Podcasts about sans institute

Brett Ewing is the Founder and CEO of AXE.AI, a cutting-edge cybersecurity SaaS start-up, and the Chief Information Security Officer at 3DCloud. He has built a career in offensive cybersecurity, focusing on driving exponential improvement. Brett progressed from a Junior Penetration Tester to Chief Operating Officer at Strong Crypto, a provider of cybersecurity solutions. He brings over 15 years of experience in information technology, with the past six years focused on penetration testing, incident response, advanced persistent threat simulation, and business development. He holds degrees in secure systems administration and cybersecurity, and is currently completing a Masters in cybersecurity with a focus area in AI/ML security at the SANS Technology Institute. Brett also holds more than a dozen certifications in IT, coding, and security from the SANS Institute, CompTIA, AWS, and other industry vendors. In this episode… Penetration testing plays a vital role in cybersecurity, but the traditional manual process is often slow and resource-heavy. Traditional testing cycles can take weeks, creating gaps that leave organizations vulnerable to fast-moving threats. With growing interest in more efficient approaches, organizations are exploring new AI tools to automate tasks like tool configuration, project management, and data analysis. How can cybersecurity teams use AI to test environments faster without increasing risk? AXE.AI offers an AI-powered platform that supports ethical hackers and red teamers by automating key components of the penetration testing process. The platform reduces overhead by configuring tools, analyzing output, and building task lists during live engagements. This allows teams to complete high-quality tests in days instead of weeks. AXE.AI's approach supports complex environments, improves data visibility for testers, and scales efficiently across enterprise networks. The company emphasizes a human-centered approach and advocates for workforce education and training as a foundation for secure AI adoption. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Brett Ewing, Founder and CEO of AXE.AI, about leveraging AI for offensive cybersecurity. Brett explains how AXE.AI's platform enhances penetration testing and improves speed and coverage for large-scale networks. He also shares how AI is changing both attack and defense strategies, highlighting the risks posed by large language models (LLMs) and deepfakes, and explains why investing in continuous workforce training remains the most important cyber defense for companies today.

Here we are in the spring of 2025, and the headline news is that the federal government is removing tech staff; at the same time, reports are coming in of thousands of unfilled cybersecurity positions across the government. Today, we sit down with a self-proclaimed “Cybersecurity Lifer” who will give the perspective of the SANS Institute on this dilemma. John Pescatore has been involved in federal cybersecurity since 1978. When he examines our current situation, he gives his opinion on training, skill level, and legislation that is being considered to address many of these issues. He mentions recent SANS studies that have suggested the issue is less about the number of openings than about finding individuals with a specific skill set required for a federal role.  He discusses the evolution of cybersecurity training from hands-on courses to community college programs and the importance of practical experience. Pescatore also discusses AI's role in cybersecurity, noting its limitations and the need for domain expertise. He emphasizes the importance of rotating staff roles and providing continuous training to retain talent in federal agencies.

In this episode of the Elevate Women in Tech podcast,host Kellie Kwarteng interviews Rebecca Taylor, a Threat Intelligence Knowledge Manager at SecureWorks a Sophos Company, who was recognised as Computing's Security Woman of the Year 2024 and Most Inspiring Woman in Cyber 2024. Rebecca shares her remarkable journey from being a personal assistant to becoming a cybersecurity expert, demonstrating that non-traditional backgrounds can thrivein the industry.Key Highlights:Rebecca reveals her 11-year career path from PA to Threat Intelligence Knowledge Manager The conversation challenges persistent myths about cybersecurity careers, including that you need to be technical or have loved STEM subjects from childhoodRebecca explains threat intelligence as "anything that pertains to our understanding of the threat," and demystifies the "dark web" using an iceberg analogyThe discussion explores how women currently make up 25% of the global cybersecurity workforceRebecca shares insights from her TEDx talk "Digital Shadows" about the dangers of premature digital footprints for childrenRevealing her upcoming book "Securely Yours, An Agony Aunt's Guide to Surviving Cyber" (OUT NOW) Why Listen:This episode offers a refreshing perspective on cybersecurity careers, making the field accessible to listeners from allbackgrounds. Rebecca's journey proves that passion, core skills, and willingness to learn can overcome traditional barriers to entry. The conversation provides practical advice for anyone interested in cybersecurity while delivering eye-opening insights about online safety that are relevant to everyone.Tune in to discover how your unique skills might translate to cybersecurity, understand the realities of the dark web, and learn how to protect yourself and your loved ones in the digital age.Relevant links:  SANS Institute - https://www.sans.org/cybersecurity-focus-areas/UK Cyber Security Council - Career Pathways - https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/?gad_source=1&gad_campaignid=20404142818&gbraid=0AAAAApflzhayqCu2PW75Lq-Qx8Z43XTOH&gclid=EAIaIQobChMIpKzhtvSejQMV9JNQBh2MWjdPEAAYASAAEgIS3_D_BwESecurely Yours - Book link - https://amzn.eu/d/1pVjhTvTedX – Digital Shadows https://www.youtube.com/watch?v=VyfhkfE3nHA

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Building Trust in OT Cybersecurity: Patching, Communication, and Personal Branding for SuccessPub date: 2025-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by his longtime friend and fellow OT (Operational Technology) aficionado, Oren Niskin. Oren dives into his unconventional journey from Navy electrician to offshore rig automation, through to OT cybersecurity consulting—sharing the highs, the lessons learned, and the unique perspective gained from crawling through the “belly of the ship” rather than a college lecture hall. Aaron and Oren discuss the real-world value of hands-on experience versus formal education, the evolving relationship between IT and OT teams, and why personal branding and communication skills are key for career growth in the cybersecurity field. They unpack the challenges and misconceptions around patching in the OT environment, and Oren reveals practical advice from his recent presentation on how organizations can dramatically reduce their vulnerability management workload while maintaining operational safety. Tune in for thoughtful reflections, war stories from the rig, and actionable tips for aspiring and seasoned cybersecurity professionals alike—plus a heartwarming nod to inspiring the next generation. Whether you're just getting started in OT or looking to take your cyber game to the next level, this episode is packed with honest advice and community spirit. Key Moments:  05:58 College: Not the Ultimate Answer 08:26 Consulting Perspective Accelerates Career Growth 13:36 "Building Value with Personal Branding" 16:49 "Everyone's a Salesman Everywhere" 19:44 "Patching Essential for System Health" 21:14 Firmware Updates Resolve Most Issues 26:18 Robots Dominate Manufacturing Line 28:08 Prioritizing Critical Drilling Vulnerability Fixes 33:29 "Prioritizing Business-Critical Systems" 36:57 Cyber-Resilient Tech Design 39:20 "Virtualization Best Practices: Snapshot Safety" 41:18 OT Cybersecurity: Focus on Basics 44:37 Unexpected Changes Disrupt Startup Plans 47:44 "Building Trust in Business" 50:52 "IT-OT Collaboration Importance" Oren Niskin – From the Navy to OT Cybersecurity: Bridging the Gap Between the Plant Floor and Secure Operations Oren Niskin is an OT cybersecurity consultant with over two decades of hands-on industrial experience spanning the U.S. Navy, offshore drilling operations, and global OT network management. His career began not in a classroom, but aboard the USS Harry S. Truman, where he served as an electrician and shutdown reactor operator after enlisting in the Navy post-9/11. Since then, he's steadily climbed the OT ranks—from maintaining electrical systems at sea to managing IACS networks for a global fleet of drilling rigs, and now, advising critical infrastructure on how to secure their operational environments. Oren brings a rare combination of deep technical insight and real-world plant floor experience to the evolving challenges of OT cybersecurity. He holds a Bachelor's degree in Nuclear Engineering Technology and a Master's in Information Security Engineering from the SANS Institute. Oren is passionate about translating complex OT security needs into practical outcomes—turning big visions into tangible progress. Connect with Oren on LinkedIn at https://www.linkedin.com/in/orenniskin/ or catch him in person at HouSecCon this September. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it. Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training

Maxwell Shuftan, Director of Mission Programs at SANS Institute joins the show to discuss the state of the government cybersecurity workforce and methods for recruiting some of the best talent into the public sector. We also discuss training initiatives that can be a game-changing strategy to unlock a hidden workforce and the national security implications that these roles have on our country.

In episode 118 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Smith, Security Architect for BP and Instructor at the SANS Institute. Together, they review the state of post-quantum cryptography as well as share recommendations for how organizations and individuals can prepare to move into the post-quantum era.Here are some highlights from our episode:02:55. What post-quantum cryptography is and why we need to pay attention04:11. The impact of a cryptographically relevant quantum computer on symmetric vs. asymmetric cryptography08:58. How media attention contributes to preparedness from an infrastructure perspective14:30. The importance of a cryptography bill of materials (CBOM)21:58. How organizations can prepare against quantum-enabled cyber attacks29:05. How individuals need to understand quantum infrastructure in order to protect it32:24. Optimism for the future of post-quantum cryptographyResourcesEpisode 48: 3 Trends to Watch in the Cybersecurity IndustryPost Quantum Cryptography by Attack Detect Defend (rot169)NIST Releases First 3 Finalized Post-Quantum Encryption StandardsEpisode 75: How GenAI Continues to Reshape CybersecurityInternet of Things: Embedded Security GuidanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In episode 112 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Rob T. Lee, Chief of Research and Head of Faculty at SANS Institute. Together, they discuss how SANS Institute applies an operational or "do" model of leadership to gather expertise, build shared purpose, and foster action on evolving cybersecurity trends.Here are some highlights from our episode:05:47. How Rob ended up teaching at SANS Institute08:49. Rob's first experience meeting and working with the late Alan Paller12:07. How Rob's responsibility at SANS Institute has expanded20:02. Key cybersecurity trends on Rob's agenda as Chief of Research23:52. The need to refine our understanding of AI based on its different applications36:28. Guidance for the 47th U.S. Presidential AdministrationResourcesEpisode 35: Remembering the Late Alan PallerThe Cyber Security Hall of Fame Announces 2024 HonoreesEpisode 76: The Role of Thought Leadership in CybersecurityEpisode 75: How GenAI Continues to Reshape CybersecurityCrowdStrike Falcon Outage Exploited for Social EngineeringWhy Whole-of-State Cybersecurity Is the Way ForwardFrom Both Sides: A Parental Guide to Protecting Your Child's Online ActivityIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university's national hub for cyber education. The organization's focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.Vasu Daggupaty explains that the Catalyst's training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst's Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program's design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.Additionally, the Catalyst's corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada's cybersecurity skills shortage and enhancing the nation's defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.Learn more about Rogers Cybersecure Catalyst: https://cybersecurecatalyst.ca/Note: This story contains promotional content. Learn more.Guests: Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/vdaggupaty/ResourcesLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university's national hub for cyber education. The organization's focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.Vasu Daggupaty explains that the Catalyst's training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst's Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program's design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.Additionally, the Catalyst's corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada's cybersecurity skills shortage and enhancing the nation's defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.Learn more about Rogers Cybersecure Catalyst: https://itspm.ag/rogershxbpNote: This story contains promotional content. Learn more.Guests: Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/vdaggupaty/ResourcesLearn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalystLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

AI fortifies cybersecurity but it also strengthens cyberthreats. How can your company tackle this double-edged dilemma? We're asking our guest, Rob Lee, Chief of Research at the SANS Institute, the go-to leader in cybersecurity training.With more than 20 years of experience in digital forensics and incident response, Rob is dubbed “The Godfather of DFIR.” He's also the co-author of the must-read book, Know Your Enemy.Get ready to learn about … 

In this episode, Ryan Williams Sr. interviews Delisha Hodo, the Assistant Director of Advising at the SANS Technology Institute. They discuss various initiatives and opportunities in the cybersecurity field, including the reopening of the SANS Cyber Academies, the Women's Cyber Academy, and the Diversity Cyber Academy. Delisha provides advice for individuals looking to enter the cybersecurity field, emphasizing the importance of hands-on experience, networking, and taking advantage of free resources. They also discuss the use of AI tools like BARD and Gemini for creating thumbnails and show descriptions. Overall, the conversation highlights the need for diversity and inclusion in cybersecurity and the importance of continuous learning and professional development. In this conversation, Ryan and Delisha discuss the importance of diverse backgrounds in cybersecurity and the value of soft skills. They emphasize that a degree in computer science is not necessary to break into the field and highlight the need for individuals with backgrounds in theater, music, therapy, and other non-traditional fields. They also stress the importance of emotional intelligence and the ability to communicate and motivate others. Delisha shares advice on how to provide mentorship and support to those trying to enter the field, including reaching out to organizations and individuals on LinkedIn. They also discuss their personal interests and ways they unwind, such as taking walks, reading books, and watching movies. They end the conversation by encouraging listeners to check out the SANS Institute and various cybersecurity communities, and to support each other in the field. Please LISTEN

What are the best cybersecurity certs to get? Do advancements in cloud and AI mean security professionals need to re-skill? How do certifying organizations decide what new courses to create? Chief Curriculum Director and Faculty Lead at the SANS Institute, Rob Lee, joins Jennifer “JJ” Minella and Drew Conry-Murray to give an insider's view on... Read more »

What are the best cybersecurity certs to get? Do advancements in cloud and AI mean security professionals need to re-skill? How do certifying organizations decide what new courses to create? Chief Curriculum Director and Faculty Lead at the SANS Institute, Rob Lee, joins Jennifer “JJ” Minella and Drew Conry-Murray to give an insider's view on... Read more »

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what's been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can't be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today. Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS's independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities. In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA's role in the development of open standards for security. Sager's awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273

With the continuous evolution of ransomware and its pervasive risks to organizations' very existence, new threats can be difficult to predict. That's why, in this newest episode of Wait Just an Infosec, SANS Certified Instructors and leading ransomware authorities, Ryan Chapman and Mari DeGrazia are joined by guest Ann Pham, to break down what they see as the most important ransomware threats of 2024 and provide predictions about the evolving threat landscape. Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

Join SANS Senior Instructor, Blueprint podcast host, and blue team guru, John Hubbard, as he walks us through his cyber defense trends and predictions for 2024. John is joined by Ismael Valenzuela, Gene McGowan, and Mark Baggett - who will detail important insights and considerations of which you should be aware and which you can use to improve your organization's cyber defense skills in the new year.Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

Fred Bret-Mounet, CISO at Clarify Health Solutions, reminisces about negotiating a 25% salary increase and still being drastically underpaid, eating pasta every day, and learning that security can't just be focused on building Fort Knox.About Fred:"t all started with early e-commerce sites storing item prices client side! A tinkerer from an early age and the constant need to feed my curiosity have been critical skills to my Information Security career. With strong technical skills that I keep current and some amount of business acumen, I realized early that my role was not to build mini Fort Knox everywhere I went but instead teach people new skills: I am an evangelist helping organizations understand enough about the risk dimension associated to security and privacy - just as we understand financial, brand or contractual / legal dimensions in our daily activities. I am also an enforcer! Not the one that carries a weapon - instead, I keep us honest by providing a platform for self policing.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Nate Lee, CISO at Tradeshift, talks about creating cloud security capabilities, working with engineering, and how he built a GenAI security question answering bot.About Nate:Nate is currently CISO at Tradeshift, a B2B SaaS platform where he built the security program that has secured over $1 trillion in global business transactions. Previous to that, he led various technical teams including the company's Platform Operations, Site Reliability Engineering and Corporate IT functions.He got his start as an engineer doing consulting, building systems and networks before joining Target Corporation. At Target, he built and secured systems that ensure the smooth flow of goods at one of the largest retailers in the country.In 2010, after relocating to the Bay Area, Nate joined the videoconferencing startup Fuze (later acquired by 8x8) as a Senior Architect before swiftly expanding his purview and leading the operations, security and escalated support teams.Like most in tech, he's currently spending an inordinate amount of time digging into AI and the practical implications it has to businesses, focusing on building secure-by-default systems and driving internal efficiencies.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Steve Tran, CISO at the Democratic National Committee (DNC), opens up about his personal challenges, finding his path through hacking and magic, and his passion for helping the next generation.ABOUT STEVE: Steve is the Chief Security Officer for the Democratic National Committee, where he leads the organization's Information Technology, physical security, and cybersecurity strategies and programs. Prior to this, Steve was the Chief Information Security Officer (CISO) for MGM Studios. There, he played a pivotal role in several high-profile mergers and acquisitions, including the successful $8.5 billion acquisition of MGM Studios by Amazon. Steve has a diverse background. He has worked at Mattel, Target Corporation, Fox Studios, and Deloitte, and also served as a police officer.When not defending against dedicated adversaries, you can watch his “off the cuffs” performances at the World Famous Magic Castle in Hollywood.Follow Steve on these socials:https://www.linkedin.com/in/steveishacking/https://defcon.social/@stevetranSPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Deneen DeFiore, CISO at United Airlines, talks about how she got into security, taking a new CISO role at the start of COVID, what makes a mature business oriented security program, and what CISOs need to know before considering board level opportunities.About Deneen: Deneen is an accomplished technology and risk management executive with experience across multiple critical infrastructure sectors.   She has expertise in advising global companies and their most senior executives on technology, cybersecurity, compliance, and digital risk decisions related to products, services, and ongoing operations.  Deneen currently serves as Vice President and Chief Information Security Officer at United Airlines.  She is responsible for leading the cybersecurity and digital risk organization to ensure the company is prepared to prevent, detect, and respond to evolving cyber threats.  She leads initiatives on commercial aviation cyber safety risk, improving cyber resilience, and represents United in working with international partners to reduce cyber safety risk world-wide across the aviation ecosystem.  Deneen is the Chair of the board of the Aviation Information Sharing Analysis Center and the Chairperson of the Airlines for America (A4A) Cybersecurity Committee.  She is an independent director and member board of directors for Blackbaud software.    In 2022, she was appointed to serve on the President's National Infrastructure Advisory Council (NIAC), advising the White House on how to reduce physical and cyber risks and improve the security and resilience of the nation's critical infrastructure sectors.She is passionate about diversity in the tech industry and promoting STEM education.Follow her on Twitter @deneendefioreSPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Kapil Assudani, CISO at Edwards Lifesciences, shares how he was one payment away from getting kicked out of his Masters program, being resilient and resourceful, building credibility, and finding ways to reduce the attack surface.About Kapil: Kapil Assudani, with over 20 years of experience in information security, currently holds the position of Senior Vice President and Chief Information Security Officer at Edwards Lifesciences. His tenure at Edwards, spanning over six years, has responsibilities beyond the typical enterprise security scope of a CISO, as it includes IoT Medical Device Security and Manufacturing Plant security on a global scale.Kapil's leadership philosophy is built on three key principles. Firstly, he believes in building a team of passionate and good-hearted individuals, providing them with innovative tools, and then allowing them to operate independently. Secondly, he emphasizes presenting security problem statements backed by facts and data, simplifying them to a level where a business leader can independently make risk decisions. Lastly, he focuses on building trusted relationships across the entire employee base, fostering candid conversations and driving an execution-focused culture.His extensive experience covers all facets of information security, including leading security incident detection and response, ethical hacking teams, and security architecture and strategy programs. He has also been instrumental in building a global cybersecurity program at Edwards from the ground up. Kapil's diverse industry experience spans consulting and corporate roles across Fortune 100 companies in accounting, finance, healthcare, and technology. Over the last decade, he has intentionally focused his career on healthcare companies, finding the work purposeful and passionately aligned with a noble mission. Kapil holds a Masters in Computer Science and has been a speaker at multiple conferences, further solidifying his expertise in the fieldSPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Mike Melo, CISO and head of technology at LifeLabs, talks about his approach to innovation and insights on leading cloud security tools.About Mike Melo: "Heavily focused on people and integrity-led progression, Mike Melo is a Senior IT Executive and Chief Information Security Officer (CISO) with over 15+ years of experience advancing operational efficiencies, cyber indomitability, and overall organizational success. Currently serving as the CISO & VP IT Shared Services for LifeLabs in Canada, Mike holds an extensive background involving agile risk mitigation, post-breach transformation, security architecture, cross-functional technical leadership, regulatory compliance, and the art of developing high-performing team environments that are as positive as they are productive. In addition, he is passionate about not only helping industry leaders rectify security weaknesses while attaining sustainable protection, but doing so in such a way that ultimately propels their competitive capacities and growth initiatives forward. Prior to his most recent role overseeing multi-million cybersecurity programs and their implementation across organizational systems, Mike Initially worked as an International Information Security Officer, quickly scaling to hold several C-level roles under LifeLabs. Notably, this includes being an IT Security Lead, where Mike had the opportunity to support the tech team in rendering new security program development and overseeing the inception of the Incident Response program. More formerly, Mike became a CISO in December of 2019.That said, Mike's ambitions for security excellence were also done in conjunction with ongoing side affiliations supporting various professional engagements, keynote presentations/talking panels, and public contributions. Namely, this involves being a Board Member and Co-Chair of the Operations Committee for the Canadian Cyber Threat Exchange, a CISO Co-Chair for Evanta, and an active Board Member of HUMINT Cybersecurity Recruitment. Furthermore, Mike's devotion to bridging security gaps and innate avocation for making cybersecurity knowledge accessible has not gone unnoticed.Mike currently resides in Calgary with his wife and two children who inspire him to always become better than the day before, and enjoys spending his free time playing guitar - including attending Berklee College of Music in the evenings for guitar performance."SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Jadee Hanson, CISO and CIO at Code42, shares how even as a kid she knew cybersecurity was her calling and how that led to CISO, CIO, and product leadership responsibilities.About Jadee Hanson: As chief information security officer and chief information officer at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. To her position, she brings more than 17 years of information security and a proven track record of building security programs.Prior to Code42, Jadee held a number of senior leadership roles in the security department of Target Corporation, where she implemented key programs, including spearheaded the effort to embed security resources into the development process as well as the security plans behind the acquisition of software development and online retail companies. She was the security lead for the sale of Target Pharmacies to CVS Health. Before joining Target, Jadee worked at Deloitte, where she served as a security consultant for companies across diverse industries such as healthcare, manufacturing energy, retail and more.Jadee is a co-author of Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can't Ignore, which shines a light on Insider Risk and details what business and security leaders can do to keep their workforces productive and data protected.In addition to her day job at Code42, Jadee is the founder and CEO of the non-profit organization Building Without Borders, which serves those in poverty-stricken areas throughout the world through housing services. Since April 2015, Building Without Borders has built 39 houses in areas of the Dominican Republic. In her spare time, you can find Jadee working for her non-profit, enjoying time with her husband and three girls, and spending time on the lake.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Brett Cumming, head of security at Skechers, shares how his sister inadvertently got him into cybersecurity and how saying yes to everything laid the foundation for a career in cyber.About Brett: Brett Cumming is a transformative leader who built and currently leads the information security program for the global footwear leader Skechers, helping the organization scale 5x during his tenure. Mr. Cumming's experience working in both business and engineering focused tech roles provides a broad perspective that allows him to design and implement an information security strategy that successfully bridges risk management practices and business priorities, while remaining effective and adaptable to various unique regional and business unit requirements around the world. Having earned his B.S. in Business Administration (Management & Operations Management) from CSULB, Mr. Cumming also holds several professional certifications including CISSP, CISM, and 5x GIAC. Brett is an active member of the cybersecurity community, from membership with FBI InfraGard and the USSS Cyber Fraud Task Force to serving on the Board of Directors for the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and SANS Advisory Board.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Bernard Brantley, CISO at Corelight, outlines his vision of modern security and cloud capabilities based on his experience at companies like Microsoft and Amazon, tying together security and business objectives.ABOUT BERNARD:Bernard Brantley is the Chief Information Security Officer (CISO) at San Francisco-based Corelight. He has previously managed threat hunting, threat intelligence, network security architecture and analytics for some of the most mission critical environments at both Amazon (Consumer Payments) and Microsoft (High Value Asset Environments). Bernard is an advisor at Seattle-based Tola Capital, and San Francisco-based Normalyze. He is a member of multiple CISO and leadership communities while also engaging with early and mid-career professionals as a mentor. Bernard spent three years at the United States Military Academy before taking an unconventional path to executive leadership. His background of diverse experiences cut through retail sales, construction and financial services prior to his first IT role as a datacenter support technician. "No matter who you are, what walk of life you come from, or what type of adversity you face; If you can see the prices, there is a path for you to it. 'Inveniam viam, aut faciam.'" Bernard lives in Seattle with his family.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Cloud Ace is back for season 2, featuring both new guests and a new host. Frank Kim, a SANS Fellow and CISO-in-Residence at YL Ventures, will sit in as host this season as a wide range of guests join him in exploring the full gamut of cloud topics from multi-cloud and public cloud, to containers, threat detection, cloud pen testing, DevSecOps, automation and everything in between.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Rinki Sethit, CISO at BILL, discusses her journey in cybersecurity from roles at early cloud adopters like Intuit and Twitter to security vendors like Palo Alto Networks and ultimately to board roles at companies like ForgeRock.ABOUT RINKI: VP & CISO (CHIEF INFORMATION SECURITY OFFICER) Rinki is currently the Vice President and Chief Information Security Officer at BILL, where she will be leading the global information technology functions and is also responsible for leading efforts to protect BILL's information and technology assets and advice the company's continued innovations in the security space. Rinki Sethi brings decades of security and technology leadership expertise and was recently VP & CISO at Twitter and Rubrik Inc. Rinki has been at the forefront of developing cutting edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay, Walmart.com, and PG&E. Rinki also serves on the board of ForgeRock, a public company in the identity and access management space and Vaultree, a data encryption company. Rinki holds several recognized security certifications and has a B.S. in Computer Science Engineering from UC Davis and a M.S. in Information Security from Capella University. Rinki has served on the development team for the ISACA book, “Creating a Culture of Security” by Stephen Ross and was the recipient of the “One to Watch” Award with CSO Magazine & Executive Women's Forum in 2014 and more recently the Senior Information Security Practitioner Award with ISC2 in 2018. Most recently, in 2023, she was recognized in Lacework's top 50 CISOs list. She led an initiative to develop the first set of national cybersecurity badges and curriculum for the Girl Scouts of USA. Rinki serves as a mentor for many students and professionals.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Mattia Epifani is a digital forensic analyst and instructor at the SANS Institute. In this episode, he joins host Theresa Payton to discuss his work reverse-engineering the data storage system of a Samsung Fridge, which led to the discovery of significant security vulnerabilities. Read more about Epifani's research at https://www.technologyreview.com/2023/05/08/1072708/hack-smart-fridge-digital-forensics. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Buy here: https://subscription.packtpub.com/book/security/9781801076715 Amazon Link: https://packt.link/megan Youtube VOD: https://www.youtube.com/watch?v=p1_jQa9OQ2w   Show Topic Summary: Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. When Megan is not fighting cybercrime, she is an active competitor in Muay Thai/Kickboxing. She is a co-author of “Practical Threat Detection Engineering” from Packt publishing, on sale now in print and e-book. Buy here: https://subscription.packtpub.com/book/security/9781801076715   https://packt.link/megan ← Amazon redirect link that publisher uses if you want something easier on the notes   Questions and topics: Of the 3 models, which do you find you use more and why? (PoP, ATT&CK, kill chain) What kind of orgs have ‘detection engineering' teams? What roles are involved here, and can other teams (like IR) be involved or share a reverse role there? Lab setup requires an agent… any agent for ingestion or something specific?  How does Fleet or data ingestion work for Iot/Embedded device testing? Anything you suggest? How important is it to normalize your log output for ingestion? (app, web, server all tell the story) Additional information / pertinent LInks (Would you like to know more?): Unified Kill Chain: https://www.unifiedkillchain.com/ ATT&CK: https://attack.mitre.org/  D3FEND matrix BrakeSec show from 2021: https://brakeingsecurity.com/2021-023-d3fend-framework-dll-injection-types-more-solarwinds-infections  Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.securitymagazine.com/articles/98486-435-million-the-average-cost-of-a-data-breach  https://medium.com/@gary.j.katz (per Megan, ‘it's basically Chapter 11 of the book') Show points of Contact: Amanda Berlin: @infosystir @hackershealth  Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social, Twitter, bluesky Brakesec Website: https://www.brakeingsecurity.com Twitter: @brakesec  Youtube channel: https://youtube.com/c/BDSPodcast Twitch Channel: https://twitch.tv/brakesec

Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and the kind of effort that goes into producing a book like "11 Strategies of a World-Class Cybersecurity Operations Center".This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!

What is the difference between an arrest, a kidnapping, and a wrongful detention, and what does this mean for security professionals working with business travelers? Dave Benson from the Center for Personal Protection and Safety breaks it down in the latest episode of SM Highlights, sponsored by Amarok (https://amarok.com/). Tom Stutler, CPP, discusses how ESG (environmental, social, governance) initiatives affect corporate security processes and goals. Matt Edmondson from the SANS Institute offers tips for mobile device security training. Show Notes Want to learn more about these topics? Check out the following Security Management content: For more about wrongful detention risks and training: https://www.asisonline.org/security-management-magazine/articles/2023/07/travel-security/train-travelers-wrongful-detention-risks/ -- How are mobile devices integrated into your access management and security program? Read the August 2023 issue of Security Technology: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2023/august/ -- Read Matt Edmonson's article on mobile device security training here: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2023/august/Assessing-Need-Heightened-Mobile-Device-Security-Awareness/ -- Interested in studying how ESG issues can be security issues? Check out this article: https://www.asisonline.org/security-management-magazine/latest-news/online-exclusives/2022/6-ways-environmental-social-and-governance-principles-influence-security/ -- To learn more about this episode's sponsor, Amarok, and to get a free risk assessment, visit go.amarok.com/security-management

"This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulation, Breach and Attack Simulation, tabletop exercises and more. There's even a discussion of cyber deception types and tactics, and how it can be used to further frustrate attackers. Join John, Kathryn, Ingrid, and Carson in this final chapter episode for some not to be missed tips! This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!

"Metrics, is there any more confusing and contentious topic in cybersecurity? In this episode the authors cover their advice and approach to measuring your team so that issues can be quickly identified and performance can continuously improve!This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!

"Research has shown that communication is one of the most important factors for success in security incident response teams. In this chapter, the authors discuss the critical types of information that must be shared within the SOC, with the constituency, and with the greater cybersecurity community. SANS Cyber Defense Discord Invite - sansurl.com/cyber-defense-discordThis special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!

Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Answers to these questions and more are in this week's episode of Blueprint!This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 - Hope to see you in class! Learn more about SANS' SOC courses at sans.org/soc

In this special live recording from the SANS Blue Team Summit 2023, Kathryn Knerler, Ingrid Parker, and Carson Zimmerman joined John Hubbard they share their insights and expertise with attendees by answering their pressing questions. From discussing the most effective strategies for building a successful SOC to sharing tips on how to stay ahead of emerging cyber threats, our guests provide invaluable advice for those who work in a security operations center (SOC). If you're looking to take your SOC to the next level or are simply interested in the latest developments in cybersecurity, this episode is a must-listen. Tune in to hear from some of the most respected experts in the field and gain valuable insights that could make all the difference in how you approach cybersecurity.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!

There's no denying that the average security team is completely overwhelmed with options for data to collect. With a deluge of endpoint, network, and cloud data sources to collect, how to do we identify and collect the most useful data sources? That's the topic of this episode. Join Kathryn, Ingrid, Carson, and John in this episode for a discussion on tactical data collection that will ensure your team doesn't miss the signs of an impending incident!This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Our guest, Johannes Ullrich from SANS Institute, joins Dave to discuss their research on "Machine Learning Risks: Attacks Against Apache NiFi." Using their honeypot network, researchers were able to collect some interesting data about a threat actor who is currently going after exposed Apache NiFi servers. Researchers state “On May 19th, our distributed sensor network detected a notable spike in requests for ‘/nifi.'” Investigating further, they instructed a subset of their sensors to forward requests to an actual Apache NiFi instance and within a couple of hours the honeypot was completely compromised. The research can be found here: Machine Learning Risks: Attacks Against Apache NiFi

Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to understand our most likely attacks and attackers and move towards prioritizing what truly matters.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

"No security team is perfect, so in this episode, authors Carson, Ingrid, and Kathryn discuss what it takes to prepare for fast, effective incident response capability. Covering preparation, planning and execution, Strategy 5 will teach your team how to jump into action at the earliest sign of problems.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Sponsor's Note-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn"Join us at the SANS Blue Team Summit June 12-13 Live Online! To register visit www.sans.org/blueteam-summit

"In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - training, growth, and supporting your team in their skill and career development. This one is a must-listen for all the managers out there. We're all trying to build the highest skilled, most supportive team with low turnover, and the tips our authors bring to this episode on chapter 4 - "Hire AND Grow Quality Staff" will be crucial in that mission.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn"Join us at the SANS Blue Team Summit June 12-13 Live Online! To register visit www.sans.org/blueteam-summit

"In this episode we discuss how to decide on the right org structure and capabilities of your SOC. This includes questions like tiered vs. tierless models, which capabilities the SOC should focus on, centralized vs. distributed SOCs, outsourcing of duties and staff augmentation considerations, and also where the SOC might sit in the larger chart of your organization. Every SOC needs to be tailored to best meet the mission, and chapter 3 - "Build a SOC Structure to Match Your Organizational Needs" will help you get there.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Sponsor's NoteSupport for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn"Join us at the SANS Blue Team Summit June 12-13 Live Online! To register visit www.sans.org/blueteam-summit

"Though a SOC is responsible for protecting your organization's assets, it is not the owner of those systems. If the SOC is not established with a clear charter and authority to act, it may quickly become difficult to be effective. Who should the SOC report to, what should be in a SOC charter, and how can we make these tough decisions? Those are the questions covered in this episode of our special "11 Strategies" season. This episode covers chapter 2 of the book - "Give the SOC the Authority to Do Its Job".This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Visit Mitre's page for more information -----------Sponsor's NoteSupport for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn"Join us at the SANS Blue Team Summit June 12-13 Live Online! To register visit www.sans.org/blueteam-summit

Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the book and why its lessons are more important than ever in 2023. This chapter includes discussion of the functions of a SOC, basics of workflow, CTI and contextual data sources, and why ops tempo and speed is a critical factor in SOC success.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Visit this Mitre page to find more information.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

"As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to get there, and why. In this episode of our "11 Strategies" season we discuss chapter 1 of the book - "Know What You're Protecting and Why". Understanding your organization and the environment the SOC must perform in forms the foundation of all security team activity. In this episode the authors discuss the critical aspects of knowing what you're protecting. This includes consider your organization's mission, the legal, regulatory, and compliance environment, the technical capabilities you may or may not have, and the users that will inhabit the network and the actions they're going to be performing. Understanding these factors ensures your team starts off on the right path and keeps a common goal in view.This special season of the Blueprint Podcast is taking a deep dive into MITRE's 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book's authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman."Visit this Mitre page to find more information.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog)  Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record) 

GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last week's cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students. Our guests are Max Shuftan & Monisha Bush from the SANS Institute, on the reopening of their HBCU Cyber Academy application window. And is Bing channeling Tay? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/34 Selected reading. GoDaddy Inc. - Statement on recent website redirect issues (GoDaddy) GoDaddy: Hackers stole source code, installed malware in multi-year breach (Bleeping Computer) GoDaddy SEC Filing (SEC) An update on two-factor authentication using SMS on Twitter(Twitter) Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (The Hacker News) SMS-Based 2FA Will Be Limited to Twitter Blue Users (HackRead) Twitter will limit uses of SMS 2-factor authentication. What does this mean for users? (NPR) Twitter's Two-Factor Authentication Change 'Doesn't Make Sense' (WIRED) Twitter Shuts Off Text-Based 2FA for Non-Subscribers (SecurityWeek) Official: Twitter will now charge for SMS two-factor authentication (The Verge) German airport websites downed by DDoS attacks (Register) German airports hit by DDoS attack, ‘Anonymous Russia' claims responsibility (The Record from Recorded Future) Russian phishing attacks flooded Ukraine, tripled against NATO nations in 2022: Report (Breaking Defense) Civilian hackers could become military targets, Red Cross warns (The Record from Recorded Future News) I helped create a 'cyber army' to help Ukraine defeat Russia. We can't fight with guns, but we can fight with our laptops. (Business Insider) How Uncle Sam enlisted Big Tech to thwart Russia from launching catastrophic cyberwar (The Washington Times) Big Tech Descends on Munich Conference in Support of Ukraine (Bloomberg) Applied Materials will take a $250M hit to sales this quarter, thanks to a cyberattack at one of its suppliers (Silicon Valley Business Journal) Semiconductor industry giant says ransomware attack on supplier will cost it $250 million (The Record by Recorded Future) How should AI systems behave, and who should decide? (OpenAI) Why Bing Is Being Creepy (Intelligencer) Microsoft's new chatbot is a liar. And it says it's ready to call the cops. (Mother Jones) After AI chatbot goes a bit loopy, Microsoft tightens its leash (Washington Post). My Week of Being Gaslit and Lied to by the New Bin (Information)

Request A Customized Workshop For Your Company In this episode, Stephan Hart, Podcast Host of Trailblazers.FM, Marketer at SANS Institute and brand strategist, discusses the value of building a personal brand as it relates to negotiation. Trailblazers.FM Podcast SANS Institute Follow Stephan on LinkedIn Follow Kwame Christian on LinkedIn Click here to buy your copy of How To Have Difficult Conversations About Race! Click here to buy your copy of Finding Confidence in Conflict: How to Negotiate Anything and Live Your Best Life!