Podcasts about InfraGard

On today's episode we're talking about the complex issue of cryptocurrency and divorce, and to help unpack it, I brought in Chris Groshong. Chris made the leap from biotech to fintech when he founded CoinStructive back in 2015. Since then he's worked for crypto financial institutions and has helped hundreds of people track down crypto lost to scams, hacks, and yes, hidden in divorce. If crypto feels confusing, secretive, or even a little bit shady to you, you're not alone. But as Chris explains, the blockchain is actually built on transparency. So once you know what to look for, it becomes a powerful tool for uncovering hidden assets.  In this conversation, we break down what crypto really is, how it shows up in divorce, and what steps you can take if you suspect it's being used to conceal money. Here's what else we discuss in this episode: What cryptocurrency is and why understanding how it works is so important in the context of divorce (3:29) What the hell is the blockchain?? (4:56) Why crypto can be risky in divorce: people often forget that it's not just about gains, but losses too (21:26) Red flags that might signal your spouse is hiding crypto (think unexplainable withdrawals, hardware wallets, or sketchy apps) (24:56) How crypto investigations actually work and why they're often more successful than you'd think (44:49) Learn more about Chris Groshong: Chris Groshong is a Certified Fraud Investigator who focuses on helping victims of cryptocurrency scams. He is also the Chief Compliance Officer for several crypto financial institutions including Bitcoin ATM operators, OTC exchanges, Wallet operators, DeFi platforms and more. He helps oversee money transmitter licensing and regulatory affairs for his clients at a fraction of the cost of attorneys. He is a member of the CFCIA (California Financial Crimes Investigators Association), Government Blockchain Association, The Chamber of Digital Commerce, ABA (American Bar Association), ACFCS, ACFE, ACAMS, and has served as an Expert Witness in a Federal fraud case involving Bitcoin and Monero as well as several Divorce cases. He maintains a public-private partnership with the FBI through Infragard. Chris is the Executive Director of the Crypto Recovery Alliance, a non-profit organization dedicated to helping victims of crypto thefts and scams by providing Blockchain Forensics to victims who can't afford services, as well as access to low or no-cost Mental Health services and preventative education and training. Resources & Links:The Divorce Survival Guide Resource BundleFocused Strategy Sessions with Kate  Phoenix Rising: A Divorce Empowerment Collective Chris's website Crypto Recovery Alliance Chris on LinkedIn =================== DISCLAIMER:  THE COMMENTARY AND OPINIONS AVAILABLE ON THIS PODCAST ARE FOR INFORMATIONAL AND ENTERTAINMENT PURPOSES ONLY AND NOT FOR THE PURPOSE OF PROVIDING LEGAL OR PSYCHOLOGICAL ADVICE.  YOU SHOULD CONTACT AN ATTORNEY, COACH, OR THERAPIST IN YOUR STATE TO OBTAIN ADVICE WITH RESPECT TO ANY PARTICULAR ISSUE OR PROBLEM. Episode link: https://kateanthony.com/podcast/episode-328-crypto-and-divorce-how-to-uncover-digital-assets-with-chris-groshong  

Join The Audit as we dive into the high-stakes intersection of critical infrastructure and cybersecurity with Tim Herman, President of InfraGard Minnesota. InfraGard is a unique public-private partnership with the FBI designed to protect the 85% of America's essential systems owned by the private sector. From power grids to transportation, the vulnerabilities are real—and increasingly complex. In this episode, we discuss: How joystick-operated tugboats on the Mississippi reveal hidden cyber risks Why tabletop exercises are vital for incident readiness Common mistakes in organizational response plans (and how to fix them)  The importance of physical backups and redundant communication systems  Actionable steps to bridge the gap between planning and execution Cybersecurity isn't just an IT issue—it's national security. Don't miss this compelling conversation on how InfraGard is helping organizations build resilience before the next breach hits. Like, share, and subscribe for more expert insights from the frontlines of cybersecurity.

  Cybersecurity Response Plan w/ Frank Grimmelmann of ACTRA   - AZ TRT S06 EP03 (264) 2-9-2025                 What We Learned This Week ACTRA Arizona Cyber Threat Response Alliance Cyber threats affect everyone from Gov't to business to private and growing Companies need to be responsive with speed to be effective + share information of attacks ACTRA has members from both government and private sector ACTRA helped create a state cybersecurity response model that other states can use     Guest: Frank Grimmelmann https://www.actraaz.org/actra/leadership President & CEO/Intelligence Liaison Officer   Mr. Grimmelmann also serves as Co-Chair (together with Arizona's Chief Information Security Officer) for the Arizona Cybersecurity Team (‘ACT'), created through the Governor's Executive Order signed in March 2018. He also serves as a Founding Member of the National Leadership Group for the Information Sharing & Analysis Organization Standards Organization (‘ISAO SO') at the University of Texas San Antonio (UTSA), created under the President's Executive Order 13691 in February 2015. As ACTRA's leader, Mr. Grimmelmann was invited as the first private sector representative in the Arizona Counter Terrorism Information Center (ACTIC) and served as its first private sector Executive Board representative from 2014-2019. He presently acts as ACTRA's designated private sector liaison to ACTRA's Key Agency and other non-Member Stakeholders.    Mr. Grimmelmann served four terms as AZ InfraGard's President from 2009-2012, serves today on numerous academic advisory boards, co-Chairs the Greater Phoenix Chamber's Cybersecurity Workforce Collaborative initiative, and is an engaged Member of the Arizona Technology Council's Cybersecurity Advisory Board.  In 2019, Mr. Grimmelmann was honored by the FBI, and the Board of Directors of both ACTRA and Arizona InfraGard as the first recipient of Arizona InfraGard's ‘Visionary Award' for creating the ACTRA framework  over his last 2 terms as Arizona InfraGard's President, and ACTRA's resulting collaboration between law enforcement/ intelligence agencies/USCYBERCOM, and its public, private and academic organizations over the past 7 years.   He was simultaneously recognized by the FBI's then Deputy Director for his contribution over the years. He remains an active Member of InfraGard since 2003 and an active Lifetime Member of the FBI Citizens Academy since 2006.   Since 2002 he has devoted his full-time attention to protecting our nation's critical infrastructure and national security interests, through eliminating unnecessary silos that hinder communication, allowing  us to respond to today's increasing threat from our cyber adversaries, and in turn permitting ACTRA's Member Organizations to protect their critical infrastructure and our national security interests, while protecting their organization's assets .   Educationally, he holds a dual MBA in International Business and Finance from the University of California at Berkeley and brings decades of experience as a senior executive in finance, healthcare and government, prior to focusing on Cybersecurity in response to 9/11.          Notes:   Seg 2   Cyber threats affect everybody, business, personal, and government. Cyber crime is a fact of life that we need to live with it, but stay ahead.   Criminals are on the offense and only have to be correct 1% of the time. Everybody else is playing defense and has to be right 100% of the time.   AI is an advanced tool that is turned out to be a two edge sword, can help and hurt. AI can only catch so much but can give a few of what is going on.   This is a matter of national security, dealing with homeland security and many other departments of the government.   You have threat intelligence to determine roles on how you're going to handle hackers and ransom ware. Hackers can be local or foreign.   All companies need a cyber policy and some sort of rapid tactical response.   Cyber attacks are an ever growing threat to people and businesses, and continue to surge in 2024. There was 107% surge in malware attacks.   These are on corporate computers, computers at work or home computers or even Home devices like Ring. You get a text through devices, phishing attacks.   Company business email can be compromised in an attack, people's passwords come out and it leads to millions of dollars in losses. Elderly people are very vulnerable, 353,000 attacks.   You have supply chain threats by terrorist and nation state actors. There was a recent attack on United Healthcare for 100 million. People‘s information was exposed. This led to a $22 million ransom payment.   Cyber attacks cause $2.9 billion in damages. Companies are paying ransom to faceless criminals. Very tough for the FBI to be tracking down on these criminals and try to fend off the extortion of stolen data.   Payments for ransom could be made through Bitcoin, which is difficult to trace, though it leaves somewhat of a forensic trail. Constant need for regulation and oversight from the government.   Famous incident last year was not even an attack, but the Crowdstrike software update. ACTRA had a quick response that day. One that helps clients and partners recover fast. In a similar instant, Delta was down for weeks with computer problems.   When you think about what goes on with banks back to 2008 - what loans they have on balance sheet and then off balance sheet securitized - not regulated like normal loans.   Issues with underwriting standards on loans. Not even sure what can be affected in a Cyber attack. Off balance sheet loans and debt is similar to crypto or Bitcoin where it is not being regulated.   PPD-41 was a directive to show responsibilities of government agencies and dealing in cyber. You had homeland security as a defensive arm to protect the nation's assets.   Enforcement is done in the US by the FBI. Overseas it's done by US Cyber Command.     Seg 3   Frank background in the 1990s in private business, worked in healthcare. Then was the chief info officer and the only 2000s at clinical in Stanford. Healthcare is very vulnerable.   Post 9/11 he worked with FBI outreach program called InfraGuard on how to share intelligence with cyber threats. Needs to be treated like terrorism or criminal acts, though they're taking stolen IP. Need to move to a more stable world.   2011 study was done by government organizations to review the process and make recommendations on how to deal with counterterrorism and cyber.   90% of the critical infrastructure in the US is in the private sector. They do need Fed level help, but have also have a local response. Cyber threat actors move quickly and act like a terrorist organization.   General Stanley McChrystal had a great quote, ‘It takes a network to defeat a network.' Cybersecurity is everyone's problem. You need education and organization. This is a 5th generation problem and you have to be adaptive.   ACTRA is a nonprofit dealing with cyber security. They've got pillars of empowerment, trust technology and intelligence. Need for the private companies to develop to train and recruit to handle this threat.   They created a model which allows to bring the fight on offense - and all work together sharing information. Virtual response team, small and big with the private sector as a partner.   ACTRA is a hub for info, and keeps its member information private. Some members are public like Arizona State. Actual model can be used for the rest of the nation. Government and private cannot do it alone. Not all states have this type of organization, but probably need it.     Seg 4   ACTRA started in January 2013. Give U.S. states a model for cyber security. Collective defense and share information with public and private organizations. The goal is to breakdown silos between government and the corporate world.   Not just a thing tank, has an active model. Review of ACTRA model is best in the country and a good hub for response and info.   In 2015, they helped Wisconsin create their own state organization for cyber threats. Soon after, Maryland created one using ACTRA as a model. Needs to be an effort of collaboration, merge the construct of entrepreneur spirit to take action.   So the government cyber threats are handled nationally at a Fort Meade, where the NSA is.   Frank's background in business in finance and healthcare fields.   Info is useless if not used for action. You need actionable intelligence that is current to take down a threat. You need more than continuing education and certificates for people, must go beyond this.   Virtual response team like a local militia who can help protect assets. Going after cyber criminals can be a little bit like a whack a mole.   Overtime, hopefully there will be a national strategy for info sharing. A type of decentralized and local organization that work with government.   The private sector owns the vast amount of data so they have to determine who they're going to share it with and how.   Defend vs Cyber fast while still working within the spirit of the law.       Seg. 1 Clips from Related Shows: Cybersecurity, Disruption, Blockchain & Terrorism w Ari Redbord of TRM Labs - BRT S02 EP31 (78) 8-1-2021     What We Learned This Week Cybersecurity is extremely important industry for national security TRM Labs startup in cyber-security, monitors blockchain OFAC - Gov't administers economic and trade sanctions Ransomeware – specific breach, takeover of a computer system, holds data hostage Programatic Money Laundering – bad guys create new addresses, create ‘shell' companies   Guest: Ari Redbord, Head of Legal and Government Affairs w/ TRM Labs https://www.linkedin.com/in/ari-redbord-4054381b4/ https://www.trmlabs.com/post/trm-labs-appoints-ari-redbord-as-head-of-legal-government-affairs   Ari is formerly a US Attorney, and worked in the Treasury Department, now advises the Government on cybersecurity, and Blockchain. Cybersecurity is a fast growing and extremely important industry for national security, and corporate interests. There are Nation States acting as bad players in the cyber realm and targeting the US Government and US business. We discuss the advancements in technology on cyber crime, blockchain, crypto, and online fraud. How is the FBI dealing with Ransomware, and other cyber attacks on prime targets like the Colonial Pipeline, or other big corps. What Regulations are coming in banking, and Fintech, with KYC (Know Your Customer), plus the big banks like JP Morgan Chase and Goldman are on board.  What the blockchain ledger can help solve in security, to monitor criminal activity in real time with the help of crypto exchanges like Coinbase.  Lastly, what TRM Labs does for clients, how they advise, operate, and who they work with.   Full Show: HERE     Phishing, Malware & Cybersecurity - Try Not to Get Pwned - BRT S02 EP47 (94) 11-21-2021   What We Learned This Week:   Have I been Pwned? Means have I been breached / hacked – did someone hack my email or website Phishing – most common type of email threat, like when you receive a strange email with a link – Do Not Open – DELETE (and alert other office staff of the email) Ramsonware – hack your website, or data – hold it hostage for an extortion ‘ransom' payment Dark Web – where stolen data, & info is being bought & sold VPN Connections – direct and secure   Guests: Vince Matteo, Seven Layer Networks, Inc. https://sevenlayers.com/ Vince Matteo is a certified penetration tester, a security researcher, and a senior consultant at Seven Layers (.com) where he focuses on securing small businesses.  Vince is the author of "Hacking 101 – A Beginner's Guide to Penetration Testing", he's a bug bounty hunter with 17 published critical vulnerabilities, and he's presented talks on offensive hacking at security conferences -- most recently GrrCON in Grand Rapids, MI and BSides in College Station, TX.  Outside of work, Vince is an accomplished endurance athlete, an Ironman age group champion, and in his spare time, you can find him in the desert -- training for the next hundred-mile ultramarathon.    Full Show: HERE     Biotech Shows: https://brt-show.libsyn.com/category/Biotech-Life+Sciences-Science   AZ Tech Council Shows:  https://brt-show.libsyn.com/size/5/?search=az+tech+council *Includes Best of AZ Tech Council show from 2/12/2023   Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science  Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech   ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT      Thanks for Listening. Please Subscribe to the AZ TRT Podcast.     AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business.  AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving.  Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more…    AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here                    More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/     Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.  

This morning on the Greg and Dan Show, we spoke with Dave Johnson from Pearl Technologies.   In this interview, Dave speaks to us about Infragard and critical infrastructure in America. Infragard is a collaboration between the FBI and private-sector experts in specific subject matters. Members work hand in hand with the FBI to help to protect American citizens and critical infrastructure. Dave shares members of the Peoria chapter and how you could potentially become a member.  See omnystudio.com/listener for privacy information.

Explosive pagers; now walkie talkies! Back-to-back days of coordinated attacks using explosive material in basic tech items to attack Hezbollah members. But how are these attacks happening? To give us some insight, we asked Ken Gray, a lecturer of homeland security and terrorism, and criminal justice at the University of New Haven.  Gray is a member of ASIS International, InfraGard, the Academy of Criminal Justice Sciences (ACJS), the American Society of Criminology (ASC), the Association of Former Intelligence Officers (AFIO), and the Society of Retired Special Agents of the FBI. IMAAGE CREDIT: iStock / Getty Images Plus

Join us on this powerful episode of the Legacy Leaders Show as we feature Joshua (JTan) Tannehill, a seasoned cybersecurity expert, retired US Air Force veteran, and passionate advocate for protecting Louisiana's digital landscape. With 27 years of experience in IT and cybersecurity, Joshua shares his journey, from why he joined the Air Force to how he chose the path of IT and cybersecurity. Discover how Joshua played a pivotal role in protecting the state of Louisiana during the 2019 security breach and how he continues to build a thriving community of IT professionals through collaborations with InfraGard and the FBI. Tune in for invaluable insights into cybersecurity, IT leadership, and Joshua's dedication to safeguarding our critical infrastructure. This episode is packed with lessons on leadership, resilience, and the future of cybersecurity.

Join us on this powerful episode of the Legacy Leaders Show as we feature Joshua (JTan) Tannehill, a seasoned cybersecurity expert, retired US Air Force veteran, and passionate advocate for protecting Louisiana's digital landscape. With 27 years of experience in IT and cybersecurity, Joshua shares his journey, from why he joined the Air Force to how he chose the path of IT and cybersecurity. Discover how Joshua played a pivotal role in protecting the state of Louisiana during the 2019 security breach and how he continues to build a thriving community of IT professionals through collaborations with InfraGard and the FBI. Tune in for invaluable insights into cybersecurity, IT leadership, and Joshua's dedication to safeguarding our critical infrastructure. This episode is packed with lessons on leadership, resilience, and the future of cybersecurity.

Gang Stalking & Electronic Harrassment are just individual legs of the greater body that is the spiritual war. In this final part 3 of 3 of the story, John Falcon recalls COP CITY Disaster Tourism and tells what he thinks it takes to be a good surveillance target. (This story is based on a real story of an actual Targeted Individual. The story was authored by the Smoking Owl in a collaboration with this individual. All names have been changed for the sake of privacy.) The Journey To Overcome Of John Falcon. The ELECTRONIC HARRASSMENT & GANG STALKING Knocked Me Down. Now I Know How To Be A Good Surveilance Target So stay tuned for this gruesome affair... Part 3 of the 3 Part Series. 'COP CITY & How To Be A Good Surveillance Target' --------------------------------

Gang Stalking & Electronic Harrassment are just individual legs of the greater body that is the spiritual war. In this part of the story, I discuss the relentless Voice to Skull (V2K) attacks that happened to me... in my own home. (This story is based on a real story of an actual Targeted Individual. The story was authored by the Smoking Owl in a collaboration with this individual. All names have been changed for the sake of privacy.) The Journey To Overcome Of John Falcon. The ELECTRONIC HARRASSMENT & GANG STALKING Knocked Me Down. Now I Know How To Be A Good Surveilance Target So stay tuned for this gruesome affair... Part 2 of the 3 Part Series. 'I Can't Stop The Voice In My Head.' --------------------------------

Gang Stalking & Electronic Harrassment are just individual legs of the greater body that is the spiritual war. In this part of the story, I discuss my first wrong move and the reason why I and all of my family has been on a watch list since the day I was born. (This story is based on a real story of an actual Targeted Individual. The story was authored by the Smoking Owl in a collaboration with this individual. All names have been changed for the sake of privacy.) The Journey To Overcome Of John Falcon. The ELECTRONIC HARRASSMENT & GANG STALKING Knocked Me Down. Now I Know How To Be A Good Surveilance Target So stay tuned for this gruesome affair... Part 1 of the 4 Part Series. ‘They Tried To Blind My Third Eye.' --------------------------------

Podcast: Digitalization Tech TalksEpisode: Episode 41: Cybersecurity in the Process Industries - Protect Your TurfPub date: 2024-05-30The OT (operational technology) space has never been more of a target to cyber threats than today. A recent McKinsey & Company article stated “As this sector embraces digitalization, its ‘attack surface' is skyrocketing. In a space that boasted about being air-gapped, or unplugged from the internet environment in years past, these new capabilities have made it vulnerable to attack – and threat actors are chomping at the bit.” In this episode we discuss cybersecurity in the process industries with cybersecurity expert, Marco Ayala, President of the Houston chapter of InfraGard, a partnership between the FBI and the private sector for the protection of U.S. critical infrastructure. Marco, who has a long history in industrial security, comes from the unique perspective of being a supplier to the process industries as well as an end user. We discuss:Current landscape of cybersecurityChallenges facing owner operators todayRole of regulatory agencies and standards organizationsStrategies asset owners are undertaking and first steps to achieve themJoin our series hosts, Jonas Norinder and Don Mack, for an episode filled with helpful information that will guide you on your journey to stay cybersafe! Show Notes:Video: NOVA – A.I. Revolution (https://to.pbs.org/4aWsoe5) time 47:50 in videoArticle: Board of directors: The final cybersecurity defense for industrials (https://mck.co/454z5cH) Website: Cyber Informed Engineering (https://bit.ly/4e4ypbl)Website: Consequence-Driven Cyber-Informed Engineering (https://bit.ly/4aC8O6p)Website: InfraGard – Partnership for Protection (https://www.infragard.org/)Additional resources: https://bit.ly/3yD2Q8jUpcoming webinar (Wednesday, July 11, 2024):Navigating the Digital Workforce: 4 Strategies for Success in the Age of Technology (https://bit.ly/3Va6H4m) Contact us:· Marco Ayala (marco.ayala@infragardhouston.org)· Don Mack (mack.donald@siemens.com)· Jonas Norinder (jonas.norinder@siemens.com)The podcast and artwork embedded on this page are from Siemens, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Digitalization Tech TalksEpisode: Episode 41: Cybersecurity in the Process Industries - Protect Your TurfPub date: 2024-05-30The OT (operational technology) space has never been more of a target to cyber threats than today. A recent McKinsey & Company article stated “As this sector embraces digitalization, its ‘attack surface' is skyrocketing. In a space that boasted about being air-gapped, or unplugged from the internet environment in years past, these new capabilities have made it vulnerable to attack – and threat actors are chomping at the bit.” In this episode we discuss cybersecurity in the process industries with cybersecurity expert, Marco Ayala, President of the Houston chapter of InfraGard, a partnership between the FBI and the private sector for the protection of U.S. critical infrastructure. Marco, who has a long history in industrial security, comes from the unique perspective of being a supplier to the process industries as well as an end user. We discuss:Current landscape of cybersecurityChallenges facing owner operators todayRole of regulatory agencies and standards organizationsStrategies asset owners are undertaking and first steps to achieve themJoin our series hosts, Jonas Norinder and Don Mack, for an episode filled with helpful information that will guide you on your journey to stay cybersafe! Show Notes:Video: NOVA – A.I. Revolution (https://to.pbs.org/4aWsoe5) time 47:50 in videoArticle: Board of directors: The final cybersecurity defense for industrials (https://mck.co/454z5cH) Website: Cyber Informed Engineering (https://bit.ly/4e4ypbl)Website: Consequence-Driven Cyber-Informed Engineering (https://bit.ly/4aC8O6p)Website: InfraGard – Partnership for Protection (https://www.infragard.org/)Additional resources: https://bit.ly/3yD2Q8jUpcoming webinar (Wednesday, July 11, 2024):Navigating the Digital Workforce: 4 Strategies for Success in the Age of Technology (https://bit.ly/3Va6H4m) Contact us:· Marco Ayala (marco.ayala@infragardhouston.org)· Don Mack (mack.donald@siemens.com)· Jonas Norinder (jonas.norinder@siemens.com)The podcast and artwork embedded on this page are from Siemens, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The OT (operational technology) space has never been more of a target to cyber threats than today. A recent McKinsey & Company article stated “As this sector embraces digitalization, its ‘attack surface' is skyrocketing. In a space that boasted about being air-gapped, or unplugged from the internet environment in years past, these new capabilities have made it vulnerable to attack – and threat actors are chomping at the bit.” In this episode we discuss cybersecurity in the process industries with cybersecurity expert, Marco Ayala, President of the Houston chapter of InfraGard, a partnership between the FBI and the private sector for the protection of U.S. critical infrastructure. Marco, who has a long history in industrial security, comes from the unique perspective of being a supplier to the process industries as well as an end user. We discuss:Current landscape of cybersecurityChallenges facing owner operators todayRole of regulatory agencies and standards organizationsStrategies asset owners are undertaking and first steps to achieve themJoin our series hosts, Jonas Norinder and Don Mack, for an episode filled with helpful information that will guide you on your journey to stay cybersafe! Show Notes:Video: NOVA – A.I. Revolution (https://to.pbs.org/4aWsoe5) time 47:50 in videoArticle: Board of directors: The final cybersecurity defense for industrials (https://mck.co/454z5cH) Website: Cyber Informed Engineering (https://bit.ly/4e4ypbl)Website: Consequence-Driven Cyber-Informed Engineering (https://bit.ly/4aC8O6p)Website: InfraGard – Partnership for Protection (https://www.infragard.org/)Additional resources: https://bit.ly/3yD2Q8jUpcoming webinar (Wednesday, July 11, 2024):Navigating the Digital Workforce: 4 Strategies for Success in the Age of Technology (https://bit.ly/3Va6H4m) Contact us:· Marco Ayala (marco.ayala@infragardhouston.org)· Don Mack (mack.donald@siemens.com)· Jonas Norinder (jonas.norinder@siemens.com)

Today's episode with Dan Ramey is about how to sell to clients - specifically attorneys. In this episode, Dan and Leah discuss: Types of services that fall under forensic accountingHow to sell forensic accounting service to attorneysHow to avoid the sales-y feelingConsiderations when starting a forensic accounting practice as a solo practitioner or within a public accounting or consulting firmIn this season of the Data Sleuth Podcast, join Leah Wietholter as she discusses the business of forensic accounting with successful professionals who have done just that! As part of this series, Workman Forensics and podcast guests are providing free resources and tools to accompany each episode to help you with your practice whether you're just starting out or wanting to take it to the next level. Make sure to listen to the end of the episode to find out how to download! Lastly, during the last episode of the season, we are going to answer all of your questions - so if you have any questions about the business of forensic accounting, send them to Leah via YouTube, LinkedIn, or by emailing us at podcast@workmanforensics.com.GUEST BIODan is the Founder and President of Houston Financial Forensics, LLC, and Dan T. Ramey, CPA, LLC.  His professional certifications include CPA/CFF/CITP/ABV, CFE, CVA, CIA/CRMA, CISA/CISM, and CMA.  He is a past President of the Houston Chapter of the Institute of Internal Auditors and formerly a member of the Board of Governors.  Dan previously served as Chairman of the Houston CPA Society's Forensic and Valuation Committee and served two terms as the Treasurer of the Houston Chapter of InfraGard.  Dan is also an adjunct professor at the Hankamer School of Business at Baylor University – Accounting and Business Law Department and the C. T. Bauer School of Business – Accounting Department at the University of Houston, where he currently teaches Forensic Accounting and previously taught Enterprise Risk Management. Both courses are graduate level in the Masters of Accountancy programs.Dan graduated from Baylor University with a BBA in Accounting and from Houston Christian University with an Executive MBA. Dan was awarded the Certified Fraud Examiner of the Year award by the ACFE Houston Area Chapter in December 2019.  In 2020, Dan was awarded a Lifetime Achievement Award by the ACFE Houston Area Chapter.  In 2018, he was recognized by the ACFE at their Global Annual Conference in Las Vegas as Educator of the Year.Houston Financial Forensics, LLC is a professional services provider in the areas of fraud investigation, cyber security / cyber fraud risk assessment, forensic accounting, and litigation support.Email: dan@houstonfinancialforensics.comLinkedIn: https://www.linkedin.com/in/danramey/RESOURCES MENTIONED IN TODAY'S EPISODETo access the downloads discussed in this episode, visit: www.datasleuthpodcast.comTo learn more about the Investigation Game Education Edition, visit: workmanforensics.com/tig-educatorsOrder your copy of Leah's book, Data Sleuth: Using Data in Forensic Accounting and Fraud Investigations today on Amazon!CONNECT WITH WORKMAN FORENSICSYoutube: @WorkmanForensicsFacebook: @wforensicsTwitter: @wforensicsInstagram: @wforensicsLinkedIn: @workmanforensicsSubscribe and listen to this and more episodes of The Data Sleuth® Podcast on Apple Podcasts, Spotify, Android, or anywhere you listen.

Join us on this episode of Faithful Politics as we welcome Sean Patrick Tario, an innovative entrepreneur deeply invested in the realms of technology, privacy, and community empowerment. Sean is the visionary founder behind Open Spectrum Inc., a consultancy offering indispensable insights into the data center industry, and a driving force at mark37.com, which focuses on curating products and services fostering a sovereign lifestyle. Additionally, he co-founded Intelligence On Demand, a dedicated team combating misinformation, illustrating his commitment to decentralization, privacy, and the power of technology to uplift communities.Throughout the episode, Sean shares his journey from the North Shore of Chicago to the heart of Silicon Valley during the dot-com boom, eventually settling in the vibrant community of Santa Cruz, California. His story is a testament to following one's passion and the pursuit of knowledge, underscored by his involvement in the Ron Paul campaign and his lifelong mission to educate on the intricacies of economics, politics, and the true nature of money.Sean's insights are particularly resonant in today's digital age, where he raises critical discussions around privacy, the surveillance state, and the overarching influence of big tech. His perspective challenges us to consider the impact of our digital footprints and the importance of reclaiming control over our personal data.This conversation is not just about technology; it's a deep dive into the implications of our digital lives on our real-world freedoms and the steps we can take to safeguard our privacy. Whether you're a tech enthusiast, concerned citizen, or someone curious about the intersections of technology and society, Sean's message is both enlightening and urgent.Guest Bio:Sean is a seasoned IT professional, entrepreneur, author and investor. He has worked over the years with hundreds of startups and scaling companies as a general advisor, director, consultant, professional trainer and award winning sales producer. He has produced dozens of high impact sales and data center marketplace training events across the country and negotiated hundreds of data center and hosting contracts with service providers around the world. Sean also spends his time serving as an industry advocate through his work with the Internet Infrastructure Coalition (I2C) in Washington DC as well the North Carolina Board of Science, Technology and Innovation (NCBSTI),  InfraGard and the North Carolina District Export Council (NCDEC) in Raleigh, North Carolina.Support the Show.To learn more about the show, contact our hosts, or recommend future guests, click on the links below: Website: https://www.faithfulpoliticspodcast.com/ Faithful Host: Josh@faithfulpoliticspodcast.com Political Host: Will@faithfulpoliticspodcast.com Twitter: @FaithfulPolitik Instagram: faithful_politics Facebook: FaithfulPoliticsPodcast LinkedIn: faithfulpolitics Subscribe to our Substack: https://faithfulpolitics.substack.com/

GDP Script/ Top Stories for Mar 8th       Publish Date:  Mar 7th         From the Ingles Studio Welcome to the Gwinnett Daily Post Podcast. Today is Friday, March 8th, and Happy 78th Birthday to The Monkees Micky Dolenz. ***03.08.24 – BIRTHDAY – MICKY DOLENZ*** I'm Bruce Jenkins and here are your top stories presented by Tom Wages Funeral Home. Second Suspect Arrested for Allegedly Impersonating a Federal Agent During Home Invasion Duluth Police Finish Expansion of Real Time Crime Center 7 Tips for making college more affordable All of this and more is coming up on the Gwinnett Daily Post podcast, and if you are looking for community news, we encourage you to listen daily and subscribe! Break 1: WAGES   STORY 1: Second Suspect Arrested For Allegedly Impersonating a Federal Agent During Home Invasion Yenson Adrian Cedeno Acevedo, a second suspect in a Lawrenceville home invasion case, has been apprehended by the Gwinnett County Police. The incident, which took place in December, involved three individuals who posed as federal agents to gain entry into an apartment. The culprits then restrained a father and son duo using zip ties and proceeded to rob them of their possessions. At the time of his arrest, Acevedo was already detained on separate charges. Another suspect, Luis Soto, had been taken into custody earlier, with police discovering tactical equipment and stolen items connected to the crime in his possession. The police investigation is still underway, and they urge anyone with further information to reach out to local authorities or provide anonymous tips to Crime Stoppers. STORY 2: Duluth Police Finish Expansion of Real Time Crime Center The Duluth Police Department has announced the completion of its Real Time Crime Center's expansion. The center, founded in 2017, employs a combination of advanced technology and a dedicated team of analysts to manage immediate crises and aid in crime resolution. The latest expansion has resulted in increased space and upgraded technology, boosting the total number of surveillance cameras to approximately 400. This expansion signifies a major step forward in Duluth's dedication to public safety, enabling the center to function as a comprehensive hub for crime response. Analysts are now able to offer precise support to officers during ongoing criminal activities and city events, while also ensuring smooth collaboration with neighboring law enforcement agencies. STORY 3: 7 Tips for Helping You Afford College The average in-state tuition at public colleges has climbed to over $10,000, while private colleges are averaging a steep $42,162. However, Estephany Flores, a staunch advocate for financial aid, urges students not to be discouraged by these numbers. She highlights the importance of viewing a college education as a future investment. Flores points out that dual enrollment programs, which allow high school students to accrue college credits, are often overlooked resources that can substantially cut down tuition costs. Dr. Reanna Berry, an Associate Professor, offers several strategies to help offset tuition expenses. These include early savings plans, pursuing two-year degrees, enrolling as transient students, taking AP/IB classes, applying for grants, and exploring work-study opportunities. Dr. Berry cautions students against depending on loans as their primary financial solution and alerts them to potential scams aimed at those seeking college funding. Despite the financial hurdles, Gwinnett College continues to maintain its affordability, providing a wide range of options for financial assistance. Flores encourages students to contact the college's financial aid office for tailored advice and support in navigating the financial aspects of college education. We have opportunities for sponsors to get great engagement on these shows. Call 770.874.3200 for more info. We'll be right back.   Break 2: INGLES 1   STORY 4: LAKO: Found money: Should you use an old 401(k) to pay off a child's student loans? Many parents harbor the desire to financially support their adult children, which is a factor that should be considered during financial planning. Some may discover dormant 401(k) accounts and consider utilizing these funds to settle their child's student loans. However, drawing from retirement accounts for this purpose can trigger penalties and taxes, thereby diminishing the sum available for debt repayment. The decision between investing for the future or paying off debt needs careful consideration, considering aspects such as interest rates and potential returns on investments. Financial experts typically discourage depleting retirement savings, instead proposing alternative strategies such as reallocating current savings or assisting with loan payments directly from regular income. STORY 5: Lawyer accusing Fulton DA of conflict details accusations of misconduct at Georgia Senate hearing Ashleigh Merchant, the legal counsel for Michael Roman, appeared before a state Senate committee to testify about her discovery of an alleged romantic relationship between Fulton County District Attorney Fani Willis and special prosecutor Nathan Wade. Merchant initiated a motion to have Willis disqualified from the Trump election interference case because of this alleged affair. Details of the affair were revealed by Terrence Bradley, Wade's previous law partner, who voiced concerns about Wade's behavior. In response to these allegations, the Senate committee issued a subpoena to Merchant to delve deeper into the accusations, concentrating on potential conflicts of interest and monetary rewards in the case. Despite the ongoing controversy, Willis reiterated her commitment to continue with the felony racketeering case against Trump and his associates. STORY 6: Vidalia onions headed to grocery shelves April 17 Georgia Agriculture Commissioner Tyler Harper, in collaboration with the Vidalia Onion Committee, has declared April 17th as the official pack date for the 2024 Vidalia onion season. Famed for their distinctive sweet taste, Vidalia onions will be accessible in supermarkets across the country from April until early September.   The determination of the pack date is influenced by factors such as soil and weather conditions, which serve to ensure the superior quality of the onions. With approximately 11,000 acres set aside for cultivation during the 2024 season, producers are optimistic about another prosperous year.   Vidalia onions, unique to 20 counties in southern Georgia due to specific environmental conditions, are protected under federal and state legislation.   STORY 7: Statham's Brian Harris Named Jackson EMC Vice President of Information Technology Brian Harris, hailing from Statham, has been named as the new Vice President of Information Technology at Jackson EMC, taking over from Jeff Keen who is set to retire after 41 years of dedicated service. In his previous role as Director of IT Infrastructure and Data Integrity, Harris was responsible for leading the cooperative's cybersecurity program and the Incident Response Team.   In his new position, Harris will be tasked with spearheading technological advancements at Jackson EMC, focusing on infrastructure, collaboration, implementation, and support. Harris brings a wealth of experience to the role, having been a part of the cooperative since 1997 and serving in various capacities throughout the years.   Harris is an alumnus of the University of Georgia, holding a Bachelor of Business Administration in Management Information Systems, and is an active member of InfraGard. Jackson EMC, with its headquarters located in Jefferson, Georgia, provides service to over 260,000 meters across 15,000 miles of energized wire.   We'll have final thoughts after this.   Break 4: HENRY CO SHERIFFS OFFICE Signoff – Thanks again for hanging out with us on today's Gwinnett Daily Post podcast. If you enjoy these shows, we encourage you to check out our other offerings, like the Cherokee Tribune Ledger Podcast, the Marietta Daily Journal, the Community Podcast for Rockdale Newton and Morgan Counties, or the Paulding County News Podcast. Read more about all our stories and get other great content at Gwinnettdailypost.com. Did you know over 50% of Americans listen to podcasts weekly? Giving you important news about our community and telling great stories are what we do. Make sure you join us for our next episode and be sure to share this podcast on social media with your friends and family. Add us to your Alexa Flash Briefing or your Google Home Briefing and be sure to like, follow, and subscribe wherever you get your podcasts. Produced by the BG Podcast Network   Show Sponsors: ingles-markets.com wagesfuneralhome.com henrycountysheriffga.gov   #NewsPodcast #CurrentEvents #TopHeadlines #BreakingNews #PodcastDiscussion #PodcastNews #InDepthAnalysis #NewsAnalysis #PodcastTrending #WorldNews #LocalNews #GlobalNews #PodcastInsights #NewsBrief #PodcastUpdate #NewsRoundup #WeeklyNews #DailyNews #PodcastInterviews #HotTopics #PodcastOpinions #InvestigativeJournalism #BehindTheHeadlines #PodcastMedia #NewsStories #PodcastReports #JournalismMatters #PodcastPerspectives #NewsCommentary #PodcastListeners #NewsPodcastCommunity #NewsSource #PodcastCuration #WorldAffairs #PodcastUpdates #AudioNews #PodcastJournalism #EmergingStories #NewsFlash #PodcastConversationsSee omnystudio.com/listener for privacy information.

In this episode, Chris Foulon shares his insight into how organizations can build cyber security

Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker.  He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications.  As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022]   00:00 – Intro 00:49 – Intro Links: -       Social-Engineer.com - http://www.social-engineer.com/ -       Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -       Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -       Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -       Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -       CLUTCH - http://www.pro-rock.com/ -       innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:15 – Marc Ashworth Intro 05:17 – What was the path that led you to InfoSec? 07:41 – Cultivating good security practices 09:31 – Learning to "scale" your security 11:22 – The value of Strategic Thinking 13:40 – It's all in the presentation 15:25 – The importance of Customer Service 18:32 – The Art of Translation 21:32 – Small Wins 24:34 – Letters to a young CISO 26:20 – Don't avoid Pen Testing! 28:11 – Adopting a "Partnership" mindset 30:30 – Long line of influence 33:40 – Book Recommendations -       We Are Legion (We Are Bob) – Dennis E. Taylor -       Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou -       The Goals Program – Zig Ziglar -       The 7 Habits of Highly Effective People – Stephen Covey 36:14 – Find Marc Ashworth online -       LinkedIn: www.linkedin.com/in/marcashworth/ 38:36 – Wrap Up 38:56 – Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Mask mandates, crippling taxes, and using your tax dollars against you. What is Infragard? _____________________________________________ Today's podcast supported by https://CatholicVote.Org If you are interested in supporting the going litigation against the FBI over religious liberties, you can visit https://CatholicVote.Org. SUSPENDABLES MERCH: http://The-Suspendables.com Visit http://PatriotCoolers.com/discount/KYLE and use Promo code "KYLE" for 10% off and free shipping over $50.

Debbie Reynolds, “The Data Diva” talks to Dr. Keeper Sharkey, Founder, and CEO, of ODE L3C, Data Scientist and Expert in Quantum Computing. We discuss her expertise in Quantum Computing which offers an exponential increase in computational power, allowing for faster and more efficient problem-solving than classical computing. This increase in power also poses a threat, as it could potentially be used to break encryption keys and passwords, making data more vulnerable to theft and hacking. Quantum Computing can help solve complex problems quickly, but it can also be used by bad actors to create negative impacts. To protect against this, organizations need to collaborate and share information, and the public needs to be educated on how to protect their data. A US public-private partnership called Infragard is working to eliminate digital exhaust and provide resources to help people protect their data. Dr.Sharkey expresses concern about the use of AI and quantum computing, noting that people are not educated enough to protect themselves and that AI can be used as a weapon. She believes that people should be educated about the potential dangers of AI and that it should be used for good. She also believes that people should be able to retain their privacy and that progress should be made without hate which is her hope for the future.Support the show

The recent hack of MOVEit has serious implications for higher education. MOVEit, an application used by the National Student Clearinghouse and many other institutions to move large files, directly affects numerous higher ed institutions and solution providers. This, coupled with the Gramm-Leach-Bliley Act going into effect in early June of 2023, has (should have) put cybersecurity at the top of mind for college and university decision-makers.   In his latest podcast episode, Dr. Drumm McNaughton once again speaks with virtual chief information security officer Brian Kelly, who this time returns to Changing Higher Education to discuss the ramifications of MOVEit getting compromised, tools that can help higher ed institutions protect themselves, all nine elements of the GLBA that colleges and universities must be in compliance with to receive financial aid, what GLBA enforcement could look like, and an online hub that states and higher ed can emulate to ensure students enter the cybersecurity field.     Highlights   §  MOVEit, a third-party tool used by the National Student Clearinghouse and others to move large data pieces, was recently compromised, compromising institutional data. This is having a downstream impact on higher ed since many institutions engage with the NSC.   §  In addition to performing triage and internal assessments, higher ed institutions must reach out to all of their vendors and contractors and ask if they use MOVEit and, if they are, what they are doing to protect their data.   §  It is important to have a process in place for vetting third-party risk. EDUCAUSE's HECVAT can help address this and future problems. It's a standard set of questions that institutions can ask third-party vendors about security and privacy. Over 150 colleges and universities use HECVAT version 3.0's questionnaire in their procurement process. Large vendors like Microsoft and Google have completed it.   §  HECVAT makes it easier for vendors since they don't have to answer bespoke questionnaires from numerous institutions that might have their nuances and differences. It also allows the community of CISOs and cybersecurity privacy practitioners in higher ed to have a conversation around a grounded standardized set of questions.   §  The Federal Trade Commission's Safeguards Rule, which changed the standards around safeguarding customer information, went into effect on December 9th, 2021. The Gramm-Leach-Bliley Act that took effect in early June of 2023 required higher education institutions to meet the elements of those rule changes. There are nine elements.   §  The primary rule change is designating a CISO or a qualified individual responsible for protecting customer information or student financial aid data. The second is to perform a risk assessment at least annually by a third party or internally.   §  The third involves access review controls. Institutions must annually vet employees granted access to information and ensure more people haven't been granted access. Institutions must know where all data resides and that all incoming data is identified. Institutions must ensure data is protected and encrypted when it's being stored and in use, ensure the coding or development of any software that interacts with the Department of Education's data follows secure practices, ensure data that institutions should no longer have or that has aged out has been properly disposed of, and ensure change management has been implemented. Institutions must identify who has access to customer information and annually review their logs.   §  The fourth ensures that institutions annually validate that these controls are in place and working as intended. The fifth mandates that the individuals who interact with the Department of Education and use customer information are appropriately trained and aware of the risks involved. The sixth ensures institutions have a program and process to address and test for third-party risks. Seventh mandates having a prescriptive plan for responding to incidents, regularly testing and validating the plan to see if it's working, and identifying the lessons learned. The ninth mandates that the CISO annually reports to the board or president.      Read the podcast transcript →   About Our Podcast Guest   Brian Kelly supports the safeguarding of information assets across multiple verticals against unauthorized use, disclosure, modification, damage, or loss by developing, implementing, and maintaining methods to provide a secure and stable environment for clients' data and related systems.   Before joining Compass, Brian was the CISO at Quinnipiac University and, most recently the Cybersecurity Program Director at EDUCAUSE. Brian is also an Adjunct Professor at Naugatuck Valley Community College, where he has developed and teaches cybersecurity courses.   Brian has diverse experience in information security policy development, awareness training, and regulatory compliance. He provides thought leadership on information security issues across industries and is a recognized leader in his field.   Brian holds a bachelor's degree from the University of Connecticut and a master's degree from Norwich University. He has served in various leadership roles on the local boards of the ISSA, InfraGard, and HTCIA chapters. Brian is also a retired Air Force Cyber Operations Officer.   About the Host   Dr. Drumm McNaughton, the host of Changing Higher Ed®, is a consultant to higher ed institutions in governance, accreditation, strategy and change, and mergers. To learn more about his services and other thought leadership pieces, visit his firm's website, https://changinghighered.com/.   The Change Leader's Social Media Links   LinkedIn: https://www.linkedin.com/in/drdrumm/ Twitter: @thechangeldr Email: podcast@changinghighered.com   #HigherEducation #HigherEdCybersecurity #MOVEitHack  

Robert Riggs is a Peabody Award-winning investigative reporter and digital media entrepreneur. He has also received three coveted Alfred I. duPont Columbia University Journalism Awards for Investigative Reporting. The Peabody and duPont are respectively considered the broadcast TV equivalent of the Oscar and the Pulitzer.Texas A&M University named Robert an Outstanding Alumnus from the College of Architecture in recognition of his journalistic accomplishments. It is a distinction received by fewer than 1% of the College's graduates.Today, Riggs is the host and creator of the True Crime Reporter™ Podcast.During his journalism career, Riggs established a reputation for fairness, accuracy, credibility, and toughness in his reporting for the CBS Television Station Group - CBS 11 News, WFAA-TV (ABC) in Dallas-Fort Worth, Texas, and CBS Viacom reporting from the New York State Legislature. His investigative reports garnered a reputation for helping to send corrupt politicians and government officials to federal prison and were the catalyst for landmark changes in public policy.Riggs was an embedded reporter with the Army unit that led the invasion of Iraq in 2003 and he also covered Gulf War I. His assignments have included covering the White House, Congress, Pentagon, and State Department during the administrations of President Ronald Reagan and President George H.W. Bush.He appeared as a guest correspondent on ABC Nightline with Ted Koppel, CNN, and ESPN. CBS 60 Minutes and CBS News Online featured his investigative reports from Iraq. He reported from the “eye of the storm” of major breaking news stories including the mass murder at Luby's Cafeteria in Texas; the Branch Davidian siege in Waco; the Oklahoma City bombing; the standoff with the Republic of Texas separatists, and numerous natural disasters.Riggs' enterprise reporting primarily focused on the criminal justice system and national security with an emphasis on terrorism. In this connection, The University of Virginia Critical Incident Analysis Group and FBI selected Riggs in 2000 as an expert member of a multi-disciplinary panel that examined the architecture of terrorism and the symbolism of its targets. Meeting near the birthplace of Thomas Jefferson, the panel produced a landmark report entitled “Threats to Symbols of American Democracy” that prophetically identified vulnerabilities that would later tragically unfold during the 9-11 attacks.The Dallas Crime Commission awarded its first-ever Excellence in Crime Reporting Award to Riggs for his reporting on identity theft and Mexican Drug Cartels. The American Bar Association awarded him its Silver Gavel award for his investigative series Free To Kill which uncovered systemic corruption inside the Texas parole and prison systems.Prior to his journalism career, Riggs served as an investigator for the late Congressman Wright Patman of Texas who was Chairman of the House Banking Committee, Joint Economic Committee, and Joint Committee on Defense Production.As the Chief Investigator for the Joint Committee on Defense Production, Riggs spearheaded inquiries that touched on Watergate and Pentagon bribery scandals. He reported to the joint leadership of Representative Patman and Senator William Proxmire.In this role, Riggs held a Top Secret security clearance from the Department of Defense and received training from both the GAO and U.S. Army. The Committee's investigation of a defense contractor's bribery scheme contributed to the passage of the Foreign Corrupt Practices Act.Riggs currently belongs to the FBI's North Texas Chapter of InfraGard which was formed in response to the 9/11 terror attacks. He is also a longtime member of the Investigative Reporters & Editors (IRE).www.truecrimereporter.com

John Bicknell founded More Cowbell Unlimited to help America remain a beacon of hope and strength on the world stage. America must adopt Process Dominance as a core capability in order to innovate and survive in the Information Age. His vision is for process technologies to be as ubiquitous as processes are. John is a national security thought leader and passionate analytics visionary. He has written extensively on national security matters related to information warfare, critical infrastructure defense, and space situational awareness. John leads software and business development efforts for More Cowbell Unlimited. Before retiring from the United States Marine Corps in 2010 as a Lieutenant Colonel, John served worldwide, most notably in Afghanistan and at the Pentagon. He led enterprise-level process intensive human resources supply chain projects designed to discover inefficiencies, architect solutions, and re-purpose manpower savings. In his corporate career, he operationalized an Analytics Center of Excellence for a large EdTech firm, among other accomplishments. John is a member of the Military Operations Research Society (MORS) and InfraGard. He is also Vice President for the Information Professionals Association and host of The Cognitive Crucible podcast. His Master’s degree from the Naval Postgraduate School emphasizes econometrics and operations research. John lives with his family in the Pacific Northwest. In today’s podcast, we explore complex systems, entropy, how data can be turned into action, and empowering Soldiers to make better and faster battlefield decisions. The following bullet points highlight key insights from our interview: More Cowbell Unlimited is a decision-support firm helping organizations make better, faster, data-driven decisions through process mining — a method that illuminates where there are inefficiencies in a process and turns data into action. It can be used to process complex systems, such as modeling ecosystems of satellites in the geostationary orbital regime for the U.S. Space Force. Complexity is here to stay. Complex systems have characteristics that are nonlinear and difficult to predict – much like the future battlefield. Bicknell has developed a powerful way of examining complex systems by synthesizing different theories from various prominent thinkers, like measuring the entropy in complex systems using

While this program is dedicated to all things good and positive, we can't ignore the negative influences around us. The truth is we live in a violent society. Crime is everywhere, and perhaps the worst kind are the acts of aggression performed by people we love. No one ever thinks they're going to be the victim of a violent act, yet their occurrences are more common than we might think. According to recent statistics 24 people per minute in the United States are assaulted by an intimate partner. Most women don't see it coming, and when it happens, they react with fear, shame, anger, depression and every other adverse emotion you can think of. Yet not only is it possible to recover from a personal attack, it's within your power to grow from it. This was the case with this episode's guest Agape Garcia. She was a casualty of the worst kind of domestic violence. But instead of shrinking into victimhood, she rose to provide a successful home for her children and now helps other women recover from Post-Traumatic Stress to Post Traumatic Growth. Agape tells us:• What happened after her assault• How she rose from despair• The first step to the road to recovery• How to avoid self-sabotage• The thing many crime victims do that deters their recovery• How to regain trust• What everyone needs to become their most powerful self Be Your Incredible Self (BYIS) best describes Ms. Garcia's tenacious attitude towards empowering others. Garcia, over the past 35 years has navigated through domestic violence, privacy, safety, vulnerability, and the mindset to endure personal adverse events in life. Her survival of a double attempted homicide while 8 months pregnant (by the father) and the desperation to survive became the catalyst to the foundation of BYIS while achieving an undisputed outlook of independence. During her journey to overcome, Garcia learned that extreme independence is a trauma driven response and a natural one which can be defeated through focused, self-awareness and intentional control. Through her own walk, harsh lessons brought on by extreme independence resulted in areas of her life being sabotaged repeatedly. Her personal journey of post traumatic growth has led Garcia to dedicating her life in developing transformational programs, various forms of coaching, certification courses and establishing a nonprofit to help real time victims. Her commitment is to provide lifelong transformational habits that can restore your powerful internal sense of control. One of her personal statements, ‘You don't live anywhere but in your head' is why some of her laser focus teachings are on aligning your mental and emotional belief system. As her passion grew from her own personal struggles, Garcia became active within the community receiving a Mayoral appointment to work with the Citizen Review board in direct conjunction with Internal Affairs. She received hands-on training from the Sheriff's department, Department of Homeland Security, and FEMA which also led to the Infrastructure Liaison Officer designation (ILO), through the local Law Enforcement Center. Garcia has spent more than 20 years in the corporate world holding positions in Office Administration, Project Management, Compliance, Policy writing, Team building, Training, Leadership and Consulting. She continued to serve other organizations including the American Society for Industrial Security (ASIS), Board of Directors, and holds a current membership in the FBI vetted private sector program of InfraGard. As VP of a Security Consultant Company, she has developed programs with leadership responsible for security and emergency management. These emphasize awareness toward identifying different stages of human behavior leading towards violence mitigation. While working, attending school, and raising her kids as a single parent, her personal priorities of housing, safety and privacy for her children were of utmost importance. This required Garcia to navigate through various self-help centers, state, city, local programs, systems and assistance to create a stable foundation for her family while providing the ability to assist others. She also volunteers and collaborates with local law writer(s), in support of bills under Public Safety.Garcia believes in the need to feel loved, wanted, and cared for as a part of life in all of us. Living through emotional tugs of war and learning to apply a controlled healthy mindset to overcome voids, shortcomings, and to break unhealthy cycles is who she is today versus the opposite of where she came from. Today, she prides herself on meeting the daily challenges of being vulnerable and safe at the same time while empowering others to Be Your Incredible Self. Garcia's personal mission is to help lead others in transforming their survival of Domestic Violence (DV) into Post Traumatic Growth and to mitigate the depletion of resources for real time victims. Sharing her personal testimony has empowered so many others. She loves teaching her BYIS formula of: How to combine Situational Awareness with Emotional Intelligence to control your triggers. Website: https://empoweryourinnergoddess.com/ Want to know why dreams are the fastest and clearest way to understand yourself? Sign up here for a complementary Dream Discovery Session with me and never leave your dreams on your pillow again! https://calendly.com/thedreamcoach53/30min

Past Chief Software Officer of the US Space Force and Air Force Nic Chaillan is back on the Cold Star Project. Over the past year, Nic has developed his own learning platform, Learn With Nic. He has also hosted his own show, In The Nic Of Time. Host Jason Kanigan asks Nic: What have you learned in running your own show, In The Nic Of Time? What have you learned about the general state of software security in the US from your guests? Did this confirm what you already were aware of, or did they add any detail? If you could wave a magic wand and have leaders and developers realize some fundamentals of DevSecOps that are practical to implement as well as effective, what would a couple of those be? Are you still convinced we're lagging and that China is going to overtake and “beat” us? How do you define that: simply economically, or technologically, militarily? What can we do about it, and are you seeing any evidence of leadership attempting to take action? I hear more and more Americans becoming concerned about TikTok, even leaders in fields I thought would be far away from the edges of national security. I believe we should be more explicit about what can be done with TikTok, beyond “they're collecting all our data!”. Have your thoughts about TikTok evolved over the past year? What's your opinion about the InfraGard hack? To me this seems like “the security guys got hacked”. What could have been done to stop this from happening? Is it symptomatic of a condition or just bad luck? What other kinds of software-based platforms should we be worried about the security of? Teach us a couple of DevSecOps terms that are probably new to us. USEFUL LINKS: Learn With Nic platform: https://www.learnwithnic.com/ OpEx Society: https://www.opexsociety.org Get new episodes directly in your inbox: https://www.coldstartech.com/msb Talk to Cold Star: https://coldstartech.com/talktous

Welcome to Talking Cyber, a Cybercrime Magazine podcast series that covers the latest news and breaking stories on the cybereconomy, hackers, intrusions, privacy, security and much more. In this episode, host Hillarie McClure is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss the breach of the FBI's critical-infrastructure portal, InfraGard. To learn more about these stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com

BEC takes aim at physical goods (including food). BlackCat ransomware activity increases. Epic Games settles an FTC regulatory case. The InfraGard database was pulled from a dark web auction site. CISA releases forty-one ICS advisories. Rick Howard interviews author Andy Greenberg. Rob Boyce from Accenture examines holiday cyber threats. The growing value of open source intelligence. Twitter says vox populi, vox dei. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/241 Selected reading. FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food (CISA) Colombian energy supplier EPM hit by BlackCat ransomware attack (BleepingComputer) Events D.C. data published online in apparent ransomware attack (Washington Post)  Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges (Federal Trade Commission)  Hacker Halts Sale of FBI's High-Profile InfraGard Database (HackRead)  CISA Releases Forty-One Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency)  Russia's Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications (Carnegie Endowment for International Peace)  How open-source intelligence has shaped the Russia-Ukraine war (GOV.UK) Front-line video makes Ukrainian combat some of history's most watched (Washington Post)  Elon Musk Polls Twitter Users, Asking Whether He Should Step Down (Wall Street Journal) Musk asks: Should I stay as CEO? (Computing) Elon Musk's Twitter Poll Shows Users Want Him to Step Down (Wall Street Journal)  Elon Musk's Twitter poll: 10 million say he should step down (the Guardian)

FBI's InfraGard program suffers a data breach, 5G network slicing security concerns, how the metaverse will affect businesses, and more. The end of SHA-1 encryption Iran-backed Charming Kitten APT eyes kinetic ops, kidnapping Algorithm extracts audio from visual information The FBI's cybersecurity program for critical infrastructure was hacked NSA slices up 5G mobile security risks Ten top threats to VLAN security PwC Global Technology Leader Emmanuelle Rivet talks about how the metaverse may profoundly change how businesses and consumers interact with products, services, and each other. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Emmanuelle Rivet Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: CDW.com/Cisco Code Comments canary.tools/twit - use code: TWIT

Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories!   Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw300

FBI's InfraGard program suffers a data breach, 5G network slicing security concerns, how the metaverse will affect businesses, and more. The end of SHA-1 encryption Iran-backed Charming Kitten APT eyes kinetic ops, kidnapping Algorithm extracts audio from visual information The FBI's cybersecurity program for critical infrastructure was hacked NSA slices up 5G mobile security risks Ten top threats to VLAN security PwC Global Technology Leader Emmanuelle Rivet talks about how the metaverse may profoundly change how businesses and consumers interact with products, services, and each other. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Emmanuelle Rivet Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: CDW.com/Cisco Code Comments canary.tools/twit - use code: TWIT

FBI's InfraGard program suffers a data breach, 5G network slicing security concerns, how the metaverse will affect businesses, and more. The end of SHA-1 encryption Iran-backed Charming Kitten APT eyes kinetic ops, kidnapping Algorithm extracts audio from visual information The FBI's cybersecurity program for critical infrastructure was hacked NSA slices up 5G mobile security risks Ten top threats to VLAN security PwC Global Technology Leader Emmanuelle Rivet talks about how the metaverse may profoundly change how businesses and consumers interact with products, services, and each other. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Emmanuelle Rivet Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: CDW.com/Cisco Code Comments canary.tools/twit - use code: TWIT

FBI's InfraGard program suffers a data breach, 5G network slicing security concerns, how the metaverse will affect businesses, and more. The end of SHA-1 encryption Iran-backed Charming Kitten APT eyes kinetic ops, kidnapping Algorithm extracts audio from visual information The FBI's cybersecurity program for critical infrastructure was hacked NSA slices up 5G mobile security risks Ten top threats to VLAN security PwC Global Technology Leader Emmanuelle Rivet talks about how the metaverse may profoundly change how businesses and consumers interact with products, services, and each other. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Emmanuelle Rivet Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: CDW.com/Cisco Code Comments canary.tools/twit - use code: TWIT

AI Terrors, Infragard, Microsoft, HIPAA, GitHub, NIST, and more on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn263

Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories!   Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw300

Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw300

AI Terrors, Infragard, Microsoft, HIPAA, GitHub, NIST, and more on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn263

"InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself."https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/-----Welcome to the channel and to my sarcastic sense of humor! It's an honor to have you here. No, seriously... Thank you for taking the time to read this. Weekly podcasts are uploaded here from my Twitch channel, but are soon to be streamed here live too.-----/ Check Out My Links Below //Twitch: https://www.twitch.tv/officialwillipSubstack: https://hackerhub.substack.com/LinkedIn: https://www.linkedin.com/in/w-parks/Twitter: https://twitter.com/OfficialWilliPYouTube: https://www.youtube.com/@officialwillip/ Disclaimer //Much of the information on or related to OfficialWilliP's social media platforms (Twitch, Twitter, YouTube. etc.) is transcribed/presented as part of his own legal learning experiences. Everything that is showcased on these platforms is according to legal guidelines and should be considered for entertainment purposes only. Methods used or showcased on these platforms may be deemed malicious and illegal if repeated on assets you do not personally own. I do not make any warranties about the completeness, correctness, reliability, and accuracy of this information. Any action you take upon the information on these platforms is strictly at your own risk and OfficialWilliP will not be held liable for any losses, damages, or otherwise legal action taken in connection to the use of this information.

EU gets closer to US-data sharing agreement Microsoft signed malicious drivers InfraGard data for sale on dark web Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com.

The FBI's InfraGard user data shows up for sale. An update on Iranian cyber operations. NSA warns of Chinese cyber threats. Challenges in sharing data for threat detection and prevention. Legitimately signed drivers are used in targeted attacks. Patch Tuesday addressed a lot of actively exploited issues. Tim Starks from the Washington Post Cybersecurity 202 shares his reporting on ICS vulnerabilities. Our guest is Mike Fey from Island with an introduction to the enterprise browser space. And the US indicts five Russian nationals on sanctions-evasion charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/238 Selected reading. FBI's Vetted Info Sharing Network ‘InfraGard' Hacked (KrebsOnSecurity) Would've, Could've, Should've…Did: TA453 Refuses to be Bound by Expectations (Proofpoint)  APT5: Citrix ADC Threat Hunting Guidance (NSA) U.S. agency warns that hackers are going after Citrix networking gear (Reuters) NSA Outs Chinese Hackers Exploiting Citrix Zero-Day (SecurityWeek)  Effect of data on Federal agencies' policies. (CyberWire) I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware (Mandiant) Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers (SentinelOne) SAP Security Patch Day December 2022 (Onapsis) December 2022 Security Updates (Microsoft Security Response Center) December Patch Tuesday Updates | 2022 - Syxsense Inc (Syxsense Inc) Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws (BleepingComputer) Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update (Dark Reading)  Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698) (Help Net Security) Microsoft Releases December 2022 Security Updates (CISA) Apple security updates (Apple Support) We finally know why Apple pushed out that emergency 16.1.2 update (Macworld)  Why You Should Enable Apple's New Security Feature in iOS 16.2 Right Now (Wirecutter) Apple Releases Security Updates for Multiple Products (CISA) Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 (Citrix) State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518) (Help Net Security)  Citrix Releases Security Updates for Citrix ADC, Citrix Gateway (CISA) VMware Patches VM Escape Flaw Exploited at Geekpwn Event (SecurityWeek)  Experts detailed a previously undetected VMware ESXi backdoor (Security Affairs) VMware Releases Security Updates for Multiple products (CISA) Mozilla Releases Security Updates for Thunderbird and Firefox (CISA) Adobe Patches 38 Flaws in Enterprise Software Products (SecurityWeek) CISA Releases Three Industrial Control Systems Advisories (CISA) Five Russian Nationals, Including Suspected FSB Officer, and Two U.S. Nationals Charged with Helping the Russian Military and Intelligence Agencies Evade Sanctions (US Department of Justice) Russian Military and Intelligence Agencies Procurement Network Indicted in Brooklyn Federal Court (US Department of Justice)

Janet Lawless has challenged the status quo throughout her career.  In former leadership roles at Microsoft and Cisco, she created and managed global programs focused on compliance and security. She is a member of InfraGard (a partnership between the FBI and members of the private sector), the United States Secret Service Cyber Fraud Task Force, and the Washington State Fusion Center. She is the Chair for ASIS Puget Sound and also founded “PCs 2 Vets” and has provided over 1,000 laptops to veterans.Janet joins host Marisa Randazzo to discuss:Training the tradecraft of threat intelligence How to get threat intelligence programs up and runningWhy diversity matters when building a threat intelligence teamAdvice for women and girls seeking a career in security

Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker.  He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications.  As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022]    00:00 – Intro  00:49 – Intro Links:  Social-Engineer.com - http://www.social-engineer.com/  Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/  Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/  Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/  Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb  CLUTCH - http://www.pro-rock.com/  innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/  03:15 – Marc Ashworth Intro  05:17 – What was the path that led you to InfoSec?  07:41 – Cultivating good security practices  09:31 – Learning to "scale" your security  11:22 – The value of Strategic Thinking  13:40 – It's all in the presentation  15:25 – The importance of Customer Service  18:32 – The Art of Translation  21:32 – Small Wins  24:34 – Letters to a young CISO  26:20 – Don't avoid Pen Testing!  28:11 – Adopting a "Partnership" mindset  30:30 – Long line of influence  33:40 – Book Recommendations  We Are Legion (We Are Bob) – Dennis E. Taylor  Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou  The Goals Program – Zig Ziglar  The 7 Habits of Highly Effective People – Stephen Covey  36:14 – Find Marc Ashworth online  LinkedIn: www.linkedin.com/in/marcashworth/  38:36 – Wrap Up   38:56 – Outro  www.social-engineer.com  www.innocentlivesfoundation.org   

Episode: 00011 Release Date: October 19, 2022 Description: Kathleen Allen presents the rerelease of Debbie Osborne's Analysts' Corner Podcast. Today's episode is about InfraGard, the public-private alliance for national security, and features Joseph Concannon, the founder of the NY Metro InfraGard Member Alliance. In this episode, we hear about how the public and private sectors can communicate efficiently and protect the nation's infrastructure. Debbie and Joe discuss the importance of networking and community when developing safety and protection practices and policies. The original episode was published on September 10, 2008. What's changed, and what's remained? Take a listen! Related Links: Debbie's Blog - https://analystscorner.blogspot.com/?m=1 Joseph Concannon's Contact - LinkedIn InfraGard informational brochure - https://www.infragard.org/Files/InfraGard_Redesign_2-24-2022.pdf Want to join the InfraGard community? Visit https://www.infragard.org/Application/General/ChapterList Theme Song: Written and Recorded by The Rough & Tumble. Find more of their music at www.theroughandtumble.com. Podcast Email: leapodcasts@gmail.com   Podcast Webpage: www.leapodcasts.com    

In this episode, we talk with Dean Sapp, the Vice President of Information Security, Risk, and Compliance, from Filevine. He discusses prevention tactics for ransomware and other cyber threats that businesses need to be aware of, as well as preparation techniques to prepare themselves against these types of events if they happen at some point Key Takeaways: Importance of having a cyber breach policy in place. Educate your people about the human element in cybersecurity and how to stay protected. When a breach does occur, make sure you have a plan in place and know who to contact for help. The cost of prevention is less than the response, so it's important to be proactive about security threats. Breached Double Impact About today's guest: Dean is the Vice President of Information Security, Risk and Compliance for Filevine, the Operating Core for Legal, providing case, matter, investigation, and project management software for thousands of attorneys, law firms, and businesses across the globe. Dean is also a security researcher, author, public speaker, and practitioner with two decades of experience implementing cost-effective and robust cybersecurity programs for clients. He has given dozens of presentations at the Utah State Bar, ABA, LegalSEC, ILTACon, Inns of Court, UAJ, Public Defenders & Trial Lawyer events, Infragard, ISACA, UtahSec, IR 18, SaintCon, and many other security and privacy conferences. Dean is a security nerd at heart, but in his spare time, he enjoys spending time with his wife and six awesome kids, weight training, competing in Spartan races, and other ridiculously crazy and challenging things. LinkedIn: https://www.linkedin.com/in/deansapp/ ___ Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)

Be Your Incredible Self (BYIS) best describes Ms. Garcia's tenacious attitude towards empowering others. Garcia, over the past 35 years has navigated through domestic violence, privacy, safety, vulnerability, and the mindset to endure personal adverse events in life.  Her survival of a double attempted homicide while 8 months pregnant (by the father) and the desperation to survive became the catalyst to the foundation of BYIS while achieving an undisputed outlook of independence.  During her journey to overcome, Garcia learned that extreme independence is a trauma driven response and a natural one which can be defeated through focused, self awareness and intentional control.  Through her own walk, harsh lessons brought on by extreme independence resulted in areas of her life being sabotaged repeatedly.  Her personal journey of post traumatic growth has led Garcia to dedicating her life in developing transformational programs, various forms of coaching, certification courses and establishing a nonprofit to help real time victims. Her commitment is to provide lifelong transformational habits that can restore your powerful internal sense of control. One of her personal statements, ‘You don't live anywhere but in your head'  is why some of her laser focus teachings are on aligning your mental and emotional belief system.  As her passion grew from her own personal struggles, Garcia became active within the community receiving a Mayoral appointment to work with the Citizen Review board in direct conjunction with Internal Affairs.  She received hands-on training from the Sheriff's department, Department of Homeland Security, and FEMA which also led to the Infrastructure Liaison Officer designation (ILO), through the local Law Enforcement Center.  Garcia has spent more than 20 years in the corporate world holding positions in Office Administration, Project Management, Compliance, Policy writing, Team building, Training, Leadership and Consulting. She continued to serve other organizations including the American Society for Industrial Security (ASIS), Board of Directors, and holds a current membership in the FBI vetted private sector program of InfraGard. As VP of a Security Consultant Company, she has developed programs with leadership responsible for security and emergency management. These emphasize awareness toward identifying different stages of human behavior leading towards violence mitigation. While working, attending school, and raising her kids as a single parent, her personal priorities of housing, safety and privacy for her children were of utmost importance. This required Garcia to navigate through various self-help centers, state, city, local programs, systems and assistance to create a stable foundation for her family while providing the ability to assist others. She also volunteers and collaborates with local law writer(s), in support of bills under Public Safety. Garcia believes in the need to feel loved, wanted, and cared for as a part of life in all of us. Living through emotional tugs of war and learning to apply a controlled healthy mindset to overcome voids, shortcomings, and to break unhealthy cycles is who she is today versus the opposite of where she came from. Today, she prides herself on meeting the daily challenges of being vulnerable and safe at the same time while empowering others to Be Your Incredible Self. Garcia's personal mission is to help lead others in transforming their survival of Domestic Violence (DV) into Post Traumatic Growth and to mitigate the depletion of resources for real time victims. Sharing her personal testimony has empowered so many others. She loves teaching her BYIS formula of: How to combine Situational Awareness with Emotional Intelligence to control your triggers.  3 top tips for my audience: 1. Post Traumatic Growth 2. Controlling your triggers 3. Preventing Self Sabatage 47-Min Emotional Clarity Session  https://tinyurl.com/byis47 FB Group https://bit.ly/3bbK5xd Website:   www.beyourincredibleself.com/  FB:   www.facebook.com/beincredible @BEINCREDIBLE  LI:  www.linkedin.com/in/agarciabyis/ IG:  www.instagram.com/beyourincredibleself/ #BYIS #BeYourIncredibleSelf #DomesticViolenceAwareness

Agape Garcia shares her story of transforming from trauma into growth. About Agape Be Your Incredible Self (BYIS) best describes Ms. Garcia's tenacious attitude towards empowering others. Garcia, over the past 35 years has navigated through domestic violence, privacy, safety, vulnerability, and the mindset to endure personal adverse events in life. Her survival of a double attempted homicide while 8 months pregnant (by the father) and the desperation to survive became the catalyst to the foundation of BYIS while achieving an undisputed outlook of independence. During her journey to overcome, Garcia learned that extreme independence is a trauma driven response and a natural one which can be defeated through focused, self awareness and intentional control. Through her own walk, harsh lessons brought on by extreme independence resulted in areas of her life being sabotaged repeatedly. Her personal journey of post traumatic growth has led Garcia to dedicating her life in developing transformational programs, various forms of coaching, certification courses and establishing a nonprofit to help real time victims. Her commitment is to provide lifelong transformational habits that can restore your powerful internal sense of control. One of her personal statements, ‘You don't live anywhere but in your head' is why some of her laser focus teachings are on aligning your mental and emotional belief system. As her passion grew from her own personal struggles, Garcia became active within the community receiving a Mayoral appointment to work with the Citizen Review board in direct conjunction with Internal Affairs. She received hands-on training from the Sheriff's department, Department of Homeland Security, and FEMA which also led to the Infrastructure Liaison Officer designation (ILO), through the local Law Enforcement Center. Garcia has spent more than 20 years in the corporate world holding positions in Office Administration, Project Management, Compliance, Policy writing, Team building, Training, Leadership and Consulting. She continued to serve other organizations including the American Society for Industrial Security (ASIS), Board of Directors, and holds a current membership in the FBI vetted private sector program of InfraGard. As VP of a Security Consultant Company, she has developed programs with leadership responsible for security and emergency management. These emphasize awareness toward identifying different stages of human behavior leading towards violence mitigation. While working, attending school, and raising her kids as a single parent, her personal priorities of housing, safety and privacy for her children were of utmost importance. This required Garcia to navigate through various self-help centers, state, city, local programs, systems and assistance to create a stable foundation for her family while providing the ability to assist others. She also volunteers and collaborates with local law writer(s), in support of bills under Public Safety. Garcia believes in the need to feel loved, wanted, and cared for as a part of life in all of us. Living through emotional tugs of war and learning to apply a controlled healthy mindset to overcome voids, shortcomings, and to break unhealthy cycles is who she is today versus the opposite of where she came from. Today, she prides herself on meeting the daily challenges of being vulnerable and safe at the same time while empowering others to Be Your Incredible Self. Garcia's personal mission is to help lead others in transforming their survival of Domestic Violence (DV) into Post Traumatic Growth and to mitigate the depletion of resources for real time victims. Sharing her personal testimony has empowered so many others. She loves teaching her BYIS formula of: How to combine Situational Awareness with Emotional Intelligence to control your triggers. --- Support this podcast: https://anchor.fm/theresa-alexander-inman/support

Louder Now is back with a new episode for a new month. October is Domestic Violence Awareness Month. My guest today tells her story of surviving domestic abuse and how to move in post traumatic growth. I so enjoyed talking with her. She is also doing big things and helping so many people now. Proud of her and honored that she shared on this podcast. Agape's BIO: Be Your Incredible Self (BYIS) best describes Ms. Garcia's tenacious attitude towards empowering others. Garcia, over the past 35 years has navigated through domestic violence, privacy, safety, vulnerability, and the mindset to endure personal adverse events in life.  Her survival of a double attempted homicide while 8 months pregnant (by the father) and the desperation to survive became the catalyst to the foundation of BYIS while achieving an undisputed outlook of independence.  During her journey to overcome, Garcia learned that extreme independence is a trauma driven response and a natural one which can be defeated through focused, self awareness and intentional control.  Through her own walk, harsh lessons brought on by extreme independence resulted in areas of her life being sabotaged repeatedly.  Her personal journey of post traumatic growth has led Garcia to dedicating her life in developing transformational programs, various forms of coaching, certification courses and establishing a nonprofit to help real time victims. Her commitment is to provide lifelong transformational habits that can restore your powerful internal sense of control. One of her personal statements, ‘You don't live anywhere but in your head'  is why some of her laser focus teachings are on aligning your mental and emotional belief system.  As her passion grew from her own personal struggles, Garcia became active within the community receiving a Mayoral appointment to work with various Law Enforcement and Government agencies.  Garcia has spent more than 20 years in the corporate world holding positions in Office Administration, Project Management, Compliance, Policy writing, Team building, Training, Leadership and Consulting. She continued to serve other organizations including the American Society for Industrial Security (ASIS), Board of Directors, and holds a current membership in the FBI vetted private sector program of InfraGard. As VP of a Security Consultant Company, she has developed programs with leadership responsible for security and emergency management. These emphasize awareness toward identifying different stages of human behavior leading towards violence mitigation. While working, attending school, and raising her kids as a single parent, her personal priorities of housing, safety and privacy for her children were of utmost importance. This required Garcia to navigate through various self-help centers, state, city, local programs, systems and assistance to create a stable foundation for her family while providing the ability to assist others. She also volunteers and collaborates with local law writer(s), in support of bills under Public Safety. Garcia believes in the need to feel loved, wanted, and cared for as a part of life in all of us. Living through emotional tugs of war and learning to apply a controlled healthy mindset to overcome voids, shortcomings, and to break unhealthy cycles is who she is today versus the opposite of where she came from. Today, she prides herself on meeting the daily challenges of being vulnerable and safe at the same time while empowering others to Be Your Incredible Self. Garcia's personal mission is to help lead others in transforming their survival of Domestic Violence (DV) into Post Traumatic Growth and to mitigate the depletion of resources for real time victims. Sharing her personal testimony has empowered so many others. She loves teaching her BYIS formula of: How to combine Situational Awareness with Emotional Intelligence to control your triggers. TO FIND AGAPE ONLINE: Go to her website:   www.beyourincrediblself.com Facebook:  www.facebook.com/beincredible Linked In: www.linkedin.com/in/agarciabyis/ Instagram: www.instagram.com/beyourincredibleself/ End of Show Notes: Please email jared.diehl@gmail.com if you would like to be a guest on the podcast. Please leave us a review on Apple Podcasts: https://podcasts.apple.com/us/podcast/jared-diehl-the-louder-now-podcast/id1454818946 Follow me on Instagram: https://www.instagram.com/jareddiehl8/ *** call 988 to reach the Suicide and Crisis Lifeline.  TO CALL THE HOTLINE:  800-273-8255 *** Technical Glitch--there might be some echo towards the end of the interview..not sure how to fix this but just to let you know there might be an echo** Thank you!

Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it.  Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way.  So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers.  It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time.  However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.  If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today.  Let me add one more quote and we'll get into the material.  Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know.  We also know there are known unknowns; that is to say we know there are some things we do not know.  But there are also unknown unknowns—the ones we don't know we don't know.  And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages.  Modern governments know that, and as a result all have their own intelligence agencies.  Let's look at an example.  If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this?  Most governments around the world have similar Nation State objectives and mission statements.  Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors?  Let's look at a couple: Goal 1: Steal targeting data to enable future operations.  Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information.  Additionally, targeting data allows Nation state organizations to understand how individuals are connected.  This can be key when we are looking for key influencers for targets of interest.  All targeting data should not be considered equal.  Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect.  State Actors target these organizations because of two factors:The Importance of the Data is the first factor.  If one party sends a second party an email, that means there is a basic level of connection.  However, it's not automatically a strong connection since we all receive emails from spammers.  If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email.  Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor.  Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers).  Others use temporary emails to attend conferences, so they don't get marketing spam when they get home.  However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms.  If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence.  Foreign Intelligence which drives policy-making decisions is very impactful.  Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars.  If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful.  By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions.  This can result in enabling new intelligence collection objectives.  Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business.  In that case, sanctions may be added against different airlines.  This occurred when the US sanctioned Mahan Air, an Iran's airline.  Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies.  However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective.  Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022.  They date back to Russia's invasion of Crimea.  It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important.  Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action.  Covert Action is generally intended to cause harm to another state without attribution.  However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action.  The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack.  Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns.  This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million.  FedEx around $400 million.  The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia.  Another example is Stuxnet.  This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic.  They spot a bear running at them.  One friend gets up and starts running away from the bear.  The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching.  “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend.  “You can't outrun a bear!”  “I don't have to outrun the bear,” said the second friend.  “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered.  Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public.  If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs.  The State Department hosts a travel advisory list.  This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook.  The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan.  Good communications plans generally require at least four forms of communication.  The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager.  Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya.  One popular plan is Inmarsat's BGAN.  BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute.  This usually translates to a yearly cost of $1,500-2K per device.  Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil?  Let your company decide.  Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations.  For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount.  This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel.  If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border.  Have you identified an egress office for each overseas country?  If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures.  When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees.  Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs.  Good examples of this include following threat intelligence information from: Your local ISAC organization.  ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats.  The National Council of ISACs lists twenty-five different members across a wide range of industries.  An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure.  Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators.  Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks.  Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques.  For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure.  This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework.  Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert.  Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert.  One helpful page to consider is the Cyber Resilience Review Assessment.  Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers?  If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services.  Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority.  I would argue those are high/critical vulnerabilities with known exploits being used in the wild.  You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list.  Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA).  Routinely we see organizations require MFA access to websites and use Single Sign On.  This is great -- please don't stop doing this.  However, we would also recommend MFA enhancements in two ways.  One, are you using MFA on RDP/SSH logins by administrators?  If not, then please enable immediately.  You never know when one developer will get phished, and the attacker can pull his SSH keys.  Having MFA means even when those keys are lost, bad actor propagation can be minimized.  Another enhancement is to increase the security within your MFA functionality.  For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address.  You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard.  Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents?  Do you have coverage on both your Windows and Linux Server environments?  Of the agents running, what portion have signatures updates that are not current?  How about more than 30 days old.  We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise.  Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done.  One example is implementing DMARC to properly authenticate and block spoofed emails.  It's the standard now and prevents brand impersonation.  Also please consider restricting email domains.  You can do this at the very top.  Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains:  .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs).  However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary.  Let's say your business is located entirely in the UK.  Do you really want to allow emails from Country codes such as .RU, .CN, and others?  Do you do business with .hair, or .lifestyle, or .xxx?  If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks.  It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help.  Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets.  One thing to consider is using Amazon Inspector.  Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances.  This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security.  Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard.  One tip we don't see often is using geo-fencing and IP allow-lists.  For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito.  This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it.  This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar.  However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence.  Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy.  Unfortunately for Acme, Orange has just invaded their neighboring country Blue.  Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange.  Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work.  Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war.  This means that the parent company won't provide services to the Orange company.  Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk.  There's just one problem.  Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start?  Let's consider a few things.  First, what is the lifeblood of a company?  Every company really needs laptops and Collaboration Software like Office 365 or GSuite.  So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things.  Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment.  Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed.  Also, you ensure a new Active Directory server is created for your Orange environment.  This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task.  However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight.  We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP).  One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association.  (I'll put the link in our show notes.)  The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response.  Typically, teams follow the PICERL model.  (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents.  Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap.  If you didn't think about it before, you now have plenty of material to work with.  Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice.  We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown.  I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it.  Here's another one for you to add to your arsenal.  Take the time and be prepared -- you'll be a hero "when the bubble goes up."  (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear.  Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft.  Please remember to like us on your favorite podcast provider and tell your peers about us.  Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings.  This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns  https://www.cia.gov/about/mission-vision/  https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/  https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/  https://www.nationalisacs.org/member-isacs-3  https://attack.mitre.org/groups/  https://data.iana.org/TLD/tlds-alpha-by-domain.txt  https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf 

Karim Hijazi has been at the forefront of attacker counterintelligence and infiltration research for the last decade, developing new ways for security teams to clandestinely monitor hackers and anticipate attacks before they happen. Prior to launching Prevailion, Karim was the founder/CEO of Unveillance, an early pioneer in advanced threat intelligence and the first cloud-based data leak intelligence platform. Karim successfully exited Unveillance in 2012 with an acquisition by Mandiant, and he was then appointed as Mandiant's new director of intelligence. While at Mandiant, Karim played an important role in that company's well-known APT1 report released in 2013, which definitively linked the People's Liberation Army of China to widespread cyber espionage activity against US interests. Mandiant was acquired by FireEye soon after. During the hacktivist heydays of the early 2010s, Karim engaged in a well-documented battle with the Anonymous offshoot “LulzSec,” after the group compromised an InfraGard database. Karim's confrontation with the group was featured in Parmy Olson's book, “We Are Anonymous,” as well as national media like CNN and CNET. During the Arab Spring, Karim also served as a key contributor to the Cyber Security Forum Initiative's “Project Cyber Dawn Libya,” which provided the first in-depth look at Libyan cyber warfare capabilities and defenses. CSFI's membership includes military officials, academics and business leaders from the US and around the world. Do you want to get the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/ Support the show on Patreon:  https://patreon.com/mspradio/ Want our stuff?  Cool Merch?  Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/  

#SecurityConfidential #DarkRhinoSecurity Joshua is the CISO at H&R Block. He has deep experience in designing and building information security programs. He is an expert on Zero Trust. His approach to information security is to transparently support and drive business initiatives, leveraging security capabilities to differentiate companies from their competition. Josh has spoken at InfoSec World, InfraGard, and ISSA and he is a SANS mentor. In short, he is a master of helping companies reduce risk. 00:00 Introduction 01:14 Joshuas Background 05:18 Why having different backgrounds in cyber is so important 15:06 Using Cybersecurity as a competitive advantage 17:04 Brand Loyalty program 23:35 How do you measure and monitor risk? 30:30 Establishing a culture in Cybersecurity 33:10 Getting the Cyber sec people to understand the business 36:00 Understanding the WHY 37:36 Amazon, Microsoft, Google myth 40:40 Zero Trust vs SASE 45:00 Prevention, Detection, and Response 48:10 3rd Party Risk 50:12 More about Joshua Women In Security KC https://www.wiskc.org/ or https://www.linkedin.com/company/wiskc/ H&R Blocks Accelerate Program https://www.hrblock.com/careers/ Anam Cara: A Book of Celtic Wisdom by John O'Donohue https://www.amazon.com/Anam-Cara-Book-Celtic-Wisdom/dp/006092943X Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones by James Clear https://www.amazon.com/Atomic-Habits-Proven-Build-Break/dp/0735211299 To learn more about Joshua visit https://www.linkedin.com/in/brownjosh/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Surviving a double attempted homicide while 8 months pregnant with Agape Garcia. Her survival of a double attempted homicide while 8 months pregnant (by the father) and the desperation to survive became the catalyst to the foundation of BYIS while achieving an undisputed outlook of independence. During her journey to overcome, Garcia learned that extreme independence is a trauma driven response and a natural one which can be defeated through focused, self awareness and intentional control. Through her own walk, harsh lessons brought on by extreme independence resulted in areas of her life being sabotaged repeatedly. Her personal journey of post traumatic growth has led Garcia to dedicating her life in developing transformational programs, various forms of coaching, certification courses and establishing a nonprofit to help real time victims. Her commitment is to provide lifelong transformational habits that can restore your powerful internal sense of control. One of her personal statements, ‘You don't live anywhere but in your head' is why some of her laser focus teachings are on aligning your mental and emotional belief system. As her passion grew from her own personal struggles, Garcia became active within the community receiving a Mayoral appointment to work with the Citizen Review board in direct conjunction with Internal Affairs. She received hands-on training from the Sheriff's department, Department of Homeland Security, and FEMA which also led to the Infrastructure Liaison Officer designation (ILO), through the local Law Enforcement Center. Garcia has spent more than 20 years in the corporate world holding positions in Office Administration, Project Management, Compliance, Policy writing, Team building, Training, Leadership, and Consulting. She continued to serve other organizations including the American Society for Industrial Security (ASIS), and Board of Directors and holds current membership in the FBI vetted private sector program of InfraGard. As VP of a Security Consultant Company, she has developed programs with leadership responsibility for security and emergency management. These emphasize awareness toward identifying different stages of human behavior leading towards violence mitigation. While working, attending school, and raising her kids as a single parent, her personal priorities of housing, safety and privacy for her children were of utmost importance. This required Garcia to navigate through various self-help centers, state, city, local programs, systems and assistance to create a stable foundation for her family while providing the ability to assist others. She also volunteers and collaborates with local law writer(s), in support of bills under Public Safety. Garcia believes in the need to feel loved, wanted, and cared for as a part of life in all of us. Living through emotional tugs of war and learning to apply a controlled healthy mindset to overcome voids, shortcomings, and to break unhealthy cycles is who she is today versus the opposite of where she came from. Today, she prides herself on meeting the daily challenges of being vulnerable and safe at the same time while empowering others to Be Your Incredible Self. Garcia's personal mission is to help lead others in transforming their survival of Domestic Violence (DV) into Post Traumatic Growth and to mitigate the depletion of resources for real-time victims. Sharing her personal testimony has empowered so many others. She loves teaching her BYIS formula of: How to combine Situational Awareness with Emotional Intelligence to control your triggers.