Podcasts about runzero

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero's major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what's vulnerable in your environment, without spraying highly privileged credentials at attackers on your network. It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud. This episode is also available on Youtube. Show notes

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-880

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Show Notes: https://securityweekly.com/psw-880

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

In this sponsored interview, Risky Business Media's brand new interviewer Casey Ellis chats with runZero founder and CEO HD Moore about why vuln scanning tech is awful and broken. He also talks about how they're trying to do something better by glueing their own discovery product to the nuclei open source vulnerability scanner. Show notes

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! ‍ On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Internet days? Whether it's the wild west of Myspace, the quirky chaos of Fark, the creative playground of Wattpad, or the endless flash animations on Albino Blacksheep, we want to know what old-school internet experience you'd revive if you could. We're also talking about the pitfalls of AI in bug bounty programs. The open-source project curl has had enough of users flooding them with AI-generated “slop” vulnerabilities that waste maintainers' time and don't actually move security forward. It's a reminder that, despite the hype, AI isn't a silver bullet for finding real bugs and can actually create more noise than signal. Speaking of AI, the conversation shifts to how major companies are reshaping their workforce in the name of artificial intelligence. CrowdStrike just announced it's cutting 5% of its jobs, citing AI-driven restructuring and the need for efficiency. It's not just CrowdStrike-Duolingo is pushing AI into every corner of its product and workflow, with leadership urging engineers to “start with AI for every task,” even as they admit the tech is still error-prone and often less effective than human effort. The end result? Workers are being asked to manage and troubleshoot clumsy AI tools instead of using their expertise, and users are left with content that's sometimes flat-out wrong or just less engaging than before. But while AI is shaking up tech jobs, the cybersecurity workforce shortage isn't going away. The PIVOTT Act has been revived in Congress to address the growing gap, offering full scholarships for two-year degrees in cyber fields in exchange for government service. It's aimed at making it easier for people to pivot into cyber careers, especially as professionals in other sectors worry about AI-driven job cuts. The Act is being administered by CISA and is designed to streamline the path into government cyber roles, including those requiring security clearances. As always, we spotlight some of the latest developments from Censys, VulnCheck, runZero, and GreyNoise; then wrap up with some quick goodbyes and reminders to check out the latest from all our partners and contributors. Thanks for tuning in to Storm⚡️Watch-where the only thing moving faster than the threats is the conversation. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. ‍ In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that always sparks debate about curiosity versus caution in cybersecurity. It's officially cyber report season, and we're breaking down the latest findings from some of the industry's most influential threat intelligence teams. GreyNoise's new research spotlights the growing risk from resurgent vulnerabilities-those old flaws that go quiet for years before suddenly making a comeback, often targeting edge devices like routers and VPNs. The FBI's 2024 IC3 report is out, revealing a record $16.6 billion in reported losses last year, with phishing, extortion, and business email compromise topping the charts. Mandiant's M-Trends 2025, VulnCheck's Q1 exploitation trends, and other reports all point to a relentless pace of vulnerability weaponization, with nearly a third of new CVEs being exploited within 24 hours of disclosure. We also dig into a series of ace blog posts and research from Censys, including their push to end stale indicators and their deep dives into the sharp rise in attacks targeting edge security devices. Their recent work with GreyNoise and CursorAI on botnet hunting, as well as their new threat hunting module, are changing the game for proactive defense. VulnCheck's quarterly report is raising eyebrows with the revelation that 159 vulnerabilities were exploited in Q1 2025 alone, and 28% of those were weaponized within a single day of disclosure. This underscores how quickly attackers are operationalizing new exploits and why defenders need to move faster than ever. We round out the show with the latest from runZero and a look at GreyNoise's recent findings, including a ninefold surge in Ivanti Connect Secure scanning and a spike in Git configuration crawling-both of which highlight the ongoing risk of codebase exposure and the need for continuous vigilance. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!"

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-401

This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401

This week, in the enterprise security news, we check the vibes we check the funding we check runZero's latest release notes tons of free tools! the latest TTPs supply chain threats certs won't save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401

Forecast = Cloudy with a chance of cyber meatballs. ‍ We're not fooling around in this episode of Storm⚡️Watch! The show kicks off with some positive news about the Journal Times returning to full operations following a cyberattack. This is followed by important information for VMware users regarding Broadcom's significant licensing changes effective April 10, including an increase in minimum core requirements from 16 to 72 cores per command line and a new 20% penalty for late subscription renewals that will be applied retroactively. The crew then reviews results from their recent poll asking listeners which feature of encrypted messaging apps concerns them most, with options including data storage, unencrypted backups, metadata, and accidental adds. In our first segment, we discuss security concerns with the Unitree Go1 consumer-grade robot dog, specifically focusing on the recently disclosed Zhexi Oray Tunnel backdoor that has raised alarm in the security community. Next up, the team explores FamousSparrow and their SparrowDoor malware, examining the techniques and implications of this threat actor's operations. In light of recent event, the hosts provide comprehensive guidance on secure messaging practices, drawing from recent Washington Post and Wired articles. They emphasize that secure communication depends not just on the app but also on how you use it. Key recommendations include choosing contacts wisely, securing your devices by using personal rather than work equipment, setting messages to automatically delete, and selecting the right messaging apps with Signal being the top recommendation for its verifiable end-to-end encryption. They also warn about potential vulnerabilities in cross-platform messaging and advise caution with apps like Telegram. We quickly review Europol's 2025 report on the evolving landscape of organized crime, which now heavily intersects with cybercrime. Traditional criminal networks have transformed into technology-driven enterprises using AI, blockchain, and cryptocurrency to enhance their operations. The internet has become the primary theater for organized crime with data as the new currency of power. The report identifies seven key threat areas and calls for improved global financial security measures, noting that criminal asset confiscation remains stagnant at around 2%. Finally, we conclude with updates from our benevolent overlords, including Censys' reports on JunOS vulnerabilities and Kubernetes issues, VulnCheck's partnership with Filigran, runZero's approach to exposure management, and GreyNoise's observations on DrayTek router activity and Palo Alto Networks scanner activity that may indicate upcoming threats. Storm Watch Homepage >> Learn more about GreyNoise >>  

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week's episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he's doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he's got you fam. This episode is also available on Youtube. Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company's denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer' accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab's director dissects spyware and the ‘proliferating' market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy

Forecast = Router-geddon: Ballista storms brewing with a chance of unforgivable vulnerabilities. Patch umbrella required. ‍ In this episode of Storm ⚡ ️Watch, the crew laments the sorry state of modern edge computing through the lens of Steve Coley's 2007 paper on "Unforgivable Vulnerabilities". The discussion examines security flaws that should never appear in properly developed software yet continue to plague systems today. These vulnerabilities demonstrate a systematic disregard for secure development practices and would be immediately obvious to anyone with basic security awareness. The team breaks down "The Lucky 13" vulnerabilities, including buffer overflows, cross-site scripting, SQL injection, and hard-coded credentials, while also exploring how modern AI tools might inadvertently introduce these same issues into today's codebase, and how one might go about properly and safely use them in coding and security engineering. The episode also features an in-depth analysis of the newly discovered Ballista botnet that's actively targeting TP-Link Archer routers through a vulnerability discovered two years ago. First detected on January 10, 2025, this botnet has already infected over 6,000 devices worldwide, with the most recent activity observed in mid-February. The threat actors behind Ballista, believed to be based in Italy, have targeted organizations across multiple sectors including manufacturing, healthcare, services, and technology in the US, Australia, China, and Mexico. The botnet exploits CVE-2023-1389 to spread malware that establishes encrypted command and control channels, enabling attackers to launch DDoS attacks and further compromise vulnerable systems. The team rounds out the episode with updates from their partner organizations. Censys shares insights on JunOS vulnerabilities and the RedPenguin threat actor, along with an investigation into server misidentification issues. RunZero discusses the importance of cybersecurity labeling for end-of-life and end-of-support consumer IoT devices. GreyNoise alerts listeners to a new surge in SSRF exploitation attempts reminiscent of the 2019 Capital One breach and promotes their upcoming webinar on March 24th. As always, the Storm⚡️Watch crew delivers actionable intelligence and expert analysis to help security professionals stay ahead of emerging threats in the ever-evolving cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast: Cloudy with a chance of compromised credentials and scattered vulnerabilities—stay alert out there! ‍ In this episode of Storm⚡️Watch, we're unpacking some of the most pressing developments in cybersecurity and what they mean for the industry. First, we tackle the state of CISA and its mounting challenges. From allegations that the Trump administration ordered U.S. Cyber Command and CISA to stand down on addressing Russian cyber threats, to financial groups pushing back against CISA's proposed incident reporting rule, there's no shortage of turbulence. Adding fuel to the fire, Homeland Security Secretary Kristi Noem has disbanded eight federal advisory committees, including key cybersecurity groups, citing compliance with a Trump-era executive order. Critics argue these cuts could weaken public-private collaboration and hinder CISA's ability to protect critical infrastructure. We'll break down what all this means for the future of cybersecurity leadership in the U.S. Next, we revisit a shocking case involving a U.S. soldier who plans to plead guilty to hacking 15 telecom carriers. This story highlights the ongoing risks posed by insider threats and the vulnerabilities within telecom networks, which are often targeted for their treasure troves of sensitive data. We'll explore how this case unfolded, what it reveals about vetting processes for individuals with access to critical systems, and the broader implications for cybersecurity in government-affiliated organizations. We also spotlight some fascinating research from Censys on a phishing scam exploiting toll systems across multiple states. Attackers are leveraging cheap foreign SIM cards and Chinese-hosted infrastructure in a campaign that keeps evolving. Plus, RunZero sheds light on a critical vulnerability affecting Edimax IP cameras (CVE-2025-1316), while GreyNoise reports on mass exploitation of a PHP-CGI vulnerability (CVE-2024-4577) and active threats linked to Silk Typhoon-associated CVEs. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this Risky Business News sponsor interview, Catalin Cimpanu talks with runZero founder and CEO HD Moore about the company's latest capability, a feature called Inside-Out Attack Surface Management that takes internal fingerprints and scans the internet to discover possible exposures. Show notes Inside-Out Attack Surface Management: Identify the risk before hackers bridge the gap

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. This week's episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network. You can also watch this episode on Youtube Show notes Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Does bcrypt have a maximum password length? - Information Security Stack Exchange Local Administrator Protection | Privilege Protection Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED A Deeper Look at FortiJump (FortiManager CVE-2024-47575) | Bishop Fox Man Arrested for Snowflake Hacking Spree Faces US Extradition | WIRED Google uses large language model to discover real-world vulnerability GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Thousands of hacked TP-Link routers used in yearslong account takeover attacks - Ars Technica CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files | Cybersecurity Dive Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns India-Canada row: Canadian officials confess to leaking 'intel' against India to Washington Post - India Today Amid diplomatic row, Canada names India in ‘cyberthreat adversary' list, accuses it of ‘likely spying' | World News - The Indian Express The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President | WIRED Risky Biz News: The mystery at Mango Park North Korean hackers seen collaborating with Play ransomware group, researchers say

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, Director of Security Research at runZero, about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero's research into the SSH protocol.

Forecast = Intermittent internet-wide scanner probes with a 20% chance of DDoS. Believe it or not, it has been one year since we started Storm Watch. While we still don't understand it, we are so grateful to everyone who keeps coming back week after week to hear us discuss all things cybersecurity. In this episode, the team takes a look back at how we got here and looks forward at what's to come for our little podcast. We are also honored to talk with security expert and runZero Co-founder & CEO, HD Moore. Storm Watch Homepage >> Learn more about GreyNoise >>    

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero's Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.

Show notes:    Today, we're joined by Huxley Barbee, a security evangelist at RunZero and organizer of Bsides NYC. In this episode, Zach and Huxley talk about the modern divergence of environments and security methodologies. Topics discussed:   Huxley's start within the security industry. Making the industry a better place for newcomers. Chasm solutions. Comprehensive security visibility. Methodologies of collecting data (on the network). How “network” terminology has evolved. “Deperimeterization”. Modern divergence of security environments and efforts of discovery. The top 3 important components that help round out a security program. Agent-based collection compared to network-based collection. Organization of Bsides NYC. Where to get in touch:  Linkedin https://www.linkedin.com/in/jhbarbee/  Twitter https://twitter.com/huxley_barbee  Mastadon https://infosec.exchange/@huxley  Bsidesnyc.org https://bsidesnyc.org/  Runzero https://www.runzero.com/    Try Fleet   Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. https://fleetdm.com/try-fleet/register.

Industrial Talk is chatting with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive vs Active Scanning.”  The following is a summary of our conversation: Cybersecurity and OT with Huxley from Run Zero. 0:00 Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations. Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world. Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts. Cybersecurity in IoT, OT, and ICS environments. 4:36 Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management. Huxley highlights the importance of security in IoT and OT environments, emphasizing that it's often an afterthought. Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on. Industrial control systems security. 9:13 Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making. Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate. Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls. Cybersecurity risks in industrial control systems. 14:04 Huxley emphasizes the importance of selecting security controls commensurate with the value of assets. Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them. Vendors and devices create variety and complexity in IoT security. Active scanning techniques for IoT devices. 20:02 Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented. The speaker highlights the bias against active scanning that has developed as a result of poor deployments in the past. Huxley argues that active scanning can be safe for OT and ICS environments with proper development. Active vs passive device discovery in cybersecurity. 24:19 Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful. Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations. Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in...

In this Risky Business News sponsor interview Tom Uren talks to Huxley Barbee, Security Evangelist at runZero finding the unknown unknowns and what even is a security evangelist anyway.

In this episode, host Ron Eddings is joined by Metasploit creator, co-founder and CEO of runZero, HD Moore. HD changed the world with Metasploit and he's doing it again with runZero. Attack Surface Management can't happen unless you have visibility into your home or company network and HD shares how he's able to deliver that and so much more in his journey of creating runZero. Impactful Moments 00:00 - Welcome 00:50 - Introducing guest, HD Moore 01:30 - Fixing the Root Cause 05:00 - runZero 10:54 - A New Kind of CAASM 12:00 - Uncover the Unknown 14:08 - runZero Raving 17:45 - “Trust me, you can scan OT” 20:10 - You Can Scan if You Want To 22:30 - Red to Blue Judo Skills Links: Connect with our guest HD Moore: https://www.linkedin.com/in/hdmoore/ Check out runZero: https://www.runzero.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

Network Asset Discovery is the process of identifying and cataloguing all devices, resources, and services present within a computer network. This is an essential step in maintaining the security, performance, and management of a network - and overlooking the inventory of unknown devices on your network can result in serious problems. In this episode of the EM360 Podcast, Head of Content Matt Harris speaks to Huxley Barbee, Security Evangelist at RunZero, about:Ramifications of a lack of network asset visibilityInvestigating network assets for incident responseCurrent state of asset discovery

Get ready to embark on an enlightening journey with our guest, Huxley, a seasoned cybersecurity professional known for his extraordinary career path. From manipulating dial-up ISPs as a teenager, to landing a serious role in the field through a thrilling discovery, Huxley's tale will bring you to the edge of your seat. We dive deep into how he overcame fear and uncertainty while dealing with the unknown, and how he relishes the thrill of unraveling complex cybersecurity puzzles.Our conversation spans the significant consequences of ignoring account management. Listen to compelling anecdotes underscoring the importance of disabling employee accounts after their departure. We also retrace Huxley's time at Cisco, discussing how the tech giant transformed into a security services provider. We also delve into the real-life repercussions of lax security practices, illustrating how even large corporations can suffer monumental losses.As the conversation unfolds, we chart the evolution of cyber asset management. We further explore how Cisco expanded its security product portfolio and how Rumble Network Discovery transformed into RunZero. We highlight the necessity of securing all devices in an increasingly interconnected world, from office networks to personal devices and IoT. As a cherry on top, we'll delve into how RunZero assures complete network coverage, reducing the risks and reinforcing the importance of protecting an organization's attack surface. Tune in for a gripping and enlightening conversation about cybersecurity and asset management.Support the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they're in enterprise, services or vendors to build appropriate solutions.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 93: Navigating Cybersecurity Realms: Unveiling Chris Kirsch's Multifaceted JourneyPub date: 2023-08-22In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a strategic social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a masterful pizza chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You're bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris's advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZeroThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You're bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris's advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZero

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB's Lapsus$ report Much, much more This week's show is brought to you by RunZero. Its co-founder HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT' – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB's Lapsus$ report Much, much more This week's show is brought to you by RunZero. Its co-founder HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT' – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

"It just boggles the mind that things that are so important to how our world works are so shockingly unprotected."According to ABI Research, less than five percent of critical industrial infrastructure is monitored for threats. The company also reports that by 2030 industrial environments will house more than 1.2 billion connection points for machines and production systems. So, while it's impossible to be in all places at all times, this growth in connectivity will place a greater strain on security resources even after prioritizing data and network assets, and focusing on the most pressing potential vulnerabilities. Throw in data from Rapid, the largest API hub in the world, showing that over 60 percent of API users are in manufacturing, and it becomes easy to understand how the industrial attack surface continues to expand and create new opportunities for the bad guys.These are dynamics that our guest for today's episode knows all too well.  Huxley Barbee is the Security Evangelist at runZero, a leading provider of cyber asset management solutions. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Chris Kirsch, CEO of runZero, joins Dennis Fisher to talk about the problem of trying to secure what you don't know you have, asset management, and his history in the original crypto war. 

Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Interview with HD MoorePub date: 2023-07-26HD Moore is most famous for his creation of the Metasploit penetration testing framework. It began in 2003 and hit the OT world in 2011. HD is now the Founder and CTO of RunZero, another cybersecurity startup that is starting to play in the OT Space.   In this episode we spend the first third of the show talking about Metasploit ... early reaction, OT modules, is Metasploit still necessary and useful today.   We then shift to creating asset inventories in IT and OT, which is what RunZero does. Why HD decided to run back into the cybersecurity startup world? How it started as a solo shop with HD writing all the code. How HD things Shodan and RunZero are different. What technique does RunZero use to 'scan'. A term that many fear in OT. Check out their approach to 'fragile devices'. The OT reaction to this type of scanning. What role uses the RunZero product?   Links RunZero website S4x24 Call For PresentationsThe podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

HD Moore is most famous for his creation of the Metasploit penetration testing framework. It began in 2003 and hit the OT world in 2011. HD is now the Founder and CTO of RunZero, another cybersecurity startup that is starting to play in the OT Space.   In this episode we spend the first third of the show talking about Metasploit ... early reaction, OT modules, is Metasploit still necessary and useful today.   We then shift to creating asset inventories in IT and OT, which is what RunZero does. Why HD decided to run back into the cybersecurity startup world? How it started as a solo shop with HD writing all the code. How HD things Shodan and RunZero are different. What technique does RunZero use to 'scan'. A term that many fear in OT. Check out their approach to 'fragile devices'. The OT reaction to this type of scanning. What role uses the RunZero product?   Links RunZero website S4x24 Call For Presentations

HD Moore is the founder and CEO of Metasploit and runZero, two cybersecurity companies that are widely used to identify assets and vulnerabilities in corporate environments. On today's episode, Jon Sakoda speaks with HD on growing up as one of the most famous cybersecurity hackers who had the courage to publish software vulnerabilities on the internet:Need to Necessity - Diving in Dumpsters for Computer Parts  [1:20-2:24] - HD Moore grew up poor and had to scrounge for computer parts in dumpsters. This motivated him to build his own computers and teach himself to code. Listen to how HD found his way into his first job as a DOD researcher as a teenager.Open Source Keeps Me Out of Jail [09:12-12:54]  - Metasploit was the first tool to publish exploits and vulnerabilities in public as an open source tool. This was very unpopular and controversial and HD's wife maintained a “Get HD out of Jail” fund in case he was arrested or prosecuted. Listen to how HD's resiliency and belief that sunlight is the best disinfectant ultimately led to a safer internet.Creating Balance and Intensity as a Founder [23:16-26:58] - HD reflects on moments of health and personal challenges throughout his career as a founder. He now is very intentional about taking the needed time for himself. Listen to his words of wisdom and specific ways to carve out time for health and wellness.Follow Jon Sakoda https://twitter.com/jonsakodaFollow HD Moore https://infosec.exchange/@hdmFollow Decibel https://twitter.com/DecibelVC

Huxley Barbee is a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory. Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. During his time there, he established a new security market presence & enabled the global sales force to grow sales by 482%. Huxley spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC.  He has a passion for bringing value to those around him and understanding what drives individuals and groups. In 2016, he founded a consulting practice at Cisco providing security automation and orchestration to Fortune 500 customers. Four years later, he brought Datadog's Cloud Security Platform to market. Now at runZero, he's helping organizations build comprehensive asset inventory. He resides in New York where he spends time trying to keep up with his children. You can connect with Huxley here: https://www.linkedin.com/in/jhbarbee/ --- Send in a voice message: https://podcasters.spotify.com/pod/show/techandmain/message

Chris is the founder of runZero, a cyber asset management company. Chris has been acquired six times, IPO'd once and is one of the few black badge holders of Defcon.Chris had one of his greatest challenges right after college at the start of his career.The whole business was dependent on a key encryption licence which was about to be withdrawn. It would take a year to replace properly. They had less than a month.His CEO was a great role model for Chris. He was calm under pressure and willing to take risks and had a mantra “There's always one move left”... Chris just had to find itCould he do it in time?In this episode we discuss,Making bold moves and taking risks in business;Where hard work and resilience can take you;Why taking a step back and reassessing situations with a fresh perspective is essential.Tune in to hear how Chris made strategic decisions that skyrocketed his career and got him to where he is today.Want to know how Future Fit you are? Take 3 mins to benchmark yourself with our Founder Fitness Test on peer-effect.com. You might discover some surprising gaps! Or just follow James on LinkedIn for more thoughts around coaching and being future fit.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. Huxley encourages our listeners to connect with him on various platforms as linked below.LinktreeLinkedInMastadonTwitterSome resources for finding conferences to submit papers to are linked below.Infosec ConferencesCFP TimeSecurity BSidesPulesdive's list of threat intel conferencesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Come see what many leaders miss, their blind spots. Behind-scenes talk with HUXLEY BARBEE, CISSP/CISM, who organized top security event at BSidesNYC, is a highly sought after security expert, public speaker and security evangelist at runZero. HE HAS Cloud Security Platforms and automated SecOps and IR playbooks.  Topics: importance of asset discovery, understanding what effective asset discovery means, improving security through better asset discovery, importance of asset discovery, why security efforts often fail, critical infrastructure risk in cyber security today, why internet of things is a large security risk, how zero trust can be helped by asset discovery, how zero trust improves through better asset discovery, how small business can improve security through better asset discovery, how national security can improve security through better asset discovery, can critical infrastructure improve security through better asset discoveryDon't miss the video interview: https://youtu.be/0-TZtZYcM_EAudio Podcast (available everywhere): https://cybercrimejunkies.buzzsprout.comWant more true cyber crime? More interviews with global leaders? Unique insight into emerging trends, news, and other shocking stories? Check out Https://cybercrimejunkies.com Please consider subscribing to our YouTube Channel for ALL Video episodes. It's FREE. It helps us help others. Our YouTube Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1ygDid you know? 80% of breaches are a result of stolen credentials. Why does your organization still rely on passwords as part of your authentication process? Beyond Identity Enforces continuous risk-based authentication, a fundamental tenet of a Zero Trust security program.Go to beyondidentity.com/podcast to get a free demo. Get a FREE DEMO today! Support the showThank you listening! Come Watch the Video episode!Please consider subscribing to our YouTube Channel for ALL Video episodes. It's FREE. It helps us help others. Our YouTube Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg

Huxley Barbee, Security Evangelist at runZero shares his valuable insights on various approaches to asset discovery, such as agents, authenticated active scanning, and pulling data from other solutions. We'll also touch on the pros and cons of passive network monitoring and unauthenticated active scanning for finding unmanaged devices.

Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government's current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection!0:00 - Asset detection at home1:18 - What is asset detection?2:44 - Is asset detection difficult?3:39 - Do asset detection on your network4:45 - Asset detection on a school network6:50 - How to put asset detection on your resume9:44 - What to study for asset detection roles10:31 - Learn more about runZero11:15 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Tech evangelist Huxley Barbee from runZero talks about asset detection, and yes, just asset detection. Learn about the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time, and join Barbee as he walks you through how it's all done and what you need in order to do it well.0:00 - Asset detection and asset mapping 2:56 - Getting into cybersecurity 4:12 - Shifting roles in cybersecurity to evangelist6:02 - What does a security evangelist do?8:30 - What is BSides NYC?14:41 - Planning in cybersecurity assets22:50 - Tools and techniques of asset inventory32:13 - The importance of asset discovery34:25 - Skills needed to work in asset detection37:32 - Cybersecurity starts and ends with assets42:22 - What does runZero do?44:44 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Huxley Barbee is a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory. Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. He has spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC.   00:00 Introduction 00:15 Our Guest 01:00 Huxleys Origin Story 02:27 Proactive Security, Risk, and Asset Inventory: What's the connection? 04:56 Using the right tools 07:17 IPv4 and IPv6 11:15 What do you need in terms of an ACCURATE Asset inventory? 21:56 Asset Inventory Playing a role in ransomware 26:17 Connecting with Huxley  https://www.runzero.com/ https://www.linkedin.com/in/jhbarbee/ https://www.helpnetsecurity.com/2023/02/24/bsidesnyc-2023/

In this episode, host Bidemi Ologunde spoke with Huxley Barbee, the lead organizer for BSides NYC and a Security Evangelist at runZero, a cyber asset management solution.The discussion covered various topics related to asset-centric investigations, such as the pros and cons of the different methods of conducting cyber asset inventory; operational technology (OT) scanning; and security research-based fingerprinting and incremental fingerprinting. Huxley also delved into vulnerability prioritization technology (VPT) and the utility of Shodan, a popular search engine for identifying and cataloging internet-connected devices and systems. Additionally, he mentioned some of the tools required for network access security; the stark reality of managing threat attack surfaces, and lots more. To wrap up, he shared insights into how runZero can aid organizations in securing all their network assets and devices.==============Organize your work and life, finally.Become focused, organized, and calm with Todoist. The world's #1 task manager and to-do list app.Start for free=======Receive $25 off orders of $149+ with code SWAPSRF at Snake River Farms!Whether you're a seasoned veteran or a beginner to beef, the pioneers of American Wagyu have got you covered with $25 off your order.Shop Delicious Meats Now=======Turn your Airtable or Google Sheets into modern business tools you need.Softr lets you stop waiting for developers. Build software without devs. Blazingly fast. Trusted by 100,000+ teams worldwide.Start building now.=======Sesame Care - Doctor appointments as low as $19.Find the best price for the highest quality physicians. Book an appointment in minutes.Get Started=======Compliantly hire anyone, anywhere, in 5 minutes with Deel.Deel is your one-stop shop for hiring, paying, and managing your remote team. We stay on top of local labor laws across the world to ensure compliance and mitigate risk so that you don't have to.Get Started=======Shut The Box Game.Dating back to 12th century France, sailors cherished playing Shut The Box Game. In modern times whether you're camping with friends or relaxing with family, you'll have endless fun with this easy-to-learn game! Buy 2, Get 1 Free, plus free shipping within the United States.Get Started=======Support the show

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's Sponsors ____________________________Episode NotesIn this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesBSides NYC: https://bsidesnyc.org/____________________________Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's Sponsors ____________________________Episode NotesIn this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesBSides NYC: https://bsidesnyc.org/____________________________Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?

It is axiomatic in our industry that you can't protect what you don't know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone  (MCIS, CISSP, CISA, QSA) to discuss:What asset management is and why it is importantFirst steps any organization should take to implement asset managementA high-level overview of some standard ways to manage asset inventory, and how runZero solves common problemsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

NOTE: Patrick's audio is a bit degraded in a few parts of this episode. It's still clear enough, but if you hear some degradation in parts then yes, it's us, not you. On this week's show Patrick Gray, Adam Boileau and Tom Uren discuss the week's security news. They cover: The Biden White House's executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it's time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week's show is brought to you by runZero. HD Moore, co-founder of runZero, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that's your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned' Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico's water authority British hospital investigating impact of ‘contained' cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users' data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky' targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria' Lum passes away at 41 | TechCrunch

NOTE: Patrick's audio is a bit degraded in a few parts of this episode. It's still clear enough, but if you hear some degradation in parts then yes, it's us, not you. On this week's show Patrick Gray, Adam Boileau and Tom Uren discuss the week's security news. They cover: The Biden White House's executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it's time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week's show is brought to you by runZero. HD Moore, co-founder of runZero, is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that's your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned' Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico's water authority British hospital investigating impact of ‘contained' cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users' data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky' targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria' Lum passes away at 41 | TechCrunch

This episode, runZero's VP of Worldwide Sales Jay Wallace talks about how to approach complex sales cycles with long lead times, the techniques for relationship-based selling, and how to build credibility in your relationships.Jay Wallace has been working in sales for almost a decade and has built successful sales teams from the ground up.Jay is currently the VP of Worldwide Sales for runZero where he leads all things revenue creation and retention. Here are a few of the topics we'll discuss on this episode of The Consulting Trap: The benefits of working as one of the first employees for a startup. How to approach sales cycles with long lead times. The danger of being too reliant on one employee. How to start a relationship-based selling model. Ways to build credibility in relationships. How to warm up your leads. Resources: runZero Podcast Chef Connecting with Jay Wallace:LinkedInConnecting with the host: Brian Mattocks on LinkedIn Brian Mattocks by email Quotables: 3:30 - “I love cyber security I think that it's a community, for me it's a calling I love being involved, I love hearing all the crazy stories you hear out in the world about people doing crazy things on the internet and that's always drawn me into the cyber security space.” 5:10 - “It wasn't so much sales that caught my attention it was business and I was really interested in the inner workings in how businesses work and what they care about but I think if you're really truly interested in business you've got to be interested in sales because that's the lifeblood of any business that's what makes the operations run keeps the lights on.” 5:49 - “You're cold calling my first fully commissioned gig had no base salary really putting it all on the line, knocking in doors asking strangers can I refinance your mortgage that was the short of it or selling financial products like life insurance or financial plans not to mention not the easiest thing to do in a global recession so 2008 2009 were not my best years in terms of earnings but they were certainly my best year in terms of learnings, I learned a lot about myself and how much I loved sales and I loved meeting somebody completely brand new they don't have any idea about what you have most of the time their standoffish and they don't want to talk to you anyway so there's something masterful and artful about being able to get someone to warm up to you have them open their eyes to the solution that your selling and eventually say yes this will actually help me out.” 9:02 - “The worst thing that can happen to you as a seller is you've got a mid 6 figure or low seven-figure deal on the line and you're single-threaded, so your champion decides to leave the company, your champion decides to take a 3-week vacation, we sell to about 50 countries today so varying degrees of everybodys not like Americans where we live to work and it's like hey I'm going on vacation but here's my cell here's a hair follicle in case you need to trace me by DNA, here's how you can find me at any waking moment don't worry a lot of people actually take vacation out there in the world.

Today on That Tech Pod, Laura and Gabi speak with Huxley Barbee. Huxley Barbee is the organizer of the BSides NYC Security Conference and a Security Evangelist at runZero (formerly Rumble Network Discovery), a company founded by Metasploit creator HD Moore that helps companies discover unmanaged devices for asset inventory.Huxley previously worked for Cisco, Sparkpost, and most recently, Datadog – where he formulated the Datadog Cloud Security Platform. During his time there, he established a new security market presence & enabled the global sales force to grow sales by 482%.Huxley spent over 20 years as a software engineer and security consultant. He attended his first DEF CON in 1999 and holds both CISSP and CISM certifications. On top of that, he's also an organizer of BSidesNYC. He has a passion for bringing value to those around him and understanding what drives individuals and groups.In 2016, he founded a consulting practice at Cisco providing security automation and orchestration to Fortune 500 customers.Four years later, he brought Datadog's Cloud Security Platform to market. Now at runZero, he's helping organizations build comprehensive asset inventory.He resides in New York where he spends time trying to keep up with his children.Today's sponsor:All too often, it's only a matter of time before a business will suffer a cyber-attack. The potential impact of cybercrime requires that cybersecurity be viewed as a business risk, rather than a simple IT issue. Fundamentally, an organization's reputation is on the line as a cyber-attack may impact business operations, financial integrity, and legal exposure to its customers and partners. In order to adequately address the risks from large and complex cybercrimes, it is critical that organizations develop a strong crisis management strategy.   From incident response, to forensic investigation, to litigation and regulatory response, EY Privacy and Cyber Response professionals from the EY Forensics team are available to assist organizations against the most challenging cyber-attacks. Learn how the EY Forensics team can help you mitigate risks and improve your cyber response at www.ey.com/forensics.

The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition.  Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world's largest hacker conference. If you'd like to learn more about Chris and the organizations he advocates for: Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8 Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURU External perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/ Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hk Facebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollective National Child Protection Task Force (NCPTF): https://www.ncptf.org/ Twitter profile: https://twitter.com/chris_kirsch Mastodon profile: https://infosec.exchange/@chris_kirsch LinkedIn profile: https://www.linkedin.com/in/ckirsch/ Chris' company: https://www.runzero.com/ Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Listen to our interview with Huxley Barbee, Security Evangelist at runZero and organizer of the BSidesNYC event.    We discussed the following topics among others.  What “concrete security vulnerabilities companies face when they are not fully aware of their network assets?   How asset inventory is a bedrock of risk management?  Why Do Most Companies Struggle With Asset Inventory?  Some actionable tips and more...   If you want to be our guest, or you know some one who would be a great guest on our show, just send your email to info@globalriskconsult.com with a subject line “Global Risk Community Show” and give a brief explanation of what topic you would like to to talk about and we will be in touch with you asap.

Join our resident Business Ninja Kelsey, together with the CEO and Co-Founder of runZero, Chris Kirsch, as they talk about getting unmatched visibility and insights into every assets connected in your network. Discovery is the first step to building the asset inventory needed for effective IT and security programs. Yet, most organizations struggle to obtain a true inventory of all the devices and services running in their networks. runZero's mission is to make discovery as easy and safe as possible, so organizations know everything they have on their network and in the cloud.runZero delivers the data and context you need to effectively manage and secure assets across your environment.Learn more about them and visit their website today at https://www.runzero.com/-----Do you want to be interviewed for your business? Schedule time with us, and we'll create a podcast like this for your business:  https://www.WriteForMe.io/-----https://www.facebook.com/writeforme.iohttps://www.instagram.com/writeforme.io/https://twitter.com/writeformeiohttps://www.linkedin.com/company/writeforme/https://www.pinterest.com/andysteuer/Want to be interviewed on our Business Ninjas podcast? Schedule time with us now, and we'll make it happen right away! Check out WriteForMe, more than just a Content Agency! See the Faces Behind The Voices on our YouTube Channel!

All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, “You can't protect what you don't know.” Everyone agreed with that. Problem is, “what you don't know” has grown… a lot." Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Everyone agrees that, “You can't protect what you don't know”, but what do you do when, “what you don't know” has grown…a lot? With all our efforts to know our assets, are we doing any better understanding? How do we decide what we should really be measuring? How do we determine what's most important in terms of asset management?

Chris Kirsch is the CEO of runZero, a company he co-founded with Metasploit creator HD Moore to help companies solve their asset inventory challenges. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, the world's largest hacker conference.Connect with Behind Company Lines and HireOtter Website Facebook Twitter LinkedIn:Behind Company LinesHireOtter Instagram Buzzsprout

This Founder has some surprising additional talents outside of founding a company that's raised $5 million in VC funding to hunt for networked devices. After helping several start-up brands market their solutions, Chris Kirsch joined the founding team of runZero and is currently the company's CEO. In addition to a fun round of “fact or fiction,” The Founder Formula co-hosts Todd Gallina and Sandy Salty talked with Chris about: The evolution of a winning name for a company Developing a culture Mindful growth Celebrating client wins  Listen in to learn all of this and more on this episode of The Founder Formula with Chris Kirsch, Co-Founder of runZero. Additional episodes of The Founder Formula can be found on Apple Podcasts, Spotify, or the Trace3 website.

This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different listeners, who share stories on disposable email addresses, as well as a little insight on a Best Buy scam mentioned in a previous episode. Joe's story is on gaming companies and whether or not they have to stoop down to stemming growth in cheats, hacks, and other types of fraud to keep customers coming back. Dave's story comes from his father, he has two stories, one involving a gift card scam and an email compromise of a family member's account. The other involves a fake invoice for tech support services. Our catch of the day comes from listener Felipe, who writes in asking Joe and Dave to make sense of the email he received saying that his refund was recalled from someone claiming to be the "Secretary for International Finance of United States Treasury Department." Links to stories: For Gaming Companies, Cybersecurity Has Become a Major Value Proposition Scam call center video Jim Browning scammers video Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

This week, Micah (@WebBreacher), and Christina (@ChristinaLekati) are joined by Chris Kirsch (chris_kirsch) for an interview! Chris is the CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, while last year, he participated as a judge for the vishing competition at the Social Engineering Community. In this interview, we discuss the intersection between OSINT and social engineering. Chris shares with us stories from the application of OSINT in social engineering operations, and describes some of the top OSINT techniques and resources that he observed at the Social Engineering vishing competition. You can follow Chris on: Twitter: https://twitter.com/chris_kirsch LinkedIn: https://www.linkedin.com/in/ckirsch/ Mastodon: https://infosec.exchange/@chris_kirsch

Comprehensive asset discovery is foundational to robust and proactive cybersecurity governance. The Cybersecurity and Infrastructure Security Agency recently issued a directive (BOD 23-01) requiring federal enterprises (civilian executive branch) to perform automated asset discovery every 7 days. Among other things, the directive also requires federal enterprises to initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days. Huxley Barbee, Security Evangelist at runZero and former Cybersecurity Practice Lead at Cisco, discusses the various methods of comprehensive asset discovery and provides guidance in selecting an appropriate asset discovery tool.Time Stamps01:33 -- Please share with the listeners some highlights of your professional journey.03:13 -- Share some stories and anecdotes of the consequences of poorly managed asset inventory.09:37 -- Why didn't organizations engage in comprehensive asset discovery? What were the hurdles, if any? Now that there is a CISA directive, what's the guarantee that organizations will be in a position to follow through with the orders?13:12 -- Let's discuss some solutions, recommendations, and approaches to better managing asset discovery.22:00 -- It seems that the unauthenticated scan is the best approach. Can you please clarify?26:16 -- It is equally important for organizations to report on the actions taken in response to the discoveries. Is there a CISA directive to that effect? Can you shed some light on that, please?33:32 -- Please summarize some of the key takeaways from our chat this morning35:42 -- How about providing listeners with some selection criteria when they're evaluating different products in the market, asset discovery products? What should they be aware of? What are the kinds of questions they should be asking? So it helps them make good selections.Memorable Huxley Barbee Quotes/Statements"The unfortunate reality is that asset inventory is still an unsolved problem for so many organizations. They might have some tooling for dealing with asset discovery, but usually, they end up with spreadsheets.""There is greater recognition, especially from government agencies, of the need for asset discovery.""Asset Inventory isn't just a list of devices that you have on your network. It's also what is on those devices, what services are on those devices, what ports are those devices listening to, and who owns those devices.""There are many hurdles associated with asset inventory management. The one that looms the largest is unmanaged devices, unmanaged assets, that is the achilles heel of any asset inventory program.""Why would the adversary go for a well-managed up to date patched machine when they can just go ahead and attack something that's out of date and unpatched, with numerous exploits that they might be able to download from the Internet.""Unmanaged devices are why customers end up using spreadsheets where the existing tooling just isn't performing as they want. And so they have to end up using spreadsheets instead.""With unauthenticated scanning, you have the best of many worlds, right, you have the ability to go out and find all the assets on the network, even if they're unmanaged. But you don't have the problems of credential spraying. And depending on how the unauthenticated scanner is implemented, you can even talk to OT devices without the fear of crashing, some sort of mission-critical function."Effectively, BOD 2301 is suggesting the use of unauthenticated scans for the asset discovery portion of this particular directive.""A customer...

Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley/ (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault/ (Carole Theriault), joined this week by runZero's Chris Kitsch. Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about bots in the retail sector. Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://www.runzero.com/blog/rebrand-journey1/ (The rundown on becoming runZero: What I learned rebranding a company) - Chris Kirsch on the runZero blog. https://twitter.com/MelissaForPA/status/1580216538421899264 (Tweet by Melissa Shusterman) - Twitter. https://www.forbes.com/sites/thomasbrewster/2022/10/13/apple-airtag-stolen-democratic-signs-pennsylvania/?sh=3d6fc80b3342 (Apple AirTag Used To Find Over 100 Stolen Democratic Campaign Signs, Police Say) - Forbes. https://www.youtube.com/watch?v=dtZf-A4Qd5k (Wie eine russische Firma ungestört Deutschland hackt) - ZDF Magazin Royale on YouTube. https://apnews.com/article/russia-ukraine-technology-berlin-government-and-politics-b7d3c413308976c3ab05ca7fbb71e476 (German cybersecurity chief investigated over Russia ties) - AP News. https://www.theguardian.com/world/2022/oct/18/germany-cybersecurity-chief-sacked-russia-arne-schonbohm (German cybersecurity chief sacked following reports of Russia ties) - The Guardian.  https://www.msn.com/en-gb/news/world/fraudster-swindled-virgin-trains-out-of-c2-a3116000-in-sophisticated-scam/ar-AA12Ru70 (Fraudster swindled Virgin Trains out of £116,000 in 'sophisticated' scam) - MSN.  https://www.dailymail.co.uk/news/article-11299587/Virgin-Trains-worker-37-swindled-rail-firm-116-000-delay-repay-compensation-scam.html (Virgin Trains worker, 37, swindled rail firm out of £116,000 in 'delay and repay' compensation scam by photoshopping tickets to exploit flaw in system) - Daily Mail.  https://www.moneysavingexpert.com/reclaim/train-delays/ (Train delays:How to claim if it's late or cancelled) - Money Saving Expert. https://dataportal.orr.gov.uk/popular-statistics/how-many-trains-arrive-on-time/ (How many trains arrive on time) - Gov.uk. https://www.birminghammail.co.uk/news/midlands-news/employee-swindled-virgin-trains-out-25207048 (Employee swindled Virgin Trains out of £116,000 in delay and repay compensation scam) - Birmingham Mail.  https://explore.org/fat-bear-week (Fat Bear Week 2022). https://www.rollingstone.com/culture/culture-news/fat-bear-week-voter-fraud-attempt-1234608565/ (‘Fat Bear Week' Hit By Voter-Fraud Attempt) - Rolling Stone. https://pimeyes.com/en (PimEyes) - Face search engine. https://www.bbc.co.uk/iplayer/episode/p07r5pwq/the-fear-of-god-25-years-of-the-exorcist (The Fear of God: 25 Years of the Exorcist) - BBC iPlayer. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://www.smashingsecurity.com/kolide (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.akamai.com/smashing (Akamai) – Make the most of Cybersecurity Awareness Month by connecting with Akamai's experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day? Support the show: You can help the podcast by telling your friends and...

Huxley Barbee is the Security Evangelist at runZero. Huxley explains the importance of running a comprehensive network asset inventory and compares various methods for doing so. He also provides some great tips for new CISOs and for home cyber protection. https://www.runzero.com/

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why former Uber CISO Joe Sullivan's guilty verdict shouldn't worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine's front line Master cyber criminal arrested in Australia Much, much more This week's show is brought to you by runZero, the asset inventory and network visibility solution. runZero's founding CTO and industry legend HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating' following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why former Uber CISO Joe Sullivan's guilty verdict shouldn't worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine's front line Master cyber criminal arrested in Australia Much, much more This week's show is brought to you by runZero, the asset inventory and network visibility solution. runZero's founding CTO and industry legend HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating' following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze's CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains

Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition. Guests: Christina Lekati (LinkedIn) (Twitter) Chris Kirsch (LinkedIn) (Twitter) Books and References: Top OSINT sources and vishing pretexts from DEF CON's social engineering competition, research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools, CSO Online Top 25 OSINT Tools for Penetration Testing, SecurityTrails WebMii.com Hunter.io Wigle.net Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Threat Modeling: Designing for Security by Adam Shostack What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Show guests include Danny Adamitis, security researcher at Lumen's Black Lotus Labs, and Pearce Barry, principal security researcher at runZero, this episode's sponsor. Show notes Risky Biz News: Twitch limits browser logins as it deals with massive bot attack

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast also features an appearance from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: Facebook exposes large network of (low quality) fake news sites pushing Russian propaganda

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features appearances from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features appearances from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: Academics find a tiny crack in Apple's Private Relay

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features appearances from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: Greece tries to downplay its spyware scandal

We're scanning our network with runZero to get an inventory of devices. What did it find? What can we learn from this inventory? How well does it work? LINKS1. runZero - Active discovery tool for asset inventoryFIND US ON1. Twitter - DamienHull2. YouTube

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features appearances from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: Cybercrime groups got bored of RU/UA hacktivism

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw284

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287

Today's episode is hosted by James and Karl. They talk to Chris Kirsch, Co-Founder and CEO of runZero about the ethics and philosophy behind social engineering (and how he got into teaching pickpocketing to red teamers), the amount of research that actually goes into the DEF CON Capture the Flag Competition (Chris won the coveted Black Badge at DEF CON 2017), how to protect yourself from Open Source Intelligence manipulation, and why he may (or may not) have psychic powers. Follow Chris' social engineering escapade on today's episode of Adventures of Alice & Bob!

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287