Podcasts about energysec

  • 11PODCASTS
  • 22EPISODES
  • 40mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Jun 25, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about energysec

Latest podcast episodes about energysec

Grid Forward Chats
Episode 7, Season 5 – Exceeding Cybersecurity Regulations to Further Reduce Risk

Grid Forward Chats

Play Episode Listen Later Jun 25, 2024 36:03


Regulatory requirements for cybersecurity are a top priority; however, regulations only cover a minimum level of security needed. Compliance to regulations does not equal security because each organization's risks differ. On this episode guest host Steven Parker of EnergySec and Jim Schultz of Black & Veatch discuss frameworks that organizations can use to help protect themselves against the threat of cyberattacks and how assessing organizational risk tolerance can produce a customized set of standards that companies can strive to attain.

@BEERISAC: CPS/ICS Security Podcast Playlist
State Of NERC CIP, European Update and OT Security Community

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 25, 2024 46:46


Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: State Of NERC CIP, European Update and OT Security CommunityPub date: 2024-04-24Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.   In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI.   Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/   The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
State Of NERC CIP, European Update and OT Security Community

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 25, 2024 46:46


Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: State Of NERC CIP, European Update and OT Security CommunityPub date: 2024-04-24Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.   In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI.   Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/   The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Unsolicited Response Podcast
State Of NERC CIP, European Update and OT Security Community

Unsolicited Response Podcast

Play Episode Listen Later Apr 24, 2024 46:46


Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.   In this episode Patrick and Dale discuss: Why Patrick changed the company name and selected Talinn as the location for the new European office. The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences) What has the EU learned or improved on regulation from NERC CIP. What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards' requirements? The challenge of slow NERC CIP modifications, eg virtualization and cloud. Bad standard & good regulator v. good standard & bad regulator. Should water follow the NERC CIP model as recommended by AWWA? How Patrick is dealing with AI.   Links Ampyx Cyber: https://ampyxcyber.com Patrick's Critical Assets Podcast: https://amperesec.com/podcast Subscribe to Dale's ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup Advertise on Unsolicited Response: https://dale-peterson.com/advertising/   

@BEERISAC: CPS/ICS Security Podcast Playlist
35: Building a Consulting Career in the Cyber Security Industry with Patrick C. Miller

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 21, 2022 54:18


Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 35: Building a Consulting Career in the Cyber Security Industry with Patrick C. MillerPub date: 2022-04-19Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute.Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry. You won't want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more!Show highlights:Entrepreneurship is in Patrick's blood. (3:05)Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15)Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32)Any kind of background can be helpful for you as a security professional. (9:00)How phone systems have advanced and transformed over the last few decades. (10:30)Patrick's first “hacking job”. (11:29)Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23)Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54)Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26)What motivated Patrick to start a consulting firm? (26:14)The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24)Patrick shares his vision for Ampere. (35:15)Why good communication skills are essential. (38:40)What is ISAC all about, and how did Patrick instigate it? (41:40) The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control System Cyber Security Association International: (CS)²AI
35: Building a Consulting Career in the Cyber Security Industry with Patrick C. Miller

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Apr 19, 2022 55:30


Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. (http://www.amperesec.com/ (www.amperesec.com)) Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute. Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry.  You won't want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more! Show highlights: Entrepreneurship is in Patrick's blood. (3:05) Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15) Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32) Any kind of background can be helpful for you as a security professional. (9:00) How phone systems have advanced and transformed over the last few decades. (10:30) Patrick's first “hacking job”. (11:29) Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23) Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54) Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26) What motivated Patrick to start a consulting firm? (26:14) The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24) Patrick shares his vision for Ampere. (35:15) Why good communication skills are essential. (38:40) What is ISAC all about, and how did Patrick instigate it? (41:40)  Mentioned in this episode: Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership) Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber

The Industrial Security Podcast
Building Your Own Workforce [The Industrial Security Podcast]

The Industrial Security Podcast

Play Episode Listen Later Aug 4, 2021 47:08


EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.

@BEERISAC: CPS/ICS Security Podcast Playlist
Building Your Own Workforce [The Industrial Security Podcast]

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 4, 2021 47:08


Podcast: The Industrial Security Podcast (LS 33 · TOP 5% what is this?)Episode: Building Your Own Workforce [The Industrial Security Podcast]Pub date: 2021-08-04EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

כל תכני עושים היסטוריה
Building Your Own Workforce [The Industrial Security Podcast]

כל תכני עושים היסטוריה

Play Episode Listen Later Aug 4, 2021 47:08


EnergySec is working with colleges & others on the world's first industrial security apprenticeship program. Join Steve Parker, president of EnergySec to see why electric utilities cannot hire the people they need, and what's being done to fix that.

@BEERISAC: CPS/ICS Security Podcast Playlist
Could 2021 Be the Year of Product Security?

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 25, 2021 27:25


Podcast: RSA ConferenceEpisode: Could 2021 Be the Year of Product Security?Pub date: 2021-02-22In the industrial space, we’ve seen more organizations bringing in Chief Product Security Officers—with good reason. Security needs to be baked into the products that companies are delivering to customers, particularly when there is a life/safety impact. But the need for product security extends beyond ICS and OT. Join us with our guests Megan Samford and Patrick Miller who will look at why product security is the new frontier of the cybersecurity industry. Presenters: Patrick Miller, Founder, Director & President Emeritus, EnergySec and US Megan Samford, Chief Product Security Officer, Schneider Electric Kacy Zurkus, Content Strategist, RSA ConferenceThe podcast and artwork embedded on this page are from RSA Conference, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

RSA Conference
Could 2021 Be the Year of Product Security?

RSA Conference

Play Episode Listen Later Feb 22, 2021 27:25


In the industrial space, we’ve seen more organizations bringing in Chief Product Security Officers—with good reason. Security needs to be baked into the products that companies are delivering to customers, particularly when there is a life/safety impact. But the need for product security extends beyond ICS and OT. Join us with our guests Megan Samford and Patrick Miller who will look at why product security is the new frontier of the cybersecurity industry. Presenters: Patrick Miller, Founder, Director & President Emeritus, EnergySec and US Megan Samford, Chief Product Security Officer, Schneider Electric Kacy Zurkus, Content Strategist, RSA Conference

@BEERISAC: CPS/ICS Security Podcast Playlist
#051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is Difficult

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 16, 2019 52:14


Podcast: Cyber Security InterviewsEpisode: #051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is DifficultPub date: 2018-04-24Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.Where you can find Robert:LinkedInTwitterBlogThe podcast and artwork embedded on this page are from Douglas A. Brush | Weekly Interviews w/ InfoSec Pros, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

CyberSpeak's Podcast
HackerNinjaScissors - Robert M Lee - Cyber Threat Intel

CyberSpeak's Podcast

Play Episode Listen Later Feb 4, 2017 48:55


New show in the Feed! HackerNinjaScissors --  With Bret Padres. www.crypsisgroup.com New CyberSpeak Podcast reboot in the works.  In the mean time check out this new show. In the inaugural show of HackerNinjaScissors, Bret Padres interviews Robert M Lee. Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos where he has a passion for control system traffic analysis, digital forensics, and threat intelligence research. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016). Links mentioned in the show: - dragos.com - @RobertMLee - robertmlee.org - littlebobbycomic.com - @_LittleBobby - https://www.amazon.com/Threat-Intelligence-Me-Children-Analysts/dp/1541148819

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Episode 6D

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Jun 27, 2016 48:27


Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA) DHS seeks to ask foreign visitors their social media accounts Breaches All your gotomypc are belong to us DERP Comodo are the good guys, seriously (not seriously) Briefly -- NO ARGUING OR DISCUSSION ALLOWED The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated) Mooltipass Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances:  -- more gratuitous self-promotion Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress... James: - Vegas. Sigh. Ben: - Coding my ass for SECTOR building G.Tool Matt: - Keeping banker's hours. Wil: - BSidesLV, DEF CON, Burning Man... Other LSD Writers: - Who? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys   Creative Commons license: BY-NC-SA

O'Reilly Security Podcast - O'Reilly Media Podcast
Jack Whitsitt on the need to band together to make security better for everyone

O'Reilly Security Podcast - O'Reilly Media Podcast

Play Episode Listen Later Jun 8, 2016 24:13


The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.In this episode, I talk with Jack Whitsitt, senior strategist at EnergySec. We discuss the ways in which language can either divide or unite people and organizations, the illusion of control when it comes to security, and how any model or framework for security must include people in order to have any chance of success. Here are some highlights: Language can unite (or divide) I think language is a huge, huge part of our cyber security problems faced right now. You can get people in a room, and they're using the same words, but meaning different things. They're not actually effectively making their world a better place. “Cyber” versus “information” security is something I talk about a lot. When you look at it, it's unhelpful to say, "Well that word doesn't mean what you think it does," and to kind of ostracize that set of thinking from your world view. If we can't socialize common language and figure out what the big picture looks like, we're going to have a tough time making progress. Securing your network vs. securing your business There's an important linguistic distinction between securing your network and securing your business. When we talk about language, your CFO or CEO, they don't care about their network. They really don't, nor should they. They want to keep producing the value they want to produce, and focus on the costs they're willing to invest in that. What you talk about, as an information security professional, should be focused on helping them produce that value. Whether or not somebody can get into your network on a Tuesday at 5 p.m. is potentially unimportant to their worldview, and the language that they use, and the things that they care about. The illusion of control I actually believe, to some extent, information security is a symptom. It's an outcome of a larger problem, as opposed to a causal factor. As information security professionals, by and large, we don't control our budget exposure; the kind of exposure to cyber security risk that we face is created largely outside of our span of influence. I think we have much less control than we think we do over the security of our environment. Unless we begin offloading it into the rest of the business, in a much more substantial and meaningful way than we have in the past—as we add lines to code, as we add complexity, as we add connectivity, and as we add consequence, as all of that escalates—it's going to be increasingly hard to even look like we're doing a particularly good job of keeping things secure and stable. Modeling people in your systems Unless you include the people, and how they behave—the decisions they make, what their psychological constraints are, what their cultural constraints are, their political and legal constraints are—in that conversation, in that threat model, then, you're not really actually modelling the security state, or the threats to your system. You're only modelling a piece of it, and there's only so far you can go in defending that, when you limit your scope like that. We can isolate ourselves and talk about trust perimeters, but the world doesn’t work that way. There’s something larger than the models we’ve used so far that’s at play.

O'Reilly Security Podcast - O'Reilly Media Podcast
Jack Whitsitt on the need to band together to make security better for everyone

O'Reilly Security Podcast - O'Reilly Media Podcast

Play Episode Listen Later Jun 8, 2016 24:13


The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.In this episode, I talk with Jack Whitsitt, senior strategist at EnergySec. We discuss the ways in which language can either divide or unite people and organizations, the illusion of control when it comes to security, and how any model or framework for security must include people in order to have any chance of success. Here are some highlights: Language can unite (or divide) I think language is a huge, huge part of our cyber security problems faced right now. You can get people in a room, and they're using the same words, but meaning different things. They're not actually effectively making their world a better place. “Cyber” versus “information” security is something I talk about a lot. When you look at it, it's unhelpful to say, "Well that word doesn't mean what you think it does," and to kind of ostracize that set of thinking from your world view. If we can't socialize common language and figure out what the big picture looks like, we're going to have a tough time making progress. Securing your network vs. securing your business There's an important linguistic distinction between securing your network and securing your business. When we talk about language, your CFO or CEO, they don't care about their network. They really don't, nor should they. They want to keep producing the value they want to produce, and focus on the costs they're willing to invest in that. What you talk about, as an information security professional, should be focused on helping them produce that value. Whether or not somebody can get into your network on a Tuesday at 5 p.m. is potentially unimportant to their worldview, and the language that they use, and the things that they care about. The illusion of control I actually believe, to some extent, information security is a symptom. It's an outcome of a larger problem, as opposed to a causal factor. As information security professionals, by and large, we don't control our budget exposure; the kind of exposure to cyber security risk that we face is created largely outside of our span of influence. I think we have much less control than we think we do over the security of our environment. Unless we begin offloading it into the rest of the business, in a much more substantial and meaningful way than we have in the past—as we add lines to code, as we add complexity, as we add connectivity, and as we add consequence, as all of that escalates—it's going to be increasingly hard to even look like we're doing a particularly good job of keeping things secure and stable. Modeling people in your systems Unless you include the people, and how they behave—the decisions they make, what their psychological constraints are, what their cultural constraints are, their political and legal constraints are—in that conversation, in that threat model, then, you're not really actually modelling the security state, or the threats to your system. You're only modelling a piece of it, and there's only so far you can go in defending that, when you limit your scope like that. We can isolate ourselves and talk about trust perimeters, but the world doesn’t work that way. There’s something larger than the models we’ve used so far that’s at play.

Down the Security Rabbithole Podcast
DtSR Episode 168 - Practical Enterprise Threat Intelligence

Down the Security Rabbithole Podcast

Play Episode Listen Later Nov 9, 2015 49:13


In this episode Rob & Liam discuss the practical applications of threat intelligence for today's enterprise We discuss what enterprise threat intelligence really is (and also what it isn't) We discuss the place of feeds, tools, processes and people in the mechanics of the program We discuss the need to conduct a program-based intelligence approach for the enterprise Guests Liam Randall ( @hectaman ) - With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained over 1000 students on advanced incident response with a focus on leveraging the open source Bro Platform.  https://www.linkedin.com/in/hectaman Robert M. Lee ( @RobertMLee ) - Robert M. Lee is the founder and CEO at Dragos Security LLC where he helped design and build CyberLens - a cyber situational awareness software tool for critical infrastructure networks. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year. https://www.linkedin.com/in/robert-m-lee-b2096532

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Episode 31

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Sep 19, 2013 50:05


Episode 0x31 Tinfoil Hats for EVERYONE Short paragraph containing introductory material and a thanks to listeners (if reasonable) Upcoming this week... Lots of News Paranoia / NSA SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Fingerprints as passwords: New iPhone Touch ID Skipping Ben's turn because he's really impressed about upcoming stories. Certification WTF: Payment Card Industry Professional (PCIP) WordPress < 3.6.1 PHP Object Injection Paranoia / NSA -- AKA "The BIG Breech of 2013" The NSA is a customer of VUPEN NIST says maybe don't use the ECC random bit thingie Wireless firms agree to give Ottawa ability to monitor calls, phone data No telco ever challenged NSA data collection New NSA Leak Shows MITM Attacks Against Major Internet Services EZpass is tracking you NSA Hacks Belgium NSA slurped bank records and credit card data Canada handed over control of crypto standard setting to the NSA NSA phone program is all legit FISA courts joining the FOIA party late SCADA / Cyber, cyber... etc Today Cyber means War but back in the 1990s... Hacker Group in China linked to big cyber-attacks Brazil and Argentina make a cyber pinkie pact DERP Anonymous Cop Pens Bizarre Editorial Calling for 'End of Anonymity on the Internet,' Says All Internet Posters Should be Forced to Register with the Government for 'Public Safety' Twitter does link scraping PERMANENT DERP AWARD: At this point, the award goes to all of us chumps who continue to let the people we elected stay elected. They have violated our trust. Mailbag and/or Deep Dive Hey LSD-P I hope that you remember to check your dead-drop and got this coded message. I need to know what I should do to ensure that the winners of popularity contests do not have too much insight into my private life. It's not that I have anything to hide, just that they do not need any more access than a judge would permit them. Nervously,Your Friend Briefly -- NO ARGUING OR DISCUSSION ALLOWED Crypthook ShmooCon CFP - Pay attention to the Proceedings Binary Risk Assessment FreedomBox The First Few Months of Penetration Testing: What they don't teach you in School - Alex Fernandez-Gatti MOV is turing complete Meredith Patterson at 28c3 - The language of insecurity SimpleRisk: Enterprise Risk Management Simplified Browser fuzzing: introducing bamboo.js Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor. And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, bSidesTO, SecTor and Hackfest, Panelist at SecTor (twice) Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... And will be speaking at SecTor Wil: - Getting playa out of his areas... But will be at SecTor Other LSD Writers: - Chris Sistrunk speaking at EnergySec right now. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! SecTor 2013 Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: oh jeremiah!!! Creative Commons license: BY-NC-SA

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Briefing 003

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Sep 16, 2013 17:47


Episode  -- SB003 Thrice is NICE Super hackers, spies and a couple of old guys. Welcome to the third installment of the Security Briefing. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Argentina arrests teen hacker who netted $50,000 a month NSA gets data from Germany’s domestic security agency - reports HOST Has An Opinion Exam Protection. Really. CISSP issues. :) because Dave can't talk about it Parting Notes -- a few one-liners... Firewall Management Essentials: Change Management The end of kindness: Weev and the cult of the angry young man The Road Warrior's Lament: In Search Of The Perfect Carry-On Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances:  -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Speaking at Deepsec in Austria and maybe bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Briefing 002

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Sep 10, 2013 13:18


Episode  --  SB002 Twice is Nice Here's another week of the Liquidmatrix Briefing. Dave figured out that things work better when he has minions. Stay tuned for the regular gang of fools doing the full round-table - we accept our erratic nature. And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News Briefs Vulnerability bureaucracy: Unchanged after 12 years Crypto prof asked to remove NSA-related blog post ZMap: Fast Internet-wide Scanning and Its Security Applications (22nd USENIX Security Symposium) Downloading ZMap Dave Has An Opinion It's time to plan to fail. Parting Notes  --  a few one-liners... Republic of India has published all of their standards, including Infosec... and ISO 27000 series - for FREE Safe and Secure Online - Internet Safety for Kids from (ISC)^2 Installing Dropbox? Prepare to lose ASLR. "Here Be Dragons", Keeping Kids Safe Online Liquidmatrix Staff Projects  --  gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES)  and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances:  --  more gratuitous self-promotion Dave:  -  Attending Derbycon, HITB Malaysia and bsidesTOspeaking at Security Congress in Chicago, Deepsec in Austria. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James:  -  Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben:  -  Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt:  -  Still on his honeymoon... Wil:  -  Getting playa out of his areas... Other LSD Writers:  -  Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising  -  pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value). SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Creative Commons license: BY-NC-SA

Liquidmatrix Security Digest Podcast
Liquidmatrix Security Digest Podcast - Episode 30

Liquidmatrix Security Digest Podcast

Play Episode Listen Later Sep 9, 2013 42:58


Episode 0x30 Getting the band back together... Because you know, it *IS* a weekly podcast afterall. Upcoming this week... Lots of News Kittens SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary TOR crypto might not be all that CSEC Commissioner: Canadians May Have Been Illegally Targeted in Surveillance Activities Canadian Universities Navigate Learning Curve for New Copyright Rules SCADA / Cyber, cyber... etc Speculation on Bullrun (more NSA funtime) Zee germans say the NSAs can hack our berries and iThingies DERP Parallels pulls head into ass and just keeps pulling HP laptops comes with built in audio eavesdropping feature Mailbag Hi LSD People I'd like to be able to cross borders digitally naked. Do you have any suggestions for someone who doesn't want to have his data "reviewed for my pleasure"? Thanks, Naked Computer Nerd Ben has some ideas... and honestly, it should be pretty easy to run with some of the less esoteric ideas? Briefly -- NO ARGUING OR DISCUSSION ALLOWED Watch this video of a "drone's eye view" of Burning Man and look for Wintr MDM for free yaknow. Don't succumb to security nihlism Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances:  -- more gratuitous self-promotion Dave: - Attending Security Congress in Chicago, Derbycon, HITB Malaysia, Deepsec in Austria, and bsidesTO. Panelist at SecTor (twice). And finally speaking at Hackfest in Quebec City. James: - Speaking at Derbycon, SecTor and Hackfest, Panelist at SecTor (twice), and either attending or speaking at bSidesTO Ben: - Panelist (with Dave, James and Mike Rothman) for SecTor 2013's return of the (canadian) fail panel Matt: - Still on his honeymoon... he's appearing in the materimonial chamber Wil: - Getting playa out of his areas... Other LSD Writers: - Chris Sistrunk speaking at EnergySec in a couple of weeks. Advertising - pay the bills... Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: I'm in vegas for my honeymoon - we figured why not after the Elvis wedding Creative Commons license: BY-NC-SA

Down the Security Rabbithole Podcast
DtR Episode 23 - Guest: Patrick C. Miller - Energy Sector, SmartGrid and Resiliency

Down the Security Rabbithole Podcast

Play Episode Listen Later Sep 24, 2012 41:38


Synopsis Today's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems that maintain life as we know it.  The power grid is not only surprisingly vulnerable due to it's age-old infrastructure, but also surprisingly resilient due to the complex nature of power distribution and generation... there's just a lot more to it than most people realize. Patrick separates fact from fiction and goes into the pragmatic approach on national electric grid security - where we realize that it's really worse than we believed from a cyber security perspective, but better than we know because as you read this the electric grid is under constant attack, but it's still transmitting clean power. I urge you to listen to this podcast, and then engage Patrick (@PatrickCMiller) or I in discussion...  Guest Patrick C. Miller -  President & CEO of EnergySec Principal Investigator of National Electric Sector CyberSecurity Organization (NESCO) Links: NESCO - US Dept. of Energy (DoE) Office of Electricy Delivery & Energy Reiliability - http://energy.gov/oe/services/cybersecurity/nesco EnergySec - A 501(c)(3) not-for-profit organization formed to support organizations within the energy sector in securing their critical technology infrastructures -  http://www.energysec.org/