Podcast appearances and mentions of malcolm harkins

Guest: Malcolm Harkins, Chief Security and Trust officer at HiddenLayer, former CISO at Intel, and fellow at the Institute for Critical Infrastructure Technology (ICIT)On LinkedIn | https://www.linkedin.com/in/malcolmharkins/Host: Matthew RosenquistOn ITSPmagazine  

Howdy, y'all!  In part two of our three-part miniseries, we tackle Process with Malcolm Harkins.  Malcolm is former CISO at Intel, a good friend of Allan's, former Cylance Chief Trust and Security Officer, member of the board of director over at TrustMAPP (where Allan used to be COO), and is now at Hidden Layer, working to secure AI.  Hidden Layer did not sponsor this show. Allan, Drew and Malcolm discuss the following: People, process technology – what is the role of process in that triad? How do we craft good process?  What part of process definition is capturing the as-is state vs. being aspirational? How do we ensure good process is followed? When should technology drive process vs process drive technology?  Where does process traditionally fall short? What would you improve about process in general? Tell us a bit about Hidden Layer, as this is some very new technology... Thank you for listening!  Y'all be good now!

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident? Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including: Developing the training program Practice, practice, practice Imposing corrective actions Constantly evaluating/reviewing the success of the training program Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-349

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident? Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including: Developing the training program Practice, practice, practice Imposing corrective actions Constantly evaluating/reviewing the success of the training program Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-349

Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-157

Guests: Malcolm Harkins, Chief Security & Trust Officer at Epiphany SystemsOn LinkedIn | https://www.linkedin.com/in/malcolmharkins/Robb Reck, Chief Trust and Security Officer at Red CanaryOn LinkedIn | https://www.linkedin.com/in/robbreck/Host: Matthew RosenquistOn ITSPmagazine  

Guest: Malcolm Harkins, Chief Security & Trust Officer at HiddenLayer [@hiddenlayersec]On Linkedin | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnable____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin engages in a thought-provoking conversation with guest Malcolm Harkins about the challenges and failures of the CISO role. They discuss the importance of setting clear design goals and standards to determine success or failure. The conversation delves into risk management and the complexities of goal-setting, highlighting the role of integrity in the CISO's decision-making process.They explore the gray areas and potential conflicts that arise when balancing risk perspectives within an organization. Sean also touches on the idea of having multiple specialized CISOs and the inflation of job titles in the industry. They examine where breakdowns occur and whether they stem from lack of clear design or succumbing to company pressure or vendor hype.The episode also take a turn to exploration the CISO's role in ensuring the cybersecurity integrity of a company, drawing parallels to the roles of general counsel and CFO in maintaining legal and financial integrity.Throughout the conversation, Sean and Malcolm provide insights and anecdotes from their own experiences, offering valuable perspectives on redefining the CISO role and addressing the challenges faced in the cybersecurity industry. The discussion encourages listeners to consider the ethical implications of their decision-making and the importance of designing control environments that prioritize true protection over profiting from insecurity.If you're interested in gaining a deeper understanding of the complexities and failures of the CISO role, as well as exploring the gray areas and conflicts that arise in risk management, this episode is a must-listen.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Malcolm Harkins, Chief Security & Trust Officer at HiddenLayer [@hiddenlayersec]On Linkedin | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnable____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin engages in a thought-provoking conversation with guest Malcolm Harkins about the challenges and failures of the CISO role. They discuss the importance of setting clear design goals and standards to determine success or failure. The conversation delves into risk management and the complexities of goal-setting, highlighting the role of integrity in the CISO's decision-making process.They explore the gray areas and potential conflicts that arise when balancing risk perspectives within an organization. Sean also touches on the idea of having multiple specialized CISOs and the inflation of job titles in the industry. They examine where breakdowns occur and whether they stem from lack of clear design or succumbing to company pressure or vendor hype.The episode also take a turn to exploration the CISO's role in ensuring the cybersecurity integrity of a company, drawing parallels to the roles of general counsel and CFO in maintaining legal and financial integrity.Throughout the conversation, Sean and Malcolm provide insights and anecdotes from their own experiences, offering valuable perspectives on redefining the CISO role and addressing the challenges faced in the cybersecurity industry. The discussion encourages listeners to consider the ethical implications of their decision-making and the importance of designing control environments that prioritize true protection over profiting from insecurity.If you're interested in gaining a deeper understanding of the complexities and failures of the CISO role, as well as exploring the gray areas and conflicts that arise in risk management, this episode is a must-listen.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest:Malcolm Harkins, Chief Security & Trust Officer at Epiphany SystemsOn LinkedIn | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnableHost: Chloé MessdaghiOn ITSPmagazine  

In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk tolerance. Allan posted this topic on LinkedIn and it created quite a buzz. The show features quotes from Simon Goldsmith, Kevin Pope, Malcolm Harkins, and others. Listen to hear a deconstruction of this position, and hear some great arguments both for and against it. We'll give away the ending - the argument is ultimately refuted - but it is a great thought exercise and a wonderful journey getting to that conclusion. Hint: The show's ending is more apt than ever: "Ya'll be good now!" Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley  

TechSpective Podcast Episode 100   This is a milestone podcast–the 100th episode. Triple digits. In honor of the 100th episode, I invited the guest who helped launch the whole thing with Episode 001–Malcolm Harkins. Malcolm was CISO at Intel at … Malcom Harkins Talks about Ethical and Legal Obligations of the CISO Read More » The post Malcom Harkins Talks about Ethical and Legal Obligations of the CISO appeared first on TechSpective.

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.   Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence). Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw267

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.   Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence). Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw267

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.   Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).   Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw267

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.   Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).   Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw267

In this episode, Alyssa talks to Malcolm Harkins, Chief Security & Trust Officer.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestMalcolm M HarkinsChief Security & Trust Officer at Epiphany Systems [@EpipSys]On LinkedIn | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnable________________________________HostAlyssa MillerOn ITSPmagazine  

In this episode, Alyssa talks to Malcolm Harkins, Chief Security & Trust Officer.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestMalcolm M HarkinsChief Security & Trust Officer at Epiphany Systems [@EpipSys]On LinkedIn | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnable________________________________HostAlyssa MillerOn ITSPmagazine  

In this episode of Cyber Security Inside, Camille and Tom get to chat with Malcolm Harkins, Chief Security & Trust Officer at Epiphany Systems, and Rob Bathurst, Co-Founder & Chief Technology Officer at Epiphany Systems about the Internet of Things and thinking like attackers to protect systems. The conversation covers: -  How the systems in a building physically can be a vulnerability in an organization's systems. -  How thinking like an adversary and what their goals might be is the key to protecting your systems the best you can. -  How complex Internet of Things systems are, and ideas on how to protect them. -  The difference between vulnerability and exploitability, and how to look at both. ...and more. Don't miss it!   The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation. Here are some key takeaways: -  The Internet of Things, or IoT, enables a lot of capabilities, but also creates a lot of security issues. To adjust for this, we have to change the way industry views security. -  Everything is connected to technology and networks now, from air conditioning regulation to elevators, it is all connected and inside of a network. Securing that system is incredibly important, because it is now about peoples' safety inside the building. -  It might be easier for an attacker to go after these systems than the computers and servers inside the buildings. For example, at a large sporting event, if you own the stadium, you own the event. -  To learn how to protect a building or an organization, you have to work backwards by thinking about how somebody might disrupt that building. You can then work on protecting it with that information. This is tricky when you have many different parties in a space with different goals and access levels. -  At a stadium, for example, you have food vendors, the entertainment, and more. They all need access to process credit cards, access for fans to tweet, etc. So do you put them on your internal network or on an outside network? Assessing the threat is an important part of this decision. -  This is similar to threat modeling, but with an extra complexity with the IoT systems and the interacting networks. If one vulnerability in one area could take down an entire operation, it is a big deal that requires a lot of consideration. Even removing one system, like the elevator system, can create panic and shut down an entire operation. -  To really start to secure these systems, you need to think like the people trying to take them down. Take a good look at your organization, your business, and ask yourself: if I were an adversary, where would I go for maximum disruption? -  There are differences between enterprise and IoT, including IoT having less visibility and more complexity because it is nested. The connectivity of everything is deep, and protecting a perimeter isn't as realistic in IoT as it is in enterprise. -  Coming together as a team to talk about security and what could potentially happen is one of the best ways to create a defensive understanding. We can't stay in our small silos with this connectivity - we have to talk to each other and expand the reach of each of our scopes. -  It is impossible to prevent every attack. That's why it is important to identify the goal of the attacker and evaluate your system based on that information. It is more about managing the cumulative impact and reducing it. -  When looking at something like Log4j, you need to look at where the maximum impact to your business is and address the vulnerability there. Otherwise, you might cripple the enterprise because of the effort and time put into testing, checking, and remediating areas that aren't as critical. -  Exploits apply to more than just vulnerabilities, and vulnerabilities are not just flaws in software or hardware. It is all about the adversary's ability to take advantage of either. And they don't just apply to single technical conditions, but the relationship between them. -  A way to think about this is to relate it to fire prevention. You can't prevent every fire ever from occurring in your building. But you can have smoke detectors, sprinklers, fire doors, and ways to call the fire department. And the more protections you have in place, the faster you can isolate the problem and resume operations, rather than the whole building going down. Proactivity is important!   Some interesting quotes from today's episode: “If you look at a building, most people just think of it as a shell with glass and doors and floors. And when you really look at it, it really is a connection of different systems. In most modern buildings because of energy regulation and things they get for LEED certification (basically how efficient their building is) they put in automated control systems for their furnaces, their boilers, their air conditioning units, elevators, power systems, access control.” - Rob Bathurst   “Think of the recent ransomware trend where organizations have been impacted and they've been held hostage. In some cases, it might be easier for an attacker to, in essence, attack and exploit the building and create that ransomware event rather than just all the PCs and servers.” - Malcolm Harkins   “You have to understand the way an adversary or somebody might disrupt that building, that organization, the people within it. And based on those objectives, based on those goals, you can kind of work backwards and say, how do I protect those systems?” - Rob Bathurst   “What might seem like an obscure vulnerability that could be exploited in one area could actually take down the entirety of an operation. Shut down the elevator system, turn off the fire life safety system, shut down the heating and air conditioning… Think of the chaos that would create.” - Malcolm Harkins   “People naturally want to think good thoughts. They want to be positive. They want to do the best for the places they work. And that sometimes keeps them from thinking: oh, if X, Y, Z went down, the whole place would fall apart. Because that's the place they work. But what we try and tell people is that's the mentality you need to be able to start to understand how to more properly architect and defend yourself.” - Rob Bathurst   “That's how the bad folks go from an initial foothold, that toehold, by popping one thing. And then all of a sudden navigating their way through the daisy chain of connections, to the moment of material impact.” - Malcolm Harkins   “When you look at things at a: what are we trying to do? We're not trying to stop all things all the time forever, because it's just an impossible task. The environment is too dynamic, everything else is going on. What we're trying to do is we're trying to limit the attacker's opportunity at the moments of greatest weakness.” - Rob Bathurst   “You can build a strategy, as Malcolm pointed out, to reduce the exploitable paths. And for the ones you can't reduce, create resilience, create friction as we typically call it, so that you are aware the adversary is trying something or that you're able to block it.” - Rob Bathurst   “You can be vulnerable, but not be exploitable. You could have an exploit happen again at a laptop or a pinpoint device, but that doesn't mean your organization is exploitable to a material event.” - Malcolm Harkins   “When you build the building, you have a building inspector, you have a fire marshal, you have people come around and check it and evaluate it, and make sure it's up to code. And we don't have that kind of same rigidity in the security space.” - Rob Bathurst

#CISOThursdays​: Breaking Into Cybersecurity + Malcolm Harkins 03/31/2022  About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber

#CISOThursdays​: Breaking Into Cybersecurity + Malcolm Harkins 03/31/2022 About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber --- Support this podcast: https://anchor.fm/breakingintocybersecurity/support

In this episode of Cyber Security Inside, Camille and Tom revisit the best pieces of cybersecurity advice from experts they have interviewed throughout the year 2021. This advice is for users, companies, and manufacturers.  They talk about: -  Always being prepared for the worst-case security scenario, such as the SolarWinds attack. -  Accountability in cybersecurity and putting the training focus on IT and security professionals, rather than just users. -  How remote work has impacted cybersecurity in how we access our work digitally and what physical systems we are able to have set up in our home. -  How security should be a part of every aspect of a device, not just a feature. ... and more. Don't miss it!   The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.   Here are some key takeaways: - This is a special edition of the podcast where Tom and Camille look back at tips and advice guests have given about cybersecurity over the year 2021. - One piece of advice, from Eric Cole, was to always operate as if we are going to be hit by something like the SolarWinds attack at the beginning of this year. He talks about having firewalls and filtering devices to limit access to your private network, and to use software sniffers to make sure there is no extra activity or connections. -  Accountability in the security industry is very important, according to Malcolm Harkins. When there is a large-scale attack, there needs to be a review to identify what controls failed, label what failed and the company that sold you, and put it out publicly.  -  Right now, the way we put blame on people for cyber attacks is by putting that blame on the users, says Malcolm Harkins. We tell them to be more careful, to be more informed, etc. Being cautious is good, but we also need to understand how to make systems in general more secure and more accountable. This is because we limit what computing can do by scaring people and putting blame on them. The way we engage with computing is the same way we become vulnerable to attacks. We have to train users, but we also have to have accountability on the company's side. -  Right now a lot of training that is occurring in cybersecurity is on the user side. But maybe it should be more on the IT/developers/technical population side. It would probably have a bigger payoff in the end. -  Doing the basics is super important. Keep your machines updated, use vulnerability fixes, etc. But do it across your entire infrastructure.  -  The Work-from-Home necessity has also created different technology and security needs and risks. Devices are now hooked up to at-home devices (consumer routers, printers, etc.) that open up more opportunities for attacks. Also, because of the speed at which devices had to be available, things were missed and infrastructure was not correctly set up with cybersecurity in mind. -  According to Carolina Milanese, there are essentially two options for companies with employees working remotely. The first is for the IT department to dictate everything about how you connect, what you use, etc. The second is for IT to just provide the equipment with cellular connections. When working remotely becomes an option more than a mandate, corporations will likely have really specific requirements not only for your tech, but also for your space and furniture for liability purposes. -  Security is not just a built in feature, but should be a part of every aspect of a device. Having a learning mindset is important; it allows us to take what we learned from previous issues and build that into future products to make them better. This is seen in threat modeling. -  Security impacts everything, whether you have thought about it or not!    Some interesting quotes from today's episode: “Make sure you're very careful and deliberate about updates. A lot of vendor software updates are functionality that you don't need and add complexity. So have a strict rule that you're only going to update after verification and validation.” - Eric Cole   “The people that I know that are in the security industry have been saying for so long that it's just a matter of time. This wasn't actually a groundbreak attack at all, other than it was a large enough scale attack to where it was newsworthy and people that really hadn't been paying attention that were kind of sleeping, finally got shaken by the shoulders.” - Tom Garrison on the SolarWinds attack   “Yeah, not really a wake-up call when it's the fifth time you've hit the snooze button on your alarm.” - Camille Morhardt on the SolarWinds attack   “I think we are doing band-aids, bubble gum, and baling wire making up for dated security technologies and other technologies that won't work; they're insufficient and flawed controls.” - Malcolm Harkins   “But how do I use my computer? I click on things. I open things, right? If I'm afraid to go do that, I've just reduced what computing is about and how I use it and how I engage it.” - Malcolm Harkins on where we put the blame for cyber attacks   “Just think of your phone, you know, which is… a consumer device. But how much data exists on that device?” - Tom Garrison on the work-from-home situation and where vulnerabilities have opened up in the last year   “To be honest, teaching people how valuable that data, that information is so that there's more of an understanding of how I use it, where I use it, what kind of device I use to access it and so forth.” - Carolina Milanese on what can help secure remote and cloud-based work.   “Every system is different and used for different purposes. Thus, every threat model is unique and deserves its own diligence and attention.” - Johnny Valamehr   “Security should be a part of everybody's job and everything that you do you need to think, is there a security impact to what you're doing, even if it doesn't seem like that in the beginning?” - Dina Treves

TechSpective Podcast Episode 075 What is the job of a CISO? Malcolm Harkins, Chief Security and Trust Officer for Epiphany Systems, joins me to answer this question–among other things. We discuss the role of cybersecurity and the importance of contemplating risk. Malcolm stresses that organizations should not be caught completely off guard by things like [...] The post Malcolm Harkins Discusses the Biden Cybersecurity Summit and Effective Security appeared first on TechSpective.

We're all familiar with home and auto insurance, but cyber security insurance? It's vital to have if you're a mid-size or above company looking to mitigate risk. In this episode of Cyber Security Inside, Malcolm Harkins joins Tom and Camille again to unpack it all. Now the Chief Security and Trust Officer at Epiphany Systems, Malcolm's over thirty-year career in the tech industry, gives him a unique perspective on the various facets to consider, so you definitely don't want to miss it.   We cover: -  What cyber insurance is and who might need it -  How cyber insurance compares to other forms of insurance, such as home insurance or pet insurance -  The kinds of expenses usually covered by cyber insurance -  Whether or not cyber insurance providers employ requirements or stipulations -  Why companies might or might not choose to report a compromise to the authorities and self-insure instead ... and more!   Tune in for some next-level insight.   The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.   Here are some key take-aways: -  In essence, cyber insurance is like any other form of insurance - it offers a method to pay premiums and mitigate some of the potential financial impacts of either a business interruption, a lawsuit, or expenditures specifically related to a cyber event. -  There are various clauses with different conditions that appear in these insurance policies, depending upon what you're trying to insure against, be it ransomware attacks, business interruption, etc. -  Some of these clauses can also reduce coverage depending on factors like whether or not you patch the system, whether the antivirus was up to date, etc. -  Typically the kinds of businesses that have cyber insurance policies are mid-size and above. -  Companies with large market caps may opt for a level of self-insurance as a form of risk mitigation. -  Compromises rarely get reported to law enforcement, whether it's because it's a nuisance or because a company wants to maintain control over its liability. -  But the main hope is that, like with other forms of insurance, safety standards and hygiene will ultimately be raised by cyber insurance.   Some interesting quotes from today's episode: “A company might want to maintain control over the investigation in order to limit their liability, and stay in control of the investigation versus having law enforcement come in with an unknown set of motivations and start doing things or seizing systems or collecting evidence that could disrupt the business.”   “Being vulnerable doesn't mean you're exploitable.”   “What we need to be able to start doing is start focusing on where we're exploitable, and not just where we're vulnerable; that will allow us to turn the dial on risk more efficiently, as well as more effectively.”   “If I'm worried about a compromise, and data theft, a redundant system doesn't stop data theft.”   “I think they [cyber insurance providers] will help push some level of hygiene and corrective action at the broad level.”   “There's a lot of connective tissue. And without understanding that connective tissue and that exploit path, you're going to be focused on the wrong thing. You're going to say, I'm going to patch all these things, I'm gonna do all the things. And you're still going to have a connection and a pivot point. Because you can't eliminate risk.”   “And I think people need to start thinking about digital extortion, well beyond just the typical unlocking of your system.”   “There's evidence that the insurance industry has made a tremendous amount of impact on improving safety on things. So I'm hopeful that that will occur.”

Nate Nelson talks to Art Coviello, Former CEO of RSA Security, and Malcolm Harkins, Vice President & Chief Security Officer at Intel, about the current cyber security landscape - 10 years after the RSA Breach.

Nate Nelson talks to Art Coviello, Former CEO of RSA Security, and Malcolm Harkins, Vice President & Chief Security Officer at Intel, about the current cyber security landscape - 10 years after the RSA Breach.

Risk mitigation isn’t just about calculation, it’s about contemplation. In this episode of Cyber Security Inside, we speak with Malcolm Harkins, a Security Executive, Board Member, Advisor and Coach/Mentor whose thirty-year career in the tech industry gives him incredibly valuable insight into a whole host of key issues surrounding cyber security.   We covered many topics with an overarching question in mind - How can we collectively become better choice architects in the face of inevitable risk?   We discuss: •  The ideal skill set for a CISO/CSO, which should include a breadth of business, risk compliance and technical acumen •  The kinds of vital questions missing from board discussions, including moral and ethical concerns •  The importance of long-range planning when it comes to risk preparedness and damage mitigation •  What can be learned from a disaster like the recent Colonial Pipeline ransomware attack ... and more.  Join us for this fascinating discussion, and become a better choice architect.   Here are some key take-aways: •  It’s physically impossible to completely eliminate risk, but you can ask better questions in board discussions to help manage it.   •  Similarly, you can’t know everything, but with the right group of people and data, you can forecast a variety of different risk scenarios and become better prepared to minimize damage.    •  Ethical and moral questions need to be coming up far more in board discussions - these issues can be a matter of life and death, and should not be ignored.   •  When it comes to the language of board discussions, there should be more of an even playing field - non-technical members should begin to employ a basic understanding of security and tech nomenclatures, and vice versa.   •  And while it’s important to train people to be on the lookout for ransomware attacks like phishing attempts, it’s not a sufficient strategy - accountability should ultimately be driven back to the security community across the vectors of risk, total cost, and control friction.   Some interesting quotes from today’s episode: “I think it’s high time that we start expecting the non-technologist board members to at least be able to understand the basic nomenclatures in the security and technology space.”   “I think there’s an ethical and moral accountability that is missing in many of the discussions around risk; that’s a question that I can tell you has never come up in any of the board meetings I’ve ever been in, but one that should.”   “Before I had that dialogue with them, they were not looking at that data integrity with that lens, which would have potentially caused people to get sick or die, and it certainly would’ve had a substantial revenue brand or organizational implication if that were to occur.”   “I think we are doing bandaids, bubblegum and baling wire making up for dated security technologies and other technologies that don’t work.”   “We’ve got to start weeding and feeding our environment. Go look at the effectiveness and efficiency of control, and if it’s not effective and efficient, shut it off. Get rid of it and buy something better.”   “If technology companies spent more time making sure that every engineer who created code or developed technology understood security vs. just functionality, again, you would change the technology vulnerability dynamics by focusing on that training which we don’t do enough of.”   “I’ve always thought of my role as architecting choices for the business...if I architect choices the right way, we’ll make better business decisions.”

In today's Cyber Security Matters episode, Dominic Vogel and Christian Redshaw are joined by global thought leader Malcolm Harkins, Chief Security & Trust Officer at Cymatic. Malcolm is responsible for enabling business growth through trusted infrastructure, systems, and business processes. Key areas of focus for Harkins include the ethics around technology risk, social responsibility, total cost of controls, and driving more industry accountability. He is also an independent board member and advisor. Join the conversation as we dive into: -Why executives need to care about their organization's cyber security  -Whether or not cyber security should be legally mandated for all industries  -What a holistic risk mindset looks like -Identifying, managing, reducing cyber risk vs. just reacting  Malcolm is the author of the book: “Managing Risk and Information Security: Protect to Enable,” a book that provides thought leadership in the increasingly important area of enterprise information risk and security. Want to connect with Malcolm? Here are a couple of ways you can do just that: LinkedIn: @malcolmharkins Twitter: @ProtectToEnable

In this week's episode of Ventures, my guests Malcolm Harkins (https://www.linkedin.com/in/malcolmharkins/), Sol Cates (https://www.linkedin.com/in/sol-cates-649736/), and I discuss all-things cybersecurity. After hearing about Malcolm's background and career path, we examine the history and principles of cybersecurity for startup founders, individuals, and anyone helping to usher in the Web 3.0 era. Visit https://satchel.works/@wclittle/ventures-episode-40 for detailed notes and links to resources (videos, articles, etc…) mentioned. You can watch this episode via video here. In this episode we cover the following:  1:58 - Sol tee-up, background, and welcome of Malcolm4:06 - Malcolm introduction / background / career journey.5:30 - Stumbling into the security industry. 6:11 - Cybersecurity pros make their wages by fixing symptoms, are they not actually working to make their jobs go away? Conflict of interest? (Threat, Vulnerability, Impact)9:00 - What happened that made the cybersecurity industry so messed up? (History lesson)15:16 - There is a reinforcement mechanism into the system that keeps cybersecurity pros in their jobs. Some organizations are underfunded, but that's not the primary problem. We don't need a bigger factory. We need to prove we are getting value out of our investments. 16:48 - Three things to talk about the rest of this episode: (1) What are cybersecurity best practices for a new growing startup? (2) How should the general public be thinking about cybersecurity? (3) How does/should cybersecurity play a role in the utopian Web 3 vision? (Starting here with question #1) 21:43 - Sol's thoughts on question #1 / cybersecurity best practices for startups24:13 - One other thing to realize, you can't eliminate risk, but if you are focused right you can reduce it substantially. 24:47 - Example of a few founders spinning up a database, SaaS platforms, etc… What are the principles of cybersecurity for them? 28:17 - Risk to myself. Risk to my customer. Risk to society. Need to get blog/article up. 29:16 - The need for a new way to collaborate across industries and community stakeholders29:58 - Thoughts on Question #2 - how should the general public be thinking about cybersecurity?38:29 - What are the principles of cybersecurity for individuals? (Discussion on password managers, for example…..and not answering your security questions honestly...and spoofing tactics)44:50 - Final thoughts on the principles for startups and individuals regarding hacking strategies the bad guys use. 46:40 - Malcolm's thoughts on the system and things inherent into the system, the macro/micro and systems engineering. 47:55 - Final question (#3) on Web 3, what can go wrong re: cybersecurity as we attempt to build the utopian vision?  51:02 - Wrapping all three questions into one narrative. Looking at data like it's a toxic element. Combinations of data creating the equivalent of dirty bomb or enriched 52:50 - Where can people find Sol and Malcolm online? https://www.linkedin.com/in/sol-cates-649736/ // https://www.linkedin.com/in/malcolmharkins/ 

1:00 -  Harkins explains his role 7:30 - “Motivating others to want to struggle for shared aspirations” 10:00 - Why cybersecurity teams should be “first-movers” 13:30 - “If you lead with compliance, you might not get security/privacy”19:00 - The security industry accepts too much failure 21:00 - Reducing risk, reducing cost, reducing friction25:00 - Challenge what’s working and what’s not 27:30 - Fear-mongering in computing 33:00 - Advice to risk managers (and a shameless plug)  LINKSMalcolm Harkins on LinkedInMalcom's Books:Managing Risk and Information Security: Protect to EnableThe Ransomware Assault on the Healthcare Sector CREDITSProduced by Kai HellbergMusic by Isaac Chambers – ‘Change’

Malcolm Harkins: Chief Security and Trust Officer, CymaticI believe, I belong, I matter ℠ – the art of curating commitment in yourself and othersEver wonder how to create lasting commitment from your employees and for yourself? How to get your teams to stay engaged battling thru the challenges we see day in and day out? How to improve your connections in relationships both inside and out of work? In this talk, I will explore how logic leads to reason and how emotion leads to action. I will go through my personal journey exploring and sharing lessons from my +25 years managing people and leading teams. I will explore the I Believe, I Belong, I Matter ℠ framework I created out of my lessons in life, love, and leadership. This framework has helped me learn how to better channel moods/emotions in myself and others, make smarter empathic decisions, understand and regulate conflict better, handle setbacks & tough situations with resolve & resilience, and create greater team and individual performance results. I will share what gifted curators of commitment do to inspire purpose, passion, and persistence to achieve hard but worthy goal both inside the workplace and with family/friends.

On this episode of the podcast Benny Lakunishok, Co-Founder of Zero Networks, join Malcolm Harkins and Chad Boeckmann to explore the industry's continuous adoption and adaption of prevention -> detection -> prevention technologies. The group dives into the maturity of machine learning and where the industry is overall as well as how adoption of new technologies is imperative to maintain adequate risk posture over time while serving the best interests of business.Guest: Benny Lakunishok, Zero Networks (LinkedIn)Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic (https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP (https://www.linkedin.com/in/chadboeckmann/)

In this episode, Malcolm Harkins and Chad Boeckmann speak with John Brennan, Partner at YL Ventures. This episode provides a perspective of how venture capital firms are reacting to and supporting their cybersecurity portfolio companies during an unprecedented pandemic in our modern time. In this episode we discuss trends of security teams and John discusses advice their firm is providing to other cybersecurity startups. Further in the discussion Malcolm and John discuss the context of business risk with regard to pandemic response and how this type of risk can take different forms but also shape varying perspectives. The is the first time our podcast has gained perspective directly from a venture capital firm and the episode is information packed with guidance for both the buyers and vendors in managing the business of security. Guest: John Brennan, YL Ventures (https://www.ylventures.com/people/john-brennan/)Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic (https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP (https://www.linkedin.com/in/chadboeckmann/)

In this podcast, Malcolm Harkins, Chief Security and Trust Officer at Cymatic, Simone Petrella, CEO and Founder of CyberVista, Chris Pierson, CEO and Founder of BlackCloak, and Hank Thomas, CEO of Strategic Cyber Ventures join our host Ashwin Krishnan to unpack RSAC 2020. They all agreed that RSA has become a vendor’s conference and none of […]

RSA, coronavirus and cybersecurity… This year, the coronavirus joined hippies, counterculture figures and hip tech geniuses who have made the trek to San Francisco. Well, the coronavirus itself didn't surface during RSA, but it certainly was the talk of the town. In this podcast Cymatic Chief Security and Trust Officer Malcolm Harkins discusses the implications of the bug on security and how companies can prepare.

Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Privacy: Just Make It Easy In this episode, host Ashwin Krishnan sits down with longtime friend of the podcast Malcolm Harkins, Chief Security and Trust Officer at Cymatic, and Chris Pierson, CEO of BlackCloak. They discuss the intertwined relationship between security and privacy and how the two need to be balanced. Malcolm explains, “when those […]

All links and images for this episode can be found on CISO Series (https://cisoseries.com/we-lower-the-security-and-pass-the-savings-on-to-you/) We're racing to the bottom in terms of price and security on the latest episode of CISO/Security Vendor Relationship Podcast. This episode was recorded in person in San Francisco. It is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Seth Rosenblatt (@sethr), editor-in-chief, The Parallax. Thanks to this week's podcast sponsor, Encryptics. Now you can share data without ever losing control of it. Our advanced architecture makes data self-protecting, intelligent and self-aware – wherever it goes, no matter who has it. Our .SAFE patented multi-key technology enables data to evaluate its own safety conditions, including geo-sensing, recipient authentication, and policy changes from its owner. Contact Encryptics today and see for yourself. On this week's episode Are we making the situation better or worse? Are big Internet giants' privacy violations thwarting startup innovation? That's been presidential candidate Elizabeth Warren's argument, and it's why she wants to break up companies like Facebook and Google for what she sees as anti-competitive practices. According to Seth Roseblatt's article, it appears all of a sudden Facebook and Google are very concerned about privacy. Nine years ago, I remember seeing Eric Schmidt, then CEO of Google, proudly admit that they tracked people's movements so thoroughly that they can accurately predict where you're going to go next. Nobody blinked about the privacy implications. But today, users are upset but they don't seem to be leaving these services at all. Is it all talk on both sides? Have you seen any movement to improve privacy by these companies and would regulation be the only answer? And heck, what would be regulated? Here's some surprising research Over the past 15 years, home WiFi routers have been manufactured to be less secure. Seth reported on this study by the Cyber Independent Testing Lab, which we also discussed on an episode of Defense in Depth. The most notorious weakening is the use of default passwords, but there's a host of other firmware features that don't get updated. Is there any rationale to why this happens? And has this study done anything to turn things around? Is this a cybersecurity disinformation campaign? Fighting "fake news" like it's malware. In Seth's story, he noted there are structural and distribution similarities. I envision there are some similarities between fake news and adware which isn't necessarily designed for negative intent. Fake news appears to be an abuse of our constitutional acceptance of free speech. How are security tactics being used to thwart fake news and how successful is it? When you set up your new home assistant, try not to position it close to a window, because someone across the street might be preparing to send voice commands, such as “open the garage door” by way of a laser beam. Researchers from the University of Michigan and The University of Electro-Communications in Tokyo have successfully used laser light to inject malicious commands into smart speakers, tablets, and phones across large distances and through glass windows. They use standard wake commands modulated from audio signals and pair them with brute forcing of PINS where necessary. They have also been successful in eavesdropping, and in unlocking and starting cars. Their research shows how easy it is and will be to use lasers to not only penetrate connected devices but to deploy acoustic injection attacks that overwhelm motion detectors and other sensors. More information including access to the white paper is available at lightcommands.com. More from our sponsor ExtraHop. Look at this, another company got breached Tip of the hat to Malcolm Harkins at Cymatic for posting this story on Forbes by Tony Bradley of Alert Logic who offers a rather pessimistic view of the cybersecurity industry. It's broken, argues Bradley. We spend fortunes on tools and yet still get hacked year over year using the same tools. The article quotes Matt Moynahan, CEO, Forcepoint, who said we wrongly think of security as an "us" vs. "them" theory or "keeping people out" when in actuality most hacks are because someone got access to legitimate user credentials, or a user within our organization did something unintentional or potentially malicious. Are we wrongheaded about how we envision cybersecurity, and if so, is there a new overarching philosophy we should be embracing?

Overloaded Security Leader? In this episode Michael Lines joins Chad Boeckmann and Malcolm Harkins in a discussion about tactically prioritizing security efforts and what it means to get real traction. This episode explores supplier risk versus third-party risk and how this relates to overall business objectives and outcomes. Further discussion evolves into the problematic challenge of a new CISO where results must be achieved now and how to set-up a "trading" system internally to curtail budget and achieve progress without unnecessary investments in more tools that can at times cause more complications than benefit. In summary this episode explores how to overcome the overloaded mindset as a security leader. Listen now!Guest: Michael Lines, CISO (https://heuristicsecurity.com/about-heuristic-security/)Hosts: Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, CEO TrustMAPP (d.b.a Secure Digital Solutions)Sponsored by TrustMAPP (https://trustmapp.com)

Cybersecurity Technology: Yesterday, Today, and Tomorrow Malcolm Harkins, Chief Security and Trust Officer of Cymatic, and Peter Liebert, Commander of Cyber Operations at the California State Guard, join the podcast to discuss the past, present, and future of cybersecurity technology and offer their predictions for 2020. They talk about the products and practices from the […]

This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen. Highlights from this week's episode include... Rafal asks Malcolm why he doesn't job-hop like most CISOs Malcolm and Raf discuss the "feature economy" Raf asks Malcolm to predict the future Guest Malcolm Harkins ( @ProtectToEnable ) - Chief Security and Trust Officer at Cymatic https://www.linkedin.com/in/malcolmharkins/

In this episode co-hosts Malcolm Harkins, Security and Trust Officer at Cymatic and Chad Boeckmann, CEO at TrustMAPP, speak with Jason Lish, Privacy, and Data Officer at Advisor Group about mentoring the next security leader and creating a back up for existing cyber security leadership. The discussion evolves into skill types, as well as organization maturity and fitting the right leader profile with the appropriate security program stage a company may be currently managing. Both Jason and Malcolm leave our listeners with wisdom and guidance to consider on the topic of "Build or Buy" the next security leader.Jason Lish: https://www.linkedin.com/in/jasonlish/Malcom Harkins: https://www.linkedin.com/in/malcolmharkinsChad Boeckmann: https://www.linkedin.com/in/chadboeckmann/Brought to you by our Sponsor: TrustMAPP

Chief Scapegoat, Setup, and Sacrifice Officer 02:21— People first – always. We lost that in the 80s and business has suffered as a consequence. 04:15— Trust has been eroded in all areas of society. To regain it in business, we need to show people they come first. 06:29— Outcome-based security services means staying until the job is done. […]

The podcast is back with fresh new content. In this episode Chad Boeckmann talks cybersecurity value, business engagement and contemplating risk versus measuring risk with Malcolm Harkins. The security team of course must align to the business but just as important the business must align with security. So how do we accomplish this? What approach is best practice? Do you need to quantify all the risk? How do I design my control environment to meet all the demands of the business while reducing assessment and compliance fatigue? All these questions and more are answered in our discussion. LinkedIn: https://www.linkedin.com/in/malcolmharkins/Twitter: https://twitter.com/ProtecttoEnablehttps://trustmapp.com

Matt Stephenson: The AI Manifesto     Mirror, mirror on the wall Tell me, mirror, what is wrong? Can it be my de la clothes Or is it just my de la song? What I do ain't make-believe People say I sit and try But whan it comes to being de la It's just me myself and I    -- Me Myself and I; De La Soul, 1989   What happens when all of your scheduled guests have to cancel? You roll with it and do something new!   Working from an essay by Malcolm Harkins and the BlackBerry Cylance Threat Intelligence Team, Matt Stephenson is going to take a look at Artificial Intelligence and a myriad of its ethical implications on industry and society as well as the roll the humanity must play.   About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

The Human Element: Cybersecurity’s Weakest or Strongest Link? Malcolm talks about the people perimeter, simplifying to manage risk, and trust as a function of competence and character. 03:58       Humans are a weak link and a strong link. Don’t blame the end user. 05:11        It is possible to change end-user behavior. […]

On today’s show, host Chris Gorog speaks with the Former Chief Security and Privacy Officer at Intel, Malcolm Harkins. Malcolm tells us how he got into cyber-security and put in 24 years into Intel and another 4 into a start-up company called Silence Corporation. With his background in the industry, Malcolm breaks down the difference between a CIO and CISO, explaining how most CISO’s report to CIO’s inside a company. He also speaks on how he believes Information Risk is permeating every aspect of an organization and creating social risks and ethical and moral dilemmas on how you use technology in a business/corporation. Malcolm breaks down how he thinks both the roles of CIO’s and CISO’s will grow and develop as people become more aware of the benefits of cyber-security in their businesses. Listen as Malcolm explains the importance of trust in the security industry and how most companies will base finding it on two things: confidence and character. Visit our sponsors: Cyber Resilience Institute Internet Broadcasting Network BlockFrame Inc. SecureSet Academy Murray Security Services

DirtySecurity Podcast: Malcolm Harkins: A New Age of BYOD If we delivered a birthday cake to BYOD, how many candles would be on the cake? On this episode of DirtySecurity, we want to talk about personal devices... They are like opinions and…. Something else… everyone has one.  Phones, tablets, fitbits and you could say even say Airpods?   The challenges of BYOD historically, from a risk perspective, include security & privacy… On the flip side has BYOD provided any benefits to an Enterprise or Organization?  About Malcolm Harkins Malcolm Harkins is responsible for Cylance’s information risk, security, public policy, and customer outreach to help improve understanding of cyber risks. Previously, he was VP and Chief Security and Privacy Officer (CSPO) at Intel.   About Edward Preston Edward Preston (@eptrader)has an eclectic professional background that stretches from the trading floors of Wall Street to data centers worldwide. Edward started his career in the finance industry, spending over 15 years in commodities and foreign exchange. With a natural talent for motivating, coaching, and mentoring loyal, goal-oriented sales teams, Edward has a track record for building effective sales teams who have solid communication lines with executive management.  s Every week on the DirtySecurity Podcast, Edward Preston chats with Cylance’s best and brightest about what is happening in the world of Cybersecurity and the work Cylance is doing to make things better.  Each episode shines a spotlight on the people of Cylance and the work they do with our technology and consulting services to clean up the often dirty world of the data center. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

At RSA 2019, Early Adopter Research’s (EAR) Dan Woods spoke with a number of leaders in the cybersecurity field. In this interview for the EAR Podcast, he sat down with Malcolm Harkins, chief security and trust officer of Cylance. Woods asked Harkins his three key cybersecurity questions for 2019 and dove into the topics that are most impacting CISOs right now. Their conversation covered: * 2:00 - Cylance's place in the cybersecurity landscape * 9:00 - Why people are the perimeter * 16:05 - Does pruning in cybersecurity matter? * 24:10 - Why is so little cybersecurity moving to the cloud? * 29:20 - How do you improve cybersecurity awareness among staff?

Erik Gordon, Michigan University Professor at the Ross School of Business on Elon Musk and the SEC. We also have Joe Mysak, Editor for Bloomberg Brief: Municipal Market discussing the economy. Also joining the program is Malcolm Harkins, Chief Security & Trust Officer at Cylance discussing Cyber-security and China hacks. We also have Beth MacLean, Portfolio Manager at PIMCO, on the bank loan market and her outlook on the economy. 

What if I told you that there are companies out there who deliberately spoof data breaches in order to blackmail their “customers” into paying for their “breach remediation services”? What if I told you that, after failing to be a good little victim to such a scam, LabMD began hearing from the Federal Trade Commission about its security and technology practices? Would you believe me if I said that, in a battle that is now in its 17thyear, our guest has attempted the impossible and stood up to the crooks and the FTC? Rather than settle a case that he knew was wrong, our guest refused to live in the world he was given. He has battled to change that world and keep his company’s name and his own name from being steamrolled by the bureaucracy of a government agency that may not really know what they are doing when it comes to data privacy and security. Joining Matt Stephenson on the InSecurity podcast are Mike Daugherty and Malcolm Harkins. Mike is the CEO of LabMD who refused to be the victim of a shady “Breach Mediation” company, which led to a decade long battle with the Federal Trade Commission. Malcolm is the Chief Security & Trust Officer at Cylance. He is not one to sit idly by and let the cybersecurity industry focus on profits over people. Imagine what might happen when you get these two in a room together… About Mike Daugherty Mike Daugherty is embroiled in the biggest regulatory cybersecurity legal battle in the country today. The CEO of LabMD, a cancer testing laboratory, author, speaker, consultant and policy advocate, he has spent most of the last decade defending his company against charges that it had deficient cybersecurity practices. The early years of his entering and fighting Washington, DC, are recorded in his book, The Devil Inside the Beltway. In so doing, he has become the only litigant to challenge the basic authority that underlies more than 200 enforcement actions relating to cybersecurity and online privacy that the FTC has brought over the past 15 years. Every one of the 200+ litigants before him – including some of the largest companies in the world – have settled with the FTC, creating an unquestioned and untested belief that the FTC has broad authority to regulate in these areas. Following oral arguments in June, 2017, before a panel of the 11th Circuit Court of Appeals, on June 6, 2018, he actually prevailed. In so doing, he toppled key pillars of the FTC’s cybersecurity and online privacy edifice, successfully exposing and challenging The Administrative State. The cybersecurity regulatory framework for all of industry has been flipped on its head. About Malcolm Harkins As the Chief Security and Trust Officer at Cylance, Malcolm Harkins (@ProtectToEnable) is responsible for all aspects of information risk and security, security and privacy policy, and for peer outreach activities to drive improvement across the world in the understanding of cyber risks and best practices to manage and mitigate those risks. Previously, he was Vice President and Chief Security and Privacy Officer at Intel Corp. In that role, Malcolm was responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets, products and services About Matt Stephenson Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before. Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html  iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste

Malcolm Harkins is the Chief Security and Trust Officer at Cylance. Talks with Vince at RSAC 2018 security conference in San Francisco.

In today's podcast we have some RSA notes: an industry-led cyber Geneva Convention, threats and deterrence, and addressing a labor shortage. New Zealand joins Australia, the UK, and the US in warning that someone's exploiting vulnerable routers. Moscow demands to see the evidence that this someone is Russia. Trustjacking afflicts iOS users. Stresspaint Trojan is out in the wild, posing as an innocent app. Another exposed AWS bucket is found. Rick Howard from Palo Alto on the notion of a "cyber moon shot." Guest is Malcolm Harkins from Cylance on why it's unacceptable to adopt the attitude that bad guys getting in is inevitable. 

In today's podcast, we hear about how patriotic hacktivists are talking turkey to high-profile Twitter accounts. The Hide 'N' Seek IoT botnet spreads swiftly through specially crafted peer-to-peer communications. Vulnerabilities found in the Electron developers framework. ICOs are heavily targeted by criminals. Bell Canada was breached, and the Mounties are on the case. Ontario transit operator Metrolinx is asked how it knows North Korea hacked it. British Prime Minister May takes a swing at secure messaging and tech companies generally. Fancy Bear doesn't like Olympic luge. David DuFour from WebRoot with his outlook on ransomware for the coming year. Guest is Malcolm Harkins from Cylance with thoughts on the Aadhaar data breach. And what's the significance of a values statement? 

In today's podcast we hear about some who think that IoT botnets may be best considered an instance of a more general problem with poorly secured endpoints. Good digital hygiene can be good digital citizenship. IoT device recalls follow the DDoS against Dyn. Attribution of the attacks remains up in the air—Clapper looks at "multinational hackers, Jester looks at Russia (and Russia looks at Jester and sees Vice President Biden), and yes, John McAfee is looking at North Korea. Joe Carrigan from The Johns Hopkins University's Information Security Institute inventories IoT devices, and Malcolm Harkins from Cylance shares his thoughts on taking risks. 

Today we have an Interview with Malcolm Harkins, Global Chief Information Security Officer of Cylance Inc. and former VP of Intel. We also have a story about the registration of recreational drones. And we talk about the newly published rules of the proceedings before the Unified Patent Court UPC) in Europe. I also have a [...]

IT Best Practices: Episode 61 – In this podcast we engage in a wide-ranging discussion on business velocity, security, and privacy with Intel’s Malcolm Harkins. Harkins has a unique view from his position as the Chief Security and Privacy Officer at Intel. He shares his thoughts on securing the enterprise, ensuring privacy protections, and keeping […]

IT Best Practices: Episode 3 – Inside IT is the latest on information technology straight from the people of Intel’s IT organization. In this episode of the podcast, we take a look at the state of IT security with Intel’s Malcolm Harkins and Alan Ross. Learn the five irrefutable laws of information security, and discover […]

What’s new in security? In this podcast Intel’s Malcolm Harkins and HP’s Manny Novoa chat about the latest issues in security technologies, notably the emergence of hardware assisted virtualization. They also discuss, with PodTech’s Jason Lopez, coping with zero-day threats and the benefits of automated management of PC fleets. Related Stories: IntelSecurity