POPULARITY
3 Things Business Owners Don't Know That Can Hurt Them is covered in this podio, along with the following subjects: - What is the Corporate Transparency Act - How does it impact small business owners? - Why Small Businesses Must Prioritize Compliance and Cybersecurity *************************************** Many business owners may not be aware of the Corporate Transparency Act and its potential impact on small businesses. This act aims to combat money laundering and terrorism financing by requiring certain small businesses to report their beneficial ownership information to the Financial Crimes Enforcement Network (FinCEN). Small business owners must understand how this legislation affects them to ensure compliance and avoid any penalties. I'll be talking with Paul Paray about 3 Things Business Owners Don't Know That Can Hurt Them. Paul has a diverse legal and business background that includes, creating resilient security and privacy compliance programs – including one for an auto insurer; successfully prosecuting intellectual property portfolios; successfully litigating federal and state commercial disputes around the country, and helping small and mid-sized business owners navigate numerous risk management issues. To that end, he has been invited to speak at leading conferences to discuss risk management, including RSA, IAPP, RIMS and PLUS, and has been interviewed regarding risk management by the National Law Journal, Business Insurance, CFO Magazine, ComputerWorld, SC Magazine, Security Management, The Financial Post, The Hartford Business Journal, The Newark Star-Ledger, New Jersey Law Journal, and The New York Times. He can be reached via email at paul@licenz.com.
Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: Understanding Cybersecurity Challenges in Industrial Settings with Lesley CarhartPub date: 2025-01-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow converses with Lesley Carhart, Technical Director at Dragos, who brings over 15 years of experience in incident response and forensics within critical infrastructure sectors. The episode dives deep into the standard practices in industrial settings, such as operators shutting down power plants for safety and the lack of forensic investigation into equipment failures. Lesley emphasizes the importance of integrating cybersecurity into these environments, pointing out that many failures are due to maintenance or human error, though a notable portion does involve cyber threats. Listeners will learn about the challenges and necessary collaborations between operational technology (OT) and information technology (IT) teams. The discussion addresses cultural and trust barriers that hinder effective cybersecurity measures and advises on how organizations can improve their defenses regardless of size and resources. Lesley also highlights the evolving landscape of cyber threats, including the increasing sophistication of adversaries and the vulnerabilities caused by standardizations in industrial systems. Real-world examples underscore the complexity of securing these environments, emphasizing the need for proactive and informed cybersecurity practices, such as "cyber-informed engineering." Tune in to better understand the critical intersections of cybersecurity and industrial operations, and learn practical strategies to safeguard essential services. Key Moments: 05:00 IT-OT miscommunication leads to cybersecurity risks. 09:23 IT processes are too slow; bypassing is required for solutions. 11:36 Leaving an outdated system may pose less risk. 15:09 Slow changes in OT due to unforeseen impacts. 19:17 Include cybersecurity in root cause analysis discussions. 20:31 Nation-states analyze and bypass industrial control systems. 25:40 Cybersecurity is essential to combat potential system threats. 29:27 Communication, champions, and leadership crucial for cybersecurity. 31:37 Cybersecurity struggle due to resources community helps. 35:03 OT vs. IT language differences affect incident classification. 38:08 Empowered safety culture prevents accidents and retribution. 40:22 Few people have diverse cybersecurity skills and experience. 45:05 Experience across all 17 critical infrastructure verticals. 48:29 Evading detection in the nuclear enrichment process. 51:25 Identify industrial devices, build security program. About the guest : Lesley Carhart is a renowned cybersecurity expert specializing in industrial control systems (ICS) security. With a keen understanding of the convergence between traditional IT and operational technology (OT), Lesley has been at the forefront of safeguarding critical infrastructures. Her work emphasizes the vulnerabilities of human-machine interfaces (HMIs) and programming devices, which are increasingly resembling typical computers and thus becoming prime targets for malware and ransomware attacks. Lesley's insights highlight the significant risks posed by these hybrid systems, underscoring the importance of robust cybersecurity measures in protecting essential processes. Lesley is honored to be retired from the United States Air Force Reserves, and to have received recognition such as “DEF CON Hacker of the Year”, “SANS Difference Maker”, and “Power Player” from SC Magazine. How to connect Lesley: Instagram : https://www.instagram.com/hacks4pancakes/ Blog: https://tisiphone.ne Mastodon : https://infosec.exchange/@hacks4pancakes Linkedin : https://www.linkedin.com/in/lcarhart/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum. In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation. This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial! Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches. Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson's talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-295
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation. Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches. Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson's talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial! This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions! Show Notes: https://securityweekly.com/asw-295
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum. In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation. This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial! Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches. Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson's talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-295
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment and prevent disruption to your operation. Every mobile device connecting to enterprise assets hosts a unique blend of work and personal apps, creating a complex landscape of innumerable vulnerabilities. Thankfully, methods exist to provide security teams with the real-world insights necessary to proactively address threats and shield against attacks targeting mobile apps and device endpoints. Nikos Kiourtis, CTO at Quokka, shares the latest findings in mobile security, outlining emerging threats and effective measures to reduce your mobile app attack surface – and safeguarding against potential attacks and data breaches. Segment Resources: - Panelcast with SC Magazine: 8 ways attackers target mobile apps to steal your data (and how to stop them) https://www.scmagazine.com/cybercast/8-ways-attackers-target-mobile-apps-to-steal-your-data-and-how-to-stop-them - Ryan Johnson's talk at DEF CON 32, “Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?” https://defcon.org/html/defcon-32/dc-32-speakers.html This segment is sponsored by Threatlocker. Visit https://securityweekly.com/threatlockerbh for a free trial! This segment is sponsored by Quokka. Visit https://securityweekly.com/quokkabh to learn more about their intelligence app solutions! Show Notes: https://securityweekly.com/asw-295
Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what's been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can't be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today. Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS's independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities. In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA's role in the development of open standards for security. Sager's awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273
Hello and welcome to Get It Started Get It Done, the Banyan Security podcast covering the security industry and beyond. In this episode, our host and Banyan's Chief Security Officer Den Jones speaks with John Yeoh. John is the Cloud Security Alliance's Global Vice President of Research, a position that allows him to share important industry analysis from a nonprofit perspective. We hope you enjoy Den's discussion with John Yeoh. About John: With over 20 years of experience in research and technology, John provides executive-level leadership, relationship management, and board strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next-generation technology (IoT, DevOps, Blockchain, Quantum). John specializes in risk management, third-party assessment, threat intelligence, data protection, incident response, and business development within multiple industry sectors, including the government. His works and collaborations have been presented in the Wall Street Journal, Forbes, SC Magazine, USA Today, CBS, Information Week, and others. John's contributions continue with involvement in professional organizations such as CSA, IAPP, ISSA, ISC2, and ISACA. John sits on numerous technology committees in government and industry with the FCC, NIST, ISO, CSA, IEEE, and CIS. He represents the US as a delegate for cybersecurity relations to other nation-states.
This week, on the Fitness + Technology podcast, Bryan O'Rourke welcomes Angela Moscaritolo to the show. Angela is the Senior Analyst for Fitness and Smart Home at PCMag. She has been with PCMag for over ten years and has written over 6,000 articles and reviews. She spent eight years as a reporter covering consumer tech news before becoming an analyst in 2020. Before joining PCMag, Angela was a reporter for SC Magazine, focusing on hackers and computer security. She earned a BS in journalism from West Virginia University and started her career writing for newspapers in New Jersey, Pennsylvania, and West Virginia. Angela is also a yoga teacher and has been actively teaching group and private classes for nearly a decade. Today, Angela joins Bryan to discuss her impressions on what's happening with the latest wearable technology. One Powerful Quote: 34:51: “It's not about you. Really, it's about your client and their needs.” 4-10 Bullet Points (w/ timestamps) - Highlighting key topics discussed: 3:24: Bryan opens the show by asking Angela about her background. 6:43: Angela shares some of her observations on the Series 9 and Ultra 2 technology at Apple's Wanderlust Event. 16:49: Angela talks about her impressions on FitBit and the launch of other, newer wearable technologies. 25:28: Bryan inquires with Angela about the partnerships of home fitness solutions and what that means. 34:46: Bryan wraps up the show with Angela giving final her thoughts and advice to the listeners. Bullet List of Resources: https://www.pcmag.com/ Guest Contact Information: https://www.linkedin.com/in/angela-moscaritolo-b6037a16/ https://twitter.com/amoscaritolo https://www.bryankorourke.com/ https://www.linkedin.com/in/bryankorourke/ http://www.fittechcouncil.org/ https://www.youtube.com/user/bko61163
Jenny Radcliffe, also known as "The People Hacker," joins Ann on this week's episode of Afternoon Cyber Tea. Jenny has spent a lifetime talking her way into secure locations, protecting clients from scammers, and leading simulated criminal attacks on organizations of all sizes to help secure money, data, and information from malicious attacks. Jenny was inducted into the prestigious InfoSec Hall of Fame in 2022 and named one of the top 30 female cyber security leaders in 2022 by SC Magazine. She is a sought-after global keynote speaker at major conferences and corporate events. Her best-selling book, "People Hacker - Confessions of a Burglar for Hire," was released in February 2022. Resources: View Jenny Radcliffe on LinkedIn View Ann Johnson on LinkedIn Human Factor Security Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them! While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw318
Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them! While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw318
This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer. Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them! Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them! There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them! Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them! While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw318
This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer. Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them! Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them! There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them! Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them! While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw318
Lisa Plaggemier, the Executive Director at National Cyber Security Alliance, joins us for our special April Wednesday end of month episode. She is a creative and revenue-driven Marketing and Strategy Executive. She excels at creating attainable strategic vision that inspires employees and attracts customers, is respected by CSOs and CISOs, is a winner of the SC Magazine's Reboot Thought Leadership Award, and is a frequent speaker at RSA and SANS. She joins us to explain how the National Cyber Security Alliance helps with both personal and small and midsized business security, including a new initiative for SMBs. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message
Let's talk about digital identity with Jenny Radcliffe, The People Hacker. In episode 84, ethical burglar for hire, Jenny Radcliffe, joins Oscar to discuss the importance of educating your staff to help protect your company against social engineering attacks - including the main vulnerabilities that social engineers exploit, how individuals and businesses can protect themselves online and how user authentication technologies can help, as well as how ransomware links to social engineering. [Transcript below] "Two factor or multi-factor, in any form, is always going to be a good thing. It's better than, like you say, one thing, which can be found out or hacked like a password." Jenny Radcliffe is a world-renowned Social Engineer, hired to bypass security systems through a mixture of psychology, con-artistry, cunning and guile. A "burglar" for hire and entertaining educator, she has spent a lifetime talking her way into secure locations, protecting clients from scammers, and leading simulated criminal attacks on organisations of all sizes in order to help secure money, data and information from malicious attacks. Jenny has received many industry awards and was most recently inducted into the prestigious InfoSec Hall of Fame in 2022. She has also been named as one of the top 30 female cyber security leaders in 2022 by SC Magazine, one of the top 25 Women in Cyber by IT Security Guru, and as a Top 50 Women of Influence in Cyber in 2019. She was nominated in seven categories for the 2021 Security Serious Awards in 2021 including the prestigious “Godmother of Security” award in 2020 winning the “Most Educational Security Blog" for her show The Human Factor podcast interviewing industry leaders, bloggers, experts, fellow social engineers and con artists about all elements of security and preventing people from becoming victims of malicious social engineering. Jenny is a sought-after global keynote speaker at major conferences and corporate events and is a multiple TEDx contributor. A go-to guest expert on the human element of security, scams, cons and hacks, she has appeared on numerous television and radio shows, as well as online media and traditional press outlets, and helps create unique content for international brands and organisations. An experienced podcast host, panel chair and interviewer she hosted the live weekly cyber talkshow "Teiss Talk" for two years and is frequently asked to chair live events for clients both virtually and in-person. Jenny's upcoming book People Hacker - Confessions of a Burglar for Hire will be released in February 2023, published by Simon and Schuster. Connect with Jenny on LinkedIn or Twitter. We'll be continuing this conversation on Twitter using #LTADI – join us @ubisecure! Go to our YouTube to watch the video transcript for this episode. Podcast transcript Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. Come and meet the Ubisecure team at the Gartner Identity and Access Management Summit, in London, on the 6th and 7th of March. To find out more, take a look at the Ubisecure events page - https://www.ubisecure.com/events/. Oscar Santolalla: Hello and thank you for joining a new episode of Let's Talk about digital identity, particularly for us, myself, working on companies that are building technology products to protect, secure people on Internet. It's always surprising when we hear stories, when there are people, they just get tricked by other humans and voila, the result is - the company is hacked. Today we'll hear fascinating stories about social engineering, and for that we have, special guest Jenny Radcliffe. She's a world-renowned social engineer who is hired to bypass security systems through a mixture of psychology, con artistry, cunning and guile. Jenny has received many industry awards and was most recently inducted into the prestigious InfoSec Hall of Fame 2022.
In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyberis.Over her career, she has held CREST certifications in Infrastructure, Applications and Simulated Attack, and now focuses most of her efforts on planning, running and executing red team and purple team exercises.In recognition of her outstanding level of commitment to the technical information security industry and the highest level of excellence in CREST examinations, Gemma was selected to receive a lifetime CREST Fellowship award in 2017. Gemma was a contributing author to the BCS' “Penetration Testing: A guide for business and IT managers” Gemma was named “Best Ethical Hacker” in the 2018 Security Serious Unsung Heroes industry awards, and has been honoured by SC Magazine as one of its 50 Most Influential Women in Cybersecurity, and by IT Security Guru magazine as one of its Most Inspiring Women in Cyber. We talked about everything to do with Red Teaming and PenTester, especially what the difference was between the two, risks involved, setting scope, and several funny and scary stories! We also talked about what people are trying to achieve with a red teaming exercise, and how things can go terribly wrong when we blame everything on the user. This was through and through a fantastic conversation.You can learn more by reading in Gemma's blog!Thank you so much to our sponsor, Bright! Check out their amazing #DAST! https://brightsec.com/Join us in the We Hack Purple Community: A fun and safe place tolearn and share your knowledge with other professionals in the field.Subscribe to our newsletter! Find us on Apple Podcast, Overcast + Pod#TanyaJanca #SheHacksPurple #AppSec #CyberSecurity
An experienced business owner and leader, Karla is passionate about values-led leadership and people development. Karla founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined Orpheus Cyber as COO. Orpheus is a threat intelligence company with a SAAS platform that helps organizations manage their own risk, and that of their third parties, with an easy-to-understand cyber risk score. Karla is an industry awards judge, and the host of industry interviews on the Cyber Talks media platform, the Capital Tea podcast, and the Zero Hour Podcast. She is also an experienced speaker, on the topic of cybersecurity and women in technology. Karla was included in SC Magazine's Top 50 Women in Security in 2019. She was a finalist at the Women of the Future awards in 2016, for Entrepreneur of the Year, and a finalist in The Future Ladies Awards for Mentor of the Year in 2019. Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/
We will chat about some basics of keeping you safe and secure in your business. Small businesses are just as much a target as large businesses and are probably easier to scam because there are no controls in place. There are so many threats, and too often, we are too busy to even think about them. Today we will chat about some simple ways you can protect yourself and your business Hi, I'm the Profit Answer Man Rocky Lalvani! I help small business owners simplify their financial reports to make more informed business decisions with fewer hassles. We utilize the Profit First system created by Mike Michalowicz Sign up to be notified when the next cohort of the Profit First Experience Course is available! Schedule your free, no-obligation intro call: https://bookme.name/rockyl/lite/intro-appointment-15-minutes More about making profitability simple: http://profitcomesfirst.com/ Questions: questions@profitanswerman.com Email: rocky@profitcomesfirst.com Bio: An experienced business owner and leader, Karla has experience running businesses in cyber security, recruitment, and ecommerce. With an international network in cybersecurity, Karla is passionate about values-led leadership and people development. Karla is the COO for Orpheus Cyber. Orpheus are a threat intelligence company with a SAAS platform that helps organisations manage their own risk, and that of their third parties, with an easy to understand cyber risk score. Prior to joining Orpheus, Karla founded the international recruitment business, BeecherMadden before overseeing their acquisition by Nicoll Curtin. As a Director for Nicoll Curtin, she expanded the company further before moving to the US to accelerate growth of the American business. Karla is a judge for The Cyber Security Awards, The National Cyber Awards and The American Cyber Awards. She is the host of industry interviews on the Cyber Talks media platform, the Zero Hour Podcast and the Capital Tea Podcast. She is also an experienced speaker, on the topic of cyber security and women in technology. Her views are often sought and published on this subject, as well as entrepreneurship. Karla was included in SC Magazine's Top 50 Women in Security. She was a finalist for Entrepreneur of the Year at the Cybersecurity Women of the Year Awards. She was a finalist for the Woman of Influence awards at the SC Awards Europe in 2022 amongst many others. Orpheus won Best use of Machine Learning under her leadership. LinkedIn https://www.linkedin.com/in/karlareffold/ Profit Answer Man Facebook group: https://www.facebook.com/groups/profitanswerman/ My podcast about living a richer more meaningful life: http://richersoul.com/ First 2 chapters of Profit First: https://sendfox.com/rocky This episode is part of the SMB Podcast Network. Find other great interviews from around the internet just like this one at https://www.SMBPodcastNetwork.com Music provided by Junan from Junan Podcast Any financial advice is for educational purposes only and you should consult with an expert for your specific needs.
-- During The Show -- Steve's and K38 04:40 Cory Clarifies File Share Use Case - Cory Created a FTP share Set up networking FTP resets every 60 seconds? FTPS and SFTP Script Kiddies ISP may be interfering 11:10 Tell Me More About Sophos - Jeremy Don't go lower than XG-135 Sophos hardware XG-210 with SFP/Expansion 15:30 Charlie Wants to Know About "Critical Thought" Availability Critical Thought Website (https://podcast.criticalthought.show/) KONX Live Stream (https://knoxradio.com/) Subscribe to Critical Thought (https://podcast.criticalthought.show/subscribe) 17:00 News Wire Graph for GUAC Info Security Magazine (https://www.infosecurity-magazine.com/news/google-guac-improve-software/) SC Magazine (https://www.scmagazine.com/brief/third-party-risk/new-google-open-source-tool-seeks-to-bolster-software-supply-chains) WiFi Patches IT Wire (https://itwire.com/business-it-news/open-source/developers-patch-five-wi-fi-bugs-which-were-in-linux-kernel-since-2019.html) OldGremlin targets Linux Computing Co UK (https://www.computing.co.uk/news/4058606/oldgremlin-targets-russia-debuts-linux-ransomware) 88,000 Malicious Open Source Packages Teiss Co UK (https://www.teiss.co.uk/supply-chain-security/experts-uncovered-88000-malicious-open-source-packages-in-2022---report-11042) Caliptra Petri (https://petri.com/microsoft-caliptra-open-source-root-of-trust/) Phoronix (https://www.phoronix.com/review/caliptra) KataOS All About Circuits (https://www.allaboutcircuits.com/news/google-announces-new-open-source-os-for-risc-v-chips/) Open Source for U (https://www.opensourceforu.com/2022/10/google-unveils-the-new-open-source-kataos/) NVIDIA's New ISAAC Hackster IO (https://www.hackster.io/news/nvidia-launches-new-isaac-ros-developer-preview-with-open-source-robot-management-2cf9e7ed0ec9) Project Wisdom Venturebeat (https://venturebeat.com/ai/red-hat-and-ibm-team-up-to-enhance-aiops-with-an-open-source-project/) Red Hat (https://www.redhat.com/en/engage/project-wisdom) RHEL for Workstation on AWS SDX Central (https://www.sdxcentral.com/articles/red-hat-launches-red-hat-enterprise-linux-for-workstations-on-aws/2022/10/) ZDnet (https://www.zdnet.com/article/red-hat-releases-a-virtual-red-hat-enterprise-linux-desktop-on-aws/) Ubuntu 22.10 Ubuntu (https://ubuntu.com/blog/canonical-releases-ubuntu-22-10-kinetic-kudu) Firefox 106 Mozilla (https://www.mozilla.org/en-US/firefox/106.0/releasenotes/) OMG Ubuntu (https://www.omgubuntu.co.uk/2022/10/firefox-106-released-with-pdf-annotating-gesture-nav-more) DAOS 2.2 and Stratis 3.3 The Register (https://www.theregister.com/2022/10/24/daos_22_stratis_33/) QPWGraph 0.3.7 Gitlab Free Desktop Org (https://gitlab.freedesktop.org/rncbc/qpwgraph) Apple CPUFreq Driver Updated Phoronix (https://www.phoronix.com/news/Apple-CPUFreq-Linux-v3) Remmina Needs Maintainer Remmina (https://remmina.org/looking-for-maintainers/) Linux May Drop i486 Toms Hardware (https://www.tomshardware.com/news/linux-removes-486-cpu-support) GitHub Copilot lawsuit Github CoPilot Investigation (https://githubcopilotinvestigation.com/) Vice (https://www.vice.com/en/article/g5vmgw/github-users-want-to-sue-microsoft-for-training-an-ai-tool-with-their-code) 19:00 Caller Mark Self hosting non-profit email Google and Microsoft have non-profit plans Not what Noah would do Fastmail (https://www.fastmail.com/) Don't host your own email Mail in a Box (https://mailinabox.email/) Tech Soup (https://www.techsoup.org/) FastMail (https://www.fastmail.com/) JMP Chat issue Gajim Chat Client (https://gajim.org/) 35:30 Remmina is Looking for Maintainers Remmina.org (https://remmina.org/looking-for-maintainers/) Some features will be removed Snap package will also stop receiving updates 39:30 Firefox 106 OMG Ubuntu (https://www.omgubuntu.co.uk/2022/10/firefox-106-released-with-pdf-annotating-gesture-nav-more) 41:50 IOT Security Labels The Register (https://www.theregister.com/2022/10/20/biden_administration_iot_security_labels/?td=rt-9cs) Steve's take 47:00 Microsoft Blue Bleed Microsoft leaks a lot of data about customers The Hacker News (https://thehackernews.com/2022/10/microsoft-confirms-server.html) The Register (https://www.theregister.com/2022/10/20/microsoft_data_leak_socradar/?td=rt-9cs) Humans make mistakes Automation won't save you People are starting to understand big tech -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/309) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
Join Andreas Senie and special guest Dr. Darren Hayes, CEO of Code Detectives, as they discuss cybersecurity and dive deep into Computer Forensics and best practices for responding to cyber threats. About Professor Darren HayesDr. Hayes is the Founder and CEO of CODEDETECTIVES LLC. As a forensics examiner, he has worked on numerous cases involving digital evidence in both civil and criminal investigations. He has also been declared as an expert witness in U.S. federal court. For a number of years, Hayes served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was President in 2013.Hayes frequently appears on television, including Bloomberg, MSNBC, The Street, Fox 5 News and has been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor's Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News to name but a few.Sector Interviews are bonus episodes of CRECo.ai Real Estate Roundtable - Your comprehensive all-in-one view of what's happening across the real estate industry -- straight from some of the industry's earliest technology adopters and foremost experts.Learn more about the general show at https://welcome.creco.ai/reroundtable#cybersecurity #ransomware
Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what's been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can't be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today. Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS's independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities. In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA's role in the development of open standards for security. Sager's awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e197
In this episode of Phishy Business, we take a look at cyber crisis exercises and insider threats. Our special guest is Lisa Forte, an expert on running cyber crisis exercises and training high-risk staff on insider threats and social engineering, who was named one of the top 30 female cybersecurity leaders by SC Magazine. Lisa works hard to simulate cybersecurity disasters for organizations in order to train them in how to deal with real-world cyberattacks. Lisa shares her insights on cyber crisis exercises and preparing organizations on how to handle cyberattacks as well as how to prevent insider threats. In ‘Actors, tabletop exercises, and insider threats' we discuss: The fact that 70% of organizations in EMEA do not have a plan for dealing with insider threats despite it being a growing risk. How insider threats can be both accidental and malicious, different ways to look at the term “insider threat”, and some of the factors that may play into people becoming insider threats. How to balance fear and empowerment to get every employee to care personally about an organization's cybersecurity, and how cybersecurity needs to be marketed internally to people across the organization. Some of the creative ways to use role-playing and acting in cyber crisis exercises to make simulations as real as possible, which is key to educating teams in dealing with cyberattacks. Top tips for getting started with a plan to deal with insider threats and cyberattacks and the importance of explaining to key personnel that just having backups really is not a solid plan for dealing with today's threats. The importance of a happy workforce, properly and legally monitoring for insider threats, and tech-for-good and cybersecurity-for-good initiatives. Why CISOs might benefit from rock climbing About Phishy Business Fed up with the same old cybersecurity stories? Come with us on a journey that explores the lesser-known side. Whether it's social engineering, taking criminals to court or the journalists hunting down hackers — our new podcast series, Phishy Business, looks for new ways to think about cybersecurity. Mimecast's very own Brian Pinnock and Alice Jeffery are joined by guests from a range of unique security specialisms. Each episode explores tales of risk, reward and just a dash of ridiculousness to learn how we can all improve in the fight to stay safe. For more tales of risk, reward and ridiculousness, subscribe to Phishy Business on iTunes, Spotify, Anchor or wherever you get your podcasts. www.mimecast.com
Joe Uchill is a Senior Reporter at SC Magazine — the leading trade publication for the cybersecurity industry. Prior to joining SC Magazine in 2020, Joe was a cybersecurity reporter at outlets including Axios and The Hill. Today's episode is the first in our mini-series dedicated to interviewing leading cybersecurity journalists. Cybersecurity reporting plays an important role for practitioners, leaders, and the general public to understand recent breaches, latest malware trends, and best practices that can help us all stay safe on the internet. Our goal with this series is to help our audience learn more about who these journalists are and what it's like to be a reporter in this fast-changing industry. Topics discussed: - How Joe began covering cybersecurity in 2015 and how the landscape has evolved over the past few years. - Joe's favorite story he's covered since he began covering the space in 2015. - What motivates and excites Joe most about cybersecurity. - How Joe feels about the responsibility journalists have when it comes to keeping the public and security community informed. - What trends Joe feels people should be paying attention to when it comes to the future of cybersecurity. To keep up with Joe's latest reporting, join him on twitter at https://twitter.com/JoeUchill
Very few organizations, from three letter agencies to the local brew pub are not using cloud services to some degree and those previously resistant had no choice once Covid 19 hit. In 2022, with global conflict, organized crime, multiple supply chain and service concerns, what is required of a security professional responsible for navigating risk for their enterprise which invariably includes "Cloud"?Illena Armstrong, president of the Cloud Security Alliance, shares her insights on these challenges, honing in on key considerations for both organizations and the information technology industry as a whole. A business first, strategist and advisor, Ms. Armstrong was previously Editor in Chief, and VP of Editorial for SC Magazine, exploring cyber security issues across the globe for more than a decade, interviewing industry leaders before CISO was even a title.
Paul Innella is TDI's CEO and has nearly twenty-five years of corporate executive, cyber security, and computer science experience. He founded, financed, and built TDI into a world-class consulting firm offering cyber security services to hundreds of government agencies and commercial clients around the world. Mr. Innella grew TDI year after year to be a multimillion dollar, consistently-profitable company. He is also a recognized cyber security subject matter expert and corporate executive who has published articles, delivered seminars and lectures, conducted interviews, and acted as technical advisor to commercial companies and projects at global universities and U.S. government agencies. Mr. Innella established and currently chairs the charitable cyber-focused “White Hat USA” organization – created with the goal of raising money to support Children's National Medical Center. He is also servers on several boards and Advisory Councils. Paul also made an appearance on Good Morning Washington in the past and has been cited in the Financial Times, SC Magazine, and Fox. CNBC recently filmed live at TDI headquarters. TDI was Founded in 2001. TDI Secures clients around the globe against threats thru innovative tech-enabled services and unique cybersecurity management platform called CnSight. CnSight is an innovative solution designed to provide previously unknown insights into risk through a continuous view into the effectiveness and consistency of an organization's cybersecurity investments. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again and Cybersecurity is Everybody's Business, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.
Paul Innella is TDI's CEO and has nearly twenty-five years of corporate executive, cyber security, and computer science experience. He founded, financed, and built TDI into a world-class consulting firm offering cyber security services to hundreds of government agencies and commercial clients around the world. Mr. Innella grew TDI year after year to be a multimillion dollar, consistently-profitable company. He is also a recognized cyber security subject matter expert and corporate executive who has published articles, delivered seminars and lectures, conducted interviews, and acted as technical advisor to commercial companies and projects at global universities and U.S. government agencies. Mr. Innella established and currently chairs the charitable cyber-focused “White Hat USA” organization – created with the goal of raising money to support Children's National Medical Center. He is also servers on several boards and Advisory Councils. Paul also made an appearance on Good Morning Washington in the past and has been cited in the Financial Times, SC Magazine, and Fox. CNBC recently filmed live at TDI headquarters. TDI was Founded in 2001. TDI Secures clients around the globe against threats thru innovative tech-enabled services and unique cybersecurity management platform called CnSight. CnSight is an innovative solution designed to provide previously unknown insights into risk through a continuous view into the effectiveness and consistency of an organization's cybersecurity investments. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again and Cybersecurity is Everybody's Business, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.
Joe Uchill, senior reporter at SC Magazine, joins us on the podcast this week to share perspective from his ongoing reporting on the cyber implications from the Ukraine conflict. We cover a bevy of themes including the level of cyber versus kinetic attacks, the “IT Army” of Ukraine and impact of decentralized hacking volunteers, Conti ransomware group woes and the globalism of the criminal economy, CISA Shields Up guidance and navigating through opportunistic criminals that invariably take advantage of a crisis. And he explains the Evel Knievel School of Storytelling approach. Joe Uchill, Senior Reporter at SC Magazine Long time cybersecurity reporter who has written for places like SC Magazine, Axios and Motherboard. I founded Axios' Codebook cybersecurity newsletter and also wrote cybersecurity newsletters for The Hill and Christian Science Monitor. Newsletters are something of a specialty. In his spare time, he works on coding projects to bolster journalism. Previously ran a Washington D.C. area group of hackers, analysts and reporters who collaborated until COVID-19 put an end to in-person meetings. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e171
There are few people, if any, who have given more of themselves to the cybersecurity community than Lesley Carhart. Our conversation with Lesley came immediately after the 3rd annual PancakesCon, a free conference she conceived with a unique “20 on, 20 off” format that celebrates who we are outside of work as much as what we accomplish as security professionals. In the fashion of a person who is both an incident response expert and a community organizer, the conference was pulled together in a frantic 11 days after Omicron wreaked havoc on Winter conference schedules and there was a gap Lesley saw that needed to be filled.Having joined the Airforce Reserves just before 9/11 with the intent to become an airplane mechanic, Lesley's career has been spent balancing military service along with “the usual” pressures of working in cybersecurity. She explains how she juggled her civilian and military life for 20 years up until her recent retirement as an Airforce Master Sergeant. Lesley recaps her 2 decades of service while laying out the good, the bad and the misconceptions for any who would follow in her footsteps.Alongside her cybersecurity day job and military service, Lesley also actively practices and teaches martial arts to children. We explore what motivates her passion for serving those around her, focusing on her early difficulties breaking into the cybersecurity industry in spite of having had her first programming job at the age of 15. Lesley, Jack and Dave conclude with a hopeful dialogue on what more we have to do to create a truly diverse and supportive cybersecurity community– and how it might be the key to finally resolving the current staffing and burnout crisis.BioLesley Carhart is a Principal Industrial Incident Responder at the industrial cybersecurity company Dragos, Inc. She has spent more than a decade of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. She is recognized as a subject matter expert in the field of cybersecurity incident response and digital forensics.Prior to joining Dragos, she was the incident response team lead at Motorola Solutions. Her focus at Dragos is developing forensics and incident response tools and processes for uncharted areas of industrial systems. She is also a certified instructor and curriculum developer for the Dragos “Assessing, Hunting, and Monitoring Industrial Control System Networks” course.She has received recognition such as DEF CON Hacker of the Year, a “Top Woman in Cybersecurity” from CyberScoop,“Power Player” from SC Magazine, and is a 2021 SANS Difference Makers award nominee.In her free time, Lesley co-organizes resumé and interview clinics at several cybersecurity conferences, blogs and tweets prolifically about infosec, has served for 20 years in the USAF Reserves, and is a youth martial arts instructor.
Today we are joined by Tari, a nationally known expert on cybersecurity who created cyber programs for one of the largest oil and gas companies, a Canadian electric utility company, a 911 system, and one of the largest retailers in the US. He has appeared on ABC News, CNN, CNBC, NPR, and has had numerous articles printed in security and business magazines, including Business Week, New York Times, SC Magazine, The Wall Street Journal and many others. Safe to say Tari is the perfect guest to kick off 2022. In this episode we discuss the democratization of cyber, defeating ransomware, and the NFL playoffs! Our Guest: Tari Schreider, Security Analyst at Aite-Novarica Group Host: Thomas Bain, VP of Marketing at Cyware Producer: Cole Hayden, Intern at Cyware
Karla Reffold founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined Orpheus Cyber as COO. Orpheus is a threat intelligence company with a SAAS platform that helps organizations manage their own risk, and that of their third parties, with an easy-to-understand cyber risk score. Karla is an industry awards judge, the host of industry interviews on the Cyber Talks media platform and the Zero Hour Podcast. She is also an experienced speaker, on the topic of cyber security and women in technology. Karla was included in SC Magazine's Top 50 Women in Security in 2019. She was a finalist at the Women of the Future awards in 2016, for Entrepreneur of the Year, and a finalist in The Future Ladies Awards for Mentor of the Year in 2019. On this episode, we talk about the power of bouncing back after a setback. Karla shares that 2020 was a year that she had to bounce back and after her divorce, she has had the most success in her life. She shares the power of building relationships, why we are blinded by our comfort zone and the motivation behind proving her doubters wrong. To contact Karla, visit: www.karlareffold.co.uk or www.orpheus-cyber.com Welcome to Profiles in Success and thank you for listening! For more visit: https://profilesinsuccess.com/ Work with us: https://www.bernhardtwealth.com/
Starting a recruitment business isn't easy. Scaling a recruitment business is even harder, as evidenced by the fact that 73% of recruitment companies never grow beyond 10 employees. Selling a recruitment business is rare indeed -- according to BDO there are only 20-40 M&A deals done per year in the UK recruitment sector. Accomplishing all of this in 7 years while still in your 30's is practically unheard of. Yet that's exactly what my special guest, Karla Reffold, has achieved. I had so much fun interviewing Karla about her entrepreneurial journey as a young, female founder. She shared the challenges she faced and the crazy ups and downs she experienced. You'll hear what she learned from having founded, scaled and sold her recruitment business in the tech space -- traditionally a male-dominated sector. Karla founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined Orpheus Cyber as COO. Karla is also an experienced speaker on cyber security and was included in SC Magazine's Top 50 Women in Security in 2019. Episode Outline and Highlights [1:57] Karla talks about how she launched, scaled, and sold her recruitment business at a young age. [6:01] When should you expand? Karla's trigger for making your next hire. [11:10] How Karla established a foundation for growth during the first 12 months. [15:40] Hear how the “Green Flag System” helped Karla's business to consistently grow. [19:00] Best practices to be successful in winning business. [26:08] Hiring based on values, developing your company values and assessing talent against them. [28:00] Resilience when things don't go your way - Karla shared the key challenges she encountered while growing her startup recruitment business. [32:40] Karla reveals why she decided to expand to the US and what she learned from opening an office in New York. [46:30] When is the right time to exit and sell your business? [54:22] Challenges of being a young female founder in the tech space. Increase Your Success in Winning Businesses A critical part of Karla's success as a founder is how she consistently wins businesses which immensely contributed to her company's growth. What are the keys to increasing your success in winning clients? Karla shared at least three. Invest in marketing and branding. BeecherMadden created a salary survey which they leveraged to get publicity and appointments with key prospects. She also set up internship programs to create a strong social media presence, which in turn launched marketing careers for her interns. Speaking engagements. Karla would speak at every industry event she could, persuading event organizers to give her an opportunity. Her expertise in tech enabled her to share meaningful insights and these speaking engagements helped to make the BeecherMadden brand dominant in the cyber security market. People. As a team, they really focused on business development and Karla gives credit to the hard work her team put in. Confidence. Something that really stood out to me was Karla's confidence, which she explained is something she's always had. Her upbringing played an important part in her envisioning success and knowing that she can do anything she puts her mind into. What if Things Don't Go Your Way? As a young founder, things wobbled a bit when she was expanding quickly. In fact, she believed that one of her learnings as a business owner is that growing too quickly can create a lot of problems. Another huge challenge is stepping back from the day to day management, which she attempted to do after her second child was born. Karla told me the story of hiring a Managing Director to run the business while she was on maternity leave, which turned out to be a disaster. Listen to how she was able to get things back on track after this major setback. Hear her other stories as well as her key learnings on never underestimating her value. If you are a business owner or someone who is just starting, you may find this one truly relevant. Careers Beyond Recruitment - Becoming a Senior Executive in the Tech Space Karla is now a COO at Orpheus, a leading cyber threat intelligence and cyber risk rating company and is respected in her industry. Unfortunately, that respect wasn't always there. What were the challenges she faced as a young woman in tech? Karla recalled, “I was in my 20's when I started... I remember people would literally say things like, “you're very young aren't you?” Fortunately, Karla believes the industry has changed for the better and the tech space is gradually becoming more diverse. In 2020, Karla transitioned from the recruitment industry to cyber security, which brings a new set of challenges. One question she now gets asked is “Wow, how does a recruiter become a COO?” Her response: “I founded a 7-figure business and sold it for a really decent multiple - that's how.” Our Sponsors This podcast is proudly sponsored by i-intro®. i-intro® is an end-to-end retained recruitment platform. Our technology and methodology allows recruiters to differentiate themselves from the competition, win more retained business, bigger fees and increase their billings. Be sure to mention Mark Whitby or The Resilient Recruiter for a 25% discount. Book your free, no obligation consultation here: www.recruitmentcoach.com/retained Karla Reffold Bio and Contact Info An experienced business owner and leader, Karla is passionate about values-led leadership and people development. Karla founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined Orpheus Cyber as COO. Orpheus is a threat intelligence company with a SAAS platform that helps organisations manage their own risk, and that of their third parties, with an easy-to-understand cyber risk score. Karla is an industry awards judge, the host of industry interviews on the Cyber Talks media platform and the Zero Hour Podcast. She is also an experienced speaker, on the topic of cyber security and women in technology. Karla was included in SC Magazine's Top 50 Women in Security in 2019. She was a finalist at the Women of the Future awards in 2016, for Entrepreneur of the Year and a finalist in The Future Ladies Awards for Mentor of the Year in 2019. Karla's website link Karla on LinkedIn Karla on Instagram Karla on Twitter @karla_reffold Orpheus Cyber website link People and Resources Mentioned Leanne Sarah Jones Hunt on LinkedIn Mindset: The New Psychology of Success by Carol Dweck Connect with Mark Whitby Get your FREE 30-minute strategy call Mark on LinkedIn Mark on Twitter: @MarkWhitby Mark on Facebook Mark on Instagram: @RecruitmentCoach Related Podcast You Might Enjoy TRR#66 How to Grow Your Recruitment Business by Hiring Top Recruiters, with Leanne Sara Jones Hunt Subscribe to The Resilient Recruiter
In this episode of CISO Talk, James Azar is joined by Patrick Benoit and Nick Sorensen to discuss the latest in the Vendor Risk Management and the latest report and what is happening in the industry to tackle the risks associated with vendors across the SaaS, IaaS and PaaS platforms. Tune in to this amazing podcast and make sure to subscribe and comment Bio: Patrick Benoit Repeated success guiding business strategy to achieve maximum operational impacts with minimum resource expenditures. Talent for launching programs, grooming high-performing teams, plus infrastructure development, procurement, and project management. Expert presenter, negotiator, and businessperson; able to forge solid relationships with strategic partners and build consensus across multiple organizational levels. LinkedIn Profile: https://www.linkedin.com/in/patricklbenoit/ Bio: Nick Sorensen It's a pleasure to be working with a great team @ Whistic and an incredible list of customers. We are helping companies across the globe conduct and respond to vendor security reviews in our award-winning platform (SC Magazine '19 "Best Emerging Technology" Finalist). I love helping employees grow, building products people want, thinking strategically, executing a plan, running experiments, recruiting talented people to an ambitious vision, diving into the data, taking calculated risks, leading teams, learning new things, giving a pitch, and being an advocate for the voice of the customer. LinkedIn Profile: https://www.linkedin.com/in/nicksorensen/ CISOTalk Paisley Shirt Challenge Donate now to support the wounded warrior project and get James to wear an ugly paisley shirt for one or all of his shows: https://tiltify.com/@cisotalk/ciso-talk-paisley-shirt-challenge CISO Talk is suppored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub Whistic: www.whistic.com/cyberhub Attivo Networks: www.attivonetworks.com **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, Other Side of Cyber and CISOs Secrets James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/CISOtalk The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Links: "What is an Attack Surface? (And How to Reduce it)": And How to Reduce ithttps://www.okta.com/identity-101/what-is-an-attack-surface/ "Developing Cyber Resilient Systems: A Systems Security Engineering Approach": https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/final TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That's extrahop.com/trial.Jesse: There's a constant daily show of security-related news from all directions. It's a storm that never abates. Sifting through it all feels daunting to most people, including many security professionals. We need a strategy to sort it all out and focus on the things that matter, as quickly as we can. [laugh]. The easy and terrifying answer is just to subscribe to all the newsletters for everything your organization uses or your group manages; go read the articles they point to, and [laugh] give up because it's total information overload.For some security people, this approach does make sense and it works; except the whole giving up part, of course. However, if this isn't useful for most of us. As with anything driven by business needs, understanding how to find and evaluate useful security news starts with knowing your business. Whatever your role, you should understand how your work supports and furthers the organizational mission.Understanding your mission leads to understanding your risks, therefore you will know your role in risk mitigation. This leads to understanding how and why your technological solutions both support your mission and mitigate your risks to that mission. Now, let's look at how this foundational understanding of your business drives your consumption and evaluation of security news.News strategy. It should be obvious that the role you and your technology have relative to the mission and risks determine the choosing of both the types and the sources of security news you should read. It is tempting to focus only on cloud-specific sources and topics, but running in the cloud does not obviate the need for the security of your systems, applications, and data. It is also true that ignoring cloud-specific security news is a bad idea. To determine which to focus on first or most, look at the likely exposure your infrastructure has in terms of your risks.For example, if your application delivers the services of your business to external customers as opposed to an internal employees' service, then most people will interact primarily with your application services presented by your systems. Your largest attack surface would be your service application, the data presented and used by your application, the operating system or microservice platform supporting your application, and the network infrastructure to tie it all together. We define attack surface as the collective group of services, systems, or data exposed to access by a potential adversary. In other words, if something can be touched on the network, it is part of the attack surface for initial intrusion. And if something on the system can be touched by local access, it is part of the attack surface for an attacker who has gained access beyond the network resources.This means most of us have a primary or larger attack surface in the application and systems exposed in services delivery, and our cloud infrastructure underneath and supporting our systems and services is likely a secondary or smaller attack surface. For more reading on attack services, check out Okta's article called “What is an Attack Surface? (And How to Reduce it)” and read some attention to the topic in the US National Institute of Standards and Technology or NIST Special Publication 800-160, Volume Two called “Developing Cyber Resilient Systems: A Systems Security Engineering Approach.” Wow, that's a mouthful.Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.It is generally the case for most people and organizations that non-cloud-specific news will provide the most return on our investment of time upfront, though this changes once processing and acting upon general security news become streamlined. Now, let's talk about how to determine the usefulness of the news we encounter.Evaluating news. Most of us would head straight to industry sources to see what the biggest news of the day is, but I suggest a different approach to triage your news needs. First, look at mainstream news sources such as the New York Times Washington Post, and the Guardian or even NPR, CNN, and BBC. Is there cybersecurity-related news showing up in many or all of these sources? If there is big news, it will be all over it with original source articles, and even articles summarizing those other news sources.This will likely give you a general idea of the service or technology affected, which helps you determine whether further research is required to understand the impact it may have on your organization. These sources may not clarify what specific technical services or systems are involved, however. Once you found these big news items, search in the tech industry-focused sources to get more relevant detail that isn't over-simplified for larger public audience. If there isn't a big news from mainstream sources, look for popular topics across tech industry-focused sources. See what these sources are saying across the board to see what are the most critical elements you should consider and investigate.Some popular sites to consider are Wired CIO and CSOs security site. Also, don't forget your LinkedIn newsfeed or your various social media venues like Twitter, your Facebook timeline, Instagram, or your other favorite internet Hangouts. Your next stop to further refine your understanding of the technical things happening with a widespread security issue is to dig into a topic on technical-focused sites. These can be specific to a particular vendor technology, like Microsoft's security blog, Red Hat's security channel, or Cisco's security content, for example. This is where you start getting into the detailed and specific vulnerabilities, including the method of compromise, such as buffer overflows, remote code execution, or RCE, privilege escalation, or denial of service, or DoS, attack types.I'll discuss more about these attack types another time. To dig into the deep technical details, find articles on your topic in publications like SC Magazine's security news site, the Hacker News, or Dark Reading among others. Although keep in mind, these sometimes get deep into the security domain and use security-specific language and jargon that might be a bit hard to follow if you're not used to it. The technical articles often will reference the common vulnerabilities and exposures, or CVE identifiers. The CVE Program is a service of The MITRE Corporation, which operates federally-funded research and development centers, or FFRDCs, in a number of areas including a [Strong Center 00:08:37] in the National Cybersecurity FFRDC.MITRE's cybersecurity work extends to a number of areas and come up frequently in security domains. I will cover more of what MITRE does in a future episode. In a short description, a CVE identifier points to an entry in the CVE program list that provides basic information about a vulnerability in a standard format, covering things like the operating system or software package affected, vulnerable versions, a description of the vulnerability, and pointers to the deep dive into the exact nature of the vulnerabilities. Follow the links in the CVE entry for remediation and mitigation specifics on patches, upgrades, or other mitigation steps for vulnerabilities, such as configuration changes.While searching for a security exploit, and looking at headlines at the time of recording this podcast, I see big news about patching iPhones, and iPads, and a widespread attack on Exchange servers, which includes things about the Black Kingdom ransomware used by the Hafnium cybergang. Those are great rabbit holes to fall into for some fun security reading. If your organization uses iPhones, iPads, or Microsoft servers, go down the holes and see where they lead.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Today, we’re joined by Lydia Dishman, a regular contributor to Fast Company. Lydia writes about the intersection of tech, leadership, and innovation. Lydia has been an independent journalist since 2009 and previously wrote for SC Magazine, CBS Interactive, and USA Today. Lydia shares details about surveys and sample sizes, one of her recent pieces about the places to work at home, shares praise about her Fast Company co-workers, and much more.
All links and images for this episode can be found on CISO Series https://cisoseries.com/unnecessary-research-reveals-cisos-hate-cold-calls/ In a study we never actually conducted, our fellow security leaders said unequivocally that there never has been a time they welcome a phone call from someone they don't know trying to book a demo to see a product they have no interest in. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Andy Steingruebl (@asteingruebl), CISO, Pinterest. Our guest this week is Andy Purdy (@andy_purdy), CSO, Huawei Thanks to our podcast sponsor, Living Security Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers. On this week's episode Here’s some surprising research As compared to small and medium companies, big enterprises don't appear to trust the big telcos to execute their 5G strategy. This according to new research from Omdia as reported by Iain Morris of Light Reading. When asked, "do you trust a communications service provider, AKA big telco, to execute your security strategy," SMEs overwhelmingly supported the telcos over all other options, and big enterprises didn't. They trusted their own expertise or wanted to lean on a cloud service provider like Amazon or Google. Let's investigate this discrepancy. If you're not paranoid yet here’s your chance As if you didn't know it already, get ready for some sobering news about third-party risk: According to a survey by BlueVoyant, as reported by SC Magazine, 80 percent of those surveyed had at least one breach caused by a third party vendor within the past year. Most of those surveyed didn’t monitor third-party suppliers for cyber risk. But, even if they wanted to, it's often a point in time measurement, sometimes only yearly, and organizations have an average of 1409 vendors. UK's National Cyber Security Center puts the focus of securing against third party risk squarely on the development of the software supply chain, and the need for isolation and proven security checks throughout the development process. That may be good advice, but it still seems so overwhelming given the volume and how much you can't control. "What's Worse?!" A vulnerability response and incident detection conundrum from Jonathan Waldrop, Insight Global What’s the best way to handle this Lessons learned from a big security incident and how these will be applied to the next big security incident. What do you think of this vendor marketing tactic Very few, if any, security leaders like cold calls. Yet, even with all the expressed distaste of them, they still exist, and that's probably because they still work, and still deliver significant ROI. But when these companies calculating that ROI, are they calculating all the people they've annoyed? One vendor sales rep who said after searching their CRM for "Do Not Call" there was a slew of vitriol from CISOs screaming to never contact them again. And as we all know, CISOs talk to other CISOs. So if you've angered one CISO sufficiently to never consider you, they've probably told a few friends as well. Let's discuss getting pushed over the edge by a vendor's aggressive sales tactics and what was done to essentially shut them off, including telling others about their actions.
In Episode #208, I talk with Mark Sangster. Mark is the VP & Industry Security Strategist at eSentire Inc., an award-winning speaker, and the author of the new book, “No Safe Harbor: The Inside Truth About Cybercrime―and How To Protect Your Business.” As a CIO and Business IT Leader here are some wins you will get by listening: How remote work and employees bringing their office home have created new hurdles for IT leaders to deal with. (18:30) The root causes of cyberattacks and how bad actors are able to carry out such attacks as ransomware. (7:00) Why cybersecurity is not just an IT problem to fix and why it’s a business risk to manage. (4:00) Why enterprises should create a risk registry to rank the risks they face. (21:00) Why compliance is not the same as security or privacy. (33:00) Why some companies are ill-prepared for cyberattacks and the importance of having measures in place to protect your data. (12:00) Why complacency and a “set it and forget it” mentality are dangerous things for a company to have when it comes to cybersecurity. (15:30) How much easier it is for a bad actor to virtually rob a bank rather than physically. (40:00) The reputational hit that companies take after data breaches and cyberattacks. (26:30) Why modern compliance often lags behind other aspects of the business. (37:00) Mark Sangster is the Principal Evangelist and VP of Industry Security Strategist for eSentire Inc based in Ontario, Canada. He is an award-winning speaker at international conferences and on prestigious stages, including the Harvard Law School, and an author on various cybersecurity subjects. Mark has a fascinating perspective on shifting risk trends, and his work has influenced industry thought-leaders. He is the go-to expert on data breaches, and his work has been featured in The Wall Street Journal and the Canadian Broadcast Corporation. Mark also hosts the Cyber Insider Podcast. He interviews experts from across various industries to explore data breach litigation, cyber insurance claims, crisis communication, the rise of gray zone threats, and the risks of interconnected technology. He is a contributing author to several leading industry publications (CSO magazine, SC Magazine, LegalTech News), an invited speaker at 40+ conferences a year, and a regular guest on many well-respected podcasts. His most recent book, No Safe Harbor: The Inside Truth About Cybercrime―and How To Protect Your Business , tells the story of cybercrimes and cyber-attacks that never made the headlines but are equally important for companies to understand what they need to do to protect themselves. How to connect with Mark Sangster: Mark Sangster’s LinkedIn Mark Sangster’s Twitter Mark Sangster’s Website Books referenced in podcast: No Safe Harbor: The Inside Truth About Cybercrime―and How To Protect Your Business 1st Edition, By Mark Sangster, Published by Page Two, 2020. The Checklist Manifesto: How to Get Things Right 1st Edition, By Atul Gawande, Published by Picador, 2011. Articles referenced in podcast: The Fifty-Nine-Story Crisis, The New Yorker Magazine, 1995. Transcript: You can go to the show notes to get more information about this interview and what we discussed in this episode. Click Here to download the full transcript. About Bill Murphy: Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter. If you are interested in learning more about RedZone and our security expertise in particular related to Cloud and Email Security Kill Chain Strategy, Techniques, and Tactics you can email myteam@redzonetech.net.
Why is cybersecurity hard? Why do women make more money? These are just some the questions Karla Reffold discusses on Dark Rhino Security's Security Confidential. Karla is an experienced business owner and business leader. She has large international network in cybersecurity and is well versed on the many topics relevant to the industry. She founded the international recruitment business, BeecherMadden in 2010 before overseeing the acquisition by Nicoll Curtin. In 2020 she joined Orpheus Cyber as the Chief Operating Officer (COO). Orpheus is a threat intelligence company with a SAAS platform that helps organizations manage their own risk, and that of their third parties, with an easy to understand cyber risk score. Karla is the host of industry interviews on the Cyber Talks media platform and the Zero Hour Podcast. She was included in SC Magazine's Top 50 Women in Security in 2019. Karla discusses her transition from a recruiting firm to COO of Orpheus. She discusses gender differences in male dominated cybersecurity and why women in cybersecurity make 30% more money than men, in the field. TOPICS DISCUSSED Journey from Recruiting to COO Advice to startup companies Gender differences in cybersecurity and how to overcome them Why women get paid more in cybersecurity? Assessing and managing risk in cybersecurity The role of threat intelligence Heavy reliance on cybersecurity tools vs processes The pyramid of pain and threat hunting The Solarwinds breach Changes resulting from the Covid Pandemic Zero trust Quantifying risk on cloud platforms European vs North American differences on cybersecurity and GDPR IT Hygiene, why cybersecurity is hard To learn more about Karla Reffold please visit https://www.linkedin.com/in/karlareffold/ To learn more about Dark Rhino Security please visit https://www.darkrhinosecurity.com To learn more about Orpheus please visit https://orpheus-cyber.com/ To watch the videocast https://youtu.be/sOdy3Ct-uVA Host: Manoj Tandon Guest Karla Reffold
In information technology, standards for administration and enforcement of general applications are related to the International Organization for Standardization, or ISO, and the International Electrotechnical Commission, or IEC. The ISO/IEC 38500 IT governance and compliance framework is such a standard. According to A. L. Holt (2013), directors and senior officers understanding their responsibility for governing information technology systems addresses three issues: procured system integration, responding to legislative requirements for storing personal data, and documentation (Part A, Sec. 3). Image by Darwin Laganzon from Pixabay References Anonymous. (2016). JOBS MARKET: Me and my job. SC Magazine, 27(6), 15. Holt, A. L., Safari Books Online (Firm), & Books24x7, I. (2013). Governance of IT: An executive guide to ISO/IEC 38500. Swindon, UK: BCS, The Chartered Institute for IT. Olutoyin, O., & Flowerday, S. (2016). Successful IT governance in SMES: An application of the technology-organisation-environment theory. South African Journal of Information Management, 18(1), 1-8. doi:http://0- dx.doi.org.library.regent.edu/10.4102/sajim.v18i1.696 --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/bitjetkit/support
Amar Singh: How Do We Rank Trust, Security and Control? This is a story about control My control Control of what I say Control of what I do And this time I'm gonna do it my way I hope you enjoy this as much as I do Are we ready? I am 'Cause it's all about control, And I've got lots of it -- Janet Jackson; Control, 1986, A&M Records On this week’s InSecurity, Matt Stephenson welcomes Amar Singh in for a conversation about the notion of Trust, Security, Risk and Control. The key question, in a nearly completely remote workforce, is how do security practitioners mainten any degree of control? We also wonder if anyone ever really had control in the first place. Toss in a bit of trust and security to season the stew and you’ve got an episode worth listening to. About Amar Singh Amar Singh (@amisecured) is the CEO and interim CISO of Cyber Management Alliance Limited. He is an industry acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the Al-Jazeera English Channel About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe. Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before. Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector, Blackberry, Apple Podcasts and Spotify as well as GooglePlay, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Peter Liebert is currently the CISO at Cerner Government Services, the leading EHR provider for the public sector. Prior to joining Cerner, Peter was chosen by his peers to be the 2019 Chief Security Officer of the Year by SC Magazine. Additionally, he's the former CISO for the State of California and is a security visionary with over 19 years of leadership experience in private, Federal (including the Military), and State Government organizations. On today's show we discuss: How have you justified an increase in cyber spend? How do you align with business KPIs? What have been the cultural differences you've noticed in working with both private and public sectors? Get in touch with the show: Website: businessofcyber.com LinkedIn: Joe Vinck & Business of Cyber Twitter: @joey_vinck
Since 2001, the Denim Group have been helping their clients create resilient software that can be deployed to withstand attacks. They do this across the portfolio of software that clients have, and also do it at scale across the enterprise. I wanted to learn more about how their software development background helps them bridge the gap between security and software development, which enables their clients to build more secure software faster. Dan Cornell joins me on my daily tech podcast to talk about all this and much more. A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing, and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. Cornell is a sought-after speaker on topics of web application security, speaking at international conferences including the RSA Security Conference, OWASP AppSec USA and EU, and Black Hat Arsenal. He has also appeared as a guest speaker at institutions such as the Los Alamos National Laboratory. He has published papers on topics ranging from data security to high-end graphical simulations, as well as an IBM Redbook on building server-side Java applications for the Linux platform. Today's guest is also a recognized expert in the area of web application security for SearchSoftwareQuality.com and has been quoted as an expert in SC Magazine, Network World, CSO Magazine, Dark Reading, and many more.
Serial entrepreneur and technology executive with a passion for launching and building high-growth businesses. Launched 14 of ventures, successfully exiting 9, currently operating 3 and helped launch 89+ companies. Raised $357M+ in venture capital, led 17 acquisitions of venture-backed or public companies and 2 IPOs. I'm an advocate for diversity and equality in tech. I coach female founders and funders as well as underserved founders in tech. Published author, keynote speaker on female and minority leadership, diversity, entrepreneurship, and cybersecurity. A thought leader and cybersecurity evangelist, frequent industry speaker including RSA, BlackHat, and SANS among others, frequently quoted in SC Magazine, Wired, Red Herring, CSO, Information Week and other publications. Technology executive with Fortune 50 and entrepreneurial expertise covering all aspects of business and serving in multiple CXO roles focused on the enterprise with clients from SMB to the Global 5000. Technical: Auditing, Assessment, Incident Response, Risk Management, Security Architecture. A member of the founding OASIS Provisioning Services Technical Committee (PTSC) formed to define an XML-based framework resulting in the unified standard of SPML. Certifications: CISM, GSLC, CIPP, CWSP, GLEG Business & Corporate Development: Adept at re-engineering processes, creating and driving strategy, developing innovative methodologies to bring products to market. Recruiting and motivating teams to exceed goals. Skilled negotiator, strong leader, effective presenter with proven success influencing and selling concepts to executive teams internally and in client organizations. http://www.newmarketpartners.com https://twitter.com/joy_randels https://www.linkedin.com/in/joyrandels
Kim Crawley: We Need a Diversity of Brains in this World The National Autism Association states that Autism is a bio-neurological developmental disability that generally appears before the age of 3. Autism impacts the normal development of the brain in the areas of social interaction, communication skills, and cognitive function. Since autism was first diagnosed in the U.S. the incidence has climbed to a rate of 1 in 59 children in the U.S. According to pop culture… it may be a super power as well. There seems to be a lot of Doctors on TV now who are on the Autism Spectrum like Dr. Temperance Brennan on Bones or Dr. Sheldon Cooper from The Big Bang Theory We also get the occasional action herosuch as Ryan Gosling’s The Driver or Lisbeth Salander from The Girl With the Dragon Tattoo. And of course, the classic American underdog heroes Raymond Babbitt and Forrest Gump Out here in the real world… people on the Autism Spectrum are all around you. Most of them do not have Salander like superpowers, but rather are every day Janes and Joes who go to work, do their jobs and live their lives. Ever wonder what’s it’s like to chat with someone on the Autism Spectrum? You shouldn’t… if CDC statistics are accurate, there are nearly 6.8 MILLION people on the Autism Spectrum in the United States In this week’s episode of InSecurity, Matt Stephenson sat down with respected security writer Kim Crawley to talk about the current state of the cybersecurity world, some of the issues with locking down IoT, drumming… and Kim’s recent diagnosis as being on the Autism Spectrum. Take a walk with Kim as she shares her experience in the security industry and why being on the Autism Spectrum is just another facet of her personality. For more information on Autism, go to www.autisticadvocacy.org and look for #ActuallyAutistic on Twitter About Kim Crawley Kimberly Crawley spent years working in consumer tech support. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. By 2011, she was writing study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. She’s since contributed articles on information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo-developed PC game, Hackers Versus Banksters, and was featured at the Toronto Comic Arts Festival in May 2016. She now writes for Tripwire, AT&T and BlackBerry Cylance. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at BlackBerry Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
The team at Axonius often jokingly refer to themselves as the most “boring startup” around, but their industry peers don’t see it that way. The company just so happens to be one of the hottest in cybersecurity having been named “Most Innovative Startup” at the recent RSA Conference and SC Magazine’s “Rookie Security Company of the Year”. Axonius is a cybersecurity asset management platform providing actionable visibility and policy enforcement for all assets and users. Essentially the company is solving what they call the least sexy part of cybersecurity, which is the asset management problem. But once again, they are being incredibly modest. The RSA Conference is the world’s leading information security conferences and expositions, announced that Axonius was selected winner of the fourteenth-annual RSAC Innovation Sandbox Contest. A panel of leading venture capitalists, entrepreneurs and industry veterans judged the contest and named Axonius RSAC’s “Most Innovative Startup 2019.” “I am blown away that the judges recognized a problem as mundane as asset management to be the winner this year,” said Nathan Burke, chief marketing officer of Axonius. “It is amazing that a really big and nagging problem that hasn’t been solved yet is something that the judges decided is worthy of winning.” In its fourteenth year, the RSAC Innovation Sandbox Contest is a leading platform for startups to showcase their groundbreaking technologies that have the potential to transform the cybersecurity industry. In the past five years alone, the RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen 14 acquisitions and have received over $2.2 billion in investments. Past winners include companies such as Phantom, Invincea, UnifyID and, most recently, BigID. For a more complete picture of where past RSAC Innovation Sandbox participants stand today, visit the RSAC Innovation Sandbox Leaderboard, powered by Crunchbase, for updated status and funding totals. I wanted to learn more about the Axonius story and what inspired them to solve a nagging problem experienced by every business but hadn't been solved, until now. Nathan Burke joins me on my daily tech podcast to share his journey with Axonius and also the inspirational story of exactly how they earned the award of the “Most Innovative Startup 2019.” at the RSAC Innovation Sandbox Contest
On this week’s episode of Secure The Seat, I interview Dr. Diana Burley. We discuss how being the boss—doesn’t make you a leader. Diana L. Burley, Ph.D., is executive director and chair of the Institute for Information Infrastructure Protection (I3P) and full professor of human & organizational learning at The George Washington University (GW). Named one of SC Magazine’s Eight Women in IT Security to Watch in 2017 and the 2017 SC Magazine ReBoot awardee for educational leadership in IT security, Dr. Burley is a global cybersecurity expert who regularly advises enterprises on strengthening their cybersecurity posture, managing cybersecurity risk, assessing human factors in the threat environment, and developing a robust cybersecurity workforce. Connect with Dr. Burley at gsehd.gwu.edu/directory/diana-burley
SC Magazine as one of its "2016 Women to Watch." (https://www.scmagazine.com/home/security-news/features/women-to-watch/) and a recipient of the Enfuse 2018 Difference Makers Award for her efforts in educational outreach. She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at SANS FOR526 Advanced Memory Forensics and Threat Detection (https://www.sans.org/course/memory-forensics-in-depth) course, she is passionate about memory management and forensic artifact hunting. In this episode we discuss, being confused with Heather Mahalik (https://www.linkedin.com/in/heather-mahalik-gasf-gcfe-cfce-ence-mfce-3615535/) , running a helpdesk, file system forensics, memory forensics, balancing blue teams and red teams, when to add threat hunting to your program, the value of certifications, balancing work and life, keeping skills current, and so much more. Where you can find Alissa: LinkedIn (https://www.linkedin.com/in/alissatorres) Twitter (https://twitter.com/sibertor) SANS (https://www.sans.org/instructors/alissa-torres)
"Karen Epper Hoffman is full-time freelance writer with 20 years of experience covering financial services, technology, education and general business issues. She has been published in several trade and mainstream publications including the Wall Street Journal Europe, SC Magazine, Bank Director, Banking Strategies, Bloomberg BusinessWeek."
Named 2017 Cybersecurity Professional of the Year - Cybersecurity Excellence Awards, Chief Privacy Officer (CPO) SC Magazine, Global Privacy and Security by Design (GPSbyDesign) International Council Member, SC Magazine’s List of “Women in IT Security - Top Influencers for 2018, and finalist Women in Technology Business Role Model of the Year 2018 - Dr. Rebecca Wynn is lauded as a “game-changer who is ten steps ahead in developing and enforcing cybersecurity and privacy best practices and policies." She is a “big picture” thinker who brings nearly 20 years of experience in Information Security, Assurance & Technology.
Summer is upon us and for many of us that means travel - but before you even pack your bags, you need to listen to this podcast! In my interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! I also tell you why everyone needs to reboot their WiFi routers - by request of the FBI, no less! A Russian-made piece of malware called VPNFilter has infected half a million routers world-wise, and the remedy in most cases is simply to power-cycle or reboot your router. It’s easy to do and we should also take a few minutes to do it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b NCSA’s Cyber Trip Advisor: https://www.stopthinkconnect.org/resources/preview/tip-sheet-ncsas-cyber-trip-advisor Reboot your router and set your admin password: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/
Dr. Rebecca Wynn, SC Magazine's Chief Privacy Officer of the Year, breaks down the complex GDPR regulation for our audience as the compliance date of May 25th quickly approaches. Dr. Wynn goes over what companies are subject to GDPR regulation and offers some suggestions on what the C-Suite should be asking themselves about their own preparation for GDPR compliance. Dr. Wynn also explains bundled consent, active consent, and reviews exactly what types of data that are subject to the new General Data Protection Regulation.
Dan Raywood is the Contributing Editor for Infosecurity Magazine. He was a journalist covering IT and information security for five years from 2008 to 2013 for SC Magazine, and between September 2013 and April 2015 he was the relaunch editor of IT Security Guru where he interviewed CISOs, users and vendors from across the world. Having spent six months as a security industry analyst for 451 Research, he is currently the contributing editor of the industry's most read magazine and website Infosecurity Magazine, heading up the audio channel, twice-annual Virtual Conference and contributed content. Dan on LinkedIn - Dan Raywood Dan on Twitter - @DanRaywood Infosecurity Magazine Website - Infosecurity Magazine Don't forget, to get in touch with me either try the contact page of the site or follow me on Twitter, where I can be found at @Jenny_Radcliffe SaveSave
George Rettas talks about Cyber Security at the Super Bowl, gives some data security pointers in recognition of Data Privacy Day in America, and then is joined by special guest Dr. Rebecca Wynn where they discuss Woman in Cyber Security and the successes, failures, and challenges around efforts to secure confidential data across organizations in all the critical infrastructures. Dr. Wynn was named the 2017 Cyber Security Professional of the Year sponsored by the Cyber Security Excellence Awards, and she was also awarded SC Magazine's Chief Privacy Officer of the Year Award in 2017. Dr. Wynn is an inspiration to thousands of women in Cyber Security and the broader technology space and has been published dozens of times on various different topics in the Cyber Security field.
Caroline Wong, Paula Thrasher and I were having lunch at DevOps Enterprise Summit when the conversation took an interesting turn. Paula and Caroline had been on a panel the previous day and didn't get a chance to do a deep dive into any of the topics. As we were talking at lunch, I realized is was a good opportunity to give them a chance to talk with each other on government vs public software security, about how the OWASP Top 10 might best be used and to they have discovered as common security patterns in their large scale projects. About Caroline Wong I am a strategic leader with strong communications skills, cybersecurity knowledge, and experience delivering global programs. My close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. I have been featured as an Influencer in the Women in IT Security issue of SC Magazine, named as one of the Top 10 Women in Cloud by CloudNOW, and received a Women of Influence Award in the One to Watch category from the Executive Women's Forum. I authored the popular textbook Security Metrics: A Beginner's Guide. About Paula Thrasher Paula Thrasher has 20+ years experience in IT and has spent the last 15 years trying to implement Agile culture in the federal government. Paula’s first Agile project was in 2001, since then she has led over 15 programs and projects as an Agile developer, technical lead, Scrum master, or Agile coach. Her teams have helped two separate federal agencies migrate applications to Amazon AWS GovCloud, and done some other amazing DevOps ninja work along the way. Paula is a proud Carnegie Mellon University alumna with a B.S. in Statistics, is a Certified Scrum Master (CSM) and a Project Management Professional (PMP), but prefers learning new things through experience and working with smart people.
The WannaCry virus hit over 200,000 computers in over 150 countries in a matter of days. While WannaCry spread quickly, it had some fatal flaws that prevented it from doing a lot more damage. However, these flaws will soon be fixed - Round 2 of this virus is already upon us. I speak with Michael Kaiser from the National Cyber Security Alliance to find the lessons we need to learn and what we need to do to protect ourselves from the next generations of this nasty malware. We also take a good look at who might be to blame for all of this and some thorny issues exposed by this attack. In other news, I’ll tell you how to find out if your HP laptop might be logging all of your keystrokes and how to fix it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b Additionally Important: 10% off your first domain name order! https://www.hover.com/welcome/Firewalls HP key logger: https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/ Got ransomware? Go here before paying! https://www.nomoreransom.org/ Start With Security: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business Dept Homeland Security C-Cubed: https://www.dhs.gov/ccubedvp
Advanced Smartphone Forensics courses (https://www.sans.org/course/advanced-smartphone-mobile-device-forensics) . Her extensive experience has given her both the real-world experience and the foundation in training that it takes to excel in the mobile forensics field and share her knowledge with others. Throughout her career, Cindy has always looked for opportunities to help in meaningful ways. In one notable case, experts spent a year trying to unlock the phone of a 16-year-old girl who was killed in a tragic traffic accident. As the family prepared to spread the girl's ashes in a ceremony a year after her death, Cindy was given the victim's locked phone. She was able to unlock it, enabling the family to see their daughter's last photos. The family sent Cindy a thank you note that said: "We so appreciate this opportunity you've given us to hold onto a piece of our daughter's life we were sure was lost to us." This is just one example how digital forensics, and a good examiner, can have a tremendously positive impact in peoples lives. Cindy has also developed the " 2016 Women of Influence in IT Security by SC Magazine (https://www.scmagazine.com/women-of-influence/article/530276/5/) . She is also one of the nicest and most approachable people in the cyber security and digital forensic industry. In this interview we discuss starting digital forensics in law enforcement, how she started with mobile forensics in the early 2000's, moving from law enforcement to the private sector, the concerns she has with mobile phones, mobile malware, recruiting and retaining women in DF/IR, developing SANS mobile forensics courses, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Cindy: LinkedIn (https://www.linkedin.com/in/detectivecindymurphy) Twitter (https://twitter.com/CindyMurph) Gillware Digital Forensics (https://www.gillware.com/forensics/) SANS (https://www.sans.org/instructors/cindy-murphy)
Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at Top 10 Computer Forensics Professors, by Forensics Colleges (http://www.forensicscolleges.com/blog/profs/10-top-computer-forensics-professors) . He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York. For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he serves as Second Vice President of the HTCIA Northeast. Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “ A Practical Guide to Computer Forensics Investigations (https://www.amazon.com/gp/product/B012HTZ8BC/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B012HTZ8BC&linkCode=as2&tag=cybersecur030-20&linkId=90fb74422660e0aeef62fcf9a1afe338) ”. Darren has appeared on numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy. In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Darren: LinkedIn (https://www.linkedin.com/in/darren-hayes-05b8517) Twitter (https://twitter.com/CyberOSINT) Pace University (http://csis.pace.edu/~dhayes/) A Practical Guide to Computer Forensics Investigations (https://www.amazon.com/gp/product/B012HTZ8BC/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B012HTZ8BC&linkCode=as2&tag=cybersecur030-20&linkId=90fb74422660e0aeef62fcf9a1afe338)
Intro / Outro The Weeknd - Wicked Games https://www.youtube.com/watch?v=O1OTWCd40bc&feature=youtu.be Hackers Can Disable a Sniper Rifle—Or Change Its Target http://goo.gl/7W5zT7 This Hacker’s Tiny Device Unlocks Cars And Opens Garages http://goo.gl/hxfF5J This Gadget Hacks GM Cars to Locate, Unlock, and Start Them http://goo.gl/NjHmHZ Researchers Hacked a Model S, But Tesla’s Already Released a Patch http://goo.gl/kQApZx New vulnerability can put Android phones into permanent vegetative state http://goo.gl/4esGxa Can they hear you now? Hacking Team & SS7 http://goo.gl/88eNnk Researchers look sideways to crack SIM card AES-128 encryption http://goo.gl/CSKRdH Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op’ http://goo.gl/rYvzQz Windows 10 is spying on you - at least that's what this developer thinks http://goo.gl/Hv9hTl Disable KeyLogger Windows 10 https://goo.gl/Jb7Yym fix windows 10 https://fix10.isleaked.com/ Windows 10 updates to be automatic and mandatory for Home users http://goo.gl/nxvsbs Researchers claim they’ve developed a better, faster Tor http://goo.gl/39CPkJ 950 million Android phones can be hijacked by malicious text messages http://goo.gl/KsWnjJ First Known Exploit of Apple DYLD_PRINT_TO_FILE Vulnerability Discovered in the Wild http://goo.gl/sRsU0Z Ashley Madison invites red-faced cheats to bolt stable door for free http://goo.gl/NP4pB6 Захист урядового порталу від Ddos-атак коштуватиме півмільйона http://goo.gl/QlC4T5 Mt.Gox Bitcoin Exchange CEO Arrested by Japanese Police https://goo.gl/p0VaXq Chinese VPN Service as Attack Platform? http://goo.gl/crRbYx 再探Stagefright漏洞——POC与EXP http://drops.wooyun.org/papers/7557 Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware http://goo.gl/SSpJS1 Exclusive: Visa application portal closed following SC Magazine investigation http://goo.gl/k7jK8Q Rapid7 Inc (NASDAQ:RPD) https://www.google.com/finance?cid=26424354816105 What amateurs can learn from security pros about staying safe online http://goo.gl/LUySXn Телеком-регулятор проголосовал за лишение абонентов мобильной связи анонимности http://goo.gl/iCNnYP Внимание! Крутое мошенничество с картами «ПриватБанка»! http://goo.gl/X5DOsN
Slides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Kouns-Eiram/DEFCON-22-Kouns-Eiram-Screw-Becoming-A-Pentester-Bug-Bounty-Hunter-UPDATED.pdf Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! Jake Kouns CISO, RISK BASED SECURITY Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter! Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble? Ultimately, we’ll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting. Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the OSVDB.org and DataLossDB.org. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, FIRST, CanSecWest, SOURCE and SyScan. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT. Twitter: @jkouns Carsten Eiram is the Chief Research Officer of Risk Based Security and previously worked 10 years for Secunia, managing the Research team. Carsten has a reverse engineering background and extensive experience in the field of Vulnerability Intelligence, referring to himself as a vulnerability connoisseur. He has deep insights into vulnerabilities, root causes, and trends, and is also an avid vulnerability researcher, having discovered critical vulnerabilities in high-profile products from major vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Blue Coat, and Trend Micro. Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec, as well as keynoting Defcamp 2013. He is also a regular contributor to the "Threat of the Month" column in SC Magazine, a credited contributor for the "CWE/SANS Top 25 Most Dangerous Software Errors" list, and member of the CVE Editorial Board and FIRST VRDX-SIG. Twitter: @CarstenEiram
Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this work, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.This work was presented at the USENIX Workshop On Offensive Technologies (WOOT) in July, 2008. Subsequently, several online press venues have covered it, including The Washington Post, SC Magazine, and Herald Times. About the speaker: Minaxi Gupta is an Assistant Professor in the Computer ScienceDepartment at Indiana University (Bloomington). She joined IU afterfinishing her Ph.D. in Computer Science from Georgia Tech in 2004.Gupta's research interests are in Computer Networks and Security. Sheis currently working on understanding Internet's vulnerabilities andhow attackers are using them to their advantage, especially in thecontext of phishing. Her other research focus is on re-architectingthe Internet. Gupta is the recipient of the prestigious TrusteesTeaching Award (2007-2008) and Outstanding Junior Faculty Award(2006-2007) from Indiana University.