POPULARITY
Regulatory requirements for cybersecurity are a top priority; however, regulations only cover a minimum level of security needed. Compliance to regulations does not equal security because each organization's risks differ. On this episode guest host Steven Parker of EnergySec and Jim Schultz of Black & Veatch discuss frameworks that organizations can use to help protect themselves against the threat of cyberattacks and how assessing organizational risk tolerance can produce a customized set of standards that companies can strive to attain.
Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: State Of NERC CIP, European Update and OT Security CommunityPub date: 2024-04-24Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber. In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI. Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/ The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: State Of NERC CIP, European Update and OT Security CommunityPub date: 2024-04-24Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber. In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI. Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/ The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber. In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI. Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 35: Building a Consulting Career in the Cyber Security Industry with Patrick C. MillerPub date: 2022-04-19Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute.Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry. You won't want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more!Show highlights:Entrepreneurship is in Patrick's blood. (3:05)Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15)Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32)Any kind of background can be helpful for you as a security professional. (9:00)How phone systems have advanced and transformed over the last few decades. (10:30)Patrick's first “hacking job”. (11:29)Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23)Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54)Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26)What motivated Patrick to start a consulting firm? (26:14)The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24)Patrick shares his vision for Ampere. (35:15)Why good communication skills are essential. (38:40)What is ISAC all about, and how did Patrick instigate it? (41:40) The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. (http://www.amperesec.com/ (www.amperesec.com)) Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute. Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry. You won't want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more! Show highlights: Entrepreneurship is in Patrick's blood. (3:05) Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15) Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32) Any kind of background can be helpful for you as a security professional. (9:00) How phone systems have advanced and transformed over the last few decades. (10:30) Patrick's first “hacking job”. (11:29) Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23) Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54) Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26) What motivated Patrick to start a consulting firm? (26:14) The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24) Patrick shares his vision for Ampere. (35:15) Why good communication skills are essential. (38:40) What is ISAC all about, and how did Patrick instigate it? (41:40) Mentioned in this episode: Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership) Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber
EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.
Podcast: The Industrial Security Podcast (LS 33 · TOP 5% what is this?)Episode: Building Your Own Workforce [The Industrial Security Podcast]Pub date: 2021-08-04EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.
Podcast: RSA ConferenceEpisode: Could 2021 Be the Year of Product Security?Pub date: 2021-02-22In the industrial space, we’ve seen more organizations bringing in Chief Product Security Officers—with good reason. Security needs to be baked into the products that companies are delivering to customers, particularly when there is a life/safety impact. But the need for product security extends beyond ICS and OT. Join us with our guests Megan Samford and Patrick Miller who will look at why product security is the new frontier of the cybersecurity industry. Presenters: Patrick Miller, Founder, Director & President Emeritus, EnergySec and US Megan Samford, Chief Product Security Officer, Schneider Electric Kacy Zurkus, Content Strategist, RSA ConferenceThe podcast and artwork embedded on this page are from RSA Conference, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In the industrial space, we’ve seen more organizations bringing in Chief Product Security Officers—with good reason. Security needs to be baked into the products that companies are delivering to customers, particularly when there is a life/safety impact. But the need for product security extends beyond ICS and OT. Join us with our guests Megan Samford and Patrick Miller who will look at why product security is the new frontier of the cybersecurity industry. Presenters: Patrick Miller, Founder, Director & President Emeritus, EnergySec and US Megan Samford, Chief Product Security Officer, Schneider Electric Kacy Zurkus, Content Strategist, RSA Conference
Podcast: Cyber Security InterviewsEpisode: #051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is DifficultPub date: 2018-04-24Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.Where you can find Robert:LinkedInTwitterBlogThe podcast and artwork embedded on this page are from Douglas A. Brush | Weekly Interviews w/ InfoSec Pros, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
New show in the Feed! HackerNinjaScissors -- With Bret Padres. www.crypsisgroup.com New CyberSpeak Podcast reboot in the works. In the mean time check out this new show. In the inaugural show of HackerNinjaScissors, Bret Padres interviews Robert M Lee. Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos where he has a passion for control system traffic analysis, digital forensics, and threat intelligence research. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016). Links mentioned in the show: - dragos.com - @RobertMLee - robertmlee.org - littlebobbycomic.com - @_LittleBobby - https://www.amazon.com/Threat-Intelligence-Me-Children-Analysts/dp/1541148819
Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA) DHS seeks to ask foreign visitors their social media accounts Breaches All your gotomypc are belong to us DERP Comodo are the good guys, seriously (not seriously) Briefly -- NO ARGUING OR DISCUSSION ALLOWED The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated) Mooltipass Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances: -- more gratuitous self-promotion Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress... James: - Vegas. Sigh. Ben: - Coding my ass for SECTOR building G.Tool Matt: - Keeping banker's hours. Wil: - BSidesLV, DEF CON, Burning Man... Other LSD Writers: - Who? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys Creative Commons license: BY-NC-SA
The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.In this episode, I talk with Jack Whitsitt, senior strategist at EnergySec. We discuss the ways in which language can either divide or unite people and organizations, the illusion of control when it comes to security, and how any model or framework for security must include people in order to have any chance of success. Here are some highlights: Language can unite (or divide) I think language is a huge, huge part of our cyber security problems faced right now. You can get people in a room, and they're using the same words, but meaning different things. They're not actually effectively making their world a better place. “Cyber” versus “information” security is something I talk about a lot. When you look at it, it's unhelpful to say, "Well that word doesn't mean what you think it does," and to kind of ostracize that set of thinking from your world view. If we can't socialize common language and figure out what the big picture looks like, we're going to have a tough time making progress. Securing your network vs. securing your business There's an important linguistic distinction between securing your network and securing your business. When we talk about language, your CFO or CEO, they don't care about their network. They really don't, nor should they. They want to keep producing the value they want to produce, and focus on the costs they're willing to invest in that. What you talk about, as an information security professional, should be focused on helping them produce that value. Whether or not somebody can get into your network on a Tuesday at 5 p.m. is potentially unimportant to their worldview, and the language that they use, and the things that they care about. The illusion of control I actually believe, to some extent, information security is a symptom. It's an outcome of a larger problem, as opposed to a causal factor. As information security professionals, by and large, we don't control our budget exposure; the kind of exposure to cyber security risk that we face is created largely outside of our span of influence. I think we have much less control than we think we do over the security of our environment. Unless we begin offloading it into the rest of the business, in a much more substantial and meaningful way than we have in the past—as we add lines to code, as we add complexity, as we add connectivity, and as we add consequence, as all of that escalates—it's going to be increasingly hard to even look like we're doing a particularly good job of keeping things secure and stable. Modeling people in your systems Unless you include the people, and how they behave—the decisions they make, what their psychological constraints are, what their cultural constraints are, their political and legal constraints are—in that conversation, in that threat model, then, you're not really actually modelling the security state, or the threats to your system. You're only modelling a piece of it, and there's only so far you can go in defending that, when you limit your scope like that. We can isolate ourselves and talk about trust perimeters, but the world doesn’t work that way. There’s something larger than the models we’ve used so far that’s at play.
The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.In this episode, I talk with Jack Whitsitt, senior strategist at EnergySec. We discuss the ways in which language can either divide or unite people and organizations, the illusion of control when it comes to security, and how any model or framework for security must include people in order to have any chance of success. Here are some highlights: Language can unite (or divide) I think language is a huge, huge part of our cyber security problems faced right now. You can get people in a room, and they're using the same words, but meaning different things. They're not actually effectively making their world a better place. “Cyber” versus “information” security is something I talk about a lot. When you look at it, it's unhelpful to say, "Well that word doesn't mean what you think it does," and to kind of ostracize that set of thinking from your world view. If we can't socialize common language and figure out what the big picture looks like, we're going to have a tough time making progress. Securing your network vs. securing your business There's an important linguistic distinction between securing your network and securing your business. When we talk about language, your CFO or CEO, they don't care about their network. They really don't, nor should they. They want to keep producing the value they want to produce, and focus on the costs they're willing to invest in that. What you talk about, as an information security professional, should be focused on helping them produce that value. Whether or not somebody can get into your network on a Tuesday at 5 p.m. is potentially unimportant to their worldview, and the language that they use, and the things that they care about. The illusion of control I actually believe, to some extent, information security is a symptom. It's an outcome of a larger problem, as opposed to a causal factor. As information security professionals, by and large, we don't control our budget exposure; the kind of exposure to cyber security risk that we face is created largely outside of our span of influence. I think we have much less control than we think we do over the security of our environment. Unless we begin offloading it into the rest of the business, in a much more substantial and meaningful way than we have in the past—as we add lines to code, as we add complexity, as we add connectivity, and as we add consequence, as all of that escalates—it's going to be increasingly hard to even look like we're doing a particularly good job of keeping things secure and stable. Modeling people in your systems Unless you include the people, and how they behave—the decisions they make, what their psychological constraints are, what their cultural constraints are, their political and legal constraints are—in that conversation, in that threat model, then, you're not really actually modelling the security state, or the threats to your system. You're only modelling a piece of it, and there's only so far you can go in defending that, when you limit your scope like that. We can isolate ourselves and talk about trust perimeters, but the world doesn’t work that way. There’s something larger than the models we’ve used so far that’s at play.
In this episode Rob & Liam discuss the practical applications of threat intelligence for today's enterprise We discuss what enterprise threat intelligence really is (and also what it isn't) We discuss the place of feeds, tools, processes and people in the mechanics of the program We discuss the need to conduct a program-based intelligence approach for the enterprise Guests Liam Randall ( @hectaman ) - With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained over 1000 students on advanced incident response with a focus on leveraging the open source Bro Platform. https://www.linkedin.com/in/hectaman Robert M. Lee ( @RobertMLee ) - Robert M. Lee is the founder and CEO at Dragos Security LLC where he helped design and build CyberLens - a cyber situational awareness software tool for critical infrastructure networks. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year. https://www.linkedin.com/in/robert-m-lee-b2096532
Episode 0x31 Tinfoil Hats for EVERYONE Short paragraph containing introductory material and a thanks to listeners (if reasonable) Upcoming this week... Lots of News Paranoia / NSA SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Fingerprints as passwords: New iPhone Touch ID Skipping Ben's turn because he's really impressed about upcoming stories. Certification WTF: Payment Card Industry Professional (PCIP) WordPress < 3.6.1 PHP Object Injection Paranoia / NSA -- AKA "The BIG Breech of 2013" The NSA is a customer of VUPEN NIST says maybe don't use the ECC random bit thingie Wireless firms agree to give Ottawa ability to monitor calls, phone data No telco ever challenged NSA data collection New NSA Leak Shows MITM Attacks Against Major Internet Services EZpass is tracking you NSA Hacks Belgium NSA slurped bank records and credit card data Canada handed over control of crypto standard setting to the NSA NSA phone program is all legit FISA courts joining the FOIA party late SCADA / Cyber, cyber... etc Today Cyber means War but back in the 1990s... Hacker Group in China linked to big cyber-attacks Brazil and Argentina make a cyber pinkie pact DERP Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety' Twitter does link scraping PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust. Mailbag and/or Deep Dive Hey LSD-P I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them. Nervously,Your Friend Briefly -- NO ARGUING OR DISCUSSION ALLOWED Crypthook ShmooCon CFP - Pay attention to the Proceedings Binary Risk Assessment FreedomBox The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti MOV is turing complete Meredith Patterson at 28c3 - The language of insecurity SimpleRisk: Enterprise Risk Management Simplified Browser fuzzing: introducing bamboo.js Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice) Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... And will be speaking at SecTor Wil: - Getting playa out of his areas... But will be at SecTor Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! SecTor 2013 Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: oh jeremiah!!! Creative Commons license: BY-NC-SA
Episode -- SB003 Thrice is NICE Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Argentina arrests teen hacker who netted $50,000 a month NSA gets data from Germany’s domestic security agency - reports HOST Has An Opinion Exam Protection. Really. CISSP issues. :) because Dave can't talk about it Parting Notes -- a few one-liners... Firewall Management Essentials: Change Management The end of kindness: Weev and the cult of the angry young man The Road Warrior's Lament: In Search Of The Perfect Carry-On Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Speaking at Deepsec in Austria and maybe bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode -- SB002 Twice is Nice Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Vulnerability bureaucracy: Unchanged after 12 years Crypto prof asked to remove NSA-related blog post ZMap: Fast Internet-wide Scanning and Its Security Applications (22nd USENIX Security Symposium) Downloading ZMap Dave Has An Opinion It's time to plan to fail. Parting Notes -- a few one-liners... Republic of India has published all of their standards, including Infosec... and ISO 27000 series - for FREE Safe and Secure Online - Internet Safety for Kids from (ISC)^2 Installing Dropbox? Prepare to lose ASLR. "Here Be Dragons", Keeping Kids Safe Online Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Derbycon, HITB Malaysia and bsidesTOspeaking at Security Congress in Chicago, Deepsec in Austria. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA
Episode 0x30 Getting the band back together... Because you know, it *IS* a weekly podcast afterall. Upcoming this week... Lots of News Kittens SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary TOR crypto might not be all that CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities Canadian Universities Navigate Learning Curve for New Copyright Rules SCADA / Cyber, cyber... etc Speculation on Bullrun (more NSA funtime) Zee germans say the NSAs can hack our berries and iThingies DERP Parallels pulls head into ass and just keeps pulling HP laptops comes with built in audio eavesdropping feature Mailbag Hi LSD People I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"? Thanks, Naked Computer Nerd Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas? Briefly -- NO ARGUING OR DISCUSSION ALLOWED Watch this video of a "drone's eye view" of Burning Man and look for Wintr MDM for free yaknow. Don't succumb to security nihlism Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... he's appearing in the materimonial chamber Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding Creative Commons license: BY-NC-SA
Synopsis Today's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems that maintain life as we know it. The power grid is not only surprisingly vulnerable due to it's age-old infrastructure, but also surprisingly resilient due to the complex nature of power distribution and generation... there's just a lot more to it than most people realize. Patrick separates fact from fiction and goes into the pragmatic approach on national electric grid security - where we realize that it's really worse than we believed from a cyber security perspective, but better than we know because as you read this the electric grid is under constant attack, but it's still transmitting clean power. I urge you to listen to this podcast, and then engage Patrick (@PatrickCMiller) or I in discussion... Guest Patrick C. Miller - President & CEO of EnergySec Principal Investigator of National Electric Sector CyberSecurity Organization (NESCO) Links: NESCO - US Dept. of Energy (DoE) Office of Electricy Delivery & Energy Reiliability - http://energy.gov/oe/services/cybersecurity/nesco EnergySec - A 501(c)(3) not-for-profit organization formed to support organizations within the energy sector in securing their critical technology infrastructures - http://www.energysec.org/