POPULARITY
RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal's massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today's Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your company…with a fat joke. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Dan explains how businesses can build trust by aligning technical operations with legal obligations—what he calls “say what you do, do what you say.” They explore U.S. state privacy laws, global data transfer regulations, AI compliance, and the role of privacy-enhancing technologies. You can hear David and Daniel's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading RSA Conference 2025 Announcements Summary (Day 1) (SecurityWeek) ISMG Editors: Day 1 Overview of RSAC Conference 2025 (GovInfo Security) ProjectDiscovery Named “Most Innovative Startup” at RSAC™ 2025 Conference Innovation Sandbox Contest (RSAC) Krebs: People should be ‘outraged' at efforts to shrink federal cyber efforts (The Record) NSA, CISA top brass absent from RSA Conference (The Register) Power Is Restored in Spain and Portugal After Widespread Outage (New York Times) DOGE employees gain accounts on classified networks holding nuclear secrets (NPR) New Framework Targets Rising Financial Crime Threats (GovInfo Security) The Age of Realtime Deepfake Fraud Is Here (404 Media) The one interview question that will protect you from North Korean fake workers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Quantum computing is an entirely new way of processing information, and it has the power to solve extremely difficult computational problems much more quickly than binary computers. As the technology continues to advance, the latest episode of the ABA Banking Journal Podcast — sponsored by Intrafi's Banking with Interest — explores how payments and banking might be affected by the technology. Among other topics, the episode addresses: Applications for quantum computing in liquidity management and other complex payment and settlement chains. The risks quantum computing poses to current encryption technology and the timeframe over which current encryption might be compromised. The emergence of “quantum-safe cryptography.” The risk of decryption quantum computing poses to data harvested in past breaches. Emerging regulatory expectations for quantum computing-related risk management. This episode is presented by Intrafi's Banking with Interest. Resources: Nacha's report on quantum computing and payments FS-ISAC podcast on post-quantum cryptography
Brandon Karpf sits down with Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, to discuss the white paper Building Cryptographic Agility in the Financial Sector. Authored by experts from FS-ISAC's Post-Quantum Cryptography Working Group, the paper addresses the vulnerabilities posed by quantum computing to current cryptographic algorithms. It provides financial institutions with strategies to safeguard sensitive data and maintain trust as these emerging threats evolve. Discover the challenges and actionable steps to build cryptographic agility in this insightful conversation. Learn more about your ad choices. Visit megaphone.fm/adchoices
ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned. Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines) Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek) Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine) Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer) Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups' disinformation campaigns. California's Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today's threat landscape” here. Selected Reading Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times) Criminal-favored Ghost messaging app busted, owners arrested (Cybernews) Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post) California governor signs laws to crack down on election deepfakes created by AI (Associated Press) Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines) iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes) Deterrence in cyberspace is possible — and ‘urgent' — amid ‘alarming' hybrid attacks, State cyber ambassador says (CyberScoop) New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices
Guest: Cameron Dicker, Director of Global Business Resilience at FS-ISAC [@FSISAC]On LinkedIn | https://www.linkedin.com/in/cameron-dicker-74804959/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Cameron Dicker, the Director of Global Business Resilience at FS-ISAC (Financial Services Information Sharing and Analysis Center). The discussion delves into the critical role of FS-ISAC in enhancing business resilience within the financial services sector.Cameron Dicker provides insights into the extensive global program he oversees at FS-ISAC, focusing on conducting exercises for members and fostering a community of practitioners in risk, resilience, crisis management, and business continuity. The organization serves as a platform for members to share experiences, assess risks, and collaborate on addressing operational challenges collectively.The conversation expands to highlight the unique positioning of FS-ISAC as a global node network, comprising over 5,000 member organizations across 75 countries. The organization's pillars of intelligence, resilience, and security work in unison to collect, analyze, and disseminate valuable information to bolster members' resilience and security measures.Furthermore, Sean and Cameron discuss the increasing challenges posed by third-party services in the financial sector, emphasizing the need for standardized reporting practices among multinational banks. The episode underscores the importance of continuous learning and adaptation in response to evolving cybersecurity threats.The episode includes a call to action for increased engagement within the FS-ISAC community, encouraging members to actively participate in discussions and initiatives aimed at strengthening the sector's resilience to cybersecurity challenges. Through a blend of real-world insights and strategic foresight, the episode offers a comprehensive overview of the vital role played by FS-ISAC in safeguarding the financial services industry against emerging cyber threats.Top Questions AddressedWhat are the challenges posed by third-party services in the financial sector?How does FS-ISAC foster global collaboration among members?What role does intelligence sharing play in bolstering business resilience within the financial services sector?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Cameron Dicker, Director of Global Business Resilience at FS-ISAC [@FSISAC]On LinkedIn | https://www.linkedin.com/in/cameron-dicker-74804959/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Cameron Dicker, the Director of Global Business Resilience at FS-ISAC (Financial Services Information Sharing and Analysis Center). The discussion delves into the critical role of FS-ISAC in enhancing business resilience within the financial services sector.Cameron Dicker provides insights into the extensive global program he oversees at FS-ISAC, focusing on conducting exercises for members and fostering a community of practitioners in risk, resilience, crisis management, and business continuity. The organization serves as a platform for members to share experiences, assess risks, and collaborate on addressing operational challenges collectively.The conversation expands to highlight the unique positioning of FS-ISAC as a global node network, comprising over 5,000 member organizations across 75 countries. The organization's pillars of intelligence, resilience, and security work in unison to collect, analyze, and disseminate valuable information to bolster members' resilience and security measures.Furthermore, Sean and Cameron discuss the increasing challenges posed by third-party services in the financial sector, emphasizing the need for standardized reporting practices among multinational banks. The episode underscores the importance of continuous learning and adaptation in response to evolving cybersecurity threats.The episode includes a call to action for increased engagement within the FS-ISAC community, encouraging members to actively participate in discussions and initiatives aimed at strengthening the sector's resilience to cybersecurity challenges. Through a blend of real-world insights and strategic foresight, the episode offers a comprehensive overview of the vital role played by FS-ISAC in safeguarding the financial services industry against emerging cyber threats.Top Questions AddressedWhat are the challenges posed by third-party services in the financial sector?How does FS-ISAC foster global collaboration among members?What role does intelligence sharing play in bolstering business resilience within the financial services sector?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
The Pentagon unveils its cybersecurity roadmap. A major Massachusetts health insurer reveals a massive data breach. Hot Topic reports credential stuffing. Cisco warns of password spraying targeting VPNs. The FS-ISAC highlights the risk of generative AI to financial institutions. The FEC considers efforts to combat deceptive artificial intelligence. A look at Thread Hijacking attacks. Guests Linda Gray Martin and Britta Glade from RSA Conference join us to discuss what's new and what to look forward to at this year's big show. Plus my conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, with insights on their recent Notice of Proposed Rulemaking. And Baltimore's tragic bridge collapse lays bare the degeneration of X-Twitter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Linda Gray Martin, Senior Vice President for Operations, and Britta Glade, Vice President for Content and Curation, join us to discuss what's new and what to look forward to at RSA Conference 2024. This year's theme is the Art of Possible. Also joining us is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, sharing their CIRCIA Notice of Proposed Rulemaking. Selected Reading Pentagon lays out strategy to improve defense industrial base cybersecurity (The Record) Massachusetts Health Insurer Data Breach Impacts 2.8 Million (SecurityWeek) American fast-fashion firm Hot Topic hit by credential stuffing attacks (Security Affairs) Cisco Warns of Password Spraying Attacks Exploiting VPN Services (Cybersecurity News) AI abuse and misinformation campaigns threaten financial institutions (Help Net Security) Federal Elections Commission Considers Regulating AI (BankInfo Security) Thread Hijacking: Phishes That Prey on Your Curiosity (Krebs on Security) The slow death of X-Twitter is measured in disasters like the Baltimore bridge collapse (Vox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
On this latest episode of FinTech's DEI Discussions, Nadia is joined by Rebecca Gibergues, Executive Director, EMEA at FS-ISAC.In this episode, Rebecca discusses her journey to FS-ISAC following a personal experience with cybercrime and highlights the collaborative efforts of the organization in addressing cybersecurity challenges.Rebecca emphasises the importance of dispelling stereotypes in cybersecurity and promoting diversity from a young age. She shares insights from her involvement in mentoring programs aimed at encouraging girls to pursue careers in cybersecurity.Explore FS-ISAC's Women in Cyber Scholarship for young individuals seeking to enhance their cybersecurity expertise:https://www.fsisac.com/scholarships
Mike Silverman has a unique blend of a business and technology background, with 20 years of experience in strategic, technological, financial, and change management leadership across many industries, primarily in Financial Services and Software. He enables firms to innovate, scale, and transform through increasing productivity, reducing costs, and streamlining processes and operations. Mr. Silverman was previously the Global Head of Enterprise Technology Strategy at FIS, the world's largest Financial Technology Company. Prior to that, he was a management consultant focusing on Corporate & IT Strategy, CxO Advisory, Merger & Acquisition Integration, Business Process Re-engineering, and more, and has held other roles in innovation and development.Mike has an MBA with specializations in Strategy, Finance, and Leadership & Change Management; and a BSE in Computer Engineering, Cum Laude with Departmental Honors.In this interview, Mike shares with the audience highlights of the FS-ISAC (financial services information sharing and analysis centre) APAC Summit 2023 – in particular, on two themes: Artificial Intelligence and Quantum Technology.Recorded 3rd August 2023, U.S. PST 6.am. SGT 9pm.
Vijay Balasubramaniyan is Co-Founder, CEO & CTO of Pindrop. He's held various engineering and research roles with Google, Siemens, IBM Research and Intel.Vijay holds patents in VoIP security and scalability and he frequently speaks on phone fraud threats at technical conferences, including RSA, Black Hat, FS-ISAC, CCS and ICDCS. Vijay earned a PhD in Computer Science from Georgia Institute of Technology. His PhD thesis was on telecommunications security.00:00 Introduction01:04 What is voice security? 03:26 Deep fake attacks against call centers06:44 Protecting against voice attacks09:09 How good is the tech? 12:15 How good are the criminals? 15:01 The challenge of humans being helpful17:09 What size should protect against voice attacks? 21:04 Predicting the speed of the spaceAdvertiser:https://www.alinea-partners.com/https://supportadventure.com/MSPRadio/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:Facebook: https://www.facebook.com/mspradionews/Twitter: https://twitter.com/mspradionews/Instagram: https://www.instagram.com/mspradio/LinkedIn: https://www.linkedin.com/company/28908079/
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Distributed Denial of Service (DDOS) prevention with CyberWire Hash Table guests Steve Winterfeld, Akamai's Field CSO, and Jim Gilbert, Akamai's Director Product Management, and Rick Doten, the CISO for Healthcare Enterprises and Centene. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083. Azure Network Security Team, 2023. 2022 in review: DDoS attack trends and insights [Website]. Microsoft Security Blog. URL https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/ Howard, R., 2014. Fatal System Error [Book Review]. Cybersecurity Canon Project. URL https://icdt.osu.edu/fatal-system-error Mashable, 2019. The World's First Cyber Crime: The Morris Worm [KERNEL PANIC] [Video]. YouTube. URL https://www.youtube.com/watch?v=o2dj2gnxjtU (accessed 8.8.23). Montgomery, D., Sriram, K., Santay, D.J., 2022. Advanced DDoS Mitigation Techniques [Website]. NIST. URL https://www.nist.gov/programs-projects/advanced-ddos-mitigation-techniques. Schomp, K., Bhardwaj, O., Kurdoglu, E., Muhaimen, M., Sitaraman, R.K., 2020. Akamai DNS: Providing Authoritative Answers to theWorld's Queries [Conference Paper]. Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. URL https://groups.cs.umass.edu/ramesh/wp-content/uploads/sites/3/2020/07/sigcomm2020-final289.pdf Sparling, C., Gebhardt, M., 2022. The Relentless Evolution of DDoS Attacks [Blog]. Akamai Technologies. URL https://www.akamai.com/blog/security/relentless-evolution-of-ddos-attacks. Staff, January 2023. The Evolution of DDoS: Return of the Hacktivist [Akamai White Paper]. FS-ISAC. URL https://www.fsisac.com/akamai-ddos-report. Staff , 2023. 2023 The Edge Ecosystem [White Paper]. AT&T Cybersecurity. URL https://cybersecurity.att.com/resource-center/infographics/2023-securing-the-edge. Winterfeld, S., 2023. Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days [Website]. Akamai Technologies. URL https://www.akamai.com/blog/security/ransomware-on-the-move-evolving-exploitation-techniques Radware, 2012. DNS Amplification Attack [Video. YouTube. URL https://www.youtube.com/watch?v=xTKjHWkDwP0 Chickowski, E., 2020. Types of DDoS attacks explained [Website]. AT&T Cybersecurity. URL https://cybersecurity.att.com/blogs/security-essentials/types-of-ddos-attacks-explained Nilsson, J., 2010. The Book of Numbers: A History of the Telephone Book [Website]. The Saturday Evening Post. URL https://www.saturdayeveningpost.com/2010/02/book-numbers
Wes Spencer is VP and Channel Chief for FifthWall Solutions, one of the largest cyber insurance brokers in the country. He has served as a senior executive and advisor from Fortune 500 to funded startups and was awarded the 2020 Cybersecurity Educator of the Year by the Cybersecurity Excellence Awards. He has served on multiple advisory committees with distinguished organizations such as American Banker, Sentinel One, and FS-ISAC., and currently serves on the Department of Homeland Security AIS advisory committee. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
Interview with Errol Weiss, Chief Security Officer, Health Information Sharing & Analysis Center (H-ISAC).Errol has over 25 years of experience in Information Security. He began his career with NSA conducting vulnerability analyses and penetrations of highly classified US Government systems and then spent ten years with consulting firms delivering information security services such as Managed Security Services, Security Product Implementations and Secure Network Designs for Fortune-100 companies. In 1999, Errol was a key member of the team responsible for the creation, implementation and operation of the Financial Services ISAC. He's one of the four named inventors on the patent for Trusted and Anonymous Information Sharing. Errol was with Citigroup from 2006 to 2016 where he created and ran the Cyber Intelligence Center, a global organization that provided actionable intelligence to thousands of end-users across the entire enterprise. From 2016 to 2019, Errol was a Senior Vice President with Bank of America's Global Information Security team where he ran the global Cyber Threat Intelligence team. During his time with Citi and Bank of America, Errol was an active user of FS-ISAC. He served on the FS-ISAC board of directors for six years, was on the FS-ISAC Threat Intelligence Committee for 10 years and volunteered on several industry committees. Errol has a M.S. in Technical Management from Johns Hopkins University and a B.S. in Computer Engineering from Bucknell University. In this interview, held a day after the conclusion of the inaugural APAC Health-ISAC Summit held in Singapore, Errol shared his insights on APAC cyber threats and defenses in the health sector. Highlighting the Health-ISAC Executive Summary Annual Threat Report 2023 “Current and Emerging Healthcare Cyber Threat Landscape”, Errol also noted the evolution of ransomware threat actors and motivations, since the 2016 WannaCry ransomware that hit the U.K. Health sector with significant impacts. He also shared his perspectives on the changing cybersecurity landscape, including cyber defense postures, the level of awareness at the board level, and regulations such as mandatory breach reporting, over the last decade. Errol also touched on the increased sophistication of social engineering threats potentially posed by ChatGPT, flagged as a concern at the summit. Errol wrapped up the interview with a short introduction to Health-ISAC (Information Sharing and Analysis Centre), and the membership scope and services. Recorded 10am, 24th March 2023, Resort World Sentosa Singapore.More information on www.h-isac.org
In this episode of The Gate 15 Interview, Andy Jabbour visits with Josh Poster, Intelligence and Analysis Operations Manager for Auto-ISAC. In that role, Josh also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long-time leader in the ISAC and homeland security communities. ‘Preparation is prevention' - Josh Poster ‘Everyone has a plan until they get punched in the mouth.' – Mike Tyson In the discussion we address: Josh's background and current position Developing trust, the importance of relationships and how those relate to both Auto-ISAC and broader, cross-sector and private-public information sharing Building confidence through preparedness We name drop longtime National Council of ISACs leaders Health ISAC's Denise Anderson, IT-ISAC's Scott Algeier, and Comms ISAC's Joe Veins, as well as Bob Kolasky, formerly Assistant Director the Cybersecurity and Infrastructure Security Agency (CISA) and now Exiger's Senior Vice President of Critical Infrastructure. We also talk about the very valued Auto-ISAC Executive Director, Faye Francy. The Gate 15 Interview EP 28: Talking election security, tea and baseball, with Scott Algeier Bob Kolasky - How the Cyber Risk Landscape Changed in 2022 – and What's in Store for 2023 Companies recognizing bottom-line impact will spend more on cybersecurity, 13 Jan 2023 The cyber threats facing the automotive industry Fishing, Rainbow Trout, BMX and more! ‘Every single one of our members has a global presence' - Josh Poster A few references mentioned in or relevant to our discussion include: Automotive Information Sharing And Analysis Center (Auto-ISAC) National Council of ISACs (NCI) Josh was also a guest on the podcast in September 2022: The Gate 15 Interview: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC! Plus, background! shout-outs!! favorite movies, tigers, and more!!! BBC, Industrial espionage: How China sneaks out America's technology secrets, 17 Jan 2023 FEMA National Level Exercises and Cyber Storm ENISA: The European Union Agency for Cybersecurity Japanese Auto-ISAC WIRED: Hackers Remotely Kill a Jeep on the Highway—With Me in It, 21 July 2015 WIRED: The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse, 01 Aug 2016
User-permissioned financial data is becoming a bedrock of fintech innovation. Ever since Plaid came on the scene and enabled us to connect our bank accounts to other financial institutions, consumers have appreciated the advantages of this concept. But what the industry has really needed is an independent standard for this data sharing.My next guest on the Fintech One-on-One Podcast is Don Cardinal, the Managing Director of the Financial Data Exchange (FDX). This non-profit organization has created a common standard for the secure and convenient access of permissioned consumer and business financial data.In this podcast you will learn:What attracted Don to the opportunity at Financial Data Exchange.Don's work at FS-ISAC and what that organization does.The original vision for FDX and how it has evolved today.The state of open banking in the US today.The five core principles of financial data that FDX adheres to.Details of the FDX API standard they have developed.How that interfaces to the work that Plaid is doing.How the authentication of credentials works.Why biometric authentication is so much better than passwords.Some of the big names who are members are FDX.How they balance the different perspectives of banks, fintechs and consumer groups.The connection between FDX and the Open Financial Exchange (OFX).How they keep their own technology updated.Don's vision for the future of open finance.
Teresa Walsh leads the FS-ISAC's Global Intelligence Office (GIO) to protect the financial sector against cyber threats by delivering actionable strategic, operational, and tactical intelligence products. Based in the United Kingdom, she oversees FS-ISAC's global member-sharing operations and a team of regional intelligence officers and analysts who monitor emerging threats. Teresa began her career as a civilian intelligence analyst with the US Naval Criminal Investigative Service (NCIS) and holds a master's in political science with a focus on international relations from the University of Missouri-Columbia. In this interview, Teresa shares with us her work as a GIO and provides insights into the differences between traditional intelligence and cyber intelligence as well as which industry adjusts swiftly in alleviating risks than others. Last but not least, she also offers advice to those who would like to become an intelligence practitioner. 0:00 Welcome! 01:45 Tell us a bit about yourself! 02:54 What is it like to wake up with information coming from worldwide? 05:18 What is it like to work in the intelligence industry? 07:52 What is the biggest challenge for getting the traditional SOC team to think differently about the intelligence and use it versus jamming millions of IPs into a tip? 14:47 How much intelligence is derived/propagated from OSINT? 18:41 Are there any industries evolving faster in mitigating risks than the others? 20:51 Do you use any specific tools to gather intel? 23:03 Where to start in the intelligence industry? 31:40 Tell us about an unforgettable investigation! 37:31 How's the house renovation going? 45:49 Tell us 3 most important advice for intelligence partitioner wannabes! ■ About The Pivot Brought to you by Maltego, The Pivot deep dives into topics pivoting from information security to the criminal underground. Each episode features interviews with experts from the industry and research fields and explores how they connect the dots. ■ About Maltego Used by investigators worldwide, Maltego is a graphical link analysis tool that allows users to mine, merge, and map data from OSINT and third-party data integrations for all sorts of investigations—cybersecurity, person of interest, fraud, and more. The podcast streams free on Spotify, Apple Podcasts, and Google Podcasts. You can also watch it all go down on YouTube. Don't forget to subscribe to our Twitter and LinkedIn to stay on top of our latest updates, tutorials, webinars, and deep dives. For more information about Maltego, visit our website.
User-permissioned financial data is becoming a bedrock of fintech innovation. Ever since Plaid came on the scene and enabled us to connect our bank account to other financial institutions, consumers have appreciated the advantages of this concept. But what the industry has really needed is an independent standard for this data sharing.My next guest on the Fintech One-on-One Podcast is Don Cardinal, the Managing Director of the Financial Data Exchange (FDX). This non-profit organization has created a common standard for the secure and convenient access of permissioned consumer and business financial data.In this podcast you will learn:What attracted Don to the opportunity at Financial Data Exchange.Don's work at FS-ISAC and what that organization does.The original vision for FDX and how it has evolved today.The state of open banking in the US today.The five core principles of financial data that FDX adheres to.Details of the FDX API standard they have developed.How that interfaces to the work that Plaid is doing.How the authentication of credentials works.Why biometric authentication is so much better than passwords.Some of the big names who are members are FDX.How they balance the different perspectives of banks, fintechs and consumer groups.The connection between FDX and the Open Financial Exchange (OFX).How they keep their own technology updated.Don's vision for the future of open finance.Connect with Don on LinkedInConnect with Fintech One-on-One: Tweet me @PeterRenton Connect with me on LinkedIn Find previous Fintech One-on-One episodes
TCE talks Cybersecurity Awareness Month 2022 and Seeing Yourself in Cyber with Chris Foulon of the Breaking into Cybersecurity podcast. Resources and Mentions (it's a long list, but we love to share resources and other's great work) Breaking into Cybersecurity Podcast: A conversation about what you did before, why did you pivot into cyber, what was the process you went through Breaking Into Cybersecurity Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUI by Gary Hayslip, Christophe Foulon, Renee Small Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/ by Ken Underhill, Christophe Foulon, Tia Hopkins The Whole Cyber Human Initiative https://www.wholecyberhumaninitiative.org/Creating Workforce Development to fix the talent gaps today @chris_foulon @BreakintoCyber Whole Cyber Human Initiative Valorr Cybersecurity NIST National Initiative for Cybersecurity Education (NICE) @InfoSecSherpa(Tracy Z. Maleeff) Cybersecurity Awareness Month https://staysafeonline.org/ @LisaPlaggemier The Gate 15 Interview: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC! Plus, background! shout-outs!! favorite movies, tigers, and more!!! Not mentioned in this podcast, but a couple of relevant (CS)²AI podcasts hosted by @Derek_Harp that I came across after – I hope they don't mind the mentions! (CS)2AI Podcast 53: Career Advice for Women Pursuing Cybersecurity Positions with Danielle Jablanski (Nozomi Networks) @CyberSnark (CS)2AI Podcast 52: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron Brash Ron Brash (aDolus) @ron_brash
Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it. Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way. So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers. It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time. However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today. Let me add one more quote and we'll get into the material. Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages. Modern governments know that, and as a result all have their own intelligence agencies. Let's look at an example. If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this? Most governments around the world have similar Nation State objectives and mission statements. Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors? Let's look at a couple: Goal 1: Steal targeting data to enable future operations. Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information. Additionally, targeting data allows Nation state organizations to understand how individuals are connected. This can be key when we are looking for key influencers for targets of interest. All targeting data should not be considered equal. Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect. State Actors target these organizations because of two factors:The Importance of the Data is the first factor. If one party sends a second party an email, that means there is a basic level of connection. However, it's not automatically a strong connection since we all receive emails from spammers. If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email. Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor. Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers). Others use temporary emails to attend conferences, so they don't get marketing spam when they get home. However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms. If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence. Foreign Intelligence which drives policy-making decisions is very impactful. Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars. If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful. By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions. This can result in enabling new intelligence collection objectives. Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business. In that case, sanctions may be added against different airlines. This occurred when the US sanctioned Mahan Air, an Iran's airline. Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies. However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective. Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022. They date back to Russia's invasion of Crimea. It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important. Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action. Covert Action is generally intended to cause harm to another state without attribution. However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action. The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack. Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns. This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million. FedEx around $400 million. The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia. Another example is Stuxnet. This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic. They spot a bear running at them. One friend gets up and starts running away from the bear. The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching. “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend. “You can't outrun a bear!” “I don't have to outrun the bear,” said the second friend. “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered. Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public. If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs. The State Department hosts a travel advisory list. This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook. The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan. Good communications plans generally require at least four forms of communication. The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager. Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya. One popular plan is Inmarsat's BGAN. BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute. This usually translates to a yearly cost of $1,500-2K per device. Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil? Let your company decide. Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations. For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount. This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel. If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border. Have you identified an egress office for each overseas country? If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures. When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees. Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs. Good examples of this include following threat intelligence information from: Your local ISAC organization. ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats. The National Council of ISACs lists twenty-five different members across a wide range of industries. An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure. Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators. Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks. Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques. For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure. This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework. Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert. Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert. One helpful page to consider is the Cyber Resilience Review Assessment. Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers? If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services. Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority. I would argue those are high/critical vulnerabilities with known exploits being used in the wild. You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list. Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA). Routinely we see organizations require MFA access to websites and use Single Sign On. This is great -- please don't stop doing this. However, we would also recommend MFA enhancements in two ways. One, are you using MFA on RDP/SSH logins by administrators? If not, then please enable immediately. You never know when one developer will get phished, and the attacker can pull his SSH keys. Having MFA means even when those keys are lost, bad actor propagation can be minimized. Another enhancement is to increase the security within your MFA functionality. For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address. You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard. Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents? Do you have coverage on both your Windows and Linux Server environments? Of the agents running, what portion have signatures updates that are not current? How about more than 30 days old. We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise. Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done. One example is implementing DMARC to properly authenticate and block spoofed emails. It's the standard now and prevents brand impersonation. Also please consider restricting email domains. You can do this at the very top. Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains: .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs). However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary. Let's say your business is located entirely in the UK. Do you really want to allow emails from Country codes such as .RU, .CN, and others? Do you do business with .hair, or .lifestyle, or .xxx? If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks. It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help. Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets. One thing to consider is using Amazon Inspector. Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances. This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security. Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard. One tip we don't see often is using geo-fencing and IP allow-lists. For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito. This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it. This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar. However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence. Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy. Unfortunately for Acme, Orange has just invaded their neighboring country Blue. Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange. Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work. Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war. This means that the parent company won't provide services to the Orange company. Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk. There's just one problem. Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start? Let's consider a few things. First, what is the lifeblood of a company? Every company really needs laptops and Collaboration Software like Office 365 or GSuite. So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things. Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment. Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed. Also, you ensure a new Active Directory server is created for your Orange environment. This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task. However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight. We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP). One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association. (I'll put the link in our show notes.) The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response. Typically, teams follow the PICERL model. (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents. Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap. If you didn't think about it before, you now have plenty of material to work with. Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice. We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown. I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it. Here's another one for you to add to your arsenal. Take the time and be prepared -- you'll be a hero "when the bubble goes up." (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear. Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft. Please remember to like us on your favorite podcast provider and tell your peers about us. Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings. This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns https://www.cia.gov/about/mission-vision/ https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/ https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.nationalisacs.org/member-isacs-3 https://attack.mitre.org/groups/ https://data.iana.org/TLD/tlds-alpha-by-domain.txt https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf
In this episode of The Gate 15 Interview, Andy Jabbour speaks with National Cybersecurity Alliance Executive Director, Lisa Plaggemier, Automotive ISAC Intelligence and Analysis Operations Manager & Vice Chair for the National Council of ISACs, Josh Poster, and FS-ISAC Senior Director, Strategic Partnerships, Bridgette Walsh, about Cybersecurity Awareness Month 2022! Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a proven track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa has held leadership roles with the Ford Motor Company, CDK, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn't born in Austin, Texas, she got there as fast as she could. Twitter: @LisaPlaggemier Josh Poster is the Intelligence and Analysis Operations Manager for Auto-ISAC. In that role he also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long time leader in the ISAC and homeland security communities. Bridgette Walsh is the Senior Director, Strategic Partnerships for the Financial Services-Information Sharing Analysis Center (FS-ISAC). Prior to her arrival at the FS-ISAC, Bridgette supported the Department of Homeland Security (DHS) mission since its inception in 2003 and has led various leadership positions within cybersecurity strategy and stakeholder engagement. She most recently served as the Deputy Assistant Director (A) for Stakeholder Engagement for the Cybersecurity and Infrastructure Security Agency (CISA) including standing up the 6th Division within CISA. She also served as the Chief of Staff for the Cybersecurity Division (CSD) in CISA and as the Senior Counselor for Cyber to the CISA Director providing strategic guidance and counselor on cyber issues for the Agency. While leading Partnerships & Engagement for the CSD Stakeholder Engagement and Cyber Infrastructure Resilience Sub-Division (SECIR) she oversaw the Departments' development and delivery of the President's Executive Order 13800 Critical Infrastructure deliverables and all major partnership engagements. See additional background on Bridgette below. In the discussion we address: The great organizations our guests belong to! Background on Cybersecurity Awareness Month DHS's history and role with Cybersecurity Awareness Month Cybersecurity Awareness Month 2022 The role of the NCI and individual ISACs in message amplification Multi-factor authentication! Strong passwords and password managers! Updating software! Recognizing and reporting phishing! Books, movies, tigers and dogs, and our guests answer when they'd like to be in time! A few references mentioned in or relevant to our discussion include: Website Link: https://staysafeonline.org Cybersecurity Awareness Month Learn more about the National Cybersecurity Alliance's Cybersecurity Awareness Month Champion program at https://staysafeonline.org/champion. Are you a Cybersecurity Awareness Month Champion yet? Sign up today to receive your toolkit of free infographics, social media posts, tip sheets and more! Join in helping everyone stay safe online. #BeCyberSmart Facebook: Staysafeonline Instagram: @natlcybersecurityalliance The Financial Services Information Sharing and Analysis Center (FS-ISAC) Automotive Information Sharing And Analysis Center (Auto-ISAC) National Council of ISACs (NCI) PPD-63 The Gate 15 Interview: Scott Algeier on information sharing, critical infrastructure, cybersecurity
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 337 - Cyber-attacks resulting from the Russian – Ukraine conflict, critical infrastructure impact and response in AsiaPub date: 2022-09-18Bill Nelson is the Chair of Global Resilience Federation (GRF). GRF is a non-profit association dedicated to helping ensure the resilience and continuity of critical and essential infrastructure and organizations against threats, incidents and vulnerabilities. Previously, Nelson was the President and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC). In his 12 years, Nelson led FS-ISAC in its response to major cyber and physical threats and vulnerabilities that affected the financial services industry, including partnering with Microsoft to take down four major botnet infrastructures. He was also responsible for creating the Sector Services Division of FS-ISAC, which was established to assist other sectors and became the genesis for launching Global Resilience Federation. Nelson was named the fifth most influential person in the field of financial-information security by the publication Bank Info Security and he also received the prestigious RSA Award for Excellence in Information Security. Before joining FS-ISAC, Nelson was the Executive Vice President of NACHA, the electronic payments association, where he oversaw the development of the ACH Network into one of the largest electronic payment systems in the world, processing nearly 14 billion payments by the time he transitioned to FS-ISAC. In this podcast, Bill introduces the audience to ISACs (Information Sharing and Analysis Centre), and the formation of OT-ISAC (“Operational Technology ISAC”), which was established under Pillar 2 of Singapore's OT Cybersecurity Masterplan launched at Singapore International Cyber Week 2019. He stresses how is trust is important in supporting effective information sharing, and how initiatives, such as the Traffic Light protocol is critical to facilitating sharing with the appropriate audience. Bill also highlights the prevalence of wiper malware in the Russian-Ukrainian conflict in cyber space and the impacts in Asia. With the rising threat landscape, Bill advises organisations to adopt a “defence-in-depth” approach to withstand and recover from cybersecurity incidents. To minimize service disruptions in the face of destructive attacks and events, he also points to the need for building resiliency. Referencing GRF's “Operational Resilience Framework”, he explains how the multi-sector working group is developing rules and implementation aids that support the organisation's recovery of immutable data. Interview by Jane Lo, Singapore Correspondent. Recorded on-site at OT-ISAC Summit 2022 held at the VOCO Hotel, Orchard Road, Singapore on 7th September 2022 4.30pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Bill Nelson is the Chair of Global Resilience Federation (GRF). GRF is a non-profit association dedicated to helping ensure the resilience and continuity of critical and essential infrastructure and organizations against threats, incidents and vulnerabilities. Previously, Nelson was the President and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC). In his 12 years, Nelson led FS-ISAC in its response to major cyber and physical threats and vulnerabilities that affected the financial services industry, including partnering with Microsoft to take down four major botnet infrastructures. He was also responsible for creating the Sector Services Division of FS-ISAC, which was established to assist other sectors and became the genesis for launching Global Resilience Federation. Nelson was named the fifth most influential person in the field of financial-information security by the publication Bank Info Security and he also received the prestigious RSA Award for Excellence in Information Security. Before joining FS-ISAC, Nelson was the Executive Vice President of NACHA, the electronic payments association, where he oversaw the development of the ACH Network into one of the largest electronic payment systems in the world, processing nearly 14 billion payments by the time he transitioned to FS-ISAC. In this podcast, Bill introduces the audience to ISACs (Information Sharing and Analysis Centre), and the formation of OT-ISAC (“Operational Technology ISAC”), which was established under Pillar 2 of Singapore's OT Cybersecurity Masterplan launched at Singapore International Cyber Week 2019. He stresses how is trust is important in supporting effective information sharing, and how initiatives, such as the Traffic Light protocol is critical to facilitating sharing with the appropriate audience. Bill also highlights the prevalence of wiper malware in the Russian-Ukrainian conflict in cyber space and the impacts in Asia. With the rising threat landscape, Bill advises organisations to adopt a “defence-in-depth” approach to withstand and recover from cybersecurity incidents. To minimize service disruptions in the face of destructive attacks and events, he also points to the need for building resiliency. Referencing GRF's “Operational Resilience Framework”, he explains how the multi-sector working group is developing rules and implementation aids that support the organisation's recovery of immutable data. Interview by Jane Lo, Singapore Correspondent. Recorded on-site at OT-ISAC Summit 2022 held at the VOCO Hotel, Orchard Road, Singapore on 7th September 2022 4.30pm.
In the latest Threat Trends episode of The Defender's Advantage Podcast, host Luke McNamara is joined by Teresa Walsh, Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), for a deep dive on the financial services industry. Teresa discusses her journey from roles in government and how her experience has shaped her view of financial services. She also discusses how she sees the threat landscape impacting her customers and how FS-ISAC aids institutions in building resiliency against threats. Don't forget to rate, review, and subscribe to The Defender's Advantage Podcast where you listen to podcasts!
In this episode, our new host Chloe Seaton is joined by Lucie Usher, EMEA Intelligence Officer for FS-ISAC and Luc Manfredi, a Director in our Cyber Security team in the UK to discuss what is driving cyber resilience up the regulatory agenda in sectors such as financial services, energy and utilities; the key cyber risks for organisations in regulated sectors, including supply chain attacks, the growing use of operational technology in industrial operations and geopolitical unrest; how the regulatory landscape is evolving around cyber resilience - nationally and globally; and what organisations in regulated sectors can do to increase cyber resilience and ensure compliance through greater information sharing, rigorous self-assessment and continuous exercising and testing.
In this episode, our new host Chloe Seaton is joined by Lucie Usher, EMEA Intelligence Officer for FS-ISAC and Luc Manfredi, a Director in our Cyber Security team in the UK to discuss what is driving cyber resilience up the regulatory agenda in sectors such as financial services, energy and utilities; the key cyber risks for organisations in regulated sectors, including supply chain attacks, the growing use of operational technology in industrial operations and geopolitical unrest; how the regulatory landscape is evolving around cyber resilience - nationally and globally; and what organisations in regulated sectors can do to increase cyber resilience and ensure compliance through greater information sharing, rigorous self-assessment and continuous exercising and testing.
Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: OT Security: Has the Industry Made Progress?Pub date: 2022-07-01OT security has been at the center of the security conversation ever since the Colonial Pipeline attacks. Scott Flower, the founder of Pareto Cyber and a former global intelligence officer at FS-ISAC, discusses the challenges in OT security and where the industry needs to go.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Jerry Perullo, former CISO of the NYSE, former chairman of the board off the FS-ISAC, founder, professor, and host of the Life After CISO podcast, comes down to the Cyber Ranch to discuss the many roles he's had throughout his career and the many highly unique opinions he has on the cyber industry. Together, Jerry and Allan break down what's overrated in cybersecurity, from patching to dark web to vulnerability departments, and every detail and concept in between. Timecoded Guide: [01:53] Taking on a variety of roles in the cyber industry and breaking down which elements of cybersecurity are overrated [08:48] Recognizing when encryption is needed and when it is overrated or overemphasized as something you need in cybersecurity [15:43] Service-level agreement timelines, addressing critical risks, and engaging with the 80/20 rule [24:17] Understanding when to separate data about different vulnerabilities and attacks, and when to report on them in the same conversation (i.e. board meetings) [29:58] Other overrated elements of cybersecurity, such as IoCs, dark web, and, of course, what Jerry would change in cyber if he had a magic wand... Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! Manual asset inventory just doesn't cut it anymore. That's where Axonius comes in. Take control of security complexities by uncovering gaps in your organization. Sign up for a free walk through of the platform at Axonius.com/Get-A-Tour Why is patching overrated? While Jerry acknowledges the importance of patching in certain contexts, he also explains that it's often overemphasized in its ability to provide cyber solutions. For patching to make an impact, the vulnerability has to be known and understood. In Jerry's experience, patching doesn't solve many of the problems in cybersecurity and can instead create a false sense of security, especially in the case of in-house coding errors. Although patching can create a long-term solution, you may only overcome that weakness for a moment and end up coming back to the same issue a few months later. “When I say it's overrated is, first of all, patching is to address a known vulnerability in a piece of software, right? That means that the vulnerability has to already be out there, has to be profiled, has to be understood, and the manufacturer has to have actually created some kind of fix for it.” What about encryption? Is that also overrated? The idea of encryption comes from the idea of keeping information and vulnerabilities out of your enemies' hands. However, too much focus on encryption blinds us to other issues and other tools that can be used against us. Although certain vulnerabilities around encryption are exploited, Jerry points out that you rarely, if ever, hear about the threats that we're warned about when we're sold on the concept and idea of encryption. With so many other ways to be hacked and exploited, Jerry says our focus on encryption keeps us in the dark about what the reality of online safety is. “In any event, we spend so much time worrying about encryption and encrypting things, and whether it's encryption at rest, or whether it's in transit, or anything else like that, that I think sometimes we blind ourselves, especially on internal tools.” Are short SLAs (service level agreements) for addressing critical risk overrated? In Jerry's mind, the timeframe of your SLA doesn't matter if you need a problem fixed immediately. Whether it's a 48 hour turnaround, a 29 day, or a 364 day window, critical threats need immediate fixes and your service team should understand that. If the response to a necessary and urgent request is for your team to inquire about the SLA, you have a much bigger problem than the time it will take. Instead you have a toxic culture problem, something that cannot be fixed with simple tweaks to your SLA. “I always would just preach that you don't want to ever undermine your credibility. You don't want to bring weak sauce. Gotta be able to reproduce everything, have a video, all of that, and if you don't, then yeah, you people are gonna abuse your SLAs and push it to the edge.” What's your thoughts on departments with “vulnerability” in their name? Although Jerry has had vulnerability departments and teams in previous companies he's worked with, adding vulnerability to a department name rarely has the impact beyond specifying that they run the vulnerability scanners. Beyond running the scanners, processing these results and reporting them is a completely different beast. Rarely is a vulnerability department able to process and report these results without making data ten times more complicated and time consuming for your board to understand. They're tool-focused, it's in their name, but it may not be what you really need when you're assessing risk. “I think it's really important that you just speak about them all collectively, in a tool agnostic fashion. So, I feel the vuln scanner results, the bug bounty results, the attack service management results, the employees raising their hand and volunteering info…they need to be portrayed in parallel in one communication.” ------------- Links: Learn more about Jerry Perullo on LinkedIn and listen to his podcast #lifeafterCISO Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast
Episode Summary It's been more than a decade since the cloud emerged as a new concept. And it's safe to say that it has practically become the new normal, especially since the COVID-19 outbreak. However, when it comes to improving cyber security and risk management in the cloud, we still have a long way to go. In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Sameer Sait, an information security expert and the former CISO of Amazon's Whole Foods Market. They talk about the shift in security mechanisms due to the explosion of the cloud, the importance of shared responsibility, and what we can learn from highly regulated industries. Tune into this episode to hear some insightful observations about the future of cybersecurity.##Guest-at-a-Glance
Episode Summary It's been more than a decade since the cloud emerged as a new concept. And it's safe to say that it has practically become the new normal, especially since the COVID-19 outbreak. However, when it comes to improving cyber security and risk management in the cloud, we still have a long way to go. In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Sameer Sait, an information security expert and the former CISO of Amazon's Whole Foods Market. They talk about the shift in security mechanisms due to the explosion of the cloud, the importance of shared responsibility, and what we can learn from highly regulated industries. Tune into this episode to hear some insightful observations about the future of cybersecurity.##Guest-at-a-Glance
Errol Weiss is an accomplished information security executive recognized internationally as a visionary and a leader in threat intelligence operations and management. Weiss has 15 years of cyber security experience within banking and finance. He currently works in healthcare as the Chief Security Officer (CSO) for the Health-ISAC. Throughout his career he has leveraged his ability to build information security strategies aligned to business risk and corporate goals. In the last year and 10 months Weiss has served as a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security. His prior experience includes roles with Bank of America, the FS-ISAC, Citigroup, Saic, CSC, and the National Security Agency. Formerly a senior network security analyst for the NSA, Weiss was responsible for conducting vulnerability analyses and penetrations of highly classified US Government computers and network systems. Weiss has a M.S. in Technical Management from Johns Hopkins University and a B.S. in Computer Engineering from Bucknell University. Hosted by Thomas Bain (VP of Marketing at Cyware), Guest is Errol Weiss (CSO Health-ISAC), Produced by Cole Hayden (Cyware Intern)
Interview with Mary Jo Schrade, Assistant General Counsel and Regional Lead for Microsoft's Digital Crimes Unit (DCU) Asia. Disrupting one of the world's most dangerous malware - Trickbot Mary Jo Schrade is an Assistant General Counsel and Regional Lead for Microsoft's Digital Crimes Unit (DCU) Asia and is based at Microsoft's Cyber Security Center in Singapore. She oversees the initiatives, programs and strategies related to Microsoft Asia's efforts to prevent or disrupt organized cybercrime and online tech support scams through public-private partnerships, coordinated enforcement, and customer engagements relating to cyber security and Microsoft's digital trust commitment to its customers. In this podcast, Mary Jo gave highlights of Microsoft's legal action in October 2020 to disrupt Trickbot, one of the world's most pervasive malware families which was behind attacks launched by ransomware groups such as Ryuk. Representing one of the rare cases where the disruption was coordinated by private sector organisations, this involved extensive partnerships around the world with other organisations, including FS-ISAC (financial services information sharing and analysis center), ISPs, and other cybersecurity companies. She also shared some of the key factors and decisions behind the legal strategy, and learning lessons for cyber defenders. For smaller and medium sized organisations in Asia, she stressed that the effectiveness of protective measures, such as multi-factor authentication, cannot be underestimated. Recorded 28th May 2021, Singapore 9am.
In this episode, guest Bill Nelson, CEO of the Global Resiliency Federation (GRF), talks about the GRF’s mission to help organizations in myriad industries share critical security threat information so they can all better defend themselves. Bill lays out the history of GRF – how it emerged from the work he did at FS-ISAC, where he grew membership from 170 banks to 7,000. Bill led a team that was tasked with helping other industries set up their own security information sharing programs, based on what FS-ISAC was doing, leading to the creation of ISACs and ISAOs for legal, oil & gas, retail, energy, and healthcare. You’ll also learn how the Uniform Commercial Code, article 4, in its description of “commercially reasonable” security, and who’s financially liable after a breach, drove banks to take security controls like anomaly detection, MFA, and DDoS prevention a lot more seriously. GRF’s newest security information exchange, K12SIX, aims to protect K-12 schools, which have become the newest targets for ransomware, with attacks ballooning from 10 per year just a few years ago to more than 400 in 2020, and ransoms increasing from $20k to an astonishing $40M.Guest:Bill Nelson, CEO of Global Resilience Federation (GRF)Host:Chad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
John Salomon, Regional Director at the FS-ISAC, tells us his story about how he got where he is and what helped him understand his true calling in the information security sector…a precious lesson for every young talent out there John is the Regional Director for Continental Europe, Middle East and Africa at the FS-ISAC, a global organization that involves different industry players with the aim of defining and implementing better rules and regulations governing information security in the financial sector, primarily by fostering information sharing among its members. NOTE: John does not speak for FS-ISAC in this interview; rather, for himself. In our conversation, he relives the path he followed that led him to where he is now. From getting into security when it was a hot &trendy topic to now, where he encourages collective defence in the financial sector by anticipating and coping with relentlessly swinging trends. Financial security, critical infrastructure & national defense: tying them together John embraces a strategy-driven and all-encompassing approach in tackling the cyber issue by combining lessons learned and best practices from emerging markets with his field-specific expertise enriched by a global and multi-cultural perspective. He ended our conversation on a positive and promising note for all the young cyber talents to-be out there, encouraging inter-industry alliances to find and train and by betting on the power of inspiration and mentorship to prepare the next generation of cyber minds. The Secure in Mind Project Our mission is to greatly increase and encourage community discussion about technological and ethical issues that have done, are and will impact society on a global scale. There is a longstanding and distinct disconnect between the way information is packaged and presented to the public and the effectiveness of this presentation in terms of generating informed, considered debate. If we can take complex, important topics and present them, as best we can, in a manner that can interests people from outside the speciality, then we have surpassed our expectations. Nick Kelly Bio Nick is someone who, in many senses, is just like you: a human being trying to make sense of this existence of ours as we hurtle around a ball of gas in a sea of infinite eternity. More relevant though are his vacillations in the world amongst diverse countries and environments, collaborating, negotiating, elaborating and celebrating with fascinating people from all walks of life including politics, technology, activism, military and intelligence the world over. He brings this unique breadth of perspective to the table and has a dogged interest in pursuing the human story behind the title or policy, appreciating the fact that underneath all of our bravado, political correctness and dichotomous states of creation and destruction, we are, after all, merely mortals trying to make the best of it.
- www.bleepingcomputer.com: Microsoft: SolarWinds hackers downloaded Azure, Exchange source code - www.cyberscoop.com: White House warns SolarWinds breach cleanup will take time - threatpost.com: Florida Water Plant Hack: Leaked Credentials Found in Breach Database - www.zdnet.com: Singtel hit by third-party vendor's security breach, customer data may be leaked - statescoop.com: Washington state looks to consolidate cybersecurity after data breach - www.bleepingcomputer.com: Cyberattack on Dutch Research Council (NWO) suspends research grants - www.darkreading.com: 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020 - www.bleepingcomputer.com: RIPE NCC Internet Registry discloses SSO credential stuffing attack - www.wired.com: Malware Is Now Targeting Apple’s New M1 Processor - www.theregister.com: Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/professor-cyber-risk/message Support this podcast: https://anchor.fm/professor-cyber-risk/support
What you'll learn: Security shifting left Taking security from afterthought to active participant Keeping up with the pace of change in security Meet: Cassio Goldschmidt is regarded as an internationally recognized, award-winning security expert. With more than 20 years of experience, Mr. Goldschmidt has a remarkable record of industry accolades and honors. They include: Winner of the 2019 (ISC)² Information Security Leadership Award for all Americas Nominee for the 2019 TEN Information Security Executive Award for North America Winner of the 2020 TEN Information Security Executive Best Project Award for the West Coast region Winner of the 2011 (ISC)² Cybersecurity Community Services Star Award for all Americas Finalist of the 2011 (ISC)² Americas Information Security Leadership (ISLA) Awards 2011 in the Information Security Practitioner category Nominee for the 2012 OWASP Web Application Security Person of the Year (WASPY) Awards Other honors include being: Publicly thanked by Brazil's Superior Electoral Court (TSE) for finding security weaknesses and providing significant recommendations to improve the security of the electronic voting systems used in the country's presidential election A member of Forbes Technology Council and contributor of Forbes.com The founding member of OWASP Los Angeles Chapter, which was elected the best OWASP chapter in the world in 2013 A co-founder of OWASP AppSec Cali conference A speaker at many of the most respected international security conferences, including RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States The single inventor of three U.S. patents and the co-inventor of the fourth U.S. patent Cassio holds a bachelor degree in computer science (BS in CS) from Pontificia Universidade Catolica do Rio Grande Do Sul (PUC-RS), a masters degree in software engineering (MS in SE) from Santa Clara University (SCU), and a master of business administration (MBA) from the University of Southern California (USC). If you have any questions for Cassio, please feel free to reach out via LinkedIn: https://www.linkedin.com/in/cassiogoldschmidt/ I hope you enjoyed the episode, the best place to connect with me is on Linkedin - https://www.linkedin.com/in/amirbormand (Amir Bormand). Please send me a message if you would like me to cover certain topics with future guests.
Meet: Cassio Goldschmidt is regarded as an internationally recognized, award-winning security expert. With more than 20 years of experience, Mr. Goldschmidt has a remarkable record of industry accolades and honors. They include: Winner of the 2019 (ISC)² Information Security Leadership Award for all Americas Nominee for the 2019 TEN Information Security Executive Award for North America Winner of the 2020 TEN Information Security Executive Best Project Award for the West Coast region Winner of the 2011 (ISC)² Cybersecurity Community Services Star Award for all Americas Finalist of the 2011 (ISC)² Americas Information Security Leadership (ISLA) Awards 2011 in the Information Security Practitioner category Nominee for the 2012 OWASP Web Application Security Person of the Year (WASPY) Awards Other honors include being: Publicly thanked by Brazil's Superior Electoral Court (TSE) for finding security weaknesses and providing significant recommendations to improve the security of the electronic voting systems used in the country's presidential election A member of Forbes Technology Council and contributor of Forbes.com The founding member of OWASP Los Angeles Chapter, which was elected the best OWASP chapter in the world in 2013 A co-founder of OWASP AppSec Cali conference A speaker at many of the most respected international security conferences, including RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States The single inventor of three U.S. patents and the co-inventor of the fourth U.S. patent Cassio holds a bachelor degree in computer science (BS in CS) from Pontificia Universidade Catolica do Rio Grande Do Sul (PUC-RS), a masters degree in software engineering (MS in SE) from Santa Clara University (SCU), and a master of business administration (MBA) from the University of Southern California (USC). What you'll learn: Addressing the security challenges of shadow IT Hackers are looking for just one thing to get in The impact of the pandemic on the security roadmap If you have any questions for Cassio, please feel free to reach out via LinkedIn: https://www.linkedin.com/in/cassiogoldschmidt/
Our rockstars are also dot-connectors, community creators and story tellers. Bill Nelson, CEO and Chairman of the Global Resilience Federation (GRF) joins us to talk about cybersecurity communities created around the world to share information and improve the resilience of entire industries and verticals. Bill has travelled the planet carrying this community message and has countless anecdotes to share. Before joining the GRF, He led the Financial Services Information Sharing and Analysis Center (FS-ISAC) with an impressive growth that led him to become a point of reference in the IT world, and was also an executive VP at NACHA, leading the evolution of electronic payments across institutions. He chose "I can get no satisfaction" from the Stones. A classic!/ Find Bill here: https://www.linkedin.com/in/bill-nelson-6b4b174/ Flexera sponsors this podcast. To learn more about their Vulnerability Research, visit https://www.flexera.com/products/operations/software-vulnerability-research.html
The Episode in 60 Seconds What happens when your industry is turned on its head? In Symphony's case, they moved from quarterly plans to weekly ones and infused their mission and values into everything they do. On this episode of Studio CMO, we discuss with Andrew Hoerner: The role culture plays in marketing and branding The not-so-easy pivot from in-person events to digital When marketing and product development overlap How to create refined and laser focused content How to attract the biggest clients in your industry Our Guest Andrew Hoerner is the Executive Vice President for Global Marketing for Symphony, considered one of the top 50 fintech firms by Forbes. Their solution allows banks and financial markets to send messages, share files, automate trade flows, and meet in real time. Andrew has been leading marketing teams or overall marketing functions throughout his career including companies like Blue Martini, PayOne, Securify, McAfee, and Soltra. He also spent five years leading marketing for the largest cybersecurity trade organization, FS-ISAC. Show Notes Symphony hosts more than 530,000 users on their collaborative platform and has seen 300+% growth during COVID. Fast Fail is a part of their iterative culture. Culture If you share a sense of mission as a team, that drives a lot of behavior that you can't even always document or articulate. — Andrew Hoerner These times are just almost sheer chaos in some ways, right? It's really easy just to go to the lowest common denominator, get the basic job done, do business as usual, and make creativity the first thing to go. I've tried to give my team the mental headspace to be creative because creativity is critical to marketing. — Andrew Hoerner Check out Symphony's end-to-end, secure, encrypted meetings platform for the financial sector. https://www.youtube.com/embed/vD1t9x-K2XY Live Events We put all the best practices from a live event into a digital event. Plus we sought out an event producer. — Andrew Hoerner Build in layers of redundancy Build an engine to run the necessary digital production Be aware of how your guest's schedules and calendar maintenance have changed It's still about telling an amazing story Keep it human (leave time for guests to "take the elevator") We also talk about digital events in this episode of Studio CMO: Why are fax machines still in use? Symphony is hosting a series of hackathons in 2020. Andrew discusses how he is exploring the OODA Loop methodology throughout his teams. Check out this helpful guide.
Bill Nelson is the CEO of Global Resilience Federation (GRF). Previously, Nelson was the President and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC). In his 12 years, Nelson led FS-ISAC in its response to major cyber and physical threats and vulnerabilities that affected the financial services industry, including partnering with Microsoft to take down four major botnet infrastructures. He was also responsible for creating the Sector Services Division of FS-ISAC, which was established to assist other sectors and became the genesis for launching Global Resilience Federation. Nelson was named the fifth most influential person in the field of financial-information security by the publication Bank Info Security and he also received the prestigious RSA Award for Excellence in Information Security. Before joining FS-ISAC, Nelson was the Executive Vice President of NACHA, the electronic payments association, where he oversaw the development of the ACH Network into one of the largest electronic payment systems in the world, processing nearly 14 billion payments by the time he transitioned to FS-ISAC. In this podcast with Jane Lo, Singapore Correspondent, Bill shares his insights on the cyber threat intelligence information sharing landscape during the period when he was the President and CEO of FS-ISAC and how incidents such as the Sony Hack in 2014 and the Central Bank of Bangladesh influenced the ways organisations came to view information sharing. He also discusses how recent cyber incidents in operational technology have matured the conversations between public and private sectors, and why the focus on recovery is critical. Information on the virtual summit with highlights including Captain Scott Kelly’s keynote, and presentations by security practitioners on emerging concepts and trending threats, can be found here: https://grf.org/virtual-summit-overview.
The “supermarket” days of financial institutions providing all of our financial services and holding all of our accounts are long over. Brokerages, insurance companies, and the expanding array of fintechs compete to hold, manage, or organize our assets. With so many custodians of our financial data, it can be difficult for an individual to generate a complete picture of her finances. That’s been a longstanding problem that was addressed over two decades ago by data aggregators like personal financial management app Mint. Individuals found this single portal approach quite useful. All we had to do was provide the aggregator with the login credentials to each of our online accounts. The aggregator would then log into that account on our behalf, “read” our data off of the web page, and display all of that data in a single consistent fashion (this is “screen scraping”, the method of data gathering that started it all). This single view capability has been a compelling proposition that dozens and dozens of firms have emulated in the years since. Further, use cases have proliferated where a fintech, for example, simply needs access to one or two accounts in order to fulfill its goals. The mobile app model has just accelerated the expansion of apps needing access to user account data. Yodlee and Plaid, now a Visa company acquired in a whopping big transaction, are examples of companies selling access to user account data either through screen scraping or, in a more modern approach, direct integration to individual financial institutions. Direct integration to each bank or credit union’s data is, of course, inefficient because each banks exposes its own interface. The syntax and functions of each vary making everyone’s development and maintenance tasks more difficult.. Evolution of a Standard Into this gap is the Financial Data Exchange organization. With over 100 members https://financialdataexchange.org/pages/members from a wide range of companies - Chase, Plaid, FS-ISAC, Intuit, PNC, Fannie Mae, Truist, Cashflow Solutions - its goal is to standardize the domain of permissioned at a sharing through an API layer in operates in front of financial institution data. FDX is a true standards organization. Its members pay dues, yes, but their more important contribution is time and effort. Working groups take on particular technical and usage aspects, develop them, and generate draft standards for the entire membership to ratify. One of its working groups focuses, for example, on the user experience, on the use cases that benefit from data sharing and how to make that process transparent and secure for end users. In this Payments on Fire® episode, George and FDX Managing Director Don Cardinal discuss the API, its many reasons for being, and the standards development process. They also discuss Akoya, Fidelity’s former data sharing unit that is now owned and operated by The Clearing House and 11 member banks. Akoya serves as a central integration provider making it easier for a fintech app to connect its users to the banks subscribing to the Akoya service. So take a listen. FDX is important to the fintech and financial services community. It’s important to end users. And it’s a great example of how comprehensive standards can be developed swiftly.
#Brian Reed, Chief Mobility Officer at NowSecure As NowSecure Chief Mobility Officer, industry veteran Brian Reed brings over a 15 years of experience in mobile, security and risk including NowSecure, Good Technology, BlackBerry, BoxTone, and ZeroFOX working with Fortune 2000 global customers, mobile trailblazers and government agencies. With more than 25 years driving innovative solutions and securing customer success, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a frequent speaker at events including DevOpsWorld, DevOps Days, RSA, OWASP, Droidcon, FS-ISAC, Gartner, Mobile World Congress, and numerous vertical industry events. Brian is a graduate of Duke University.
Our guest this week is DK Lee. He's an information sharing operations manager at FS-ISAC, the financial services information sharing and analysis center. They're an industry consortium focused on reducing cyber risk in the global financial system, and count over seven thousand financial institutions as members. DK joins us to share his insights on threat intelligence, along with his opinions on leadership, organizational maturity, and checking your ego at the door.
Recorded Future - Inside Threat Intelligence for Cyber Security
Our guest this week is DK Lee. He’s an information sharing operations manager at FS-ISAC, the financial services information sharing and analysis center. They’re an industry consortium focused on reducing cyber risk in the global financial system, and count over seven thousand financial institutions as members. DK joins us to share his insights on threat intelligence, along with his opinions on leadership, organizational maturity, and checking your ego at the door.
Special Counsel Mueller makes his first public statement about the results of his investigation into influence operations surrounding the 2016 US Presidential campaign. He says his first statement will also be his last. FireEye identifies Iranian coordinated inauthenticity in US 2018 midterm elections, and Twitter and Facebook take down the offending accounts. Notes on the BlueKeep exploit. More Pegasus infestations. Reality Winner revisited. Updates on Baltimore ransomware. Ben Yelin from UMD CHHS reacts to allegations that NSA may have some culpability in the Baltimore ransomware incident. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC on the recent report, “Pursuing cybersecurity maturity at financial institutions.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_29.html Support our show
Gabi is back with Mark this week in an interview with Connor Gilbert of StackRox, a Kubernetes security company. StackRox uses Kubernetes and containers to maximize security for customers across the container lifecycle. Connor explains how they monitor your containers through building, deploying, and finally the running of the application, and keep your project secure through all stages. StackRox identifies risks and weak areas, then responds in real time. Connor’s advice for our listeners is to understand what’s going on with your containers and your application. Look at the data, the specs, and your options and then, if-needed, adjust the defaults to optimize the security of your app. Connor Gilbert Connor Gilbert is a product manager at StackRox, a Kubernetes security company, where he contributes to product vision and advocates for customer needs. Connor previously worked in architecture and engineering roles at StackRox. Before that, as Security Research Scientist at Qadium, he built tools to uncover network perimeter exposures and conducted DARPA Internet security research. He first discovered Kubernetes in 2015 and has been using it on GCP ever since. Cool things of the week Simplify reporting with the Sheets data connector for BigQuery, and voila: automated content updates for G Suite blog 6 standout serverless sessions at Google Cloud Next ‘19 blog 9 mustn’t-miss machine learning sessions at Next ‘19 blog Don’t miss these must-see G Suite sessions at Google Cloud Next ‘19 blog Next On Air live show Interview StackRox site StackRox Overview site StackRox Data Sheet data sheet Kubernetes site GKE site Google Container Registry site Google Cloud Security Command Center site Go site Istio site Kubernetes Documentation site Kubernetes Blog blog Kubernetes Blog: A Guide to Kubernetes Admission Controllers blog CNCF site CNCF Webinar: Operationalizing Kubernetes Security Best Practices video BSidesSF 2019 Talk: “Containers: Your Ally in Improving Security” video Nine Kubernetes Security Best Practices Everyone Should Follow site Top 5 Kubernetes RBAC Mistakes to Avoid white paper Question of the week How do I migrate my traditional data warehouse platform to BigQuery? Migrating your traditional data warehouse platform to BigQuery: announcing the data warehouse migration offer Warehouse Migration Where can you find us next? Mark will be at Cloud NEXT, ECGC, and IO. Gabi will be at Cloud NEXT and PyTexas StackRox will be at Cloud NEXT, KubeCon, FS-ISAC, DockerCon, Red Hat Summit, and Black Hat.
Jim has held a number of impressive security leadership positions at several companies including Aetna, JP Morgan Chase, and American Express. He has been a key player in the creation of some of the industry's most effective information sharing communities - the FS-ISAC and the NH-ISAC. He's also known for an uncommon approach to risk management: “Take risk to manage risk.”
In today's podcast, we hear that advance fee scams run by Elon Musk impersonators are using the recently rescued boys' soccer team as phishbait. Bancor wallet robbed of crytpocurrencies. Palestinian police spearphished. BlackTech espionage group using stolen certificates to sign malware. Apple's upgrades are out—one privacy enhancement has a workaround. Microsoft is in the process of patching. And another fitness app, Polar Flow, overshares. Jonathan Katz from UMD on homomorphic encryption standards. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC with results from a recent FS-ISAC survey.
Key Points From This Episode:Justin’s studies, consulting work and path to his current role at Zenefits.Calculating risk return for defense and attack and how Justin approaches this.Why better general security at other companies benefits everyone.Justin’s approach to defending against advanced persistent threats.Why security needs to talk more about the less sexy sides of their work.The hottest new strategies and technologies according to Justin.The role and appropriate time for automation within a security protocol.Zenefits' ambition for their security and how far this extends.The role of CISOs in the conversation about security within a company.Cultural change at companies and how this leads to sustainable security.The difficulty in hiring currently within the security sector.And much more!Links Mentioned in Today’s Episode:Justin Berman Website — http://www.justinbermanphotography.com/Justin Berman on Linkedin — https://www.linkedin.com/in/jmbermanJustin Berman on Twitter — https://twitter.com/justinmberman?lang=enZenefits — https://www.zenefits.com/FS ISAC — https://www.fsisac.com/Phantom — https://www.phantom.us/Equifax — https://techcrunch.com/tag/equifax-hack/
In this segment of AML Now, ACAMS Executive Vice President, John J. Byrne spoke with Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC), a private-public center organization created to share cyber attacks, best practices and government actions in this global area of concern. FS-ISAC is a great example of affected entities working together to address complicated problems.
Today I had an interesting conversation with Ken Westin. Ken is commonly referred to as ‘The Good Hacker’ and has spent the past 15 years working with law enforcement and research teams to analyze current and emerging threats to determine how our everyday products and gadgets can mitigate these threats. He is regularly reached out to as a subject matter expert in the area of security, privacy and surveillance technologies. In our industry people do a lot of talking about how they want to stop cyber security threat, developing technologies they hope will stop threats, but rarely do you actually come in contact with people actually demonstrating a track record of success thwarting, mitigating and bringing people to justice. This episode is sponsored by the CIO Scoreboard What you will learn from this interview: The secret lives of applications that live on our phones. What information are these apps gathering that we’re not aware of and where exactly is that information going? How can this information be used against us and why are these data harvesting protocols not mentioned in the privacy policy or terms of conditions of many apps? Black Hat tools and where to find them to see what your adversary sees about YOU! Questions that Boards should ask about what information that they are tracking about customers The importance of education and security Efficacy and relevance of Cyber Liability Insurance The Cybersecurity elephant in the room: companies tracking and selling our private information Orchestrating threat intelligence by automating and tracking compliance workflows The importance of Data Security Analytics If you are not investing in a product or app then you are the product How to get in touch with Ken: Twitter LinkedIn About me Profile RSA Profile RSA Conference Session – Killing the Kill Chain LinkedIn Published Articles Ken Podcast I enjoyed at Tripwire site BBC article – “I’m a professional cyberstalker” Mobile Privacy articles Defcon Talk: Confessions of a Professional Cyber Stalker Resources Mentioned: USBhacks ID Experts – Radar product – Helps with hi profile breach cleanup cases Kali Linux Distribution Offensive Security Tripwire– Automation of Security Compliance + Workflow OpenDNS Passive Reconnaissance Maltego Tripwire STIX TAXII FS-ISAC Soltra Bill’s interview with Aharon Chernin, CTO of Soltra Summarized Show Notes: How Ken got started in the technology world and different technology he developed to aid in theft recovery Empowering people with technology. Criminals take the fun out of technology, dealing with hackers in particular. Ransomware - impact on business. Consumers are now able to defend themselves in a hostile environment Being knowledgeable about what is possible and raising people’s awareness makes a difference. One of the biggest threats right now is marketing departments that develop spyware and gather information through apps, ad libraries. A lot of information is being harvested from our phones If you’re not paying for the product, you are the product Hackers are not the ones that collected the information from people. So how can we secure the information? We need to ask ourselves - what information do we need to collect in order to do business? Companies are collecting information with immunity. If you are collecting that information - you need to be responsible for what you do with it. Mobile software for tracking stolen devices and camera recovery, there’s always a trace Passive Reconnaissance – it’s amazing how much information you can gather through this without touching the network. Can scan network for vulnerabilities without touching it. Just through DNS records, could map Infrastructure, IP ranges, harvest information through LinkedIn. From there, he could identify the technologies he would run into when inside the network. Hackers involved in the Target breach – they did their homework, they could identify who their business partners were and send phishing emails How can one map the network without touching it, inside the firewall? Identify the IP ranges they are dealing with Through DNS records - identify 3rd party vendors - HR Services, subdomains for special one off projects, marketing projects, Salesforce etc. Trusted business partners and vendors Maltego - tool for open source intelligence gathering and threat intelligence integrations Recommendations for a security beginner trying to understanding an external view Offensive security and penetration testing tools and training resources, videso and tools for open source intelligence gathering Key points: awareness and security training in general In security, we like to learn, that’s why we’re good at what we do and I think everyone in the business needs to take that on. Ignorance is no longer an excuse especially on the business side We’re seeing a lot more boards care about security, investors and startups caring about security Boards asking about cyber liability insurance With cyber liability insurance, there isn’t a lot of data, a lot of it is guessing and with that, a lot of exclusions that get included from these policies and now with the breaches With the recent breaches we’ve seen, between Target and Sony, they’re seeing that the cost of a data breach is higher than originally thought when you start to think about lawsuits and identify theft insurance. Insurance companies are starting to put a cap on how much they’re liable for. Need to secure your infrastructure before you get your cyber liability insurance Marrying real security rules - configuration of compliance and real security. Data Analytics - Security Analytics is key. Being able to correlate the data is the challenge to identify the real threat to the environment. Starting to see more correlation between vendors, more open source for threat intelligence Vendors bringing in data scientists with the data they collect and making it easier on the clients to identify anomalies and the signal to noise ratio How does Ken see the space maturing to a point which is meaningful to a small to medium business? Tools such as Open DNS, taking complexity away from the businesses. But business can leverage the big data and threat intelligence. Larger businesses will have to have their own teams. Make sure to identify what's happening in their own network. STIX/TAXII integration – more and more vendors will start to use this and businesses need to ask their vendors if they are compliant with STIX and TAXII A lot of industry clout with Soltra and FS-ISAC. Mitigate threats and share information. 46:36 The devil's in the data. Being able to make sense of the data. Harvest the data. There is data there telling you a story, just a matter of you finding it. Harvest the data. This episode is sponsored by the CIO Scoreboard All methods of how to access the show are below: Listen on iTunes (for iPhones etc.) Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here) Stream it on Libsyn Listen to it on Soundcloud (This is for listening via PC/Mac Browser) Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes Subscribe to my RSS Feed here LinkedIn blog post Leave a podcast review here How do I leave a review? Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter.
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Healey/DEFCON-22-Jay-Healey-Saving-the-Internet-UPDATED.pdf Saving the Internet (for the Future) Jason Healey DIRECTOR, CYBER STATECRAFT INITIATIVE, ATLANTIC COUNCIL Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC XXI program that the "balance has swung radically in favor of the offense, and defense seems futile." It has always been easier to attack than to defend on the Internet, even back to 1979 when it was written that "few if any security controls can stop a dedicated" red team. We all accept this as true but the community rarely ever looks at the longer term implications of what happens to the internet if one side has a persistent advantage year after year, decade after decade. Is there a tipping point where the internet becomes no longer a Wild West but Somalia, a complete unstable chaos where the attackers don't just have an advantage but a long-term supremacy? This talk will look at trends and the role of hackers and security researchers. Jason Healey is the Director of the Cyber Statecraft Initiative of the Atlantic Council, focusing on international cooperation, competition and conflict in cyberspace, and the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He has worked cyber issues since the 1990s as a policy director at the White House, executive director at Goldman Sachs in Hong Kong and New York, vice chairman of the FS-ISAC (the information sharing and security organization for the finance sector) and a US Air Force intelligence officer. He is a board member of Cyber Conflict Studies Association, lecturer in cyber policy at Georgetown University and author of dozens of published essays and papers. Just in 2013 presented or spoke in Brussels, Rome, Istanbul, Reykjavik, London, Tallinn, Stockholm, Munich, Seoul, Bali, New York, New Orleans, Las Vegas, San Francisco, and Washington, DC.
Synopsis Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind. While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think. In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work. Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary. I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship. Guests Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project. Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com. Links No links for this podcast...