POPULARITY
12 episodes with isacs
8 episodes with isacs
15 episodes with isacs
6 episodes with isacs
6 episodes with isacs
2 episodes with isacs
2 episodes with isacs
2 episodes with isacs
2 episodes with isacs
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Adriana Villasenor. Adriana is a Senior Director in FTI Consulting, based in New York. She has more than 20 years of experience managing tech, crisis, cyber, and litigation communications for publicly traded and privately held organizations, from global financial technology firms to billion-dollar consumer brands. Prior to joining FTI Consulting, she was the Chief Marketing and Communications Officer at the Financial Services Information Sharing and Analysis Center (FS-ISAC), where she led the financial services industry's media response during large-scale cyber threats and incidents facing the sector. During her tenure, Adriana helped launch member-facing platforms, created new products in response to emerging risks, and enabled the firm's international expansion. Learn more about Adriana on LinkedIn.In the discussion Adriana and Andy cover:Adriana's Background.Info Sharing.ISACs today, ISACs tomorrow.Crypto ISAC!Resilience.We play 3 Questions!Lots more!Selected links:Why I'm Bullish on ISACsIs Cyber Resilience on Your Board's Agenda?
In this episode of The Gate 15 Interview, Andy Jabbourspeaks with John Salomon. John is an information security executive and cybersecurity expert with 25 years of in-depth, cross-cultural, international experience across multiple critical industry sectors. Learn more about John on LinkedIn. In this episode John and Andy discuss: · John's Background. · Information Sharing.· ISACs, international partnership, and political transitions.· Critical threats and challenges.· John plays 3 Questions! · Lots more! Selected links:· Watch the episode on YouTube! Information Sharing, Cybersecurity Politics, Threats, and More· CyAN: New Podcast – Information Sharing, Cybersecurity Politics, Threats, and More. This post links to the YouTube and includes a timeline and links you may enjoy.· John Salomon · Cybersecurity Advisors Network - Secure in Mind on YouTube· CyAN's Position on Encryption Backdoor Legislation· https://cybersecurityadvisors.network
Grace Chi, co-founder and COO of PulseDive, takes us deep into the often overlooked world of cyber threat intelligence networking. Grace has become a passionate advocate for the human connections that power effective security programs, conducting groundbreaking research on how threat intelligence practitioners share information.What makes this conversation especially valuable is Grace's focus on the practical realities of threat intelligence implementation. She reveals that while formal structure or groups like ISACs provide important frameworks, the most timely and actionable intelligence typically flows through one-to-one relationships and trusted peer networks. These connections become critical during security incidents, when having someone who can provide just-in-time context about a threat can make all the difference between detection and compromise.The discussion tackles common pitfalls in threat intelligence program development, particularly the tendency to invest in platforms without proper implementation planning or ongoing maintenance resources. Grace offers concrete advice for organizations at different maturity levels, emphasizing the importance of starting with clear requirements, assigning dedicated point persons for implementation, and understanding pricing models before making significant investments.For those building threat intelligence capabilities from scratch, this episode provides a roadmap that focuses on identifying organizational pain points, leveraging existing talent, and implementing capabilities incrementally rather than attempting to configure every available feed immediately. Grace also highlights the critical distinction between external intelligence sources and the often-underutilized wealth of internal telemetry and observations.Beyond the tactical aspects, we explore how threat intelligence must be communicated differently to technical teams versus executive stakeholders, and how building a diverse network across multiple channels creates compounding value over time. Whether you're a seasoned security professional or just beginning to explore threat intelligence, this conversation offers insights that will help you build more effective security capabilities through the power of community.
Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQOn LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtppHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThis AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC's proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.Through Bongiovanni's contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesFuture is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9uHow do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUeThe executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQOn LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtppHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThis AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC's proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.Through Bongiovanni's contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesFuture is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9uHow do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUeThe executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Gina D'Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]On LinkedIn | https://www.linkedin.com/in/gina-daddamioOn Twitter | https://www.linkedin.com/in/gina-daddamio____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D'Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.Gina D'Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person's overall ability to fit within the team and contribute to the organization's goals.This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D'Addamio's story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Gina D'Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]On LinkedIn | https://www.linkedin.com/in/gina-daddamio____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D'Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.Gina D'Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person's overall ability to fit within the team and contribute to the organization's goals.This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D'Addamio's story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: How secure is your food: Cybersecurity threats and careers | Guest Jonathan BraleyPub date: 2024-10-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationGet your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastToday on Cyber Work, Jonathan Braley from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag ISAC) delves into the critical security challenges in the food, farming and production sectors. Featuring insights on the evolution of cybersecurity, the role of ISACs, and real-world threats like ransomware and phishing, this episode offers a comprehensive look at how cybersecurity professionals within this industry are working to safeguard vital systems. Braley shares tips on obtaining competitive roles, the convergence of IT and OT security and the importance of continuous learning. Tune in to grasp the latest trends and get invaluable career advice to stay ahead in the ever-evolving field of cybersecurity.View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast00:00 - Introduction to cyber work and guest Jonathan Braley00:53 - The growing cybersecurity job market02:05 - From biology to cybersecurity04:48 - Early career and learning at Valley Apps09:26 - Role and responsibilities at Food and Ag ISAC17:07 - Understanding cyber threats in food and agriculture23:23 - The growing connectivity and vulnerabilities in agriculture23:49 - Cybersecurity challenges for small towns and farms25:28 - The Reality of cyberattacks on small farms26:59 - Global implications of cybersecurity in agriculture28:44 - Insights from a cybersecurity expert in agriculture33:13 - Career opportunities in food and agriculture cybersecurity37:37 - Staying informed and prepared in the cybersecurity field40:04 - Cybersecurity career adviceAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastToday on Cyber Work, Jonathan Braley from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag ISAC) delves into the critical security challenges in the food, farming and production sectors. Featuring insights on the evolution of cybersecurity, the role of ISACs, and real-world threats like ransomware and phishing, this episode offers a comprehensive look at how cybersecurity professionals within this industry are working to safeguard vital systems. Braley shares tips on obtaining competitive roles, the convergence of IT and OT security and the importance of continuous learning. Tune in to grasp the latest trends and get invaluable career advice to stay ahead in the ever-evolving field of cybersecurity.View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast00:00 - Introduction to cyber work and guest Jonathan Braley00:53 - The growing cybersecurity job market02:05 - From biology to cybersecurity04:48 - Early career and learning at Valley Apps09:26 - Role and responsibilities at Food and Ag ISAC17:07 - Understanding cyber threats in food and agriculture23:23 - The growing connectivity and vulnerabilities in agriculture23:49 - Cybersecurity challenges for small towns and farms25:28 - The Reality of cyberattacks on small farms26:59 - Global implications of cybersecurity in agriculture28:44 - Insights from a cybersecurity expert in agriculture33:13 - Career opportunities in food and agriculture cybersecurity37:37 - Staying informed and prepared in the cybersecurity field40:04 - Cybersecurity career adviceAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
In this episode of The Gate 15 Interview, we're mixing things up! Andy Jabbour recorded this session onsite at TribalNet 2024 with TribalHub's Senior Marketing & Communications Manager, Michelle Bouschor, who took over as moderator. They were joined by Adam Gruscynski, IT Director, Potawatomi Casino Hotel and Tribal-ISAC Steering Committee member and Drew Ludwick, Director of IT Operations, Muckleshoot Casino Resort, to discuss ideas around cybersecurity and organizational culture.In the discussion the group discusses: Organizational culture and what makes a cyber strong organizational culture. Tribal-ISAC! What it is, how it's like other ISACs, what makes it special. How to build a strong organizational culture and the importance of leadership buy-in and taking things in “chewable bites.” Why we love TribalNet! Some of our favorite concert experiences – some we shared as we talked from Linkin Park to Snoop. And more, of course! Selected Links: TribalNet Conference 2024 Tribal-ISAC Michelle Bouschor. With 15 years of experience in tribal casino marketing, tribal government public relations, media, and community relations, I've honed my skills in navigating the unique landscape of indigenous communities. For the past 5 years, I've proudly contributed to TribalHub, leveraging my expertise to empower tribal entities through innovative solutions and strategic partnerships. Passionate about fostering collaboration and growth within tribal communities, I'm dedicated to driving positive change and sustainable development.· Michelle on LinkedIn Adam Gruscynski. Responsible for the day-to-day operations of the IT Department for Potawatomi Casino Hotel while ensuring all of the technology needs, whether current or future, of the organization are met. Adam joined Potawatomi Casino Hotel in 2008. During his time at PCH, Adam has gained an abundance of experience by taking on various roles including IT Security Manager, Senior Cybersecurity Engineer, Lead Network Administrator, Network Administrator, and Application Administrator. Prior to PCH, Adam was Network Engineer at the Milwaukee Journal Sentinel where he began his career as Help Desk Intern.· Adam on LinkedIn Drew Ludwick. A seasoned IT executive with over 25 years of progressive leadership experience in technology management, specializing in cybersecurity, strategic planning, and technology governance. Known for shaping and executing technology strategies aligned with business goals, leading diverse technology teams, and fostering innovation.· Drew on LinkedIn
In episode 94 of Cybersecurity Where You Are, Tony Sager is joined by the following guests from the Center for Internet Security® (CIS®):Carlos Kizzee, SVP of Multi-State Information Sharing and Analysis Center® (MS-ISAC®) Strategy & PlansKaren Sorady, VP of MS-ISAC Strategy & PlansGreta Noble, Director of Community EngagementTogether, they discuss how the ISAC Annual Meeting supports the 24x7x365 community defense efforts of the MS-ISAC and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®).Here are some highlights from our episode:02:30. Background information on ISACs in general and the role of the MS-ISAC04:17. Why it's an annual meeting and not a conference06:40. What made the 2024 ISAC Annual Meeting the largest of its kind so far08:43. How the human dimension drives our yearly meeting15:44. The role of the MS- and EI-ISACs in CIS's broader strategy19:42. How our yearly meeting improves what CIS does29:57. What's next for the ISAC Annual MeetingResourcesMS-ISAC: 20 Years as Your Trusted Cyber Defense CommunityEpisode 76: The Role of Thought Leadership in CybersecurityReasonable Cybersecurity GuideCybersecurity at Scale: Piercing the Fog of MoreIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Isac är orolig inför skolstarten. För färdtjänstens nya system gör att skolskjutsen ibland inte har plats för Isacs rullstol. Då kan han inte åka med. Klartext handlar också om extremvärmen i Europa. Lyssna på alla avsnitt i Sveriges Radio Play.
Guests: Erin Miller, Executive Director, Space ISAC [@SpaceISAC]On LinkedIn | https://www.linkedin.com/in/erinmarlenemiller/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin takes a journey into the fascinating realm of space security with Erin Miller, the executive director of the Space-ISAC, alongside Marco Ciappelli, a fervent space enthusiast who also helms the Redefining Society Podcast. They navigate the multifaceted landscape of space information sharing and analysis centers (ISACs), emphasizing the critical role these entities play in bolstering our global security posture against vulnerabilities, incidents, and threats within the space industry.Erin Miller sheds light on key milestones and initiatives propelling the Space-ISAC forward, including its inception at the behest of the U.S. White House in 2019, to address the unprotected attack surfaces of the burgeoning commercial space sector. The episode illuminates the importance of private-public partnerships and international collaboration, highlighting engagements with space agencies worldwide to enhance threat intelligence sharing.The conversation traverses the importance of making threat intelligence actionable and accessible, eschewing spreadsheets for alerts that are immediate and practical. Further, the dialogue touches on the upcoming phase two of the Space ISAC's operational watch center, poised to expand its threat scenario coverage. The episode punctuates with Erin Miller extending an invitation to Sean Martin and Marco Ciappelli to visit the Space-ISAC watch center in Colorado Springs, foregrounding the ongoing endeavors and successes in the domain of space security.Listeners are invited to explore this episode's rich discussions, not only as a beacon of knowledge on space security but also as a conduit for understanding the synergies between cybersecurity, space exploration, and societal impacts.Key Topics CoveredHow space security impacts global cybersecurity postureWhat is the role of Space ISAC in space securityHow public-private partnerships and international collaboration enhance space security___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guests: Erin Miller, Executive Director, Space ISAC [@SpaceISAC]On LinkedIn | https://www.linkedin.com/in/erinmarlenemiller/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin takes a journey into the fascinating realm of space security with Erin Miller, the executive director of the Space-ISAC, alongside Marco Ciappelli, a fervent space enthusiast who also helms the Redefining Society Podcast. They navigate the multifaceted landscape of space information sharing and analysis centers (ISACs), emphasizing the critical role these entities play in bolstering our global security posture against vulnerabilities, incidents, and threats within the space industry.Erin Miller sheds light on key milestones and initiatives propelling the Space-ISAC forward, including its inception at the behest of the U.S. White House in 2019, to address the unprotected attack surfaces of the burgeoning commercial space sector. The episode illuminates the importance of private-public partnerships and international collaboration, highlighting engagements with space agencies worldwide to enhance threat intelligence sharing.The conversation traverses the importance of making threat intelligence actionable and accessible, eschewing spreadsheets for alerts that are immediate and practical. Further, the dialogue touches on the upcoming phase two of the Space ISAC's operational watch center, poised to expand its threat scenario coverage. The episode punctuates with Erin Miller extending an invitation to Sean Martin and Marco Ciappelli to visit the Space-ISAC watch center in Colorado Springs, foregrounding the ongoing endeavors and successes in the domain of space security.Listeners are invited to explore this episode's rich discussions, not only as a beacon of knowledge on space security but also as a conduit for understanding the synergies between cybersecurity, space exploration, and societal impacts.Key Topics CoveredHow space security impacts global cybersecurity postureWhat is the role of Space ISAC in space securityHow public-private partnerships and international collaboration enhance space security___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Sidney Pearl, Executive Director at AI-ISACOn Linkedin | https://www.linkedin.com/in/sidney-pearl/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesWelcome to a new episode of Redefining CyberSecurity Podcast. In this episode, Sean Martin is joined by Sidney Pearl to discuss the AI-ISAC (Artificial Intelligence Information Sharing and Analysis Center). They talk about the importance of operationalizing security and how communities, such as CISOs and other business executives, play a vital role in information sharing.Sidney Pearl, the newly appointed executive director of AI ISAC, shares his background and experience in cybersecurity. The pair explore the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs. They explain that ISACs were initially formed to develop public and private partnerships between the government and private industry to share information and identify threats to critical infrastructure. Over time, ISACs have evolved into ISAOs, which have members beyond just the government and focus on sharing information across various domains.The conversation then shifts to the AI ISAC and its importance in sharing information about artificial intelligence-related threats. They emphasize that the AI-ISAC is neutral and aims to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence. They discuss the challenges of navigating the rapidly evolving field of artificial intelligence, where bad actors can leverage AI tools for malicious purposes.Sean and Sidney stress the necessity for organizations to proactively understand the trajectory of AI and make informed decisions. They highlight the importance of accessibility to good information for organizations to stay ahead of threats. Trust plays a crucial role in the success of ISACs, and Sidney invites the audience to engage with the AI-ISAC to foster trust and collaboration. Sidney also expresses the AI-ISAC's commitment to working together with the cybersecurity community to adapt to the changes brought by artificial intelligence. He encourages listeners to reach out and participate in the dialogue, emphasizing that we are all in this together.Key Insights Provided:What is the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers)? How have they evolved over time to develop public and private partnerships and share information to identify threats to critical infrastructure?What is the role of the AI-ISAC ? How does it aim to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence? What are the challenges in navigating the rapidly evolving field of artificial intelligence?How can organizations proactively understand the trajectory of artificial intelligence and make informed decisions to stay ahead of emerging threats? What is the importance of accessibility to good information in cybersecurity? How does trust play a crucial role in the success of ISACs, and how can the AI-ISAC foster trust and collaboration within the cybersecurity community?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Sidney Pearl, Executive Director at AI-ISACOn Linkedin | https://www.linkedin.com/in/sidney-pearl/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesWelcome to a new episode of Redefining CyberSecurity Podcast. In this episode, Sean Martin is joined by Sidney Pearl to discuss the AI-ISAC (Artificial Intelligence Information Sharing and Analysis Center). They talk about the importance of operationalizing security and how communities, such as CISOs and other business executives, play a vital role in information sharing.Sidney Pearl, the newly appointed executive director of AI ISAC, shares his background and experience in cybersecurity. The pair explore the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs. They explain that ISACs were initially formed to develop public and private partnerships between the government and private industry to share information and identify threats to critical infrastructure. Over time, ISACs have evolved into ISAOs, which have members beyond just the government and focus on sharing information across various domains.The conversation then shifts to the AI ISAC and its importance in sharing information about artificial intelligence-related threats. They emphasize that the AI-ISAC is neutral and aims to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence. They discuss the challenges of navigating the rapidly evolving field of artificial intelligence, where bad actors can leverage AI tools for malicious purposes.Sean and Sidney stress the necessity for organizations to proactively understand the trajectory of AI and make informed decisions. They highlight the importance of accessibility to good information for organizations to stay ahead of threats. Trust plays a crucial role in the success of ISACs, and Sidney invites the audience to engage with the AI-ISAC to foster trust and collaboration. Sidney also expresses the AI-ISAC's commitment to working together with the cybersecurity community to adapt to the changes brought by artificial intelligence. He encourages listeners to reach out and participate in the dialogue, emphasizing that we are all in this together.Key Insights Provided:What is the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers)? How have they evolved over time to develop public and private partnerships and share information to identify threats to critical infrastructure?What is the role of the AI-ISAC ? How does it aim to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence? What are the challenges in navigating the rapidly evolving field of artificial intelligence?How can organizations proactively understand the trajectory of artificial intelligence and make informed decisions to stay ahead of emerging threats? What is the importance of accessibility to good information in cybersecurity? How does trust play a crucial role in the success of ISACs, and how can the AI-ISAC foster trust and collaboration within the cybersecurity community?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this week's Security Sprint, Dave and Andy covered the following topics. ISAC Exciting Announcements! Tribal-ISAC joins National Council of ISACS for cyber security, information sharing Japanese Auto-ISAC and Auto-ISAC Formalize Agreement to Enhance Vehicle Cybersecurity Severe Weather Awareness Iowa Caucus Impacts Texas "Freeze" Buffalo Bills great stadium dig-out Main Topics School Data Base Leak. https://www.wired.com/story/us-school-shooter-emergency-plans-leak/ SEC X Compromise. SEC account hack renews spotlight on X's security concerns US SEC says breach of its X account did not lead to breach of broader SEC systems A Hacker's Perspective: Social Media Account Takeover Prevention Guide Scams. https://news.trendmicro.com/2024/01/12/fake-apple-and-capital-one-notifications-top-scams-of-the-week/ Physical Threats. Malicious Actors Threaten U.S. Synagogues, Schools, Hospitals, and Other Institutions With Bomb Threats, 12 Jan. “Since 8 December 2023, the FBI has opened investigations on more than 100 separate threats targeting more than 1,000 institutions in 42 states and the District of Columbia." New FB-ISAO Newsletter! FB-ISAO Newsletter, v6, Issue 1. US, UK launch retaliatory strikes against Houthis in Yemen Protests erupt outside Yemen Mission in NYC to condemn US attacks on Houthi rebels — some protesters attacking couple holding Israeli flag: ‘Long live Hamas, you piece of s–t!' Joint Statement from the Governments of Australia, Bahrain, Canada, Denmark, Germany, Netherlands, New Zealand, Republic of Korea, United Kingdom, and the United States Statement from President Joe Biden on Coalition Strikes in Houthi-Controlled Areas in Yemen Statement by Secretary of Defense Lloyd J. Austin III on Coalition Strikes in Houthi-Controlled Areas of Yemen Background Press Call by Senior Administration Officials and Senior Military Official on Developments in the Middle East Houthi rebels say US will pay a ‘heavy price' for strikes that killed 5, injured Lulzsec Hacktivists Leak American Bank Logins in Protest Against Yemen Airstrikes Moscow Blasts U.S.-British Strikes in Yemen Who Are the Houthis and Why Did the US and UK Launch Strikes on Them? Quick Hits FBI arrests Florida man accused of threatening ‘mass casualty event' American intel officials warn of risk of Hezbollah attacking U.S. Ivanti Vulnerabilities. Ivanti Blog Post: Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN CISA Adds Two Known Exploited Vulnerabilities to Catalog CERT-NZ: Vulnerabilities in Ivanti Connect gateways actively exploited Canadian Centre for Cyber Security Ivanti security advisory (AV24-020) Ivanti warns of Connect Secure zero-days exploited in attacks Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Canadian Centre for Cyber Security Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities Risky Biz News: Chinese APT exploits two Pulse Secure zero-days Ivanti Zero-Day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887) State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns The vulnerability forecast for 2024 WEF: Global Cybersecurity Outlook 2024 Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015
Ever wondered how to voice your concerns without sparking conflict?Even though teachers have credentials to teach and work with students, it is a different skill set to talk effectively with adults.Effective communication with adults, colleagues, and administrators, allows educators to express their concerns without complaining and still maintain relationships, both personally and professionally. And that takes skill building, including naming their fears and hesitations and remembering that they are in a team.So joining us today is Jennifer Abrams, an international educational and communications consultant and a trainer for coaches, teachers, and administrators, to talk about empowering educators through effective communication and dealing with hard conversations.Jennifer also shares the need to balance one's personal development and professional growth, the future of education through a human-centered approach, and why teacher support is essential. There is power in your voice and the support systems around you. So, never shy away from asking for support because that's a path to growth. Here's to your journey as an empowered educator! Stay empowered,JenLet's keep the conversation going! Find me at:Jen Rafferty | Instagram, YouTube, Facebook | LinktreeInstagram: @jenrafferty_Facebook: Empowered Educator Faculty RoomAbout Jennifer:Jennifer Abrams is an international educational and communications consultant for public and independent schools, universities and non-profits. Jennifer trains and coaches teachers, administrators and others on new teacher/employee support, having hard conversations, collaboration skills and being your best adult self at work. In her over two decades at Palo Alto Unified School District (Palo Alto, CA, USA), Jennifer was a high school English teacher, new teacher coach, and professional development facilitator. She left PAUSD in 2012 to start her full time communications consultancy in which she works with schools and organizations around the globe.Jennifer presents at annual North American-based conferences such as Learning Forward, ASCD, NASSP, NAESP, AMLE, ISACS and the New Teacher Center Annual Symposium among others. Internationally, she facilitated with the Teachers' and Principals' Centers for International School Leadership (TTC and PTC) and presents with EARCOS, NESA, ECIS, AISA, AMISA, CEESA and Tri-Association, and consults with schools across Asia, Europe, the Middle East, Australia, New Zealand, South America and Canada. Jennifer's publications include Having Hard Conversations, The Multigenerational Workplace: Communicating, Collaborating & Creating Community and Hard Conversations Unpacked - the Whos, the Whens and the What Ifs, Swimming in the Deep End: Four Foundational Skills for Leading Successful School Initiatives, and her newest book, Stretching Your Learning Edges: Growing (Up) at Work. Jennifer has been recognized as one of "21 Women All K-12 Educators Need to Know" by Education Week's 'Finding Common Ground' blog. She considers herself a "voice coach," helping others learn how to best use their voices - be it collaborating on a team, presenting in front of a group, coaching a colleague, supervising an employee. Connect with Jennifer:Website: www.jenniferabrams.comIG: @jenniferbethabramsX: @jenniferabramsLinkedIn
In this episode of The Gate 15 Interview, Andy Jabbour welcomes Tom Stockmeyer, Cyware's Director, Enterprise East, ISAC's and Federal. Cyber security leader with experience in helping threat sharing communities such as ISACs and ISAOs and their Member companies improve the fidelity of their intel and accelerate threat intel sharing amongst Members. Tom served in the Marine Corps from 1979 to 1983. He has an MBA from the Michael Coles School of Business, Kennesaw University. Tom has held several executive positions, has served on numerous technology Boards. Tom on LinkedIn. In the discussion we address: Tom's background from the Marine Corps to technology, entrepreneurship, to Cyware. Information Sharing successes and challenges, ISACs, ISAOs and Cyware helping to secure organizations across the Fortune 1000 and more. Challenges to effective info sharing. A shoutout to the good work being done at Aviation ISAC. Cyware, continuous innovation and automated collective defense. Long weekends and holiday threats. We play Three Questions and talk microwave food, the Marines, classic rock, classic movies and more! A few references mentioned in or relevant to our discussion include: Cyware Intelligence Sharing is Caring: Collective Defense for a Safer Nation, an article in HS Today by Cyware CEO Anuj Gul, 13 Dec 2023 Cyware Intel Exchange (CTIX) Cyware Collaborate (CSAP) Cyware Solutions for ISACs, ISAOs, and CERTs The Gate 15 Interview: Jeff Troy, President, Aviation ISAC, on public service, cybersecurity, understanding threats (and… colonizing the ocean?)
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.
In this week's Security Sprint, Dave and Andy talk about the following topics: Cybersecurity Awareness Month. A Proclamation on Cybersecurity Awareness Month, 2023. CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories NSA Releases Guidance on Acceptance Testing for Supply Chain Risk Management Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers CISA: Cyber Training Bulletin Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories NSA Launches 10th Annual Codebreaker Challenge for 2023 Check out NSA Cyber Director Rob Joyce's social media meme-fest! Here, on Threads. Gate 15, along with many ISACs, ISAOs and other great organizations, is Cybersecurity Awareness Month Champion! Headlines Beware of Floor Plans. https://www.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack FBI PIN: Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends Most dual ransomware attacks occur within 48 hours. Ransomware attack on Johnson Controls may have exposed sensitive DHS data Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang The Week in Ransomware - September 29th 2023 - Dark Angels FB-ISAO: September 2023 Threat Level Statement Update – Threat Levels Remain at GUARDED. The U.S. National Strategy to Counter Antisemitism: Key Actions by Pillar | The White House Fact Sheet: Biden-Harris Administration Takes Landmark Step to Counter Antisemitism | The White House Secretary Mayorkas Delivers Remarks at the Protecting Places of Worship Roundtable. Peruvian National Arrested In Peru For Sending Over 150 Hoax Bomb Threats To Schools And Other Institutions In The United States And Soliciting Child Pornography. VA man who made threats against church arrested after showing up to Sunday service armed with gun, knive Armed suspect arrested at Haymarket church, while service in progress Sept. 24 - Bull Run, VA Pastor says ‘miracle of God' led to peaceful arrest of armed man at Va. church Target Press Release: Target Closes Select Stores to Prioritize Team Member and Guest Safety US GAO - Critical Infrastructure Protection: National Cybersecurity Strategy Needs to Address Information Sharing Performance Measures and Methods. Quick Hits FCC Net Neutrality. https://techcrunch.com/2023/09/26/fcc-announces-plans-to-reinstate-net-neutrality/ Apple updates. https://www.securityweek.com/macos-14-sonoma-patches-60-vulnerabilities/ Prepare for the unlikely. https://www.dhs.gov/science-and-technology/news/2023/09/25/preparing-unlikely FBI PSA: "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings FEMA and FCC Plan Nationwide Emergency Alert Test for Oct. 4, 2023. Test Messages Will be Sent to All TVs, Radios and Cell Phones Massive emergency alert test scheduled to hit your phone on Wednesday. Here's what to know. Bridging the gender gap in the public sector. Bipartisan Senate Intelligence Committee Report Warns of New Threats from China and Russia (PDF report) CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber. People's Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices Global Engagement Center Special Report: How the People's Republic of China Seeks to Reshape the Global Information Environment. Critical vulnerabilities in Exim threaten over 250k email servers worldwide. CISA releases Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management. A Hardware Bill of Materials Framework for Supply Chain Risk Management A Hardware Bill of Materials Framework for Supply Chain Risk Management Fact Sheet The Cybersecurity 202 - Want to learn what's in your hardware? CISA has an idea for that.
In the latest episode of Nerd Out Dave rolls out the second annual Two-Thirds of the Year Awards. The winners are: Heath Ledger Joker Award. Extreme Heat. Avengers Team Up Award. ISACs. Scotty Doesn't Know Award. Insider Threats. Dumpster Fire Award. MOVEit Aldus Snow Award. Ransomware Dennis Green "They are who we thought they were" Award. Mother Nature The Cobra Award - "You're the disease and I'm the cure". Patching MVP. eCrime
In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Willy Leichter as he sheds light on his extensive experience spanning over 24 years in the security realm. With a keen focus on cyclical patterns of security, he underscores the unique position of Cyware, a brand that has worked assiduously to bridge silos across industries. While discussing the broader vision of threat intelligence, he underscores its potential in predicting and mitigating attacks proactively.Join Wily and Sean and they dig into the complexities of threat intelligence, highlighting the importance of clear notifications and the stories behind them. Sean recalls his experiences as a product manager building an enterprise SIEM solution, shedding light on the challenges of orchestrating bidirectional data exchanges due to the diversity of data formats. This reflection underscores the need for a more streamlined and scalable approach.Willy discusses Cyware's role in addressing these challenges. He explains how Cyware assists teams and systems in understanding and acting upon various threats. The conversation also touches on the role of Artificial Intelligence (AI) in improving integrations and managing threats. A significant portion of the discussion focuses on the potential of bidirectional threat intelligence sharing, emphasizing its advantage over the typical one-way sharing that's more common.As the episode progresses, the concept of threat intelligence as a service is introduced. In a digital age where cyber threats are continually evolving, Sean and Willy stress the need for a united front in defense. They advocate for a collaborative approach, emphasizing the benefits of collective defense in an industry where real-time sharing and coordination are paramount.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Willy Leichter, VP of Marketing at Cyware [@CywareCo]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more about Cyware and their offering: https://itspm.ag/cywaremja9For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Willy Leichter as he sheds light on his extensive experience spanning over 24 years in the security realm. With a keen focus on cyclical patterns of security, he underscores the unique position of Cyware, a brand that has worked assiduously to bridge silos across industries. While discussing the broader vision of threat intelligence, he underscores its potential in predicting and mitigating attacks proactively.Join Wily and Sean and they dig into the complexities of threat intelligence, highlighting the importance of clear notifications and the stories behind them. Sean recalls his experiences as a product manager building an enterprise SIEM solution, shedding light on the challenges of orchestrating bidirectional data exchanges due to the diversity of data formats. This reflection underscores the need for a more streamlined and scalable approach.Willy discusses Cyware's role in addressing these challenges. He explains how Cyware assists teams and systems in understanding and acting upon various threats. The conversation also touches on the role of Artificial Intelligence (AI) in improving integrations and managing threats. A significant portion of the discussion focuses on the potential of bidirectional threat intelligence sharing, emphasizing its advantage over the typical one-way sharing that's more common.As the episode progresses, the concept of threat intelligence as a service is introduced. In a digital age where cyber threats are continually evolving, Sean and Willy stress the need for a united front in defense. They advocate for a collaborative approach, emphasizing the benefits of collective defense in an industry where real-time sharing and coordination are paramount.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Willy Leichter, VP of Marketing at Cyware [@CywareCo]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more about Cyware and their offering: https://itspm.ag/cywaremja9For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In the latest episode of Nerd Out, Dave welcomed Mayya Saab, the Executive Director of the Faith-Based Information Sharing and Analytics Organizations (FB-ISAO). The pair discussed Maya's path to working in security and preparedness and how it prepared her for her current role. Then Mayya talked about the importance of Information Sharing and Analytic Centers and Organizations, and specifically the FB-ISAO. Mayya, talked about how their community of faith works, and why it is important that these organizations work together with their government partners. Finally Mayya talked about the collaboration within FB-ISAO, and what's next.
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: AI Incident Sharing - Best practices from other fields and a comprehensive list of existing platforms, published by stepanlos on June 29, 2023 on The Effective Altruism Forum. Purpose of this post: The purpose of this post is three-fold: 1) highlight the importance of incident sharing and share best practices from adjacent fields to AI safety 2) collect tentative and existing ideas of implementing a widely used AI incident database and 3) serve as a comprehensive list of existing AI incident databases as of June 2023. Epistemic status: I have spent around 25+ hours researching this topic and this list is by no means meant to be exhaustive. It should give the reader an idea of relevant adjacent fields where incident databases are common practice and should highlight some of the more widely used AI incident databases which exist to date. Please feel encouraged to comment any relevant ideas or databases that I have missed, I will periodically update the list if I find anything new. Motivation for AI Incident Databases Sharing incidents, near misses and best practices in AI development decreases the likelihood of future malfunctions and large-scale risk. To mitigate risks from AI systems, it is vital to understand the causes and effects of their failures. Many AI governance organizations, including FLI and CSET, recommend creating a detailed database of AI incidents to enable information-sharing between developers, government and the public. Generally, information-sharing between different stakeholders 1) enables quicker identification of security issues and 2) boosts risk-mitigation by helping companies take appropriate actions against vulnerabilities. Best practices from other fields National Transportation Safety Board (NTSB) publishes and maintains a database of aviation accidents, including detailed reports evaluating technological and environmental factors as well as potential human errors causing the incident. The reports include descriptions of the aircraft, how it was operated by the flight crew, environmental conditions, consequences of event, probable cause of accident, etc. The meticulous record-keeping and best-practices recommendations are one of the key factors behind the steady decline in yearly aviation accidents, making air travel one of the safest form of travel. National Highway Traffic Safety Administration (NHTSA) maintains a comprehensive database recording the number of crashes and fatal injuries caused by automobile and motor vehicle traffic, detailing information about the incidents such as specific driver behavior, atmospheric conditions, light conditions or road-type. NHTSA also enforces safety standards for manufacturing and deploying vehicle parts and equipment. Common Vulnerabilities and Exposure (CVE) is a cross-sector public database recording specific vulnerabilities and exposures in information-security systems, maintained by Mitre Corporation. If a vulnerability is reported, it is examined by a CVE Numbering Authority (CNA) and entered into the database with a description and the identification of the information-security system and all its versions that it applies to. Information Sharing and Analysis Centers (ISAC). ISACs are entities established by important stakeholders in critical infrastructure sectors which are responsible for collecting and sharing: 1) actionable information about physical and cyber threats 2) sharing best threat-mitigation practices. ISACs have 24/7 threat warning and incident reporting services, providing relevant and prompt information to actors in various sectors including automotive, chemical, gas utility or healthcare. National Council of Information Sharing and Analysis Centers (NCI) is a cross-sector forum designated for sharing and integrating information among sector-based ISACs (Information Sharing an...
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: Insight from the ISACs.Pub date: 2023-02-08Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.Russian wiper malware targets Ukraine.Russia's Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop)APT Activity Report for T3 2022 (ESET)Cyber attack on the Ukrinform information and communication system (CERT-UA)Command injection vulnerability affects Cisco devices.When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix)Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco)Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection.Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino)IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.Network Security Trends: August-October 2022 (Unit 42)Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)Control Loop Interview.The interview is the second part from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 2 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief. Russian wiper malware targets Ukraine. Russia's Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop) APT Activity Report for T3 2022 (ESET) Cyber attack on the Ukrinform information and communication system (CERT-UA) Command injection vulnerability affects Cisco devices. When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix) Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco) Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino) IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability. Network Security Trends: August-October 2022 (Unit 42) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) Control Loop Interview. The interview is the second part from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab. In Part 2 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.
In this episode of The Gate 15 Interview, Andy Jabbour visits with Josh Poster, Intelligence and Analysis Operations Manager for Auto-ISAC. In that role, Josh also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long-time leader in the ISAC and homeland security communities. ‘Preparation is prevention' - Josh Poster ‘Everyone has a plan until they get punched in the mouth.' – Mike Tyson In the discussion we address: Josh's background and current position Developing trust, the importance of relationships and how those relate to both Auto-ISAC and broader, cross-sector and private-public information sharing Building confidence through preparedness We name drop longtime National Council of ISACs leaders Health ISAC's Denise Anderson, IT-ISAC's Scott Algeier, and Comms ISAC's Joe Veins, as well as Bob Kolasky, formerly Assistant Director the Cybersecurity and Infrastructure Security Agency (CISA) and now Exiger's Senior Vice President of Critical Infrastructure. We also talk about the very valued Auto-ISAC Executive Director, Faye Francy. The Gate 15 Interview EP 28: Talking election security, tea and baseball, with Scott Algeier Bob Kolasky - How the Cyber Risk Landscape Changed in 2022 – and What's in Store for 2023 Companies recognizing bottom-line impact will spend more on cybersecurity, 13 Jan 2023 The cyber threats facing the automotive industry Fishing, Rainbow Trout, BMX and more! ‘Every single one of our members has a global presence' - Josh Poster A few references mentioned in or relevant to our discussion include: Automotive Information Sharing And Analysis Center (Auto-ISAC) National Council of ISACs (NCI) Josh was also a guest on the podcast in September 2022: The Gate 15 Interview: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC! Plus, background! shout-outs!! favorite movies, tigers, and more!!! BBC, Industrial espionage: How China sneaks out America's technology secrets, 17 Jan 2023 FEMA National Level Exercises and Cyber Storm ENISA: The European Union Agency for Cybersecurity Japanese Auto-ISAC WIRED: Hackers Remotely Kill a Jeep on the Highway—With Me in It, 21 July 2015 WIRED: The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse, 01 Aug 2016
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: ICS/OT incident response plans: Don't get caught unprepared.Pub date: 2023-01-25The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.NOTAM outage appears to have been caused by a system error.US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg)Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR)The WEF's Cybersecurity Outlook for 2023.Global Cybersecurity Outlook 2023 (World Economic Forum)Mining company resumes operations after ransomware attack.Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation)DNV's fleet management software sustains ransomware attack.Cyber-attack on ShipManager servers – update (DNV)Ukrainian hacktivists conduct DDoS against Iranian sites.Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)Iran's support of Russia draws attention of pro-Ukraine hackers (The Record)Cyberattack hits Nunavut energy company's IT systems.Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC)Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs)Control Loop Interview.The interview is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 1 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief. NOTAM outage appears to have been caused by a system error. US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg) Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR) The WEF's Cybersecurity Outlook for 2023. Global Cybersecurity Outlook 2023 (World Economic Forum) Mining company resumes operations after ransomware attack. Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation) DNV's fleet management software sustains ransomware attack. Cyber-attack on ShipManager servers – update (DNV) Ukrainian hacktivists conduct DDoS against Iranian sites. Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media) Iran's support of Russia draws attention of pro-Ukraine hackers (The Record) Cyberattack hits Nunavut energy company's IT systems. Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC) Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs) Control Loop Interview. The interview is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab. In Part 1 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.
Tuddelidu Tirsdagsgjengen er tilbake i studio for enda en superduper bra sending! Det blir ukens søknad, eksamensprat, smash or pass, Ingrids fem kjappe og Isacs årsoppsummering. I tillegg rater Jenny sine tre siste konsertopplevelser!!! Bare å lytte i vei for god stemning!
Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it. Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way. So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers. It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time. However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today. Let me add one more quote and we'll get into the material. Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages. Modern governments know that, and as a result all have their own intelligence agencies. Let's look at an example. If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this? Most governments around the world have similar Nation State objectives and mission statements. Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors? Let's look at a couple: Goal 1: Steal targeting data to enable future operations. Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information. Additionally, targeting data allows Nation state organizations to understand how individuals are connected. This can be key when we are looking for key influencers for targets of interest. All targeting data should not be considered equal. Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect. State Actors target these organizations because of two factors:The Importance of the Data is the first factor. If one party sends a second party an email, that means there is a basic level of connection. However, it's not automatically a strong connection since we all receive emails from spammers. If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email. Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor. Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers). Others use temporary emails to attend conferences, so they don't get marketing spam when they get home. However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms. If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence. Foreign Intelligence which drives policy-making decisions is very impactful. Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars. If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful. By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions. This can result in enabling new intelligence collection objectives. Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business. In that case, sanctions may be added against different airlines. This occurred when the US sanctioned Mahan Air, an Iran's airline. Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies. However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective. Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022. They date back to Russia's invasion of Crimea. It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important. Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action. Covert Action is generally intended to cause harm to another state without attribution. However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action. The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack. Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns. This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million. FedEx around $400 million. The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia. Another example is Stuxnet. This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic. They spot a bear running at them. One friend gets up and starts running away from the bear. The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching. “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend. “You can't outrun a bear!” “I don't have to outrun the bear,” said the second friend. “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered. Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public. If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs. The State Department hosts a travel advisory list. This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook. The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan. Good communications plans generally require at least four forms of communication. The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager. Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya. One popular plan is Inmarsat's BGAN. BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute. This usually translates to a yearly cost of $1,500-2K per device. Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil? Let your company decide. Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations. For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount. This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel. If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border. Have you identified an egress office for each overseas country? If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures. When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees. Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs. Good examples of this include following threat intelligence information from: Your local ISAC organization. ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats. The National Council of ISACs lists twenty-five different members across a wide range of industries. An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure. Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators. Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks. Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques. For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure. This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework. Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert. Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert. One helpful page to consider is the Cyber Resilience Review Assessment. Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers? If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services. Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority. I would argue those are high/critical vulnerabilities with known exploits being used in the wild. You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list. Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA). Routinely we see organizations require MFA access to websites and use Single Sign On. This is great -- please don't stop doing this. However, we would also recommend MFA enhancements in two ways. One, are you using MFA on RDP/SSH logins by administrators? If not, then please enable immediately. You never know when one developer will get phished, and the attacker can pull his SSH keys. Having MFA means even when those keys are lost, bad actor propagation can be minimized. Another enhancement is to increase the security within your MFA functionality. For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address. You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard. Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents? Do you have coverage on both your Windows and Linux Server environments? Of the agents running, what portion have signatures updates that are not current? How about more than 30 days old. We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise. Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done. One example is implementing DMARC to properly authenticate and block spoofed emails. It's the standard now and prevents brand impersonation. Also please consider restricting email domains. You can do this at the very top. Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains: .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs). However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary. Let's say your business is located entirely in the UK. Do you really want to allow emails from Country codes such as .RU, .CN, and others? Do you do business with .hair, or .lifestyle, or .xxx? If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks. It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help. Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets. One thing to consider is using Amazon Inspector. Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances. This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security. Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard. One tip we don't see often is using geo-fencing and IP allow-lists. For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito. This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it. This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar. However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence. Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy. Unfortunately for Acme, Orange has just invaded their neighboring country Blue. Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange. Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work. Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war. This means that the parent company won't provide services to the Orange company. Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk. There's just one problem. Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start? Let's consider a few things. First, what is the lifeblood of a company? Every company really needs laptops and Collaboration Software like Office 365 or GSuite. So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things. Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment. Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed. Also, you ensure a new Active Directory server is created for your Orange environment. This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task. However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight. We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP). One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association. (I'll put the link in our show notes.) The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response. Typically, teams follow the PICERL model. (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents. Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap. If you didn't think about it before, you now have plenty of material to work with. Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice. We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown. I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it. Here's another one for you to add to your arsenal. Take the time and be prepared -- you'll be a hero "when the bubble goes up." (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear. Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft. Please remember to like us on your favorite podcast provider and tell your peers about us. Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings. This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns https://www.cia.gov/about/mission-vision/ https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/ https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.nationalisacs.org/member-isacs-3 https://attack.mitre.org/groups/ https://data.iana.org/TLD/tlds-alpha-by-domain.txt https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf
In this episode of The Gate 15 Interview, Andy Jabbour speaks with National Cybersecurity Alliance Executive Director, Lisa Plaggemier, Automotive ISAC Intelligence and Analysis Operations Manager & Vice Chair for the National Council of ISACs, Josh Poster, and FS-ISAC Senior Director, Strategic Partnerships, Bridgette Walsh, about Cybersecurity Awareness Month 2022! Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a proven track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa has held leadership roles with the Ford Motor Company, CDK, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn't born in Austin, Texas, she got there as fast as she could. Twitter: @LisaPlaggemier Josh Poster is the Intelligence and Analysis Operations Manager for Auto-ISAC. In that role he also serves as the Leader, Auto-ISAC Intel & Analysis Division & Vice Chair, National Council of ISACs (NCI). His past roles have included Program Manager, Public Transportation and Surface Transportation ISACs, Program Manager, Information and Infrastructure Technologies, and Sr. Analyst, Electronic Warfare Associates, among others. He holds a Bachelor of Science degree in Anthropology and is a long time leader in the ISAC and homeland security communities. Bridgette Walsh is the Senior Director, Strategic Partnerships for the Financial Services-Information Sharing Analysis Center (FS-ISAC). Prior to her arrival at the FS-ISAC, Bridgette supported the Department of Homeland Security (DHS) mission since its inception in 2003 and has led various leadership positions within cybersecurity strategy and stakeholder engagement. She most recently served as the Deputy Assistant Director (A) for Stakeholder Engagement for the Cybersecurity and Infrastructure Security Agency (CISA) including standing up the 6th Division within CISA. She also served as the Chief of Staff for the Cybersecurity Division (CSD) in CISA and as the Senior Counselor for Cyber to the CISA Director providing strategic guidance and counselor on cyber issues for the Agency. While leading Partnerships & Engagement for the CSD Stakeholder Engagement and Cyber Infrastructure Resilience Sub-Division (SECIR) she oversaw the Departments' development and delivery of the President's Executive Order 13800 Critical Infrastructure deliverables and all major partnership engagements. See additional background on Bridgette below. In the discussion we address: The great organizations our guests belong to! Background on Cybersecurity Awareness Month DHS's history and role with Cybersecurity Awareness Month Cybersecurity Awareness Month 2022 The role of the NCI and individual ISACs in message amplification Multi-factor authentication! Strong passwords and password managers! Updating software! Recognizing and reporting phishing! Books, movies, tigers and dogs, and our guests answer when they'd like to be in time! A few references mentioned in or relevant to our discussion include: Website Link: https://staysafeonline.org Cybersecurity Awareness Month Learn more about the National Cybersecurity Alliance's Cybersecurity Awareness Month Champion program at https://staysafeonline.org/champion. Are you a Cybersecurity Awareness Month Champion yet? Sign up today to receive your toolkit of free infographics, social media posts, tip sheets and more! Join in helping everyone stay safe online. #BeCyberSmart Facebook: Staysafeonline Instagram: @natlcybersecurityalliance The Financial Services Information Sharing and Analysis Center (FS-ISAC) Automotive Information Sharing And Analysis Center (Auto-ISAC) National Council of ISACs (NCI) PPD-63 The Gate 15 Interview: Scott Algeier on information sharing, critical infrastructure, cybersecurity
Our ancestors shared information on threats with their communities to ensure survival. The same is necessary for today's digital landscape. Businesses need to share information pertinent to their verticals to remain resilient against threats, but how can we do that in a diverse business environment while encouraging sharing? We speak to John Lee, Managing Director at Global Resilience Federation Asia Pacific to learn the important roles ISACs play and how they help organizations like yours build cyber resilience. Tune in to this episode to also hear:
Dagens sending inneholder alt fra kaffesmaking og boktips til rants og smash or pass. Dette er vårt nye medlem Jenny sin første ordentlige sending, så du får også bli bedre kjent med henne. I tillegg holder Sofie en Netfix quiz, som Isac nekter å anerkjenne. Lurer du på hvem som er cancelled denne uken? Eller vil du høre om Isacs vaskemareritt og en Ikea tur fra helvete? Lytt da vell!
Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. With the world of cyber defense and threat intelligence upside down, Rick and the Hash Table discuss the history of shifting the offense/defense balance, the three components of a proactive defense, and the evolution of adversary playbooks and the intrusion kill chain. with Rick Howard, the CyberWire's CSO and Chief Analyst, joined by Ryan Olson, the Palo Alto Networks VP on Threat Intelligence (Unit 42). They discuss the history and next steps for the adversary playbook concept. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a proactive defense, ISACs and ISAOs CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more adversary playbooks and cybersecurity first principles resources, check the topic essay.
Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a proactive defense, ISACs and ISAOs CyberWire is the world's most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram Additional first principles resources for your cybersecurity program. For more adversary playbooks and cybersecurity first principles resources, check the topic essay.
Episode #374 Dans cet épisode, Olivier Caleff nous parle des ISACs (Information Sharing and Analysis Center) qui facilitent le partage d'informations sur les menaces entre pairs d'un même secteur d'activité et qui s'appuient sur des procédures et des outils. Le but est d'atténuer les risques et d'améliorer la résilience sur des sujets liés à la […] The post Les ISACs appeared first on NoLimitSecu.
Last week was CompTIA's Communities and Councils Forums and I thought who better to bring on to the podcast than Wayne Selk the new VP of CompTIA's ISAO. Join us as we break down the differences between ISACs and ISAOs and how MSPs can take advantage of what these different entities have to offer as we navigate cybersecurity.
This month, The Cybersecurity Evangelist chats with a couple of budding podcasters. For the third appearance on the Gate 15 Podcast Channel, the Health Information Sharing and Analysis Center (H-ISAC) joins me for episode 17. I got to put my ISAC analyst hat on and talk with the heart of Health-ISAC – the dynamic duo of Zach Nelson (Threat Operations Center Manager) and Joshua Justice (Senior Cyber Threat Intelligence Analyst) from the Threat Operations Center about what drives Health-ISAC and the goals of the Threat Operations Center – the privacy and security of our protected health information (PHI) and why threat actors want that information – yours and mine! We also talked a little about cross-sector collaboration, especially between the ISACs, and rounded it out with a general reminder for all to be #BeCyberSmart about phishing themes leveraging the Russia-Ukraine conflict. Resources mentioned in this episode Health-ISAC H-ISAC Events The Gate 15 Interview: A Conversation with Errol Weiss, Chief Security Officer, Health-ISAC (27 July 2020) Nerd Out Security Panel Discussion: EP 15. Let's talk about Health! (July 2021) Current and Emerging Healthcare Cyber Threat Landscape (watch for the TLP:WHITE version of this report) What To Know About Medical Identity Theft (FTC)
There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days." How is that helpful?It isn't. It could actually be counter-productive.With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.____________________________GuestMick DouglasInfoSec Innovations | SANS Principal Instructor | IANS FacultyOn Twitter | https://twitter.com/bettersafetynetOn LinkedIn | https://www.linkedin.com/in/mick-douglas/____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchweb____________________________ResourcesInspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960National Council of ISACs: https://www.nationalisacs.org/Other social posts mentioned:https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBdhttps://twitter.com/hackinglz/status/1497035113170886656____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?
There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days." How is that helpful?It isn't. It could actually be counter-productive.With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.____________________________GuestMick DouglasInfoSec Innovations | SANS Principal Instructor | IANS FacultyOn Twitter | https://twitter.com/bettersafetynetOn LinkedIn | https://www.linkedin.com/in/mick-douglas/____________________________This Episode's SponsorsImperva: https://itspm.ag/rsaarchwebArcher: https://itspm.ag/itsphitweb____________________________ResourcesInspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960National Council of ISACs: https://www.nationalisacs.org/Other social posts mentioned:https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBdhttps://twitter.com/hackinglz/status/1497035113170886656____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?
Podcast: Aperture: A Claroty PodcastEpisode: OT-ISAC on Information-Sharing, Incident RecoveryPub date: 2022-01-30Bill Nelson, director and officer of the OT-ISAC, joins the podcast to discuss the growing need for adequate sharing of threat intelligence and incident information among operational technology professionals, including asset owners and security practitioners. Nelson explains some of the information-sharing challenges that continue to shadow ISACs, and why member organizations may be hesitant to share incident details. He also discusses a new operational resilience framework in development that will soon be released for public comment and feedback, and how that ties into the need for more discussions on incident response and recovery. --Claroty's research arm, Team82, invites you to join its new Slack channel where you can join other OT, ICS, and IoT cybersecurity experts to discuss the team's research, vulnerability disclosures, and best practices. Click here to join. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In her over two decades at Palo Alto Unified School District (Palo Alto, CA, USA), Jennifer was a high school English teacher, new teacher coach, and professional development facilitator. She left PAUSD in 2012 to start her full-time communications consultancy in which she works with schools and organizations across the globe. Jennifer trains and coaches teachers, administrators, and others on new teacher/employee support, having hard conversations, collaboration skills, and being your best adult self at work. Jennifer presents at annual North American-based conferences such as Learning Forward, ASCD, NASSP, NAESP, AMLE, ISACS, and the New Teacher Center Annual Symposium among others. Internationally, she consults with schools across Asia, Europe, Australia, New Zealand, Brazil, and Canada. Jennifer's publications include Having Hard Conversations, The Multigenerational Workplace: Communicating, Collaborating & Creating Community and Hard Conversations Unpacked – the Whos, the Whens and the What Ifs, Swimming in the Deep End: Four Foundational Skills for Leading Successful School Initiatives, and her newest book, Stretching Your Learning Edges: Growing (Up) at Work. Jennifer has been recognized as one of “21 Women All K-12 Educators Need to Know” by Education Week's ‘Finding Common Ground' blog. She considers herself a “voice coach,” helping others learn how to best use their voices – be it collaborating on a team, presenting in front of a group, coaching a colleague, supervising an employee. Connect Twitter-@jenniferabrams Website- www.jenniferabrams.com --- Send in a voice message: https://anchor.fm/bigedidea/message
Topic: Using Intelligence Analysis in InfoSec: Think Globally and Act Locally In episode 48 of The Cyber5, we are joined by Rick Doten. Rick is VP of Information Security at Centene Corporation and consults as CISO for Carolina Complete Health. We discuss shifting the operating model of threat hunting and intelligence to a more collaborative model, “think globally and act locally.” We then dive deep into the intelligence analysis for collecting and analyzing the vast array of network data to prioritize network protection. Finally, Rick makes an argument for the outsourcing of an intelligence function as a viable model. 5 Topics Covered in this Episode: Security Operations Integrating with Cloud, Applications, and Mobile: (01:00 - 06:00) Security operations involve integration with key elements of the business such as the cloud, applications, and mobile team. Risks to a container are much different from a server and force security operations to integrate with many teams, especially in large enterprises. This will guide how we protect proactively with alerting and reactively with incident response. Using Intelligence Analysis with Information Security Data Collection (06:00 - 08:52) Intelligence includes tracking specific campaigns of threat actors, their intentions, and capabilities. Intelligence analysis in the disciplines of information security is linking the human to the malicious act. For example, suppose a criminal threat actor uses email phishing and credential harvesting. In that case, the data collection model and instrumentation will be different than looking at actors who use exposed RDP or take advantage of supply chain risks. It will also be very different from a nation-state actor who is known to go “low and slow” and persist in 10 different places in a network. Value of Attribution and Communicating to the Board of Directors: (08:52 - 13:26) The mindset of keeping confidentiality, integrity, and availability of information safe and not wanting to attribute the threat actors and building appropriate threat models is becoming more antiquated. Understanding the human who perpetrated the act is critical. Their job is to break into a network and collect and/or monetize. This used to be easier in the defense industrial base because there are cleared environments for information sharing; however, this is becoming more efficient with Information Sharing Analysis Centers (ISACs). Boards of Directors understand competitors stealing intellectual property, so framing cyber threats in the same vein is the most productive way to get them to understand the importance of nation-state espionage or cyber criminals. The Right Way to Do Threat Intelligence: Think Globally Act Locally (13:26-24:00) The most important threat intelligence is internal network telemetry. The wrong mentality is to buy threat intelligence feeds and load indicators of compromise (IOCs) into a security tool like a SIEM. This will result in tremendous workloads with little results as good actors change their signatures constantly. Instead, it's important to get timely, actionable, and relevant finished intelligence on actors and their campaigns, not data or information. Finished intelligence might be reviewing technical methodologies of Russian GRU (or REvil ransomware) actors and identifying behaviors that can be detected internally on the network. At the highest level of attack campaigns are assignments of individuals to attack one particular company and steal/monetize something very specific. After gaining this intelligence, a security team can “dogpile” with the different entities of the business (SOC, applications, IT, development, mobile, etc.) to hunt and defend, “think globally, act locally.” Threat intelligence could certainly be outsourced, especially for companies who do not belong in an industry with ISACs. The Hardest Part of Intelligence Analysis: Determining Targeted Attack Versus Commodity (24:00-31:00) The hardest part of intelligence is being able to quickly identify if the attack is targeted or commodity. An actor who persists on Active Directory and the domain controllers is much different from those who want to exploit a bug in a cloud application or mobile application. Security teams who have minimal visibility gaps with internal network telemetry that can quickly detect these differences separate the mature security teams from the less mature security teams.
TCE continues the chat with REN-ISAC's Krysten Stevens and Brett Zupan. On this episode: We emphasize the importance of relationship building among higher ed and relevant community resources. Discuss the wide and varied landscape of higher ed and research community. We jump up on our soapboxes about how cyber is a cost of doing business, and not “if” but “when” you become a cyber attack victim. We chat REN-ISAC services, such as Security Event System (SES), Peer Assessment Service, and Workshops (again). Krysten brilliantly reminds us of the “trust community” that the ISACs represent. Brett sucks up to Krysten with a nod to the technical operations team; and of course, Krysten couldn't help but brag on her team too! As it should be. ;-) Brett rounds out our discussion with a masterful shout out to the NCI (National Council of ISACs). REN-ISAC Resources discussed on this episode: Peer Assessment Service - https://www.ren-isac.net/public-resources/pas/index.html Workshops - https://www.ren-isac.net/public-resources/workshops/index.html Security Event System - https://www.ren-isac.net/member-resources/SES.html Our Trust Community - https://www.ren-isac.net/what-we-do/index.html
This month, The Cybersecurity Evangelist talks with WaterISAC's Director of Preparedness and Response, Chuck Egli. The conversation ran a little longer than I like to aim for, but it's understandable given that Chuck and I work closely together in support of WaterISAC. Plus, with WaterISAC being one of the oldest ISACs, I'm quite certain they've earned the extra spotlight! After a much longer than normal opening comment (I sense a trend here) running down a list of many of the ISACs - (most of) which you can find on The National Council of ISAC's webpage at https://www.nationalisacs.org/member-isacs - Chuck and I talk about all the ways WaterISAC supports the security and resilience of the water and wastewater sector with an all-hazards approach (not just cyber). Chuck's parting thoughts: Look into your ISAC community or ISAO…there is one for you!! While many have membership models, so many of them offer information and assistance for the benefit of all toward the greater global good. For more information about WaterISAC, check out its webpage at https://www.waterisac.org/
© 2020-2025 Ivy Podcast Discovery LLC
