has played and will continue to play for security teams Website: businessofcyber.com LinkedIn: Joe Vinck & Business of Cyber Twitter: @joey_vinck OFFER FOR FIRST TEN EPISODES In order to enter for a chance to win each book discussed in the first 10 episodes, please rate & leave a review wherever you listen to podcasts and reach out to Joe via Email, LinkedIn, or Twitter with your username to let us know you've rated. Winners will be announced after Episode 10

Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into a trade war phase. Lessons on election management. What do cybercriminals watch when they binge-watch? Joe Carrigan explains the Ripple 20 vulnerabilities. Cybersecurity Canon week continues with Joseph Menn, author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. And some notes on the most malware-infested movie and television fan communities. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/122

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet Republics. A reported Gmail issue may make for more plausible social engineering. The Outlaw criminal group expands into cryptojacking. Infrastructure, financial, and data corruption attacks discussed as possible “cyber 9/11s”. Rick Howard from Palo Alto Networks with a book recommendation from the Cybersecurity Canon project. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_19.html Support our show

In today's podcast, South Korea braces for the North to take cyber advantage of a constitutional crisis, but so far all's quiet. (Or most is quiet, anyway.) Germany takes official notice that Fancy Bear is working to disrupt next year's elections. The US state of Georgia thinks DHS may have tried to penetrate its election system post-election, and it wants to know what's up. ISIS is back online, and calling for attacks against Americans and Shiites. A phishing campaign trolls customer service reps with fileless malware. Experts expect more Mirai-driven DDoS. Rick Howard from Palo Alto Networks tells about the Cybersecurity Canon. Caleb Barlow from IBM Security explains the importance of a well practiced resiliency plan.  And the Avalanche criminal kingpin is on the lam after being sprung from a Ukrainian jail.

Jack Freund, the guest of my latest podcast, is the co-author of a book with Jack Jones on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach). This book was inducted into the Cybersecurity Canon in 2016. The Cyber Security Canon is a Hall of Fame for IT Security books. The founder Rick Howard has been a previous guest on this podcast. Some of the links that I really like from this episode are Jack’s presentation called “Assessing Quality in Cyber Risk Forecasting”, his most recent article in the ISSA Journal that I love called “Using Data Breach Reports to Assess Risk Analysis Quality”. You will be able to find all links and show notes at redzonetech.net/podcast This episode is sponsored by the CIO Scoreboard Major take-aways from this episode are: 1. Elevate Your IT Security Risk Communication Game using Data Breach reports to Inspire Action in the Business 2. How to use Risk Data so that the business becomes more comfortable with uncertainty 3. New Refreshing perspectives on presenting IT Security Risk to the business 4. Predicting and Forecasting likelihood and frequency of events happening into your risk analysis 5. How to Use External Data Breach Sources of competitors and non-competitors to build your risk cases. About Jack Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups. Jack has been awarded a Doctorate in Information Systems, Masters in Telecom and Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations. Jack's academic credentials include being named a Senior Member of the ISSA, IEEE, and ACM, a Visiting Professor, and an Academic Advisory Board member. Find transcript here How to get in touch with Jack Freund LinkedIn profile Twitter Key Resources: Jack’s personal blog and website The Risk Doctor Books/Publications Jack’s book Measuring and Managing Information Risk: A FAIR Approach inducted into the Cyber Security Canon Hall of Fame – Books every cyber security professional should read ISSA Journal Article , Feb 2016, that has links to important external data sources for risk analysis: (see page 21) Assessing Quality in Cyber Risk Forecasting Presentation  Article in ISACA  “Cloudy with a chance of risk” This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

In this episode: Rick Howard, Chief Security Officer, Palo Alto Networks joins us to discuss cyber threat attribution, it's many components and how it can be valuable to different organizations. We also discuss Neal Stephenson's 2011 novel "Reamde" and how the author used the concept of cyber threat attribution to drive the plot in this Cybersecurity Canon candidate.

In this episode: Rick Howard, Chief Security Officer, Palo Alto Networks joins us to discuss cyber threat attribution, it's many components and how it can be valuable to different organizations. We also discuss Neal Stephenson's 2011 novel "Reamde" and how the author used the concept of cyber threat attribution to drive the plot in this Cybersecurity Canon candidate.   Send us feedback via Twitter: Unit 42 ( @unit42_intel ) Ryan (@ireo)  Rick (@raceBannon99)

In this episode: Palo Alto Networks takes you inside the Cybersecurity Canon at Ignite 2015. This year they added four entries to the list of books that every cybersecurity professional should read, and Ignite attendees had the opportunity to meet with the authors and speak with them directly about their experiences. Hear from Brian Krebs, author of "Spam Nation", and Rich Baich, author of "Winning as a CISO". Send us feedback via Twitter: Unit 42 ( @unit42_intel ) Ryan (@ireo)  Rick (@raceBannon99)

In this episode: Palo Alto Networks takes you inside the Cybersecurity Canon at Ignite 2015. This year they added four entries to the list of books that every cybersecurity professional should read, and Ignite attendees had the opportunity to meet with the authors and speak with them directly about their experiences. Hear from Brian Krebs, author of "Spam Nation", and Rich Baich, author of "Winning as a CISO".