Podcast appearances and mentions of huxley barbee

Show notes:    Today, we're joined by Huxley Barbee, a security evangelist at RunZero and organizer of Bsides NYC. In this episode, Zach and Huxley talk about the modern divergence of environments and security methodologies. Topics discussed:   Huxley's start within the security industry. Making the industry a better place for newcomers. Chasm solutions. Comprehensive security visibility. Methodologies of collecting data (on the network). How “network” terminology has evolved. “Deperimeterization”. Modern divergence of security environments and efforts of discovery. The top 3 important components that help round out a security program. Agent-based collection compared to network-based collection. Organization of Bsides NYC. Where to get in touch:  Linkedin https://www.linkedin.com/in/jhbarbee/  Twitter https://twitter.com/huxley_barbee  Mastadon https://infosec.exchange/@huxley  Bsidesnyc.org https://bsidesnyc.org/  Runzero https://www.runzero.com/    Try Fleet   Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. https://fleetdm.com/try-fleet/register.

Industrial Talk is chatting with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive vs Active Scanning.”  The following is a summary of our conversation: Cybersecurity and OT with Huxley from Run Zero. 0:00 Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations. Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world. Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts. Cybersecurity in IoT, OT, and ICS environments. 4:36 Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management. Huxley highlights the importance of security in IoT and OT environments, emphasizing that it's often an afterthought. Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on. Industrial control systems security. 9:13 Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making. Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate. Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls. Cybersecurity risks in industrial control systems. 14:04 Huxley emphasizes the importance of selecting security controls commensurate with the value of assets. Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them. Vendors and devices create variety and complexity in IoT security. Active scanning techniques for IoT devices. 20:02 Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented. The speaker highlights the bias against active scanning that has developed as a result of poor deployments in the past. Huxley argues that active scanning can be safe for OT and ICS environments with proper development. Active vs passive device discovery in cybersecurity. 24:19 Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful. Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations. Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in...

In this Risky Business News sponsor interview Tom Uren talks to Huxley Barbee, Security Evangelist at runZero finding the unknown unknowns and what even is a security evangelist anyway.

It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. Segment Resources: https://linktr.ee/huxley_barbee BSidesNYC: LinkedIn: https://www.linkedin.com/company/bsidesnyc/ Mastodon: https://infosec.exchange/@BSidesNYC runZero has a tool that can safely discover your entire OT network: Free trial: https://www.runzero.com/try/signup/ Show Notes: https://securityweekly.com/asw-259

It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. Segment Resources: https://linktr.ee/huxley_barbee BSidesNYC: LinkedIn: https://www.linkedin.com/company/bsidesnyc/ Mastodon: https://infosec.exchange/@BSidesNYC runZero has a tool that can safely discover your entire OT network: Free trial: https://www.runzero.com/try/signup/ Show Notes: https://securityweekly.com/asw-259

It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. In the news, how HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://securityweekly.com/asw for all the latest episodes!

It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. In the news, how HTTP/2's rapid reset is abused for DDoS, a look at the fix for Curl's recent high severity bug, OWASP moves to make CycloneDX a standard, Microsoft deprecates NTLM, VBScript, and old TLS -- while also introducing an AI bug bounty program. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-259

Network Asset Discovery is the process of identifying and cataloguing all devices, resources, and services present within a computer network. This is an essential step in maintaining the security, performance, and management of a network - and overlooking the inventory of unknown devices on your network can result in serious problems. In this episode of the EM360 Podcast, Head of Content Matt Harris speaks to Huxley Barbee, Security Evangelist at RunZero, about:Ramifications of a lack of network asset visibilityInvestigating network assets for incident responseCurrent state of asset discovery

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many questions as I sit down with Huxley Barbee of Run Zero. It isn't all doom and gloom but the outlook is definitely scary if we don't start taking action to secure the devices that often are ignored or the responsibility and burden is assumed to be already handled. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support

"It just boggles the mind that things that are so important to how our world works are so shockingly unprotected."According to ABI Research, less than five percent of critical industrial infrastructure is monitored for threats. The company also reports that by 2030 industrial environments will house more than 1.2 billion connection points for machines and production systems. So, while it's impossible to be in all places at all times, this growth in connectivity will place a greater strain on security resources even after prioritizing data and network assets, and focusing on the most pressing potential vulnerabilities. Throw in data from Rapid, the largest API hub in the world, showing that over 60 percent of API users are in manufacturing, and it becomes easy to understand how the industrial attack surface continues to expand and create new opportunities for the bad guys.These are dynamics that our guest for today's episode knows all too well.  Huxley Barbee is the Security Evangelist at runZero, a leading provider of cyber asset management solutions. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Huxley Barbee is a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory. Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. During his time there, he established a new security market presence & enabled the global sales force to grow sales by 482%. Huxley spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC.  He has a passion for bringing value to those around him and understanding what drives individuals and groups. In 2016, he founded a consulting practice at Cisco providing security automation and orchestration to Fortune 500 customers. Four years later, he brought Datadog's Cloud Security Platform to market. Now at runZero, he's helping organizations build comprehensive asset inventory. He resides in New York where he spends time trying to keep up with his children. You can connect with Huxley here: https://www.linkedin.com/in/jhbarbee/ --- Send in a voice message: https://podcasters.spotify.com/pod/show/techandmain/message

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. Huxley encourages our listeners to connect with him on various platforms as linked below.LinktreeLinkedInMastadonTwitterSome resources for finding conferences to submit papers to are linked below.Infosec ConferencesCFP TimeSecurity BSidesPulesdive's list of threat intel conferencesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Come see what many leaders miss, their blind spots. Behind-scenes talk with HUXLEY BARBEE, CISSP/CISM, who organized top security event at BSidesNYC, is a highly sought after security expert, public speaker and security evangelist at runZero. HE HAS Cloud Security Platforms and automated SecOps and IR playbooks.  Topics: importance of asset discovery, understanding what effective asset discovery means, improving security through better asset discovery, importance of asset discovery, why security efforts often fail, critical infrastructure risk in cyber security today, why internet of things is a large security risk, how zero trust can be helped by asset discovery, how zero trust improves through better asset discovery, how small business can improve security through better asset discovery, how national security can improve security through better asset discovery, can critical infrastructure improve security through better asset discoveryDon't miss the video interview: https://youtu.be/0-TZtZYcM_EAudio Podcast (available everywhere): https://cybercrimejunkies.buzzsprout.comWant more true cyber crime? More interviews with global leaders? Unique insight into emerging trends, news, and other shocking stories? Check out Https://cybercrimejunkies.com Please consider subscribing to our YouTube Channel for ALL Video episodes. It's FREE. It helps us help others. Our YouTube Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1ygDid you know? 80% of breaches are a result of stolen credentials. Why does your organization still rely on passwords as part of your authentication process? Beyond Identity Enforces continuous risk-based authentication, a fundamental tenet of a Zero Trust security program.Go to beyondidentity.com/podcast to get a free demo. Get a FREE DEMO today! Support the showThank you listening! Come Watch the Video episode!Please consider subscribing to our YouTube Channel for ALL Video episodes. It's FREE. It helps us help others. Our YouTube Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg

Huxley Barbee, Security Evangelist at runZero shares his valuable insights on various approaches to asset discovery, such as agents, authenticated active scanning, and pulling data from other solutions. We'll also touch on the pros and cons of passive network monitoring and unauthenticated active scanning for finding unmanaged devices.

Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government's current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection!0:00 - Asset detection at home1:18 - What is asset detection?2:44 - Is asset detection difficult?3:39 - Do asset detection on your network4:45 - Asset detection on a school network6:50 - How to put asset detection on your resume9:44 - What to study for asset detection roles10:31 - Learn more about runZero11:15 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Tech evangelist Huxley Barbee from runZero talks about asset detection, and yes, just asset detection. Learn about the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time, and join Barbee as he walks you through how it's all done and what you need in order to do it well.0:00 - Asset detection and asset mapping 2:56 - Getting into cybersecurity 4:12 - Shifting roles in cybersecurity to evangelist6:02 - What does a security evangelist do?8:30 - What is BSides NYC?14:41 - Planning in cybersecurity assets22:50 - Tools and techniques of asset inventory32:13 - The importance of asset discovery34:25 - Skills needed to work in asset detection37:32 - Cybersecurity starts and ends with assets42:22 - What does runZero do?44:44 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Huxley Barbee is a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory. Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. He has spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC.   00:00 Introduction 00:15 Our Guest 01:00 Huxleys Origin Story 02:27 Proactive Security, Risk, and Asset Inventory: What's the connection? 04:56 Using the right tools 07:17 IPv4 and IPv6 11:15 What do you need in terms of an ACCURATE Asset inventory? 21:56 Asset Inventory Playing a role in ransomware 26:17 Connecting with Huxley  https://www.runzero.com/ https://www.linkedin.com/in/jhbarbee/ https://www.helpnetsecurity.com/2023/02/24/bsidesnyc-2023/

In this episode, host Bidemi Ologunde spoke with Huxley Barbee, the lead organizer for BSides NYC and a Security Evangelist at runZero, a cyber asset management solution.The discussion covered various topics related to asset-centric investigations, such as the pros and cons of the different methods of conducting cyber asset inventory; operational technology (OT) scanning; and security research-based fingerprinting and incremental fingerprinting. Huxley also delved into vulnerability prioritization technology (VPT) and the utility of Shodan, a popular search engine for identifying and cataloging internet-connected devices and systems. Additionally, he mentioned some of the tools required for network access security; the stark reality of managing threat attack surfaces, and lots more. To wrap up, he shared insights into how runZero can aid organizations in securing all their network assets and devices.==============Organize your work and life, finally.Become focused, organized, and calm with Todoist. The world's #1 task manager and to-do list app.Start for free=======Receive $25 off orders of $149+ with code SWAPSRF at Snake River Farms!Whether you're a seasoned veteran or a beginner to beef, the pioneers of American Wagyu have got you covered with $25 off your order.Shop Delicious Meats Now=======Turn your Airtable or Google Sheets into modern business tools you need.Softr lets you stop waiting for developers. Build software without devs. Blazingly fast. Trusted by 100,000+ teams worldwide.Start building now.=======Sesame Care - Doctor appointments as low as $19.Find the best price for the highest quality physicians. Book an appointment in minutes.Get Started=======Compliantly hire anyone, anywhere, in 5 minutes with Deel.Deel is your one-stop shop for hiring, paying, and managing your remote team. We stay on top of local labor laws across the world to ensure compliance and mitigate risk so that you don't have to.Get Started=======Shut The Box Game.Dating back to 12th century France, sailors cherished playing Shut The Box Game. In modern times whether you're camping with friends or relaxing with family, you'll have endless fun with this easy-to-learn game! Buy 2, Get 1 Free, plus free shipping within the United States.Get Started=======Support the show

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's Sponsors ____________________________Episode NotesIn this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesBSides NYC: https://bsidesnyc.org/____________________________Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's Sponsors ____________________________Episode NotesIn this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesBSides NYC: https://bsidesnyc.org/____________________________Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?

Today on That Tech Pod, Laura and Gabi speak with Huxley Barbee. Huxley Barbee is the organizer of the BSides NYC Security Conference and a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory.Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. During his time there, he established a new security market presence & enabled the global sales force to grow sales by 482%.Huxley spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC. He has a passion for bringing value to those around him and understanding what drives individuals and groups.In 2016, he founded a consulting practice at Cisco providing security automation and orchestration to Fortune 500 customers.Four years later, he brought Datadog's Cloud Security Platform to market. Now at runZero, he's helping organizations build comprehensive asset inventory.He resides in New York where he spends time trying to keep up with his children.Today's sponsor:All too often, it's only a matter of time before a business will suffer a cyber-attack. The potential impact of cybercrime requires that cybersecurity be viewed as a business risk, rather than a simple IT issue. Fundamentally, an organization's reputation is on the line as a cyber-attack may impact business operations, financial integrity, and legal exposure to its customers and partners. In order to adequately address the risks from large and complex cybercrimes, it is critical that organizations develop a strong crisis management strategy.   From incident response, to forensic investigation, to litigation and regulatory response, EY Privacy and Cyber Response professionals from the EY Forensics team are available to assist organizations against the most challenging cyber-attacks. Learn how the EY Forensics team can help you mitigate risks and improve your cyber response at www.ey.com/forensics.

Listen to our interview with Huxley Barbee, Security Evangelist at runZero and organizer of the BSidesNYC event.    We discussed the following topics among others.  What “concrete security vulnerabilities companies face when they are not fully aware of their network assets?   How asset inventory is a bedrock of risk management?  Why Do Most Companies Struggle With Asset Inventory?  Some actionable tips and more...   If you want to be our guest, or you know some one who would be a great guest on our show, just send your email to info@globalriskconsult.com with a subject line “Global Risk Community Show” and give a brief explanation of what topic you would like to to talk about and we will be in touch with you asap.

All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, “You can't protect what you don't know.” Everyone agreed with that. Problem is, “what you don't know” has grown… a lot." Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Everyone agrees that, “You can't protect what you don't know”, but what do you do when, “what you don't know” has grown…a lot? With all our efforts to know our assets, are we doing any better understanding? How do we decide what we should really be measuring? How do we determine what's most important in terms of asset management?

Prologue This week, we take it back to the basics, that's right, the basics, as we talk to Huxley Barbee about the need to identify and understand the assets on your network and in your various environments. A fascinating conversation with some history, some laughs, and some honest discussion a topic that's absolutely critical to cyber security. If you've not done so, go check out the conversation with Dell Technologies' John Scimone -- a CSO's perspective on fundamentals: https://ftwr.libsyn.com/dtsr-episode-513-cso-perspective-on-security-fundamentals which will give you some additional perspective on this issue. Guest Huxley Barbee LinkedIn: https://www.linkedin.com/in/jhbarbee/ 

Comprehensive asset discovery is foundational to robust and proactive cybersecurity governance. The Cybersecurity and Infrastructure Security Agency recently issued a directive (BOD 23-01) requiring federal enterprises (civilian executive branch) to perform automated asset discovery every 7 days. Among other things, the directive also requires federal enterprises to initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days. Huxley Barbee, Security Evangelist at runZero and former Cybersecurity Practice Lead at Cisco, discusses the various methods of comprehensive asset discovery and provides guidance in selecting an appropriate asset discovery tool.Time Stamps01:33 -- Please share with the listeners some highlights of your professional journey.03:13 -- Share some stories and anecdotes of the consequences of poorly managed asset inventory.09:37 -- Why didn't organizations engage in comprehensive asset discovery? What were the hurdles, if any? Now that there is a CISA directive, what's the guarantee that organizations will be in a position to follow through with the orders?13:12 -- Let's discuss some solutions, recommendations, and approaches to better managing asset discovery.22:00 -- It seems that the unauthenticated scan is the best approach. Can you please clarify?26:16 -- It is equally important for organizations to report on the actions taken in response to the discoveries. Is there a CISA directive to that effect? Can you shed some light on that, please?33:32 -- Please summarize some of the key takeaways from our chat this morning35:42 -- How about providing listeners with some selection criteria when they're evaluating different products in the market, asset discovery products? What should they be aware of? What are the kinds of questions they should be asking? So it helps them make good selections.Memorable Huxley Barbee Quotes/Statements"The unfortunate reality is that asset inventory is still an unsolved problem for so many organizations. They might have some tooling for dealing with asset discovery, but usually, they end up with spreadsheets.""There is greater recognition, especially from government agencies, of the need for asset discovery.""Asset Inventory isn't just a list of devices that you have on your network. It's also what is on those devices, what services are on those devices, what ports are those devices listening to, and who owns those devices.""There are many hurdles associated with asset inventory management. The one that looms the largest is unmanaged devices, unmanaged assets, that is the achilles heel of any asset inventory program.""Why would the adversary go for a well-managed up to date patched machine when they can just go ahead and attack something that's out of date and unpatched, with numerous exploits that they might be able to download from the Internet.""Unmanaged devices are why customers end up using spreadsheets where the existing tooling just isn't performing as they want. And so they have to end up using spreadsheets instead.""With unauthenticated scanning, you have the best of many worlds, right, you have the ability to go out and find all the assets on the network, even if they're unmanaged. But you don't have the problems of credential spraying. And depending on how the unauthenticated scanner is implemented, you can even talk to OT devices without the fear of crashing, some sort of mission-critical function."Effectively, BOD 2301 is suggesting the use of unauthenticated scans for the asset discovery portion of this particular directive.""A customer...

Huxley Barbee is the Security Evangelist at runZero. Huxley explains the importance of running a comprehensive network asset inventory and compares various methods for doing so. He also provides some great tips for new CISOs and for home cyber protection. https://www.runzero.com/