POPULARITY
Hosted by joseph carson
7 episodes with joseph carson
4 episodes with joseph carson
3 episodes with joseph carson
4 episodes with joseph carson
2 episodes with joseph carson
3 episodes with joseph carson
4 episodes with joseph carson
8 episodes with joseph carson
In this episode, Jenny and John chat with Joseph Carson to uncover the incredible story of his 177-pound weight loss transformation and how it ignited his passion for health and fitness. From building the largest private training studio in Oklahoma to creating Age-Well Arizona, a groundbreaking program for empowering older adults, Joseph's journey is full of inspiration and practical insights. Tune in to learn how he turned personal challenges into massive entrepreneurial success, built thriving fitness businesses, and discovered innovative ways to help clients of all ages achieve their best lives. Whether you're seeking motivation, business strategies, or lessons in leadership, this episode delivers invaluable takeaways.
Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, DelineaOn LinkedIn | https://www.linkedin.com/in/josephcarson/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAt AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn't just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.The Dynamics of EngagementThe dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.Insights on Ransomware RealitiesJoseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity's foundational importance.The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.Ethical and Strategic Considerations in CybersecurityThe discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia's laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals' business model.Global Trends and Local ChallengesThe conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.Marco's observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.Final Thoughts: Building a Safer Digital WorldThe discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.This conversation at AISA Cyber Con wasn't just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, DelineaOn LinkedIn | https://www.linkedin.com/in/josephcarson/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAt AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn't just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.The Dynamics of EngagementThe dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.Insights on Ransomware RealitiesJoseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity's foundational importance.The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.Ethical and Strategic Considerations in CybersecurityThe discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia's laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals' business model.Global Trends and Local ChallengesThe conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.Marco's observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.Final Thoughts: Building a Safer Digital WorldThe discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.This conversation at AISA Cyber Con wasn't just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Send us a textThis is the bonus part of the episode where we go through and ask a speed round of questions for not only their insights into cybersecurity, but a little bit of their personal life too! Show Notes from Joe's Reponses:Favorite Cybersecurity Tool:Proxmark - https://proxmark.com/Cybersecurity Books: Cuckoo's Egg, Clifford Stoll - https://a.co/d/8wOahpMMikko Hypponen - If it's smart it's vulnerable - https://a.co/d/awJBupDApps:Phone AppMessaging / SMSCameraConnect with Joseph CarsonLinkedIn: https://www.linkedin.com/in/josephcarson/Twitter / X: https://twitter.com/joe_carsonConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today!
Send us a textIn the rapidly evolving landscape of cybersecurity, staying ahead of emerging threats and technologies is crucial. This episode delves into the intricate world of cybersecurity with Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, as we explore the latest advancements and challenges in the field.With over three decades of experience, Carson shares valuable insights on the evolution of cybersecurity, from its humble beginnings as a subset of IT to its current status as a critical business function. He discusses the pivotal moments that shaped his career and the industry as a whole, including the impact of major cyber incidents and the changing nature of threats.Key Topics Covered:The transition of cybersecurity from an IT function to a business-critical roleThe importance of aligning cybersecurity strategies with business objectivesThe role of AI and quantum computing in shaping future cybersecurity challengesHuman risk management and its significance in modern cybersecurity practicesThe ethical considerations surrounding emerging technologiesConnect with Joseph CarsonLinkedIn: https://www.linkedin.com/in/josephcarson/Twitter / X: https://twitter.com/joe_carsonConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today!
In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in a lively discussion with Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea. They explore Joseph's extensive career journey in identity and access management, cybersecurity, and his hands-on experiences in Estonia's pioneering digital identity ecosystem. The conversation delves into the challenges and successes of implementing digital identity systems, the evolving landscape of Identity Threat Detection and Response (ITDR), and the interplay between digital identity, authentication, and AI in cybersecurity. Joseph also shares some behind-the-scenes anecdotes from his public speaking experiences and provides valuable insights into the future of identity management. The episode highlights valuable lessons for professionals in the field, practical advice for attending conferences, and the importance of continuous learning and adaptation in the rapidly evolving world of cybersecurity. 00:00 Introduction and Casual Banter 02:12 Conference Experiences and Swag 02:51 Upcoming Conferences and Discounts 06:09 Introducing the Guest: Joseph Carson 06:35 Joseph Carson's Career Journey 07:25 Estonia's Digital Identity Revolution 10:25 Delinea and Cybersecurity Research 12:46 Qubit Cybersecurity Conference 14:25 401 Access Denied Podcast 18:32 Estonia's Digital Identity Success 29:38 Identity Threat Detection and Response (ITDR) 32:40 The Evolution of Identity Access Management 33:48 The Convergence of Authentication and Authorization 35:00 The Role of AI in Identity Security 36:31 Digital Identity vs. Identity Access Management 38:47 Machine Identities and Asset Management 41:36 AI Agents and Identity Assistance 45:25 Challenges and Future of AI in Cybersecurity 51:07 Behind the Scenes of Public Speaking 60:06 Final Thoughts and Wrap-Up Connect with Joseph: https://www.linkedin.com/in/josephcarson Learn more about Delinea: https://delinea.com/ QuBit Cybersecurity Conference: https://qubitconference.com/ 401 Access Denied Podcast - https://delinea.com/events/podcasts Estonia Kratt AI Bot: https://www.ria.ee/en/state-information-system/personal-services/burokratt Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
On this episode of The Insuring Cyber Podcast, Joseph Carson, chief security scientist and advisory chief information security officer at Delinea, shared findings from Delinea’s latest report on … Read More » The post EP. 71: The Challenges of a Widening Cyber Insurance Protection Gap appeared first on Insurance Journal TV.
On this episode of The Insuring Cyber Podcast, Joseph Carson, chief security scientist and advisory chief information security officer at Delinea, shared findings from Delinea’s latest report on … Read More » The post EP. 71: The Challenges of a Widening Cyber Insurance Protection Gap appeared first on Insurance Journal TV.
Join me in conversation with Joseph Carson, Chief Security Scientist at Delinea, where we delve into a critical but often overlooked aspect of cybersecurity: its alignment with business metrics. Based on alarming statistics from Delinea's Global CISO research, this episode urges cyber decision-makers to reframe their perspective and underscores the pressing need for integrating cybersecurity with business objectives. We explore the challenges stemming from the traditional cybersecurity-focused approach, emphasizing a seismic shift towards holistic business security. The statistics from Delinea's Global CISO research set the tone: 89% of survey respondents reported experiencing at least one negative business impact in the past year due to the absence of alignment between cybersecurity and business strategies. This underscores the importance of the conversation and the pressing need for structural changes. We discuss the art of communicating the value of cybersecurity initiatives to executive boards. Joseph argues that merely focusing on technical or activity-based metrics such as the number of prevented attacks isn't enough. These metrics must be integrated into strategic business objectives, helping to break down the conventional silos within organizations and positioning cybersecurity as a crucial enabler of business growth. Joseph shares why businesses need to prioritize the most critical assets and incorporate security considerations early in project development phases. He underscores the significance of a symbiotic relationship between the CIO and CISO roles for better alignment and fortification against looming cyber threats. Whether you are a CISO, a business leader, or an executive, the discussion renders invaluable insights into aligning cybersecurity strategy with business goals to gain consensus, appropriate budgets, and, ultimately, a seat at the executive table.
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-3
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-3
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-3
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-3
Announcing Drata's Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work. Let's be honest: people can frustrate us. They don't always do the things we'd like, and they often do some things we'd rather they didn't. New research from the National Cybersecurity Alliance reveals insights about the public's attitudes and beliefs about security. We'll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We'll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see. Segment Resources: https://staysafeonline.org https://staysafeonline.org/programs/cybersecurity-awareness-month/teach-others-how-to-stay-safe-online/ https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/ https://staysafeonline.org/programs/events/convene-clearwater-2023/ Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia's journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I'll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw299
Announcing Drata's Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work. Let's be honest: people can frustrate us. They don't always do the things we'd like, and they often do some things we'd rather they didn't. New research from the National Cybersecurity Alliance reveals insights about the public's attitudes and beliefs about security. We'll explore the 2022 Oh Behave! Cybersecurity Attitudes and Behaviors Report and some of the findings may surprise you! We'll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see. Segment Resources: https://staysafeonline.org https://staysafeonline.org/programs/cybersecurity-awareness-month/teach-others-how-to-stay-safe-online/ https://staysafeonline.org/programs/hbcu-see-yourself-in-cyber/ https://staysafeonline.org/programs/events/convene-clearwater-2023/ Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia's journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I'll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw299
Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia's journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I'll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw299
Estonia is a small country in the Baltics; however, it has been at the forefront of technology for many years. This session traces Estonia's journey from independence in 1991 to its current use of digital identities for the systems that allow citizens to vote, check online banking, e-residency, and tax returns. I'll share lessons learned and key takeaways from incidents that happened along the way, examine what the future holds, and discuss the impact of incorporating AI into a digital society. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw299
2022-11-27 - Joseph Carson
In every episode I record with my guests, I ask them one crucial question: "What do you hate most about the cybersecurity industry?" In this episode, I curated the top answers for you. What's more, you'll get an understanding of what security practitioners, go-to-market teams, and cybersecurity vendors can do to alleviate some of these problems in the industry. Who will you hear from? [00:45] Joshua Marpet [01:39] Limor Kessem [03:43] Nick Ryan [04:43] Tal Arad [05:42] Leo Cruz [06:39] Gary Hayslip [08:05] Dmitriy Sokolovskiy [09:29] Allan Alford [12:39] Ryan Cloutier [15:43] Joseph Carson [17:09] Evan Francen [21:19] Malia Mason [24:08] Jenny Botton [25:23] Ferd Hagethorn [26:50] Chris Roberts Join Audience 1st Today Join 550+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287
Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284
Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284
In 2007, Estonia - then already a technologically advanced country - suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and an adviser to several governments and conferences, talks with Nate Nelson about the lessons learned from that event, and how Estonia became what he calls 'A Cloud Country'."
The goal is to frictionlessly get security buyers to information in trusted ways so they can self-verify and make wise, educated decisions. How do we build and develop business and communications skills, foster different ideas that allow us to think about how to be more ethical and innovative, and communicate better with our audience? How do we get cybersecurity to be a cool industry that people want to be in? These are questions that Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, asks himself regularly. In this episode, I had a brutally honest conversation with Joseph on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives. Join Audience 1st Today Join 300+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/
Digital security and risks are some of the most significant concerns companies face. And they look for various ways to mitigate those risks and establish a safe environment for their core business operations, even implementing security solutions that merely put a band-aid on vulnerabilities.But what companies don't know is that the key to augmented security lies in asking the right questions. And changing the mindset that it's not security first, it's business first, it's people first, it's risk. And security is a supporting pillar in that.In this episode of Dr. Dark Web, Chris Roberts welcomes Joseph Carson, the Chief Security Scientist (CSS) and Advisory CISO at Delinea. They get into the role of threat intelligence in strengthening security, the importance of knowing where the threats come from, how to translate intelligence and risk to the board, and why people should always come first.
2021 has been quite a year for all of us, but what have we accomplished and learned in the cybersecurity field? We have certainly had to adjust to a global remote work culture and step up our security strategies to take on new challenges involving more specialized cybercrime. Art Gilliland, CEO of ThycoticCentrify, joins our host, Joseph Carson, to reflect on key lessons learned and predictions for 2022. Will Zero Trust become a security norm like Defense in Depth? How could governments get more involved in cryptocurrency regulation efforts? Enjoy this engaging discussion before we kick off the new year! Connect with Art! ~LinkedIn Follow Joe on Twitter! ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
Joseph Carson has spent most of his career as a federal employee challenging everything from the country's nuclear weapons program to its whistleblower adjudication infrastructure.
Cybersecurity is a growing, expansive industry that transcends the fields of technology and even security. How can organizations leverage the critical work of data scientists not only for machine learning automation, but also for diversifying threat detection strategies? In this episode of 401 Access Denied, Joseph Carson, Chief Security Scientist at Thycotic, discusses data science in the security context with Kevin Hanes, CEO of Cybrary, and Jon Ramsey, a fellow cybersecurity executive and returning guest. Join the conversation on the importance of artificial intelligence, machine learning, and deep learning in the advancement of dynamic, adaptive cybersecurity business strategies and training. Connect with Jon and Kevin on Linkedin! ~Jon Ramsey ~Kevin Hanes Follow Joe on Twitter ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
During this 15-minute IT break, join our experts for a discussion about Password pain. Guest expert: Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic
Zero Trust security architecture models are becoming more popular as organizations seek to reduce risk. But what are both the business and cultural implications of deperimiterization? Enjoy this engaging conversation with Thycotic's Advisory CISO, and Chief Security Scientist, Joseph Carson, and his doppelgänger, Dave Lewis, the Global Security CISO at Cisco Security. Learn how a Zero Trust mindset involves not only technical solutions such as network zone segmentation, but also human-centered security awareness training and mentorship. Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube! Follow Dave on Social Media! ~LinkedIn ~Twitter Follow Joe on Twitter ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
How do we accurately measure and minimize cybersecurity risks? How does cyber insurance fit into the risk management process? Joseph Carson, Chief Security Scientist at Thycotic, discusses these questions and more with members of the Resilience cyber insurance company, including Ann Irvine, Chief Data Scientist, and Kevin McGowan, VP of Cyber Underwriting. Learn about how insurance companies like Resilience work with organizations to find the best solutions to offset critical risks. Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube! Follow Joe on Twitter ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
Podcast: The Cybrary Podcast (LS 33 · TOP 5% what is this?)Episode: 401 Access Denied Ep. 36 | Prepping for Operational Technology Risks with Jon Ramsey & Juan EspinosaPub date: 2021-09-08If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but your assets are at risk when malicious actors exploit those networks. In this episode of 401 Access Denied, listen to host Joseph Carson, Chief Security Scientist at Thycotic, talk with cybersecurity executives, Jon Ramsey and Juan Espinosa, about the significance of OT risk management and mitigation. Learn how security managers can work with designers, vendors, and compliance officers to prioritize investment in OT security. Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube! Follow Joe on Twitter ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn The podcast and artwork embedded on this page are from Cybrary Inc, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but your assets are at risk when malicious actors exploit those networks. In this episode of 401 Access Denied, listen to host Joseph Carson, Chief Security Scientist at Thycotic, talk with cybersecurity executives, Jon Ramsey and Juan Espinosa, about the significance of OT risk management and mitigation. Learn how security managers can work with designers, vendors, and compliance officers to prioritize investment in OT security. Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube! Follow Joe on Twitter ~@joe_carson Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
In this episode, Joseph Carson and Jonathan Meyers discuss the 2021 Verizon Data Breach Investigations Report and its findings. We cover how the threat landscape has changed in the past year and why there's been an increase in the number of cyberattacks. Hear what the experts say you can do to balance security and productivity. Plus, the top-cited causes of data breaches.
Gar O'Hara and your regular podcast hosts are taking a well-deserved break for a couple of weeks, so we've selected some our favourite segments from past episodes that we think deserve another listen. These highlights include Joseph Carson on Estonia's data embassies, Jenny Radcliffe on breaching physical security, Jess Lee on the impact and solutions for CISO and cyber security professionals burnout, and Mark O'Hare on what keeps the CISO of a cybersecurity company up at night. For the latest cyber news and insights head to www.getcyberresilient.com
Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic's simple approach to solving privileged access. This segment is sponsored by Thycotic. Visit https://securityweekly.com/thycotic to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw225
Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic's simple approach to solving privileged access. This segment is sponsored by Thycotic. Visit https://securityweekly.com/thycotic to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw225
In this episode, Mike and Arza host Joseph Carson! Joseph is a recent Brigham Young University graduate in broadcast journalism and he shares his wisdom on how to curate the wealth of information that is constantly bombarding us in today's society. Joseph also speaks of his experience with ultrasounds and what it means to learn about different cultures. Thank you for listening! You can find more from Joseph Carson here. Check us out every Wednesday for our new episode! --- Support this podcast: https://podcasters.spotify.com/pod/show/micatthehelm/support
In this episode of CISO Talks, we speak with Joseph Carson (Thycotic) about how a lot of organizations mistreat their data and not building their security around the data first. We also discussed zero trust and how to implement it effectively within your organization. Joseph Carson: http://bit.ly/2FQfh1p Cyber Security for Dummies: http://bit.ly/2UDUHvr Also available on: IGTV: https://www.instagram.com/instalepide Sound cloud: http://bit.ly/2MYHwxR Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media: LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
This week Gar is joined by Joseph Carson, Thycotic's Chief Security Scientist and Advisory CISO. He's the architect behind some of the worlds largest cloud environments, has worked to digitally transform cyber security education to online delivery, and now based in Estonia he has been working in areas such as digital identity. He's won many awards and is driven by a desire to give back to the community. Joseph walks us through what cyber resilience looks like at a country level, including how Estonia has gone about building trust with their citizens. He speaks about education for cyber security, immigration policies, data resilience through data embassies, and Jospeh outlines the jaw dropping economic benefits that an advanced digital society can achieve through removing friction. Connect with Joseph on LinkedIn: https://www.linkedin.com/in/josephcarson/ Follow Joseph on Twitter: https://twitter.com/joe_carson Check out Jospehs books: https://thycotic.com/resources/wileys-dummies-cybersecurity/ https://thycotic.com/resources/wileys-privileged-access-cloud-security-for-dummies/
In this episode of CISO Talks, we speak with Joseph Carson from Thycotic about his definition of zero trust and what it means for the cybersecurity industry. Check Joseph's profile out here: http://bit.ly/2FQfh1p Cyber Security for Dummies: http://bit.ly/2UDUHvr Also available on: IGTV: https://www.instagram.com/instalepide... Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media: LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
Stories From Our Event Coverage And From Around The World Sometimes we are there, sometimes we are not — either way, we still get the best stories. RSA Conference 2020 APJ Virtual Edition - Managing IOT Devices In An Enterprise Environment Guests: Joseph Carson and Arthur Fontaine In this episode, we continue our journey to RSAC 2020 APJ by looking at the expansion and growth of connected devices used to run businesses of all sizes across nearly every industry. Bringing two perspectives together from two separate presentations our guests help us to realize that you can have as many rules of conduct that you want - they may help - but are they a panacea? Here are the presentations‘ abstract: Joseph Carson ‘This session will explain how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security and how a light bulb almost stopped Christmas from happening.‘ Arthur Fontaine “IoT creates new risk exposures for enterprises. With the increasing sophistication of attacks and as devices multiply, IoT risk is unavoidable. To avoid risk is to avoid progress! Following threat modeling of a typical IoT solution architecture, this talk will offer techniques based on emerging standards, open source IoT projects and industry best practices to mitigate IoT threats and manage risk.“ Truth is that there are no rules of engagement — unless you understand your enemy. Standards may be used to "set the table for when dinner is served" - but what happens when the food fight begins? As Arthur's session clearly points out, to avoid risk is to avoid progress. ______________________________ Learn more about this channel's sponsors: - Semperis: itspm.ag/itspsempweb - Cequence: itspm.ag/itspcequweb Be sure to catch all of our RSAC 2020 APJ Virtual coverage on our coverage page here: www.itspmagazine.com/itspmagazine-event-coverage Interested in sponsoring our coverage? You can explore podcast sponsorship options here: www.itspmagazine.com/podcast-series-sponsorships
Joseph Carson from Thycotic is joined today by Emma Heffernan, one of the most recognized new cybersec professionals in the industry. She'll share her experience as a recent graduate turned Pentester and speaker as she navigates her way through various industry roles. Also, you'll hear ideas for learning new skills and sharing your expertise with others to further your industry knowledge.
Since the beginning of CISO Talks in early 2019 we have spoken to many CISOs, board members & I.T. professionals about some of the biggest challenges faced in the industry today for CISOs as well as the cybersecurity space in general. We have put together a video showcasing the common themes that came up across each episode. I.T. Professionals in this video: - Joseph Carson, CISSP, CSPO - Thycotic - James Goepel - Cybersecurity Maturity Model Certification Accrediation Body (CMMC AB) - Jane Frankland - #CISOAdvisor - Eliza-May Austin - th4ts3cur1ty.company - Greg van der Gaast - Proactive InfoSec - The University of Salford - Chris Bedel, CISM - #VirtualCISO Also available on: IGTV: https://www.instagram.com/instalepide... Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media: LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
In this podcast, Joseph discusses whether the c-suite should be solely accountable for data breaches. As well as this, he outlines which areas of security organisations should focus on more, rather than cut back on. Then, he lends his expertise on conversing with IT professionals to implement proactive measures and appropriate budgets, before sharing his thoughts for the future. Thycotic (https://thycotic.com/) . Joseph has over 25 years of experience in enterprise security and infrastructure and is also an adviser to several governments and cybersecurity conferences.
In this episode of CISO Talks, we discuss with Joseph Carson (from Thycotic) ways in which CISOs can effectively communicate with the board for them to understand cyber-risk. We go over some of the key questions that should be asked to increase the success rate of the process. Check Joseph's profile out here: http://bit.ly/2FQfh1p Cyber Security for Dummies: http://bit.ly/2UDUHvr Also available on: Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
At InfoSecurity Europe 2019, we sat down with our friend Joseph Carson (advisory CISO to Thycotic) to talk through a number of hot cybersecurity topics vendors were promoting. Are vendors talking about the right things? What are we still getting wrong? And how do we fix it? Check out LepideAuditor here: http://bit.ly/2Ic6ERb Check Joseph's profile out here: http://bit.ly/2FQfh1p Cyber Security for Dummies: http://bit.ly/2UDUHvr Also available on: Sound cloud: http://bit.ly/2MYHwxR Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media: LinkedIn: http://bit.ly/2FWHKoM Twitter: http://bit.ly/2FWNO0C Instagram: http://bit.ly/2FWMxXj Facebook: http://bit.ly/2FXb2Ue
After a few more conversations in the press room — which was managed fantastically by the Origin Communications (thank you Amanda Hassell and team!) — we took a few moments outside of the event management headquarters to chat with a few more friends (old and new) to get their views on the highlights from the event and what they want to see at next year’s event … which will be the 25th anniversary of Infosecurity Europe. Listen in to hear from Dan Raywood, Brian Honan, Nicole Mills, Paul Stone, and Joseph Carson. Enjoy! There's also a video version of this chat which can be viewed here: https://vimeo.com/340866114 ________ We'd like to thank our conference coverage sponsors for their support. Be sure to visit their directory pages on ITSPmagazine to learn more about them. Bugcrowd: https://www.itspmagazine.com/company-directory/bugcrowd CyberCyte: https://www.itspmagazine.com/company-directory/cybercyte Devo: https://www.itspmagazine.com/company-directory/devo Nintex: https://www.itspmagazine.com/company-directory/nintex STEALTHbits: https://www.itspmagazine.com/company-directory/stealthbits ________ Want more from InfoSec Europe in London? Follow all of our coverage here: https://www.itspmagazine.com/infosec-europe-2019-event-coverage-london-uk-cybersecurity-news-coverage-and-podcasts Looking for our chats on the clouds to InfoSec Europe? You can find those here: https://itspmagazine.com/itsp-chronicles/chats-on-the-clouds-to-infosec-2019-london Want to see all of our Infosecurity Europe conference coverage? Visit: https://www.itspmagazine.com/infosec-europe-2019-event-coverage-london-uk-cybersecurity-news-coverage-and-podcasts
That cyber incident that affected electrical utilities in the western United States seems to have been a denial-of-service attack. Concerns arise over potential proliferation of Chinese security service tools. Exploit blackmarketeer Volodya and some customers. The Retefe banking Trojan is back. Some new ransomware thinks it’s the moving finger that writes, and, having written, moves on. And some cause for measured optimism at the Global Cyber Innovation Summit. Emily Wilson from Terbium Labs on the Dynamic Connections conference, hosted by General Dynamics. Guest is Joseph Carson from Thycotic on lessons he’s learned (the hard way) on communications with the board. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_03.html Support our show
In our third and final part of our talk with Joseph Carson, we cover what least privilege is and what it means to have PAM in place in the business environment. We also talk about why more businesses aren't using least privilege in the workplace and finally cover Cyber Security for Dummies book that Joseph helped write. Check Joseph's profile out here: http://bit.ly/2FQfh1p Cyber Security for Dummies: http://bit.ly/2UDUHvr Follow us on Social Media LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
Join us for part 2 of our chat with Joseph Carson, where we dive deeper into how Security can affect the workplace. In this episode we talk about how being compliant doesn't mean you are secure, how having a good security culture is key to cybersecurity success, how security shouldn't stop or make it difficult for your employees to do their jobs and finally how you shouldn't use fear to implement security. Let us know your thoughts below. Do you agree? Follow us on Social Media LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
Join us as we speak with Joseph Carson, Chief Security Scientist at Thycotic. We ask Joseph about least privilege management in businesses today, how business can better understand the risk around their data and if the role of the CISO should be more business focused. We finish this week on how the attitudes differ around the world when it comes to cybersecurity. Check Joseph's profile out here: http://bit.ly/2FQfh1p Thycotic: http://bit.ly/2FKAUQK Also available on: Sound cloud: http://bit.ly/2MYHwxR Spotify: https://spoti.fi/2N0XGXR iTunes: https://apple.co/2N0sO9P Follow us on Social Media LinkedIn - http://bit.ly/2FWHKoM Twitter - http://bit.ly/2FWNO0C Instagram - http://bit.ly/2FWMxXj Facebook - http://bit.ly/2FXb2Ue
Unusual Gathering | Episode XXV Conversations At The Intersection Of IT Security And Society Guests: Stina Ehrensvard | Joseph Carson Hosts: Sean Martin | Marco Ciappelli This episode: It’s a password-less future. Or is it? Passwords were supposed to be dead 15-20 years ago. But, hey, here we are still talking about them. Why? To begin to answer this question, let’s start with why we are using passwords and what is seriously wrong with them. Once upon a time, security for computers was a physical key to access the machine in the room. Soon, however, we had to authenticate the user to access what was on the machine, not just the machine itself, so we started with passwords. This wasn’t much of an issue until computers got connected to the Internet and we needed to manage multiple accounts to access multiple things. Today, depending on what part of the world you live in, you likely have between 20 and 90 accounts that require a password. With this, it became hard to remember, keep track, and even manage the passwords — and user behavior surrounding this challenge has made it pretty easy for the bad actors to make their way in. It’s not that hard to guess (or even crack) someone’s password. Now that technology is available such that reasonable alternatives can be employed, the question remains — and warrants asking yet again: Is there still a role for passwords in the future? Given that roughly 80% of breaches today — such as phishing attacks and man-in-the-middle attacks — are due to a compromised password, one has to hope that there is a future where these types of compromises don’t happen at that scale. Only by introducing a multi-factor authentication system to supplement that password model have we been able to protect the user from malicious actors looking to capitalize on stolen or otherwise compromised account credentials. This begs the next question: Is the future of authentication taking into consideration the growing complexity of devices and real-time, anywhere functionality that has become an intrinsic and fundamental part of the digital ecosystem and data-driven society? Do passwords have a place at the table in this world? It pretty much boils down to whether or not we continue to augment passwords with additional technologies and processes versus replacing passwords altogether. The challenge with a full replacement is that passwords are relatively cheap to implement from a tech perspective, they are fairly easy to use from a user perspective (just use the same one for everything, right?), and they are replaceable — unlike our biometric authentication options of fingerprints, retina scans and voice recognition methods. Ultimately, it will probably be a multi-factor authentication world. But if passwords do remain, what is their role going to be? Have we abused the password as a system by applying it everywhere with not enough consideration of the possible negative consequences of this practice, even when paired with a second or multi-factor strategy? From an individual/societal perspective, the example of cars and seatbelt safety is a fantastic metaphor that holds very true to this scenario from a psychological perspective. Can this same stars-aligning moment happen for access control, authentication and passwords? ________ Learn more about sponsoring the Unusual Gatherings Podcasts: https://www.itspmagazine.com/talk-show-sponsorships ________ For more Unusual Gatherings: www.itspmagazine.com/unusual-gatherings
As the US mid-term elections approach, we thought we’d take a close look at “elections and hacking” with chief security scientist at Thycotic, Joseph Carson. On the podcast, Joe explains why information wars pose the greatest risk to democracy, how manipulating the mind works through misinformation, and what changes to the voting system he’d like to see put in place.
Estonia's e-revolution began in the 1990s, not long after independence from the Soviet Union. However the massive cyber breach of 2007 was a wake-up call for the country, helping Estonians become experts in cyber defence today. With us this week is Joseph Carson, Chief Security Scientist at Thycotic, to discuss what other nations can learn from Estonia, particularly through developing a digital identity program for all citizens. Originally from Belfast, Joseph has been based in Estonia since 2003.
In today's podcast, we suggest a new year's resolution all organizations should make: resolve to configure your cloud services for privacy and security. Another cryptocurrency exchange gets hacked, this one by DNS hijacking. North Korea finally says it had nothing to do with WannaCry, but few are convinced. The Lazarus Group continues to be a prime suspect in cryptocurrency theft. Section 702 nears sunset. Wassenaar seems to have become friendlier to researchers. David DuFour from Webroot on quantum computing and AI. Guest is Joseph Carson from Thycotic on stolen passwords on the black market. And Kaspersky Lab wants redress in court.
Thycotic (https://thycotic.com/) . Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community, frequent speaker at cyber security conferences globally, and is often quoted and contributes to global cyber security publications. He is also the author of Privileged Account Management for Dummies (https://thycotic.com/resources/wiley-dummies-privileged-account-management/) . Joseph regularly shares his knowledge and experience by giving workshops on vulnerabilities assessments, patch management best practices, and the evolving cyber security perimeter and the EU General Data Protection Regulation. In this episode we discuss his transition from IT to cyber security, privacy vs. security, international information security, IoT privacy, credential management, why you shouldn't blame the users, people-centric security, hiring information security professionals, cyber security metrics, and so much more. Where you can find Joe: LinkedIn (https://www.linkedin.com/in/josephcarson) Twitter (https://twitter.com/joe_carson) Thycotic Blog (https://thycotic.com/company/blog/)
© 2020-2025 Ivy Podcast Discovery LLC
