POPULARITY
In this episode of the Security Visionaries podcast, host Bailey Harmon interviews Dan Whittingham, Enterprise Security Architect for Cyber Tooling at Rolls-Royce. Dan shares his extensive experience navigating the complex landscape of global compliance standards in the defense and aerospace industry. They discuss key regulations like Cyber Essentials Plus, NIST 2, ERSA, and CMMC, the challenges of balancing compliance with business needs, and Dan's advice for other security leaders. Tune in to hear insights on managing regulations, communicating with leadership, and the future of security in the age of AI.
Introducing the Georgia Tech Whistleblowers.In this episode, the whistleblowers explain how they tried to stop Georgia Tech from allegedly LYING to the government about their NIST 800-171 compliance and what they have faced since they blew the whistle!Whistleblower attorney Julie Bracker also shares what could come next and how much Georgia Tech may have to pay out!Here are a few highlights from this episode:Hear directly from the whistleblowers in this False Claims Act caseDetails on the "Fictitious" NIST 800-171 SPRS ScoreHow much money Georgia Tech might have to payRecommendations to universitiesAdvice for other whistleblowersBoth of the whistleblowers have a long history with Georgia Tech and truly care for the institution.Christopher Craig has worked at Georgia Tech for more than 20 years. He was the Associate Director of Cybersecurity where he managed all central cyber security personnel and built the GRC team until Georgia Tech demoted him to an Enterprise Security Architect.Kyle Koza worked at Georgia Tech for more than 15 years until he left his role as a Principal Information Security Engineer in 2022. He got his bachelor's and master's degrees from Georgia Tech and also co-wrote and still teaches a security incident response master's degree course at the university.I thought Christopher's recommendation (24:37) for universities to centralize their labs was excellent!How can a university expect to maintain its NIST / CMMC compliance if multiple labs are built and managed by different teams who may not even be familiar with the NIST 800-171 security controls?I also loved hearing Chris tell us about the support he has received from the cyber community (38:00)! Who in cyber doesn't want to do the right thing? I would like to think those with bad intent are an extremely small percentage.Special thanks to Christopher and Kyle for sharing their stories with us, and to Julie Bracker for coordinating this interview!Follow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/Bracker & Marcus LLC Website: https://www.fcacounsel.com/-----------Thanks to our sponsor Vanta!Want to save time filling out security questionnaires?Register for Vanta's upcoming webinar on Questionnaire Automation here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e31&utm_campaign=courses
Topping interviews Jimmy Ford who is an Enterprise Security Architect at Envision Healthcare. From joining the Navy to become a engineer on a nuclear submarine to joining cutting edge technology manufacture to getting into IT healthcare. Also learn about Jimmy's hobbies from High Performance Drivers Experience track days to buying and shooting suppressed firearms, and shooting competitively.Topping Talks is Sponsored by Topping Technologies & ExpressVPN. Protect your online privacy https://www.xvuslink.com/?a_fid=toppi... also if your business needs IT assistance you can reach Topping Technologies at sales@toppingtechnologies.comFollow Topping on Twiitter-https://twitter.com/NicTopping
In this episode of the Arraya Insights Podcast, our panel of cybersecurity experts discuss the impact that AI and LLMs will have on security, both good and bad, from digital assistants to deepfakes. Hosted by Scott Brion, Director, Cyber Security, this episode's panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant.
In this episode I head out to The Unicorn Tavern in Grand Haven, Michigan to talk Network Segmentation with Steve Barnes and Tyler Adams. Steve is an Enterprise Security Architect for Fortinet and Tyler is a Information Security Analyst for Corewell Health.Talking Points:How has Network Segmentation changed in 2023?Who is responsible? Is that team being supported enough?How are you compartmentalizing things?Should you separate your IT and your OT?Does network segmentation make it easier to start a deception campaign?How can you get business buy it to make this happen?Episode Sponsor:This episode is sponsored by Fortinet. Fortinet is a Network Security Solutions company based out of Sunnyvale California.Episode Charity:Part of the sponsorship fees from this episode will be going to the Alex's Saints charity. Alex's Saints Foundation works to provide life-changing emotional and financial assistance to young adults who struggle with substance use disorder, while empowering long-term recovery.Editor's Note:A quick note about the charity comment in the episode. I mistakenly confused the topic of the charity we are working this month to one I am looking into. Alex's Saints is not a suicide prevention organization. My sincerest apologies for the confusion.
In this episode of the Arraya Insights Podcast, our panel kicks off Cyber Security Awareness Month with a roundtable on all things security. They touch on CISA's theme for 2022: See Yourself in Cyber, and the guidance the organization is focusing on this year. The discussion covers the current threat landscape, data loss prevention, the challenges of balancing security with the user experience, and how the concepts of zero trust and proactive security are working, including top tactics organizations should focus on implementing now. Hosted by Scott Brion, Director, Cyber Security, this episode's panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant.
Digital transformation has become an essential step for businesses looking to advance in their industry and remain competitive. For the many businesses who are considering or have already started their migration to the cloud, the journey doesn't stop there. The next phase, the application modernization process, is where the true benefits of digital transformation lie. A main consideration when embarking on the app modernization journey is security. Every business has a certain security model that will need to be enforced and often reported on for compliance, among other reasons. Without an OS, engineers need to reevaluate how to secure their applications. In this episode of the Arraya Insights podcast, Chris Bovasso, Director of Application Services, and Mike Piekarski, Enterprise Security Architect, discuss the security implications and considerations of the application modernization process. They highlight that when it is done correctly, not only can businesses maintain their security posture, they can do so better and more efficiently.
Who wouldn't love a cyber security silver bullet? Something guaranteed to stop attackers in their tracks. Unfortunately, the reality on the ground is far more complex. What works for one organization may not work for another. This is true not only of the solutions needed to build out a cyber security posture, but of the people tasked with making sure those tools live up to the hype. For some organizations, the best approach to the all-important people side of security is building a robust in-house team of cyber security experts. For others, it makes more sense to lean on outside expertise in the form of a managed services provider. Others may even decide the right solution is a combination of the two. This episode of the Arraya Insights podcast covers the challenges and complexities of managing and running an effective cyber security program and how, for some organizations, a Managed Security Service Provider (MSSP) can provide significant value. Hosted by Scott Brion, Director, Cyber Security, this episode's panel includes Mike Piekarski, Enterprise Security Architect, and Dan Abbondi, Managed Services Practice Director.
Gościem sto drugiego odcinka podcastu Rozmowa Kontrolowana jest Enterprise Security Architect, Kamil Bączyk. Odwiedź stronę podcastu pod adresem live.zaufanatrzeciastrona.pl, zapisz się do newslettera i otrzymuj powiadomienia o nowych odcinkach Rozmowy Kontrolowanej.Podcast jest dostępny:w serwisie Spotifyw serwisie Apple Podcastsw serwisie Google Podcastsw formie RSSjako playlista YoutubeOdcinek w wersji wideo można obejrzeć poniżej:Wersja audio do odsłuchania jeszcze niżej.… Czytaj dalej The post Odcinek 102 – Enterprise Security Architect, Kamil Bączyk first appeared on Zaufana Trzecia Strona.
In this episode of the Arraya Insights Vodcast, our panel discusses the importance of endpoint security in today's "New World of Work". Now that users are more connected to their business networks from their homes than ever before, what can and should be done to protect home networks? And should organizations have a say in how those networks are configured? Our panel tackles these questions as well an array of topics, including endpoint protection, network security, multi-factor authentication, securing VPNs, zero trust, micro-segmentation, and more. Hosted by Scott Brion, Director, Cyber Security, this episode's panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant.
In this episode of the Arraya Insights Vodcast, our panel discusses cyber security considerations for 2022. They touch on the major breaches from 2021 and the impact they've had on organizations heading into the new year, as well as what could be coming in 2022. Topics include cyber insurance, micro-segmentation, zero trust, cyber resilience, configuration management, and more. Hosted by Scott Brion, Director, Cyber Security, this episode's panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant.
Vince discusses risk ownership as a foundation for cyber professionals
Learn about common attacks against online accounts, ways to protect your accounts against malicious actors, and the next generation of Identity standards and application architecture. About the speaker: Rob Mundt, is an Enterprise Security Architect at Eli Lilly and Company focused on the identity domain. Rob has been at Lilly for 18 years with a majority of that time focused on information security. Rob graduated from Purdue University in 2001 with a degree in Computer Technology with a focus on Telecommunications and Networking. Rob is a proud father of two children, and avid golfer, and a die-hard Cubs fan.
In this episode, we'll hear from Wayne Anderson, Enterprise Security Architect at McAfee and Dan Flaherty from the cloud security product team speak on a wide range of topics from upcoming technology trends in the market, to adversarial machine learning, cloud models for security, and a look back at the RSA conference.
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-A-Journey-To-Protect-POS-UPDATED.pdf A Journey to Protect Points-of-sale Nir Valtman ENTERPRISE SECURITY ARCHITECT, NCR RETAIL Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done in order to minimize this threat. During this presentation, I will explain the long journey took me to understand how to mitigate it, while walking through the concepts (not exposing vendor names) that don’t work and those that can work. Nir is employed in NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as co-founder and CTO in his start-up company, Crowdome. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D in the company. As part of his previous positions in the last decade, he was working as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personalinternal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and written a publication about QRbot, an iPhone QR botnet POC he developed. Nir have a BSc in computer science but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
Slides Here; https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Bug-Bounty-Programs-Evolution.pdf Extra Materials are available here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Extras-Bug-Bounty-Programs-Evolution.zip Bug Bounty Programs Evolution Nir Valtman ENTERPRISE SECURITY ARCHITECT Bug bounty programs have been hyped in the past 3 years, but this concept was actually widely implemented in the past. Nowadays, we can see big companies spending a lot of money on these programs, while understanding that this is the right way to secure software. However, there are lots of black spots in these programs which most of you are not aware of, such as handling with black hat hackers, ability to control the testers, etc. Henceforth, this presentation explains the current behaviors around these programs and predicts what we should see in the future. Nir is employed by NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as co-founder and CTO in his start-up company, Crowdome. Before the acquisition of Retalix by NCR, Nir was the Chief Security Officer of R&D in the company. As part of his previous positions in the last decade, he has worked as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant and a Technological Trainer. While in these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing, and development for personalinternal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and has written a publication about QRbot, an iPhone QR botnet POC he developed. Nir has a BSc in computer science, but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.
On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWASP. The audio recording is a bit raw because the sound was cranked up in a conference full of people. What Jonathan has to say should more than compensate. About Jonathan Carter Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director.
Today’s show is Michael interviewing Kevin Riggins. Kevin is an Enterprise Security Architect for a Fortune 500 financial services company. Kevin and Michael have some [...]