Podcasts about secure mentem

In this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security  What we can learn from safety science  How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the founder of Secure Mentem and Chief Information Security Officer at Skyline Technology Soutions. He is the author of seven books on security, the latest of which is You Can Stop Stupid (discussed in this episode). He also has a new book in the works, Security Awareness for Dummies, which will be available in 2022.

While users are responsible for initiating 90%+ of losses, it is not their fault. The entire system is what enables the losses, and the entire system must be designed to prevent them. Drawing lessons from safety science, counterterrorism, and accounting, this presentation details how to expect and stop user initiated loss. About the speaker: Ira Winkler, CISSP, is the President of Secure Mentem and Author of the forthcoming books You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world's most influential security professionals and was named "The Awareness Crusader" by CSO magazine in receiving their CSO COMPASS Award.

It's a BarCode NCSAM/ HALLOWEEN special, where I speak with established author and iconic security professional who is no stranger to disguises, deception and duplicity - Ira Winkler! We discuss security awareness, his time in the NSA, Secure Mentem, his new book "You CAN Stop Stupid", and some of his insane espionage expeditions that make James Bond look like 006. The virtual bartender social engineers a scary good Dracula Margarita.

Information security is not just technical. There is a human aspect involved and fixing that is more than just identification and awareness. Our guest today is Ira Winkler. Ira is the president of Secure Mentem and the author of the book You Can Stop Stupid. He is referred to as the modern-day James Bond, given his skills both physically and technically in infiltrating organizations.  Today, Ira shares with us many of his personal and professional experiences in the area of cybercrime. His valuable tips and information can change how you look at potential threats and scams. He is an expert in how to make people easy prey and how to prevent people from being easy prey.  Show Notes: [0:51] - Ira graduated college as a psychology major and the only job he could get at that time was in the National Security Agency. This led him into the computer field within the military. [1:31] - He always wound up working on the human side of things. [3:03] - Ira shares his background and how he became a world-renowned penetration expert, which is a fancy name for a hacker. [5:21] - The way you break something is not the way you fix it. This is an important concept when looking at psychology. [7:01] - Psychology helps Ira exploit others but it is also important to understand when helping them. [7:55] - Telling someone the problem and then telling them not to fall for a scam doesn’t work. [8:50] - Ira and Chris discuss the recent Twitter hacks. Ira says that in this situation, anyone could have done what the hacker did because it was easy. You just have to have the questionable ethics and morals to do it. [9:41] - A lot of times, hackers and criminals are hired in various agencies including government and law enforcement because of their skills. Ira says this is very backwards and gives examples why this is “horrendous.” [11:58] - How do we get people to not fall for various types of scams? Ira says it is a very multi-layered process and gives a few examples of what can be done. [13:02] - Ira uses a comparison with terrorism attacks and how we can use that knowledge to help us protect ourselves, plan for a problem, and how to respond. [15:59] - A lot of sites other than banks and credit card companies are putting in security measures to keep people safe. But a lot of people get annoyed by security protection’s inconvenience. [17:15] - In general, most people use the same password across multiple accounts. If one user ID and password is compromised then the others are as well. [18:32] - Ira uses the real moral of the story of The Wizard of Oz: You have what you are looking for, you just don’t know it or how to use it. This is applicable to security. You have what you are looking for, but you aren’t using it. [21:38] - People have to stop being offended when people put security mechanisms in place. [23:10] - Something that bothers Ira is when real credit card companies are calling and ask for points of verification like social security numbers. This is exactly what scammers do and when real companies do this, it is hard to tell the difference. [25:43] - If somebody is injured, it is the fault of the system where the user exists. Somewhere they enabled the user to put themselves in a situation to allow them to be harmed. [27:42] - Sometimes bad grammar and poorly written scams is actually a filtering feature for scammers to filter out the people who are too smart to fall for it. Even a small percentage of people falling for a scam is still money in the criminal’s pocket. [28:44] - We need better infrastructure to protect organizations and individuals because these events cause so much money to be lost. [29:46] - Anyone who tells you there can be perfect security is either a fool or a liar. [30:19] - Anytime you have the option to add two-factor authorization, take it! Yes, it is annoying, but the consequences of not utilizing it are far more annoying in the end. [32:11] - Ira shares a story about when there was suspicious activity on his bank account. He saw the pattern and told the bank that he would work with them and law enforcement because he does this for a living. They “made a note of it,” and didn’t really do anything to stop the problem. [35:14] - Ira references a movie called Focus that is about scams, social engineering, and con-artists. [37:21] - You have to admire the minds of these criminals and the lengths they’ll go to manipulate and take advantage. [38:10] - You need to respect your potential adversaries. [39:00] - Chris and Ira discuss why the United States is different from other countries in regards to using the combination of cards and signatures versus cards and a PIN. [40:24] - How much risk can you assume as a culture? [42:13] - Chip and PIN is risk mitigation, but how much risk is it actually mitigating? [43:10] - You Can Stop Stupid, Ira’s book, is about how stupid is an effect, not a cause. It outlines what you can do now and how you respond to a problem. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Ira Winkler on LinkedIn Ira Winkler on Twitter Secure Mentem Web Page You Can Stop Stupid by Ira Winkler      

      It tells me that goose-stepping morons like yourself should try reading books instead of BURNING them  -- Henry Jones, Sr – Indiana Jones and the Last Crusade     If you like my opinions, you'll love my latest book. If youdon't like my opinions, I encourage you to buy 3 copies of the book, so you have the satisfaction of burning them.   -- Ira Winkler - LinkedIN     On this week’s InSecurity, Matt Stephenson speaks with Ira Winkler, president of Secure Mentem and author of multiple books, including You CAN Stop Stupid. We take a frank look at the people and systems involved in the world of cybersecurity and look to point out what is stupid about all of it and what can be done to stop stupid behavior and fix stupid systems.     About Ira Winkler     Ira Winkler (@irawinkler) is President of Secure Mentem and Author of the forthcoming books, You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world’s most influential security professionals and was named “The Awareness Crusader” by CSO magazine in receiving their CSO COMPASS Award. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. He and his work have been featured in a variety of media outlets including CNN, The Wall St Journal, USA Today, San Francisco Chronicle, Forbes, among other outlets throughout the world. Ira began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. He has also served on the graduate and undergraduate faculties of the Johns Hopkins University and the University of Maryland.      About Matt Stephenson       Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe.   I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know...   Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...   Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts, and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

As it turns out, the weakest link in any cybersecurity solution is…us. More than ever, hackers are using a variety of social engineering scams designed to fool people into giving up personal information voluntarily. So how do you protect us from ourselves? Join hosts Britta Glade and Hugh Thompson and their guests Ira Winkler of Secure Mentem and Lance Hayden of Elligo Health Research for a wide-ranging discussion on what to do about the human problem, including establishing protocols, creating a Human Security Officer position and more.

Ira Winkler is the Author and President of Secure Mentem, a company dedicated to the human aspects of security. He consults to some of the largest corporations in the world. Before joining the private sector, Ira began at the National Security Agency, where he performed in a wide variety of positions for US and foreign intelligence agencies. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

Ira Winkler is the Author and President of Secure Mentem, a company dedicated to the human aspects of security. He consults to some of the largest corporations in the world. Before joining the private sector, Ira began at the National Security Agency, where he performed in a wide variety of positions for US and foreign intelligence agencies. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

Ira Winkler of Secure Mentem joins us. In the news, how to hire remote employees effectively, the periodic table of security startups, why no business is bulletproof, and more!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://www.securityweekly.com for all the latest episodes!

Ira Winkler is the Author and President of Secure Mentem, a company dedicated to the human aspects of security. He consults to some of the largest corporations in the world. Before joining the private sector, Ira began at the National Security Agency, where he performed in a wide variety of positions for US and foreign intelligence agencies. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

Ira Winkler of Secure Mentem joins us. In the news, how to hire remote employees effectively, the periodic table of security startups, why no business is bulletproof, and more!Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33 Visit http://www.securityweekly.com for all the latest episodes!

Matt is a long time volunteer of BruCON and is going to let us know all the great things in store for 2013. Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally, and has been named a "Modern Day James Bond" by the media.

Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally, and has been named a “Modern Day James Bond” by the media.