Podcasts about cybersecurity strategy

In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Julie Chatman. Julie is a distinguished cybersecurity executive with nearly two decades of experience in cybersecurity strategy, risk management, and AI governance.   She began her career in the U.S. Navy, serving on active duty as a Hospital Corpsman specializing in Medical Laboratory Science & Technology. Her transition into cybersecurity began at the FBI, where strong mentorship shaped her approach to leadership, problem solving, and talent development.   She currently serves as the Deputy Chief Information Security Officer for Finance at the Virginia Information Technologies Agency (VITA), where she is focused on driving risk reduction across state agencies. The role is part of a strategic engagement through her company, ResilientTech Advisors.   Julie leads CyberPath Coaching, where she draws on her experience as an active CISO to mentor cybersecurity professionals, accelerate their growth, and prepare them for executive roles. She works with individuals breaking into the field, mid-career professionals, aspiring CISOs, and cybersecurity entrepreneurs. [May 19, 2025]   00:00 - Intro 00:53 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                02:03 - Julie Chatman Intro 03:14 - A Hungry Brain 04:25 - We Are Mushroomed 05:54 - Being an Enabler 10:13 - Speak Their Language 13:33 - Assigning Responsibility 16:05 - A Tool, Not a Replacement 20:35 - Career Challenges 22:40 - Strategic Empathy 23:46 - Setting Boundaries 24:15 - Narrative Control 25:38 - Staying Positive 29:39 - The Target is the Same 32:09 - Book Recommendations -          World War Z  - Max Brooks 33:20 - Mentors -          MB Kinder -          Martha Williams 35:14 - Find Julie Chatman Online -          Website: cyberpathcoaching.net -          LinkedIn: linkedin.com/in/julie-chatman-mba-infosec 35:54     Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

As Singapore gears up for its first General Election under Prime Minister Lawrence Wong, the stakes are higher than ever—not just politically, but digitally. With the rise of generative AI and deepfakes, the manipulation of political narratives has become easier, faster, and disturbingly more believable. Jennifer Cheng, Director of Cybersecurity Strategy for APJ at Proofpoint, joins the Breakfast Show to discuss how AI is transforming the disinformation landscape, what it means for Singapore’s democratic process, and how individuals and institutions can guard against this new wave of digital deception. Presented by: Audrey SiekProduced by: Dan KohEdited by: Chua Meng ChoonSee omnystudio.com/listener for privacy information.

Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams.  Resources:  View Christina Morillo on LinkedIn    View Ann Johnson on LinkedIn   Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast  The BlueHat Podcast   Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.   

summaryIn this episode of No Password Required, host Jack Clabby and guest Trevor Hillegas discuss various aspects of cybersecurity, including the transition from military service to the private sector, the importance of leadership in tech, and the misconceptions surrounding cyber threats. Trevor shares insights from his career, emphasizing the need for a proactive approach to cybersecurity and the value of empowering teams to innovate and learn from failures. In this engaging conversation, the speakers delve into memorable experiences in cybersecurity, including impactful interactions and the importance of sharing knowledge. They explore personal preferences through a fun lifestyle polygraph segment, discussing walk-up songs, breakfast favorites, and nerd culture. The conversation also touches on the lighter side of cybersecurity with prank calls and the dynamics of building an escape room team. The episode concludes with contact information and an invitation to connect further.takeawaysTrevor emphasizes the importance of metaphors in understanding cybersecurity.The public often fears sophisticated threats while ignoring more common dangers.Leadership in cybersecurity should focus on empowering teams rather than micromanaging.A proactive approach in cybersecurity can prevent victimization before it occurs.Technical leaders should understand core concepts to effectively guide their teams.Misconceptions about cyber criminals often stem from Hollywood portrayals.The military experience can significantly shape leadership styles in tech.Daily life in cybersecurity involves constant learning and adaptation.Sophistication in cyber threats does not always correlate with success.Cybersecurity is about both fighting threats and fortifying defenses. Memorable interactions can lead to impactful collaborations in cybersecurity.Sharing knowledge can help mitigate cyber threats effectively.Personal preferences can reveal a lot about an individual's character.Walk-up songs can reflect one's personality and professional identity.Breakfast choices can be a blend of cultural influences and personal tastes.Building a team for an escape room requires diverse skills and personalities.Nerd culture can foster connections and shared interests among individuals.Prank calls can be a humorous way to engage with public figures.Culinary competitions highlight the absurdity of turning survival into entertainment.Networking in cybersecurity can lead to unexpected opportunities.titlesCybersecurity Connections: Memorable MomentsThe Lifestyle Polygraph: Fun and InsightsWalk-Up Songs: A Reflection of IdentityBreakfast Favorites: A Culinary JourneySound Bites"Tell them what needs to get done.""Empower your people to fail.""We can stop that identity theft.""I was in Europe giving a talk.""I sent him everything that we had.""I would get Jack Sparrow.""I love Star Wars.""I would call Gordon Ramsey."Chapters00:00 Introduction to Cybersecurity Insights02:54 Career Path and Unexpected Experiences05:55 Transitioning from Military to Cybersecurity09:07 Daily Life at Spy Cloud12:12 Leadership Philosophy and Management Style14:53 The Nature of Cyber Threats17:50 Technical Skills in Leadership20:52 Misconceptions About Cyber Criminals25:32 Memorable Cybersecurity Interactions28:12 Lifestyle Polygraph Introduction28:35 Walk-Up Songs and Personal Preferences32:07 Breakfast Favorites and Culinary Influences34:40 Building the Ultimate Escape Room Team37:36 Nerd Culture and Personal Interests39:02 Prank Calls and Culinary Competitions41:20 Closing Thoughts and Contact Information

US federal funding cuts to the cybersecurity center that serves state and local government entities has raised concern about vulnerabilities in these decentralized systems. Netta Squires, President of Government Affairs, Cybersecurity Strategy, and Enterprise Resilience at Open District Solutions, told KAN reporter Naomi Segal that the situation has created an opportunity for Israeli startups to collaborate more closely with US state and local authorities to deliver cybersecurity solutions. Squires is currently in Israel attending Cybertech Global Tel Aviv. (Photo: Courtesy)See omnystudio.com/listener for privacy information.

What does it truly mean to "never trust, always verify"? In this episode of Tech Talks Daily, I'm joined by John Kindervag, Senior Vice President of Cybersecurity Strategy at Illumio and the pioneer of the Zero Trust approach to cybersecurity. With cyber threats evolving at an unprecedented rate, John argues that Zero Trust is no longer optional for organisations moving to cloud-based environments—it's a necessity. John explains why the traditional trust-based approach to cybersecurity is obsolete and shares actionable insights on adopting a Zero Trust strategy. He highlights the critical steps in implementing Zero Trust, emphasizing the importance of starting small with Protect Surfaces and flow maps to create manageable, effective security policies. Through real-world examples, he demonstrates how organisations have reduced their attack surfaces by up to 90% by embracing this model. We also explore common pitfalls, such as attempting to implement Zero Trust all at once, and how incremental changes can set the stage for long-term success. John sheds light on how Zero Trust dramatically enhances an organisation's resilience against cyberattacks, providing continuous monitoring and automated policies to safeguard critical assets in an increasingly cloud-driven world. How can organisations move beyond outdated approaches to cybersecurity and embrace the transformative power of Zero Trust? Are you ready to take the first steps toward securing your digital future? Tune in to this essential conversation with John Kindervag, and let us know your thoughts!

In this episode, Cam is again joined by Kaman Tsoi and, together, they continue the cross-examination of Privacy Commissioner Carly Kind. In this podcast, we talk about the role of the board, the OAIC's enforcement approach and the Cyber Security Strategy, including the Commissioner's view on the extortion demand ‘conundrum'. Commissioner Kind also offers some wise words on what it takes to be a good lawyer in the cyber space…courageous! Commissioner Kind is a very impressive individual. She brings a very pragmatic perspective to the role and her personality is coming through in the OAIC's approach and engagement. Thanks again for listening. This is Cross Examining Commissioner Kind, Part 2…here we go…

Welcome back to Intrigue Events! The space for geopolitical discussion and exploration is often relegated to dusty rooms, with jargony conversations, and one too many uses of the word 'tripolarity.' At Intrigue Media, we're here to change that. Our mission is to discover, contextualize, and analyze the consequences of global political events. Intrigue Events transforms these insights into vibrant, engaging experiences where professionals connect, hear exclusive insights, and engage in dynamic discussions. On October 24th we hosted an event in partnership with Samsung at their Future Center in Washington DC: “Securing Tomorrow: The Future of Cyber Threats and Global Defense.” Our incredible guests from the State Department, DARPA, and SentinelOne offered great insight into the growing role of cybersecurity in a geopolitically active world. Enjoy! Chapters: 0:00-2:00 Opening Remarks from Intrigue's Helen Zhang 2:00-4:30 Remarks from Eric Tamarkin – Director & Senior Public Policy Counsel at Samsung 4:30-27:50 Liesyl Franz – Deputy Assistant Secretary for International Cyberspace Security, Bureau of Cyberspace and Digital Policy at the Department of State 27:50-47:45 Dr. Matt Turek – Deputy Director, Information Innovation Office, Defense Advanced Research Projects Agency (DARPA) 47:45-1:08:56 Brandon Wales – Vice President of Cybersecurity Strategy, SentinelOne and Former Executive Director at the Cybersecurity and Infrastructure Security Agency (CISA) Subscribe to International Intrigue, the free 5-minute global news briefing: https://www.internationalintrigue.io/

“I let them know... You messed with the wrong parent.” Welcome back to What The Fraud? In the first episode of series two, Thomas Taraniuk is joined by world-leading cyber threat intelligence analyst, Charity Wright. Charity works as the ‘Principal Threat Intelligence Consultant' at cyber security company, Recorded Future, in the United States. Thomas and Charity take a look at how a leading financial service provider is enhancing its efforts in combating payment fraud. They delve into strategies for effectively integrating fraud prevention into a company's cybersecurity framework and explore how threat intelligence can strengthen anti-fraud measures. Charity also bravely shares a story involving her teenage son who unfortunately fell victim to a sextortion attack. She's now on a mission to spread awareness of the fraudsters behind these kinds of attacks and provide essential advice for parents. If you or someone you know has been a victim of sextortion, please visit: stopsextortion.com/get-help/ Sumsub's website: sumsub.com Sumsub's LinkedIn: linkedin.com/sumsub Sumsub's Facebook: facebook.com/sumsub Sumsub's Instagram: facebook.com/sumsubcom Sumsub's YouTube Channel: youtube.com/@sumsubcom Thomas Taraniuk on LinkedIn: linkedin.com/in/tomtaraniuk Charity Wright on LinkedIn: https://www.linkedin.com/in/cwillhoite/ Hosted on Acast. See acast.com/privacy for more information.

In the latest episode of Reimagining Cyber, Rob interviews Bindu Sundaresan, Director of Cybersecurity Solutions at Level Blue, about the evolution and significance of cyber resilience. Bindu, with over 20 years in cybersecurity, discusses how the field has shifted from a focus solely on prevention to a broader approach that includes resilience and recovery.Key points from the conversation:1.    Historical Focus: Traditionally, cybersecurity strategies concentrated on preventing attacks. However, the current threat landscape necessitates a shift towards resilience, acknowledging that breaches are inevitable.2.    Modern Approach: Organizations are now integrating business continuity planning and disaster recovery with cybersecurity efforts. This holistic approach ensures that operations can continue and recover swiftly after an attack.3.    Business Alignment: Bindu emphasizes that cybersecurity should be seen not just as a technical issue but as a business problem affecting overall operations. This shift in perspective helps align cybersecurity efforts with business outcomes and improves the strategic value of cybersecurity roles.4.    CISO's Role: For Chief Information Security Officers (CISOs), successfully integrating resilience into their programs involves understanding and prioritizing risks based on business impact. This requires effective communication with other business units and aligning cybersecurity investments with broader business goals.5.    Evolution of Cybersecurity: The conversation highlights the shift from compliance-driven approaches to risk-driven and resilience-focused strategies. This evolution is crucial for achieving digital resilience and 6.    Identifying Sensitive Data: Organizations must first identify what constitutes sensitive data for their specific context, considering regulatory requirements, business use, and industry standards. Without this understanding, investments in data protection might be misallocated.7.    Data Classification and Flow: It is crucial to classify sensitive data and map how it flows within and outside the organization. This helps in applying appropriate security controls and prevents unnecessary complexity and expense.8.    Continuous Review: Data classification and protection are not one-time tasks. Organizations need to regularly update their data inventory and classification as their data environment evolves9.    Incident Response and Resilience: Organizations should develop tiered recovery plans that prioritize critical business functions during incidents. Regularly updated tabletop exercises should simulate realistic and current scenarios to test response plans effectively.10.Cross-Functional Involvement: Effective incident response involves cross-functional teams, including IT, legal, PR, and executive leadership. Establishing what constitutes minimum viable operations helps prioritize recovery efforts and resource allocation during an incident.11.Evolving Practices: The goal is to continuously refine incident response and recovery practices to improve resilience over time. Embracing a lifecycle approach to security and resilience can turn digital resilience into a competitive advantage.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this bonus episode of The Business of Tech podcast, Brett Leatherman, a senior executive with the FBI, provides insights into the current cybersecurity landscape from a law enforcement perspective. Leatherman highlights the ongoing threat of ransomware targeting businesses, particularly in critical sectors like healthcare and energy. He emphasizes the importance of imposing costs on cybercriminals while also offering substantial assistance to victims of cybercrime.The FBI's success in pushing back against cybercriminals is attributed to their strategic approach of imposing costs on malicious actors while providing assistance to victims. Leatherman discusses a recent operation against the LockBit ransomware group, showcasing the FBI's efforts to disrupt cybercriminal infrastructure and assist affected businesses in decrypting data. By collaborating with international partners and conducting technical operations, the FBI aims to deter cyber adversaries and bring them to justice.Leatherman delves into the process of engaging with the FBI during a cybersecurity incident, emphasizing the importance of establishing a relationship with the local field office before a breach occurs. He outlines the steps MSPs can take before, during, and after a breach, including contacting the FBI, preserving evidence, and collaborating with law enforcement. By sharing insights on contentious information, legal considerations, and post-incident procedures, Leatherman provides valuable guidance for organizations navigating cybersecurity incidents.As cyber threats evolve, Leatherman highlights emerging technologies like artificial intelligence being leveraged by state actors for disinformation campaigns. He underscores the significance of maintaining strong cyber hygiene practices, such as implementing multi-factor authentication, patch management, and software inventory management. By focusing on the basics of cybersecurity and engaging with law enforcement proactively, organizations can enhance their defenses and mitigate the risk of cyberattacks. Leatherman concludes by emphasizing the FBI's role in assisting businesses and encouraging listeners to establish a partnership with their local FBI field office for cybersecurity support. Supported by: https://coreview.com/msp/  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Send us a textIn the rapidly evolving landscape of cybersecurity, staying ahead of emerging threats and technologies is crucial. This episode delves into the intricate world of cybersecurity with Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, as we explore the latest advancements and challenges in the field.With over three decades of experience, Carson shares valuable insights on the evolution of cybersecurity, from its humble beginnings as a subset of IT to its current status as a critical business function. He discusses the pivotal moments that shaped his career and the industry as a whole, including the impact of major cyber incidents and the changing nature of threats.Key Topics Covered:The transition of cybersecurity from an IT function to a business-critical roleThe importance of aligning cybersecurity strategies with business objectivesThe role of AI and quantum computing in shaping future cybersecurity challengesHuman risk management and its significance in modern cybersecurity practicesThe ethical considerations surrounding emerging technologiesConnect with Joseph CarsonLinkedIn: https://www.linkedin.com/in/josephcarson/Twitter / X: https://twitter.com/joe_carsonConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Show Notes: https://securityweekly.com/bsw-363

In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Show Notes: https://securityweekly.com/bsw-363

Podcast: Automation Chat (LS 26 · TOP 10% what is this?)Episode: How to Maintain Business Continuity with IT/OT Synergies in Your Cybersecurity StrategyPub date: 2024-07-23In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them. Also learn why it's vital to do cybersecurity assessments in real time and why you can't integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Cybersecurity Preparedness Assessment. Rockwell Automation Industrial Cybersecurity Solutions. Blog: Improving Critical Infrastructure Cybersecurity (includes NIST explanation). Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe and give us a 5-star rating and a review. ** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.The podcast and artwork embedded on this page are from The Journal From Rockwell Automation and Our PartnerNetwork, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them. Also learn why it's vital to do cybersecurity assessments in real time and why you can't integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity. And as always, get your family-friendly, silly Joke of the Day. Resources from this episode: Cybersecurity Preparedness Assessment. Rockwell Automation Industrial Cybersecurity Solutions. Blog: Improving Critical Infrastructure Cybersecurity (includes NIST explanation). Subscribe to The Journal's 4 print magazines (Feb., May, July and Oct.) by e-mailing Anna Hicks at ahicks@endeavorbusinessmedia.com. Subscribe to our 4 digital magazines at http://rok.auto/thejournal-subscribe. You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY. Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine. Find us on LinkedIn. Find us on Facebook. Find us on X (Twitter). Please subscribe and give us a 5-star rating and a review. ** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.

Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks.  Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack.  This week on CSO Perspectives This week on N2K Pro's CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here.  Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT malware (Security Affairs) California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek) Finance: Secret Bank Ratings Show US Regulator's Concern on Handling Risk (Bloomberg) U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews) Internships can be a gold mine for cybersecurity hiring (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest: Robert Fernandes, Chief Information Security Officer, The Investment Center, Inc.On LinkedIn | https://www.linkedin.com/in/robert-fernandes-cybersecurity/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a compelling conversation with Robert Fernandes, CISO at the Investment Center, a financial service provider based in New Jersey. Together, they delve into the concept of viewing cybersecurity not merely as a cost center but as a profit center. This innovative perspective is fundamentally altering how businesses approach their cybersecurity investments.Sean Martin opens the discussion by addressing the evolving landscape of cybersecurity. He highlights how traditional views of cybersecurity — such as those held for an insurance policy — are outdated. Robert Fernandes agrees and emphasizes that times have changed; there's a growing need for businesses to leverage their cybersecurity posture as a competitive advantage. He advocates for the proactive use of a robust cybersecurity program to attract clients and secure trust, much like other marketing strategies.Drawing parallels from various industries, Fernandes notes that grocery stores and restaurants don't just sell food; they sell safe and high-quality food experiences. Similarly, automobile manufacturers sell not just vehicles but also safety and comfort. In the same vein, cybersecurity should be seen as an integral part of the product, enhancing its value and appeal to customers. For Fernandes, this shift in thinking can transform a company's cybersecurity program from a necessary expense into a key marketing asset.Fernandes also discusses the importance of breaking down silos within organizations. Effective communication between different departments, such as marketing, operations, and cybersecurity, can lead to a more cohesive strategy where cybersecurity is embedded in the company's culture and operations. This integration can significantly enhance the company's security posture, making it a selling point rather than an afterthought.One particularly intriguing point Fernandes makes is the role of education in shifting perceptions about cybersecurity. He stresses the need to inform and educate stakeholders - from end-users to executives - about the importance of cybersecurity. By moving past buzzwords and misconceptions, businesses can better understand and articulate the value of their cybersecurity measures to clients and partners. Martin and Fernandes also touch on the role of cyber insurance in conveying trust. A robust cyber insurance policy can serve as a testament to the company's strong security posture, further building client confidence.Ultimately, the conversation underscores that by rethinking cybersecurity - from product design to marketing and beyond - businesses can realize substantial benefits. This episode is a must-listen for business leaders looking to turn their cybersecurity efforts into a profitable and strategic advantage.Top Questions AddressedHow can businesses transform cybersecurity from a cost center to a profit center?What are the benefits of breaking down organizational silos in cybersecurity strategy?How does educating stakeholders affect the perception and effectiveness of cybersecurity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Robert Fernandes, Chief Information Security Officer, The Investment Center, Inc.On LinkedIn | https://www.linkedin.com/in/robert-fernandes-cybersecurity/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a compelling conversation with Robert Fernandes, CISO at the Investment Center, a financial service provider based in New Jersey. Together, they delve into the concept of viewing cybersecurity not merely as a cost center but as a profit center. This innovative perspective is fundamentally altering how businesses approach their cybersecurity investments.Sean Martin opens the discussion by addressing the evolving landscape of cybersecurity. He highlights how traditional views of cybersecurity — such as those held for an insurance policy — are outdated. Robert Fernandes agrees and emphasizes that times have changed; there's a growing need for businesses to leverage their cybersecurity posture as a competitive advantage. He advocates for the proactive use of a robust cybersecurity program to attract clients and secure trust, much like other marketing strategies.Drawing parallels from various industries, Fernandes notes that grocery stores and restaurants don't just sell food; they sell safe and high-quality food experiences. Similarly, automobile manufacturers sell not just vehicles but also safety and comfort. In the same vein, cybersecurity should be seen as an integral part of the product, enhancing its value and appeal to customers. For Fernandes, this shift in thinking can transform a company's cybersecurity program from a necessary expense into a key marketing asset.Fernandes also discusses the importance of breaking down silos within organizations. Effective communication between different departments, such as marketing, operations, and cybersecurity, can lead to a more cohesive strategy where cybersecurity is embedded in the company's culture and operations. This integration can significantly enhance the company's security posture, making it a selling point rather than an afterthought.One particularly intriguing point Fernandes makes is the role of education in shifting perceptions about cybersecurity. He stresses the need to inform and educate stakeholders - from end-users to executives - about the importance of cybersecurity. By moving past buzzwords and misconceptions, businesses can better understand and articulate the value of their cybersecurity measures to clients and partners. Martin and Fernandes also touch on the role of cyber insurance in conveying trust. A robust cyber insurance policy can serve as a testament to the company's strong security posture, further building client confidence.Ultimately, the conversation underscores that by rethinking cybersecurity - from product design to marketing and beyond - businesses can realize substantial benefits. This episode is a must-listen for business leaders looking to turn their cybersecurity efforts into a profitable and strategic advantage.Top Questions AddressedHow can businesses transform cybersecurity from a cost center to a profit center?What are the benefits of breaking down organizational silos in cybersecurity strategy?How does educating stakeholders affect the perception and effectiveness of cybersecurity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Podcast: Manufacturing Happy Hour (LS 43 · TOP 1.5% what is this?)Episode: 188: Adopting a Cybersecurity Strategy That Fits Your Manufacturing Business with Mollie Breen, CEO & Founder of PerygeePub date: 2024-06-04How do you adopt a cybersecurity strategy that fits your manufacturing business? In this episode of Manufacturing Happy Hour, host Chris Lueke is speaking to Mollie Breen, CEO & Founder of Perygee, an automation platform for IT and security teams, built to eliminate the visibility challenges of the digital-first world. They kick off by exploring significant developments in cybersecurity over the past few years. Mollie highlights the dual role AI plays, assisting both hackers in identifying vulnerabilities and defenders in fortifying network security. She underscores the importance of reverting to cybersecurity fundamentals amid tech evolutions, noting that a shift back to basics is essential for adapting to new threats effectively. Mollie provides background on her time at the NSA, revealing the surprising routine nature of tackling seemingly insurmountable tasks due to robust capabilities and top-tier expertise available. Her time at the NSA played a crucial role in her entrepreneurial journey with Perygee, where she navigated the intricate processes within governmental organizations to introduce innovative security measures. Mollie and Chris also discuss practical advice for implementing cybersecurity strategies within organizations of varying sizes. Mollie touches on the unique cybersecurity challenges faced by medical device companies due to heavy regulations and the criticality of their operations. The conversation then moves to the timing and evolution of cybersecurity roles within growing businesses.To wrap up, they discuss the potential for leadership in cybersecurity across all levels of an organization. This episode is packed with valuable insights for leaders across the manufacturing sector looking to enhance their cybersecurity strategies and foster a more secure operational environment.In this episode, find out:What's new in cybersecurity, AI, and going back to basics Mollie's journey with the NSA and how that lead to her founding PerygeeMollie offers practical cybersecurity advice for companies of all sizesHow training can go a long way in the context of cyber security Mollie expounds on the right approach to cybersecurity in public vs. private companiesUnpacking cybersecurity strategies for small to medium-sized businessesUnderstanding the unique cybersecurity challenges in medical devicesThe benefits of learning from different cybersecurity approaches across industriesMollie talks about the future of cybersecurity leadership in manufacturingEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“You have to remember cyber is an offensive and a defensive game.”“Inevitably every time you have to secure a new thing, there's an ushering in of going back to the basics and asking yourself, ‘what do we do?'”“I'm glad we're moving into a position where people are more informed. Doing something just out of fear of the headlines isn't necessarily the best decision for the organization.”Links & mentions:Perygee, an automation platform for IT and security teams purpose-built to eliminate the visibility challenges of the digital-first worldNIST Framework, excellent guidelines for getting started with cybersecurityCyber Readiness Institute, free resources for small businessesMake sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Manufacturing Happy Hour (LS 43 · TOP 1.5% what is this?)Episode: 188: Adopting a Cybersecurity Strategy That Fits Your Manufacturing Business with Mollie Breen, CEO & Founder of PerygeePub date: 2024-06-04How do you adopt a cybersecurity strategy that fits your manufacturing business? In this episode of Manufacturing Happy Hour, host Chris Lueke is speaking to Mollie Breen, CEO & Founder of Perygee, an automation platform for IT and security teams, built to eliminate the visibility challenges of the digital-first world. They kick off by exploring significant developments in cybersecurity over the past few years. Mollie highlights the dual role AI plays, assisting both hackers in identifying vulnerabilities and defenders in fortifying network security. She underscores the importance of reverting to cybersecurity fundamentals amid tech evolutions, noting that a shift back to basics is essential for adapting to new threats effectively. Mollie provides background on her time at the NSA, revealing the surprising routine nature of tackling seemingly insurmountable tasks due to robust capabilities and top-tier expertise available. Her time at the NSA played a crucial role in her entrepreneurial journey with Perygee, where she navigated the intricate processes within governmental organizations to introduce innovative security measures. Mollie and Chris also discuss practical advice for implementing cybersecurity strategies within organizations of varying sizes. Mollie touches on the unique cybersecurity challenges faced by medical device companies due to heavy regulations and the criticality of their operations. The conversation then moves to the timing and evolution of cybersecurity roles within growing businesses.To wrap up, they discuss the potential for leadership in cybersecurity across all levels of an organization. This episode is packed with valuable insights for leaders across the manufacturing sector looking to enhance their cybersecurity strategies and foster a more secure operational environment.In this episode, find out:What's new in cybersecurity, AI, and going back to basics Mollie's journey with the NSA and how that lead to her founding PerygeeMollie offers practical cybersecurity advice for companies of all sizesHow training can go a long way in the context of cyber security Mollie expounds on the right approach to cybersecurity in public vs. private companiesUnpacking cybersecurity strategies for small to medium-sized businessesUnderstanding the unique cybersecurity challenges in medical devicesThe benefits of learning from different cybersecurity approaches across industriesMollie talks about the future of cybersecurity leadership in manufacturingEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“You have to remember cyber is an offensive and a defensive game.”“Inevitably every time you have to secure a new thing, there's an ushering in of going back to the basics and asking yourself, ‘what do we do?'”“I'm glad we're moving into a position where people are more informed. Doing something just out of fear of the headlines isn't necessarily the best decision for the organization.”Links & mentions:Perygee, an automation platform for IT and security teams purpose-built to eliminate the visibility challenges of the digital-first worldNIST Framework, excellent guidelines for getting started with cybersecurityCyber Readiness Institute, free resources for small businessesMake sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

How do you adopt a cybersecurity strategy that fits your manufacturing business? In this episode of Manufacturing Happy Hour, host Chris Lueke is speaking to Mollie Breen, CEO & Founder of Perygee, an automation platform for IT and security teams, built to eliminate the visibility challenges of the digital-first world. They kick off by exploring significant developments in cybersecurity over the past few years. Mollie highlights the dual role AI plays, assisting both hackers in identifying vulnerabilities and defenders in fortifying network security. She underscores the importance of reverting to cybersecurity fundamentals amid tech evolutions, noting that a shift back to basics is essential for adapting to new threats effectively. Mollie provides background on her time at the NSA, revealing the surprising routine nature of tackling seemingly insurmountable tasks due to robust capabilities and top-tier expertise available. Her time at the NSA played a crucial role in her entrepreneurial journey with Perygee, where she navigated the intricate processes within governmental organizations to introduce innovative security measures. Mollie and Chris also discuss practical advice for implementing cybersecurity strategies within organizations of varying sizes. Mollie touches on the unique cybersecurity challenges faced by medical device companies due to heavy regulations and the criticality of their operations. The conversation then moves to the timing and evolution of cybersecurity roles within growing businesses.To wrap up, they discuss the potential for leadership in cybersecurity across all levels of an organization. This episode is packed with valuable insights for leaders across the manufacturing sector looking to enhance their cybersecurity strategies and foster a more secure operational environment.In this episode, find out:What's new in cybersecurity, AI, and going back to basics Mollie's journey with the NSA and how that lead to her founding PerygeeMollie offers practical cybersecurity advice for companies of all sizesHow training can go a long way in the context of cyber security Mollie expounds on the right approach to cybersecurity in public vs. private companiesUnpacking cybersecurity strategies for small to medium-sized businessesUnderstanding the unique cybersecurity challenges in medical devicesThe benefits of learning from different cybersecurity approaches across industriesMollie talks about the future of cybersecurity leadership in manufacturingEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“You have to remember cyber is an offensive and a defensive game.”“Inevitably every time you have to secure a new thing, there's an ushering in of going back to the basics and asking yourself, ‘what do we do?'”“I'm glad we're moving into a position where people are more informed. Doing something just out of fear of the headlines isn't necessarily the best decision for the organization.”Links & mentions:Perygee, an automation platform for IT and security teams purpose-built to eliminate the visibility challenges of the digital-first worldNIST Framework, excellent guidelines for getting started with cybersecurity

This is Episode 5 of Cross Examining Cyber, a podcast series where we speak to those on the cyber frontline, defending Australian corporates and citizens from cyber risks. In this episode we cross examine Andy Penn, previously CEO of Telstra and more recently the Chair of the Government's Expert Advisory Board (leading the development of strategic advice to the Government in relation to the Cyber Security Strategy). We caught up with Andy from his home in Mexico (a town called San Miguel de Allende). Andy brings a level of industry and policy expertise that is unrivalled. Again, we have split the discussion in two. In this episode, we talk about the formation of the Cyber Security Strategy, the dynamics of cybercrime, what success looks like and offensive / defensive security strategies. There is more to come in our conversation, but let's kick things off with part 1 of our cross examination of Andy Penn. Here we go… +++ Cyber Risk Survey 2024 now live! Following the success of our inaugural Cyber Risk Survey in 2023, we are once again surveying in-house lawyers to better understand their cyber-related experiences and concerns. This year, our survey is going global! If you are an in-house lawyer in Australia, Asia, the UK, Europe, the Middle East or the US, we would love your insights! Complete our survey here: https://hsfuk.eu.qualtrics.com/jfe/form/SV_8fdxhAEb0VCmAUS

In today's podcast, we'll hear from Christin Cifaldi, Director of Product Development & Analytics, on the concept of scoping in cyber security. What is scoping, and what role does it play in the security landscape? Listen in to learn more.  

Mark Sangster, cybersecurity expert and Chief of Strategy at Adlumen, brings his rich experience from BlackBerry, Intel, and Cisco, and delves into the intricacies of cybersecurity strategies that can empower MSPs. Mark and N-able's Chris Massey explore valuable perspectives for owners and leaders of MSP, highlighting effective practices in risk management, the importance of a robust security posture, and insights into the MSP market's evolving challenges. Tune in for an in-depth conversation that equips leaders with the knowledge and strategies to navigate the dynamic landscape of cybersecurity.Get an in-person rundown on what N-able has to offer including products, insights, networking and more.The N-able Roadshow is visiting more cities than ever before in 2024. Take a look at our first group of locations; we may be in a city near you! -> http://spr.ly/6000RsTOq'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today. Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, shares trends in cloud-native security. To learn more, you can check out Sysdig's 2024 Cloud-Native Security and Usage Report.  Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window' to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors Quits Sharing Driving Behavior With Data Brokers (The New York Times) AI's Hippocratic Oath by Chinmayi Sharma (SSRN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Kemba Walden and Stewart revisit the National Cybersecurity Strategy a year later. Sultan Meghji examines the ransomware attack on Change Healthcare and its consequences. Brandon Pugh reminds us that even large companies like Google are not immune to having their intellectual property stolen. The group conducts a thorough analysis of a "public option" model for AI development. Brandon discusses the latest developments in personal data and child online protection. Lastly, Stewart inquires about Kemba's new position at Paladin Global Institute, following her departure from the role of Acting National Cyber Director.

Kemba Walden and Stewart revisit the National Cybersecurity Strategy a year later. Sultan Meghji examines the ransomware attack on Change Healthcare and its consequences. Brandon Pugh reminds us that even large companies like Google are not immune to having their intellectual property stolen. The group conducts a thorough analysis of a "public option" model for AI development. Brandon discusses the latest developments in personal data and child online protection. Lastly, Stewart inquires about Kemba's new position at Paladin Global Institute, following her departure from the role of Acting National Cyber Director.

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

Title: Unlock the Secrets to a Powerful Business NetworkGuests: Cassie Wells and Jason MonczkaEpisode Overview:In this dynamic episode join Cassie Wells and Jason Monczka as they delve into the crucial role of networking in today's business landscape. They share their personal success stories, offering valuable strategies and practical tips for cultivating and maintaining a robust professional network. The episode also provides deeper insights into effective networking. Key Points:- Discussion on the evolution and importance of networking in today's business world. - Sharing of personal success stories and strategies in networking. - Tips on maintaining and growing a professional network. - Q&A session with insightful answers from the guests. - Closing thoughts and where to find more about the guests' work.  Connect with Cassie - LinkedIn: https://www.linkedin.com/in/cassie-wells-3068303a/ Website:  https://www.modern-bd.com/  Connect with Jason - LinkedIn: https://www.linkedin.com/in/jasonmonczka/  Website: https://pomeroygroup.com/     Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/ Justin's LinkedIn: https://www.linkedin.com/in/justneagle/ Learn More & Connect With Spot Migration - Website: https://www.spotmigration.com LinkedIn: https://www.linkedin.com/company/spot-migration Facebook: https://www.facebook.com/spotmigration Youtube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guests Need to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the newest benchmark for responding to security threats, 5/5/5. Anna describes why it was necessary to set a new benchmark for responding to security threats in a timely manner, and how the Sysdig team did research to determine the best practices for detecting, correlating, and responding to potential attacks. Corey and Anna discuss the importance of focusing on improving your own benchmarks towards a goal, as well as how prevention and threat detection are both essential parts of a solid security program. About AnnaAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey. Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.Links Referenced: Sysdig: https://sysdig.com/ Sysdig 5/5/5 Benchmark: https://sysdig.com/555 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I am joined again—for another time this year—on this promoted guest episode brought to us by our friends at Sysdig, returning is Anna Belak, who is their director of the Office of Cybersecurity Strategy at Sysdig. Anna, welcome back. It's been a hot second.Anna: Thank you, Corey. It's always fun to join you here.Corey: Last time we were here, we were talking about your report that you folks had come out with, the, “Cybersecurity Threat Landscape for 2022.” And when I saw you were doing another one of these to talk about something, I was briefly terrified. “Oh, wow, please tell me we haven't gone another year and the cybersecurity threat landscape is moving that quickly.” And it sort of is, sort of isn't. You're here today to talk about something different, but it also—to my understanding—distills down to just how quickly that landscape is moving. What have you got for us today?Anna: Exactly. For those of you who remember that episode, one of the key findings in the Threat Report for 2023 was that the average length of an attack in the cloud is ten minutes. To be clear, that is from when you are found by an adversary to when they have caused damage to your system. And that is really fast. Like, we talked about how that relates to on-prem attacks or other sort of averages from other organizations reporting how long it takes to attack people.And so, we went from weeks or days to minutes, potentially seconds. And so, what we've done is we looked at all that data, and then we went and talked to our amazing customers and our many friends at analyst firms and so on, to kind of get a sense for if this is real, like, if everyone is seeing this or if we're just seeing this. Because I'm always like, “Oh, God. Like, is this real? Is it just me?”And as it turns out, everyone's not only—I mean, not necessarily everyone's seeing it, right? Like, there's not really been proof until this year, I would say because there's a few reports that came out this year, but lots of people sort of anticipated this. And so, when we went to our customers, and we asked for their SLAs, for example, they were like, “Oh, yeah, my SLA for a [PCRE 00:02:27] cloud is like 10, 15 minutes.” And I was like, “Oh, okay.” So, what we set out to do is actually set a benchmark, essentially, to see how well are you doing. Like, are you equipped with your cloud security program to respond to the kind of attack that a cloud security attacker is going to—sorry, an anti-cloud security—I guess—attacker is going to perpetrate against you.And so, the benchmark is—drumroll—5/5/5. You have five seconds to detect a signal that is relevant to potentially some attack in the cloud—hopefully, more than one such signal—you have five minutes to correlate all such relevant signals to each other so that you have a high fidelity detection of this activity, and then you have five more minutes to initiate an incident response process to hopefully shut this down, or at least interrupt the kill chain before your environments experience any substantial damage.Corey: To be clear, that is from a T0, a starting point, the stopwatch begins, the clock starts when the event happens, not when an event shows up in your logs, not once someone declares an incident. From J. Random Hackerman, effectively, we're pressing the button and getting the response from your API.Anna: That's right because the attackers don't really care how long it takes you to ship logs to wherever you're mailing them to. And that's why it is such a short timeframe because we're talking about, they got in, you saw something hopefully—and it may take time, right? Like, some of the—which we'll describe a little later, some of the activities that they perform in the early stages of the attack are not necessarily detectable as malicious right away, which is why your correlation has to occur, kind of, in real time. Like, things happen, and you're immediately adding them, sort of like, to increase the risk of this detection, right, to say, “Hey, this is actually something,” as opposed to, you know, three weeks later, I'm parsing some logs and being like, “Oh, wow. Well, that's not good.” [laugh].Corey: The number five seemed familiar to me in this context, so I did a quick check, and sure enough, allow me to quote from chapter and verse from the CloudTrail documentation over an AWS-land. “CloudTrail typically delivers logs within an average of about five minutes of an API call. This time is not guaranteed.” So effectively, if you're waiting for anything that's CloudTrail-driven to tell you that you have a problem, it is almost certainly too late by the time that pops up, no matter what that notification vector is.Anna: That is, unfortunately or fortunately, true. I mean, it's kind of a fact of life. I guess there is a little bit of a veiled [unintelligible 00:04:43] at our cloud provider friends because, really, they have to do better ultimately. But the flip side to that argument is CloudTrail—or your cloud log source of choice—cannot be your only source of data for detecting security events, right? So, if you are operating purely on the basis of, “Hey, I have information in CloudTrail; that is my security information,” you are going to have a bad time, not just because it's not fast enough, but also because there's not enough data in there, right? Which is why part of the first, kind of, benchmark component is that you must have multiple data sources for the signals, and they—ideally—all will be delivered to you within five seconds of an event occurring or a signal being generated.Corey: And give me some more information on that because I have my own alerter, specifically, it's a ClickOps detector. Whenever someone in one of my accounts does something in the console, that has a write aspect to it rather than just a read component—which again, look at what you want in the console, that's fine—if you're changing things that is not being managed by code, I want to know that it's happening. It's not necessarily bad, but I want to at least have visibility into it. And that spits out the principal, the IP address it emits from, and the rest. I haven't had a whole lot where I need to correlate those between different areas. Talk to me more about the triage step.Anna: Yeah, so I believe that the correlation step is the hardest, actually.Corey: Correlation step. My apologies.Anna: Triage is fine. It's [crosstalk 00:06:06]—Corey: Triage, correlations, the words we use matter on these things.Anna: Dude, we argued about the words on this for so long, you could even imagine. Yeah, triage, correlation, detection, you name it, we are looking at multiple pieces of data, we're going to connect them to each other meaningfully, and that is going to provide us with some insight about the fact that a bad thing is happening, and we should respond to it. Perhaps automatically respond to it, but we'll get to that. So, a correlation, okay. The first thing is, like I said, you must have more than one data source because otherwise, I mean, you could correlate information from one data source; you actually should do that, but you are going to get richer information if you can correlate multiple data sources, and if you can access, for example, like through an API, some sort of enrichment for that information.Like, I'll give you an example. For SCARLETEEL, which is an attack we describe in the thread report, and we actually described before, this is—we're, like—on SCARLETEEL, I think, version three now because there's so much—this particular certain actor is very active [laugh].Corey: And they have a better versioning scheme than most companies I've spoken to, but that's neither here nor there.Anna: [laugh]. Right? So, one of the interesting things about SCARLETEEL is you could eventually detect that it had happened if you only had access to CloudTrail, but you wouldn't have the full picture ever. In our case, because we are a company that relies heavily on system calls and machine learning detections, we [are able to 00:07:19] connect the system call events to the CloudTrail events, and between those two data sources, we're able to figure out that there's something more profound going on than just what you see in the logs. And I'll actually tell you, which, for example, things are being detected.So, in SCARLETEEL, one thing that happens is there's a crypto miner. And a crypto miner is one of these events where you're, like, “Oh, this is obviously malicious,” because as we wrote, I think, two years ago, it costs $53 to mine $1 of Bitcoin in AWS, so it is very stupid for you to be mining Bitcoin in AWS, unless somebody else is—Corey: In your own accounts.Anna: —paying the cloud bill. Yeah, yeah [laugh] in someone else's account, absolutely. Yeah. So, if you are a sysadmin or a security engineer, and you find a crypto miner, you're like, “Obviously, just shut that down.” Great. What often happens is people see them, and they think, “Oh, this is a commodity attack,” like, people are just throwing crypto miners whatever, I shut it down, and I'm done.But in the case of this attack, it was actually a red herring. So, they deployed the miner to see if they could. They could, then they determined—presumably; this is me speculating—that, oh, these people don't have very good security because they let random idiots run crypto miners in their account in AWS, so they probed further. And when they probed further, what they did was some reconnaissance. So, they type in commands, listing, you know, like, list accounts or whatever. They try to list all the things they can list that are available in this account, and then they reach out to an EC2 metadata service to kind of like, see what they can do, right?And so, each of these events, like, each of the things that they do, like, reaching out to a EC2 metadata service, assuming a role, doing a recon, even lateral movement is, like, by itself, not necessarily a scary, big red flag malicious thing because there are lots of, sort of, legitimate reasons for someone to perform those actions, right? Like, reconnaissance, for one example, is you're, like, looking around the environment to see what's up, right? So, you're doing things, like, listing things, [unintelligible 00:09:03] things, whatever. But a lot of the graphical interfaces of security tools also perform those actions to show you what's, you know, there, so it looks like reconnaissance when your tool is just, like, listing all the stuff that's available to you to show it to you in the interface, right? So anyway, the point is, when you see them independently, these events are not scary. They're like, “Oh, this is useful information.”When you see them in rapid succession, right, or when you see them alongside a crypto miner, then your tooling and/or your process and/or your human being who's looking at this should be like, “Oh, wait a minute. Like, just the enumeration of things is not a big deal. The enumeration of things after I saw a miner, and you try and talk to the metadata service, suddenly I'm concerned.” And so, the point is, how can you connect those dots as quickly as possible and as automatically as possible, so a human being doesn't have to look at, like, every single event because there's an infinite number of them.Corey: I guess the challenge I've got is that in some cases, you're never going to be able to catch up with this. Because if it's an AWS call to one of the APIs that they manage for you, they explicitly state there's no guarantee of getting information on this until the show's all over, more or less. So, how is there… like, how is there hope?Anna: [laugh]. I mean, there's always a forensic analysis, I guess [laugh] for all the things that you've failed to respond to.Corey: Basically we're doing an after-action thing because humans aren't going to react that fast. We're just assuming it happened; we should know about it as soon as possible. On some level, just because something is too late doesn't necessarily mean there's not value added to it. But just trying to turn this into something other than a, “Yeah, they can move faster than you, and you will always lose. The end. Have a nice night.” Like, that tends not to be the best narrative vehicle for these things. You know, if you're trying to inspire people to change.Anna: Yeah, yeah, yeah, I mean, I think one clear point of hope here is that sometimes you can be fast enough, right? And a lot of this—I mean, first of all, you're probably not going to—sorry, cloud providers—you don't go into just the cloud provider defaults for that level of performance, you are going with some sort of third-party tool. On the, I guess, bright side, that tool can be open-source, like, there's a lot of open-source tooling available now that is fast and free. For example, is our favorite, of course, Falco, which is looking at system calls on endpoints, and containers, and can detect things within seconds of them occurring and let you know immediately. There is other EBPF-based instrumentation that you can use out there from various vendors and/or open-source providers, and there's of course, network telemetry.So, if you're into the world of service mesh, there is data you can get off the network, also very fast. So, the bad news or the flip side to that is you have to be able to manage all that information, right? So, that means—again, like I said, you're not expecting a SOC analyst to look at thousands of system calls and thousands of, you know, network packets or flow logs or whatever you're looking at, and just magically know that these things go together. You are expecting to build, or have built for you by a vendor or the open-source community, some sort of dissection content that is taking this into account and then is able to deliver that alert at the speed of 5/5/5.Corey: When you see the larger picture stories playing out, as far as what customers are seeing, what the actual impact is, what gave rise to the five-minute number around this? Just because that tends to feel like it's a… it is both too long and also too short on some level. I'm just wondering how you wound up at—what is this based on?Anna: Man, we went through so many numbers. So, we [laugh] started with larger numbers, and then we went to smaller numbers, then we went back to medium numbers. We align ourselves with the timeframes we're seeing for people. Like I said, a lot of folks have an SLA of responding to a P0 within 10 or 15 minutes because their point basically—and there's a little bit of bias here into our customer base because our customer base is, A, fairly advanced in terms of cloud adoption and in terms of security maturity, and also, they're heavily in let's say, financial industries and other industries that tend to be early adopters of new technology. So, if you are kind of a laggard, like, you probably aren't that close to meeting this benchmark as you are if you're saying financial, right? So, we asked them how they operate, and they basically pointed out to us that, like, knowing 15 minutes later is too late because I've already lost, like, some number of millions of dollars if my environment is compromised for 15 minutes, right? So, that's kind of where the ten minutes comes from. Like, we took our real threat research data, and then we went around and talked to folks to see kind of what they're experiencing and what their own expectations are for their incident response in SOC teams, and ten minutes is sort of where we landed.Corey: Got it. When you see this happening, I guess, in various customer environments, assuming someone has missed that five-minute window, is a game over effectively? How should people be thinking about this?Anna: No. So, I mean, it's never really game over, right? Like until your company is ransomed to bits, and you have to close your business, you still have many things that you can do, hopefully, to save yourself. And also, I want to be very clear that 5/5/5 as a benchmark is meant to be something aspirational, right? So, you should be able to meet this benchmark for, let's say, your top use cases if you are a fairly high maturity organization, in threat detection specifically, right?So, if you're just beginning your threat detection journey, like, tomorrow, you're not going to be close. Like, you're going to be not at all close. The point here, though, is that you should aspire to this level of greatness, and you're going to have to create new processes and adopt new tools to get there. Now, before you get there, I would argue that if you can do, like, 10-10-10 or, like, whatever number you start with, you're on a mission to make that number smaller, right? So, if today, you can detect a crypto miner in 30 minutes, that's not great because crypto miners are pretty detectable these days, but give yourself a goal of, like, getting that 30 minutes down to 20, or getting that 30 minutes down to 10, right?Because we are so obsessed with, like, measuring ourselves against our peers and all this other stuff that we sometimes lose track of what actually is improving our security program. So yes, compare it to yourself first. But ultimately, if you can meet the 5/5/5 benchmark, then you are doing great. Like, you are faster than the attackers in theory, so that's the dream.Corey: So, I have to ask, and I suspect I might know the answer to this, but given that it seems very hard to move this quickly, especially at scale, is there an argument to be made that effectively prevention obviates the need for any of this, where if you don't misconfigure things in ways that should be obvious, if you practice defense-in-depth to a point where you can effectively catch things that the first layer meets with successive layers, as opposed to, “Well, we have a firewall. Once we're inside of there, well [laugh], it's game over for us.” Is prevention sufficient in some ways to obviate this?Anna: I think there are a lot of people that would love to believe that that's true.Corey: Oh, I sure would. It's such a comforting story.Anna: And we've done, like, I think one of my opening sentences in the benchmark, kind of, description, actually, is that we've done a pretty good job of advertising prevention in Cloud as an important thing and getting people to actually, like, start configuring things more carefully, or like, checking how those things have been configured, and then changing that configuration should they discover that it is not compliant with some mundane standard that everyone should know, right? So, we've made great progress, I think, in cloud prevention, but as usual, like, prevention fails, right? Like I still have smoke detectors in my house, even though I have done everything possible to prevent it from catching fire and I don't plan to set it on fire, right? But like, threat detection is one of these things that you're always going to need because no matter what you do, A, you will make a mistake because you're a human being, and there are too many things, and you'll make a mistake, and B, the bad guys are literally in the business of figuring ways around your prevention and your protective systems.So, I am full on on defense-in-depth. I think it's a beautiful thing. We should only obviously do that. And I do think that prevention is your first step to a holistic security program—otherwise, what even is the point—but threat detection is always going to be necessary. And like I said, even if you can't go 5/5/5, you don't have threat detection at that speed, you need to at least be able to know what happened later so you can update your prevention system.Corey: This might be a dangerous question to get into, but why not, that's what I do here. This [could 00:17:27] potentially an argument against Cloud, by which I mean that if I compromise someone's Cloud account on any of the major cloud providers, once I have access of some level, I know where everything else in the environment is as a general rule. I know that you're using S3 or its equivalent, and what those APIs look like and the rest, whereas as an attacker, if I am breaking into someone's crappy data center-hosted environment, everything is going to be different. Maybe they don't have a SAN at all, for example. Maybe they have one that hasn't been patched in five years. Maybe they're just doing local disk for some reason.There's a lot of discovery that has to happen that is almost always removed from Cloud. I mean, take the open S3 bucket problem that we've seen as a scourge for 5, 6, 7 years now, where it's not that S3 itself is insecure, but once you make a configuration mistake, you are now in line with a whole bunch of other folks who may have much more valuable data living in that environment. Where do you land on that one?Anna: This is the ‘leave cloud to rely on security through obscurity' argument?Corey: Exactly. Which I'm not a fan of, but it's also hard to argue against from time-to-time.Anna: My other way of phrasing it is ‘the attackers are ripping up the stack' argument. Yeah, so—and there is some sort of truth in that, right? Part of the reason that attackers can move that fast—and I think we say this a lot when we talk about the threat report data, too, because we literally see them execute this behavior, right—is they know what the cloud looks like, right? They have access to all the API documentation, they kind of know what all the constructs are that you're all using, and so they literally can practice their attack and create all these scripts ahead of time to perform their reconnaissance because they know exactly what they're looking at, right? On-premise, you're right, like, they're going to get into—even to get through my firewall, whatever, they're getting into my data center, they don't do not know what disaster I have configured, what kinds of servers I have where, and, like, what the network looks like, they have no idea, right?In Cloud, this is kind of all gifted to them because it's so standard, which is a blessing and a curse. It's a blessing because—well for them, I mean, because they can just programmatically go through this stuff, right? It's a curse for them because it's a blessing for us in the same way, right? Like, the defenders… A, have a much easier time knowing what they even have available to them, right? Like, the days of there's a server in a closet I've never heard of are kind of gone, right? Like, you know what's in your Cloud account because, frankly, AWS tells you. So, I think there is a trade-off there.The other thing is—about the moving up the stack thing, right—like no matter what you do, they will come after you if you have something worth exploiting you for, right? So, by moving up the stack, I mean, listen, we have abstracted all the physical servers, all of the, like, stuff we used to have to manage the security of because the cloud just does that for us, right? Now, we can argue about whether or not they do a good job, but I'm going to be generous to them and say they do a better job than most companies [laugh] did before. So, in that regard, like, we say, thank you, and we move on to, like, fighting this battle at a higher level in the stack, which is now the workloads and the cloud control plane, and the you name it, whatever is going on after that. So, I don't actually think you can sort of trade apples for oranges here. It's just… bad in a different way.Corey: Do you think that this benchmark is going to be used by various companies who will learn about it? And if so, how do you see that playing out?Anna: I hope so. My hope when we created it was that it would sort of serve as a goalpost or a way to measure—Corey: Yeah, it would just be marketing words on a page and never mentioned anywhere, that's our dream here.Anna: Yeah, right. Yeah, I was bored. So, I wrote some—[laugh].Corey: I had a word minimum to get out the door, so there we are. It's how we work.Anna: Right. As you know, I used to be a Gartner analyst, and my desire is always to, like, create things that are useful for people to figure out how to do better in security. And my, kind of, tenure at the vendor is just a way to fund that [laugh] more effectively [unintelligible 00:21:08].Corey: Yeah, I keep forgetting you're ex-Gartner. Yeah, it's one of those fun areas of, “Oh, yeah, we just want to basically talk about all kinds of things because there's a—we have a chart to fill out here. Let's get after it.”Anna: I did not invent an acronym, at least. Yeah, so my goal was the following. People are always looking for a benchmark or a goal or standard to be like, “Hey, am I doing a good job?” Whether I'm, like a SOC analyst or director, and I'm just looking at my little SOC empire, or I'm a full on CSO, and I'm looking at my entire security program to kind of figure out risk, I need some way to know whether what is happening in my organization is, like, sufficient, or on par, or anything. Is it good or is it bad? Happy face? Sad face? Like, I need some benchmark, right?So normally, the Gartner answer to this, typically, is like, “You can only come up with benchmarks that are—” they're, like, “Only you know what is right for your company,” right? It's like, you know, the standard, ‘it depends' answer. Which is true, right, because I can't say that, like, oh, a huge multinational bank should follow the same benchmark as, like, a donut shop, right? Like, that's unreasonable. So, this is also why I say that our benchmark is probably more tailored to the more advanced organizations that are dealing with kind of high maturity phenomena and are more cloud-native, but the donut shops should kind of strive in this direction, right?So, I hope that people will think of it this way: that they will, kind of, look at their process and say, “Hey, like, what are the things that would be really bad if they happened to me, in terms of sort detection?” Like, “What are the threats I'm afraid of where if I saw this in my cloud environment, I would have a really bad day?” And, “Can I detect those threats in 5/5/5?” Because if I can, then I'm actually doing quite well. And if I can't, then I need to set, like, some sort of roadmap for myself on how I get from where I am now to 5/5/5 because that implies you would be doing a good job.So, that's sort of my hope for the benchmark is that people think of it as something to aspire to, and if they're already able to meet it, then that they'll tell us how exactly they're achieving it because I really want to be friends with them.Corey: Yeah, there's a definite lack of reasonable ways to think about these things, at least in ways that can be communicated to folks outside of the bounds of the security team. I think that's one of the big challenges currently facing the security industry is that it is easy to get so locked into the domain-specific acronyms, philosophies, approaches, and the rest, that even coming from, “Well, I'm a cloud engineer who ostensibly needs to know about these things.” Yeah, wander around the RSA floor with that as your background, and you get lost very quickly.Anna: Yeah, I think that's fair. I mean, it is a very, let's say, dynamic and rapidly evolving space. And by the way, like, it was really hard for me to pick these numbers, right, because I… very much am on that whole, ‘it depends' bandwagon of I don't know what the right answer is. Who knows what the right answer is [laugh]? So, I say 5/5/5 today. Like, tomorrow, the attack takes five minutes, and now it's two-and-a-half/two-and-a-half, right? Like it's whatever.You have to pick a number and go for it. So, I think, to some extent, we have to try to, like, make sense of the insanity and choose some best practices to anchor ourselves in or some, kind of like, sound logic to start with, and then go from there. So, that's sort of what I go for.Corey: So, as I think about the actual reaction times needed for 5/5/5 to actually be realistic, people can't reliably get a hold of me on the phone within five minutes, so it seems like this is not something you're going to have humans in the loop for. How does that interface with the idea of automating things versus giving automated systems too much power to take your site down as a potential failure mode?Anna: Yeah. I don't even answer the phone anymore, so that wouldn't work at all. That's a really, really good question, and probably the question that gives me the most… I don't know, I don't want to say lost sleep at night because it's actually, it's very interesting to think about, right? I don't think you can remove humans from the loop in the SOC. Like, certainly there will be things you can auto-respond to some extent, but there'd better be a human being in there because there are too many things at stake, right?Some of these actions could take your entire business down for far more hours or days than whatever the attacker was doing before. And that trade-off of, like, is my response to this attack actually hurting the business more than the attack itself is a question that's really hard to answer, especially for most of us technical folks who, like, don't necessarily know the business impact of any given thing. So, first of all, I think we have to embrace other response actions. Back to our favorite crypto miners, right? Like there is no reason to not automatically shut them down. There is no reason, right? Just build in a detection and an auto-response: every time you see a crypto miner, kill that process, kill that container, kill that node. I don't care. Kill it. Like, why is it running? This is crazy, right?I do think it gets nuanced very quickly, right? So again, in SCARLETEEL, there are essentially, like, five or six detections that occur, right? And each of them theoretically has a potential auto-response that you could have executed depending on your, sort of, appetite for that level of intervention, right? Like, when you see somebody assuming a role, that's perfectly normal activity most of the time. In this case, I believe they actually assumed a machine role, which is less normal. Like, that's kind of weird.And then what do you do? Well, you can just, like, remove the role. You can remove that person's ability to do anything, or remove that role's ability to do anything. But that could be very dangerous because we don't necessarily know what the full scope of that role is as this is happening, right? So, you could take, like, a more mitigated auto-response action and add a restrictive policy to that rule, for example, to just prevent activity from that IP address that you just saw, right, because we're not sure about this IP address, but we're sure about this role, right?So, you have to get into these, sort of, risk-tiered response actions where you say, “Okay, this is always okay to do automatically. And this is, like, sometimes, okay, and this is never okay.” And as you develop that muscle, it becomes much easier to do something rather than doing nothing and just, kind of like, analyzing it in forensics and being, like, “Oh, what an interesting attack story,” right? So, that's step one, is just start taking these different response actions.And then step two is more long-term, and it's that you have to embrace the cloud-native way of life, right? Like this immutable, ephemeral, distributed religion that we've been selling, it actually works really well if you, like, go all-in on the religion. I sound like a real cult leader [laugh]. Like, “If you just go all in, it's going to be great.” But it's true, right?So, if your workflows are immutable—that means they cannot change as they're running—then when you see them drifting from their original configuration, like, you know, that is bad. So, you can immediately know that it's safe to take an auto-respon—well, it's safe, relatively safe, take an auto-response action to kill that workload because you are, like, a hundred percent certain it is not doing the right things, right? And then furthermore, if all of your deployments are defined as code, which they should be, then it is approximately—[though not entirely 00:27:31]—trivial to get that workload back, right? Because you just push a button, and it just generates that same Kubernetes cluster with those same nodes doing all those same things, right? So, in the on-premise world where shooting a server was potentially the, you know, fireable offense because if that server was running something critical, and you couldn't get it back, you were done.In the cloud, this is much less dangerous because there's, like, an infinite quantity of servers that you could bring back and hopefully Infrastructure-as-Code and, kind of, Configuration-as-Code in some wonderful registry, version-controlled for you to rely on to rehydrate all that stuff, right? So again, to sort of TL;DR, get used to doing auto-response actions, but do this carefully. Like, define a scope for those actions that make sense and not just, like, “Something bad happened; burn it all down,” obviously. And then as you become more cloud-native—which sometimes requires refactoring of entire applications—by the way, this could take years—just embrace the joy of Everything-as-Code.Corey: That's a good way of thinking about it. I just, I wish there were an easier path to get there, for an awful lot of folks who otherwise don't find a clear way to unlock that.Anna: There is not, unfortunately [laugh]. I mean, again, the upside on that is, like, there are a lot of people that have done it successfully, I have to say. I couldn't have said that to you, like, six, seven years ago when we were just getting started on this journey, but especially for those of you who were just at KubeCon—however, long ago… before this airs—you see a pretty robust ecosystem around Kubernetes, around containers, around cloud in general, and so even if you feel like your organization's behind, there are a lot of folks you can reach out to to learn from, to get some help, to just sort of start joining the masses of cloud-native types. So, it's not nearly as hopeless as before. And also, one thing I like to say always is, almost every organization is going to have some technical debt and some legacy workload that they can't convert to the religion of cloud.And so, you're not going to have a 5/5/5 threat detection SLA on those workloads. Probably. I mean, maybe you can, but probably you're not, and you may not be able to take auto-response actions, and you may not have all the same benefits available to you, but like, that's okay. That's okay. Hopefully, whatever that thing is running is, you know, worth keeping alive, but set this new standard for your new workloads. So, when your team is building a new application, or if they're refactoring an application, can't afford the new world, set the standard on them and don't, kind of like, torment the legacy folks because it doesn't necessarily make sense. Like, they're going to have different SLAs for different workloads.Corey: I really want to thank you for taking the time to speak with me yet again about the stuff you folks are coming out with. If people want to learn more, where's the best place for them to go?Anna: Thanks, Corey. It's always a pleasure to be on your show. If you want to learn more about the 5/5/5 benchmark, you should go to sysdig.com/555.Corey: And we will, of course, put links to that in the show notes. Thank you so much for taking the time to speak with me today. As always, it's appreciated. Anna Belak, Director at the Office of Cybersecurity Strategy at Sysdig. I'm Cloud Economist Corey Quinn, and this has been a promoted guest episode brought to us by our friends at Sysdig. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that I will read nowhere even approaching within five minutes.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.

Join Curt Norton of Strang, Inc. on Building Scale, where he discusses with hosts Justin Neagle and Will Foret about leading an architectural firm through transformative change. This episode covers Curt's approach to integrating new technologies, navigating industry shifts, and fostering a culture of innovation. Discover the strategies that have made Strang Inc. a leader in the architectural world.Key Topics: - Technological Integration in Architecture - Managing Change in a Dynamic Industry - Cultivating Innovation and Growth  Connect with Curt and Stang - Curt's LinkedIn: https://www.linkedin.com/in/curtnorton/ Stang's LinkedIn: https://www.linkedin.com/company/strang-inc./ Website: https://strang-inc.com/ Phone: 608-276-9200    Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/ Justin's LinkedIn: https://www.linkedin.com/in/justneagle/ Learn More & Connect With Spot Migration - Website: https://www.spotmigration.com LinkedIn: https://www.linkedin.com/company/spot-migration Facebook: https://www.facebook.com/spotmigration Youtube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guests Need to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Dive into an inspiring episode with Julie Savitt, founder of AMS Elite Solutions, on Building Scale. Hosts Justin Neagle and Will Foret discuss with Julie her path through the complexities of the construction industry. She highlights the significance of helping others, the role of certifications for small businesses, and adapting to changes in the economic and political landscape. This episode is a testament to resilience and innovation in the face of adversity.Key Topics:Trust and Resilience in BusinessCertification Impact on Small BusinessesAdapting to Economic and Political ChangesStrategies for Construction Business Growth Connect with Julie - Julie's LinkedIn: https://www.linkedin.com/in/julieasavitt/ AMS' LinkedIn: https://www.linkedin.com/company/ams-elite-solutions-inc/ Website: https://ams-es.net/ Phone: (847) 838-9501  Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/ Justin's LinkedIn: https://www.linkedin.com/in/justneagle/ Learn More & Connect With Spot Migration - Website: https://www.spotmigration.com LinkedIn: https://www.linkedin.com/company/spot-migration Facebook: https://www.facebook.com/spotmigration Youtube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guests Need to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Join Shon Harris, founder of Livewire Electrical Systems, as he shares his entrepreneurial journey on Building Scale. Hosts Justin Neagle and Will Foret dive into Shon's approach to business growth, community impact, and the importance of fostering positive relationships in the construction industry. This episode offers a unique look at the challenges and triumphs of building a successful business while making a significant community impact.Key Topics:Business Development in Construction Community Engagement and Impact Leadership and Team Building Overcoming Industry Challenges  Connect with Shon - Shon's LinkedIn: https://www.linkedin.com/in/shon-harris-5a85a222/Livewire's LinkedIn: https://www.linkedin.com/company/livewire-systems-/Website: https://www.livewire-construction.com/  Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/ Justin's LinkedIn: https://www.linkedin.com/in/justneagle/ Learn More & Connect With Spot Migration - Website: https://www.spotmigration.com LinkedIn: https://www.linkedin.com/company/spot-migration Facebook: https://www.facebook.com/spotmigration Youtube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guests Need to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

I explore the intricate world of cybersecurity with Adi Dubin, a seasoned expert from Skybox Security. With over 20 years of experience in the field, Adi brings a unique perspective to the table, discussing the challenges and strategies essential for modern cybersecurity. Adi begins by sharing his extensive background in cybersecurity and his role at Skybox Security, where he leads product management. His passion for continuous learning in this rapidly evolving field sets the tone for a deep and insightful conversation. We dive into Skybox Security's holistic approach to vulnerability identification and prioritization. Adi explains how their method combines both active and passive technologies, focusing on systematic and customer-specific risks. This approach ensures that organizations efficiently allocate their limited resources to address the most critical issues. The conversation then shifts to the topic of 'celebrity vulnerabilities'. Adi discusses the pitfalls of focusing solely on high-profile breaches, which can lead to a disproportionate allocation of resources and neglect other significant threats. He highlights Skybox's methodology, which considers both exposure and asset criticality, to determine the impact of various vulnerabilities on each customer. Further, we delve into the role of predictive analytics and artificial intelligence in cybersecurity. Adi talks about how machine learning aids in threat detection but also emphasizes the irreplaceable value of human judgment in making complex decisions. He stresses the importance of integrating comprehensive data and processes to enhance the effectiveness of these technologies in prioritization. Adi also touches upon the critical role of the human element in cybersecurity. He discusses how automation and algorithms are crucial but cannot entirely replace human intuition and problem-solving skills. Education, awareness, and policy play a vital role in fostering a proactive security culture within organizations. As we discuss emerging threats and strategies for effective prioritization, Adi points out the increasing sophistication of social engineering attacks. He advises on the importance of managing attack surfaces and exposure through discovery, risk assessment, automation, and swift response to stay ahead of evolving methods. In his final thoughts, Adi offers valuable advice for enhancing an organization's cybersecurity posture. He emphasizes the importance of collecting comprehensive operational and technical data to power effective prioritization, automation, training, and decision-making.

Join Jason Lohoff, founder and CEO of Master Rooter LLC, as he shares his journey with hosts Justin Neagle and Will Foret on Building Scale. Jason delves into transforming his plumbing business into a scalable model, focusing on reinvestment and customer satisfaction. This episode is packed with insights on growing a business without losing sight of quality service and client relationships.Key Topics:Business ScalabilityReinvesting for GrowthCustomer-Centric ServiceEntrepreneurial Mindset Connect with Jason - Jason's LinkedIn: https://www.linkedin.com/in/jason-lohoff-687a0b1a8/  Master Rooter's LinkedIn: https://www.linkedin.com/company/master-rooter-az/ Website: https://masterrooter.co/ Phone: 602-399-9464  Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/ Justin's LinkedIn: https://www.linkedin.com/in/justneagle/ Learn More & Connect With Spot Migration - Website: https://www.spotmigration.com LinkedIn: https://www.linkedin.com/company/spot-migration Facebook: https://www.facebook.com/spotmigration Youtube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guests Need to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Key leaders in a corporate office are debating the optimal reporting structure for the CISO, weighing the benefits of direct CEO oversight against the integration within the IT department. This narrative explores the delicate balance between innovation and security, highlighting the strategic decision-making process in a dynamic corporate environment.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn't the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week's show is brought to you by Proofpoint. Ryan Kalember, Proofpoint's EVP of Cybersecurity Strategy, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed' attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences' ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky' hackers after surveillance satellite launch ‘Fugitive' Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn't the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week's show is brought to you by Proofpoint. Ryan Kalember, Proofpoint's EVP of Cybersecurity Strategy, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed' attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences' ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky' hackers after surveillance satellite launch ‘Fugitive' Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch

Join me on Building Scale as we interview Alexus Rae Lopez, a seasoned professional in the construction industry. Alexus shares her inspiring story of resilience and personal growth, overcoming adversity and unlocking potential. We discuss her journey in the roofing industry, the importance of building relationships, and the differences between B2B and B2C in roofing. Discover the significance of protecting assets, the integration of operating systems, and the challenges of balancing operations and sales. Don't miss this insightful conversation on Building Scale! - Alexus Rae Lopez's background and resilience- Career path in construction and roofing- Differences between B2B and B2C in roofing industry- Importance of protecting assets in a warehouse- Balancing operations and sales in construction industry Connect with Alexus - LinkedIn: https://www.linkedin.com/in/alexuslopez/Website: https://www.alexusrae.com/ Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/Justin's LinkedIn: https://www.linkedin.com/in/justneagle/Learn More & Connect With Spot Migration - Website: https://www.spotmigration.comLinkedIn: https://www.linkedin.com/company/spot-migrationFacebook: https://www.facebook.com/spotmigrationYoutube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guestsNeed to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Join us in an insightful episode with Karin Selkert, COO of AC³E Energy Services, as she discusses the dynamic world of HVAC services with Justin Neagle and Will Foret. Karin delves into the challenges and successes of operating in critical facilities, including data centers, and sheds light on cultivating a skilled, empowered workforce. This episode offers an in-depth look at team building and the valuable lessons learned through growth.Key Topics:HVAC Services in Critical FacilitiesTeam Empowerment and Skill DevelopmentChallenges in the HVAC IndustryStrategies for Efficient Operation and Growth Connect with Karin - LinkedIn: https://www.linkedin.com/in/karinselchert/ Website: https://www.ac3eenergy.com/ Phone: 480-330-1092 Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/Justin's LinkedIn: https://www.linkedin.com/in/justneagle/Learn More & Connect With Spot Migration - Website: https://www.spotmigration.comLinkedIn: https://www.linkedin.com/company/spot-migrationFacebook: https://www.facebook.com/spotmigrationYoutube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guestsNeed to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help 

Guest: Host: Matthew RosenquistOn ITSPmagazine  

Guest: Allyn Stott, Senior Staff EngineerOn LinkedIn | https://www.linkedin.com/in/whyallyn/On Twitter | https://twitter.com/whyallynOn Mastodon | https://infosec.exchange/@whyallynAt Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#allyn-stott-42433____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________Episode NotesIn this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin engages in a thought-provoking conversation with guest Allyn Stott, a seasoned cybersecurity professional and senior staff engineer. The discussion orbits around the challenges and solutions in building a modern detection response program.Allyn shares his unique perspective on why blue teams often fail. He suggests that the failure is not due to a lack of technical skills, but rather a lack of a broader strategy and understanding of the overall detection response program. He emphasizes the importance of integrating the detection response team into broader business conversations, thereby fostering a more holistic approach to managing risk.The conversation also explores the role of threat intelligence and the need for continuous learning and adaptation in the face of evolving threats. Allyn underscores the importance of understanding the business's actual risk and aligning the detection response program accordingly.Allyn also shares his experience in creating a framework to help teams understand their current capabilities and how to evolve towards a more effective detection response program. This framework, he suggests, can help prioritize work within the program and provide a roadmap for reporting out.This episode is a treasure trove of insights for CISOs, managers, directors, and builders in the cybersecurity field. It provides a roadmap for identifying skill sets, prioritizing work within the program, and reporting out, all crucial elements in building a modern detection response program.The conversation is a blend of practical advice and philosophical musings on the nature of cybersecurity, making it a must-listen for anyone interested or practicing in the field.About Allyn's Black Hat Europe 2023 Session, 'How I Learned to Stop Worrying and Build a Modern Detection & Response Program': You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.* How worrying can be a superpower* Why blue teams fail* The framework I've developed for building a detection and response program____________________________ResourcesHow I Learned to Stop Worrying and Build a Modern Detection & Response Program: https://www.blackhat.com/eu-23/briefings/schedule/#how-i-learned-to-stop-worrying-and-build-a-modern-detection--response-program-34241A Security Newsletter with a Cute Cat: https://www.meoward.co/subscribeLearn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelBlack Hat Europe 2023 playlist:

In this episode, we are joined by Stephen Doyle, Jr., a former engineer turned coach and consultant in the commercial construction industry. We delve into Steve's journey and the importance of systems and processes in the construction world. Along the way, we share some light hearted moments, including our occasional forgetfulness.The episode focuses on the significance of having the right people, systems, and technology in business. Steve emphasizes the prioritization of people, followed by process and technology, for successful scaling. We discuss the distinctions between coaching and consulting, using a fishing analogy to illustrate their respective roles. We also explore the implementation of effective systems and the importance of company culture in attracting and retaining top talent.Furthermore, we delve into the challenges of finding good employees and increasing profitability in the construction industry. Steve provides valuable insights on revenue, profit margins, and strategies for success. We also touch on the continuous cycle of adaptation and improvement in business processes, regardless of company size.The podcast episode emphasizes the need for embracing failure, being resilient, and persistent in our entrepreneurial journeys. We discuss the importance of patience, helping others, and finding joy in life and business.Join us for an engaging and informative conversation on building scale in the commercial construction industry and discover valuable insights that can help you thrive in your own business.- Steve Doyle's background in engineering and transition to coaching and consulting- Importance of people, systems, and technology in the construction industry- Distinctions between coaching and consulting- Finding and retaining good employees in the construction industry- Embracing failure and persistence in business ownership Connect with Steve - Website: https://stephendoylejr.com/about/or Text him at 248-85-1358Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/Justin's LinkedIn: https://www.linkedin.com/in/justneagle/Learn More & Connect With Spot Migration - Website: https://www.spotmigration.comLinkedIn: https://www.linkedin.com/company/spot-migrationFacebook: https://www.facebook.com/spotmigrationYoutube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guestsNeed to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help

Join hosts Justin Neagle and Will Foret on Building Scale as they learn from Ron Nussbaum, a visionary leader who is transforming the construction industry. From his experiences in the Marine Corps to pioneering customer communication software in construction, Ron shares his insights on actionable tenacity, technology's role in construction, and the mindset needed for success. This episode is packed with valuable lessons for anyone looking to make a significant impact in their field.Key Topics:Actionable Tenacity and MindsetTechnology and Innovation in ConstructionJourney from the Marine Corps to Industry LeadershipScaling Businesses Successfully Connect with Ron - LinkedIn: https://www.linkedin.com/in/ron-nussbaum/ Website: https://www.buildercoms.com/  Connect with Justin & Will -Will's LinkedIn: https://www.linkedin.com/in/willforet/Justin's LinkedIn: https://www.linkedin.com/in/justneagle/Learn More & Connect With Spot Migration - Website: https://www.spotmigration.comLinkedIn: https://www.linkedin.com/company/spot-migrationFacebook: https://www.facebook.com/spotmigrationYoutube: https://www.youtube.com/c/Spotmigration Do you want to be a guest on the show? Go to https://buildingscale.net/guestsNeed to discuss your IT and Cybersecurity Strategy? Go to https://buildingscale.net/help 

CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/132 Selected reading. CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) How a Cloud Flaw Gave Chinese Spies a Key to Microsoft's Kingdom (WIRED) Chinese hackers breached U.S. and European government email through Microsoft bug (Record) FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan | The White House (The White House) National Cybersecurity Strategy Implementation Plan (White House) LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros (Fortinet Blog) New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware (Uptycs) Russia Is Trying to Leave the Internet and Build Its Own (Scientific American) The GRU's Disruptive Playbook (Mandiant)  Hack Blamed on Wagner Group Had Another Culprit, Experts Say (Bloomberg) 

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy

On March 2, the Biden administration released its long-awaited National Cybersecurity Strategy. The new strategy comes more than two years after President Biden took office and sets out a bold vision to achieve a more cyber-secure future by the end of the decade. Lawfare Legal Fellow Saraphin Dhanani sat down with our in-house cyber experts, Lawfare's Senior Editor Stephanie Pell and Fellow in Tech Policy and Law Eugenia Lostri, to discuss the strategy and their latest piece published on Lawfare, titled “The Biden-Harris Administration Releases New National Cybersecurity Strategy.” Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.