POPULARITY
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Julie Chatman. Julie is a distinguished cybersecurity executive with nearly two decades of experience in cybersecurity strategy, risk management, and AI governance. She began her career in the U.S. Navy, serving on active duty as a Hospital Corpsman specializing in Medical Laboratory Science & Technology. Her transition into cybersecurity began at the FBI, where strong mentorship shaped her approach to leadership, problem solving, and talent development. She currently serves as the Deputy Chief Information Security Officer for Finance at the Virginia Information Technologies Agency (VITA), where she is focused on driving risk reduction across state agencies. The role is part of a strategic engagement through her company, ResilientTech Advisors. Julie leads CyberPath Coaching, where she draws on her experience as an active CISO to mentor cybersecurity professionals, accelerate their growth, and prepare them for executive roles. She works with individuals breaking into the field, mid-career professionals, aspiring CISOs, and cybersecurity entrepreneurs. [May 19, 2025] 00:00 - Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:03 - Julie Chatman Intro 03:14 - A Hungry Brain 04:25 - We Are Mushroomed 05:54 - Being an Enabler 10:13 - Speak Their Language 13:33 - Assigning Responsibility 16:05 - A Tool, Not a Replacement 20:35 - Career Challenges 22:40 - Strategic Empathy 23:46 - Setting Boundaries 24:15 - Narrative Control 25:38 - Staying Positive 29:39 - The Target is the Same 32:09 - Book Recommendations - World War Z - Max Brooks 33:20 - Mentors - MB Kinder - Martha Williams 35:14 - Find Julie Chatman Online - Website: cyberpathcoaching.net - LinkedIn: linkedin.com/in/julie-chatman-mba-infosec 35:54 Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
Craig Taylor is the founder and CEO of CyberHoot a security awareness company that focuses on positive reinforcement and gamification. Craig studied psychology and used that knowledge when creating CyberHoot, which he offers for free. Craig also set up a challenge specifically for listeners of the Layer 8 Podcast, if you'd like to test your ability to identify a phish and the parts of a phish quickly. It's even free! You can try that out here: https://cps.cyberhoot.com/hootphish-challenge/?hash=65199056c6edbc93f2755078a5b15743 There will be a leaderboard, and you can check your status on the leaderboard here: https://cps.cyberhoot.com/hootphish-challenge/shared-results/?hash=8b7f346b97c7dd027215d741f0ae36fb This free challenge will end on May 31, 2025.
New breach reports show threat actor dwell times are dropping significantly. It’s a positive development, but there is a caveat. We discuss this caveat and other findings from the 2025 editions of the Verizon Data Breach Investigations Report and the Google M-Trends Report. We also get highlights from the 2025 RSA Conference, and JJ gets... Read more »
New breach reports show threat actor dwell times are dropping significantly. It’s a positive development, but there is a caveat. We discuss this caveat and other findings from the 2025 editions of the Verizon Data Breach Investigations Report and the Google M-Trends Report. We also get highlights from the 2025 RSA Conference, and JJ gets... Read more »
In der Hotellerie stehen die Wünsche der Gäste an erster Stelle, auch wenn sie via unsicherem Link übermittelt werden. Gleichzeitig ist die IT-Infrastruktur sehr komplex und die Fluktuation der Mitarbeitenden hoch. Sascha Maier, CISO der SV Group, gibt einen Einblick, wie er in diesem herausfordernden Umfeld, die Sicherheitskultur fördert. Mit Marcus und Katja diskutiert er, welche Rolle dabei Empathie für den Arbeitsalltag sowie die Führungskräfte spielen, wogegen sich die Hotelbranche gerade besonders schützen muss und wie man die richtigen Ninjas auswählt. Sascha auf Linkedin: https://www.linkedin.com/in/sascha-maier-a624814/ SV Group: https://sv-group.com/de/schweiz Die erste Folge vom Security Awareness Insider Podcast mit Sascha: https://www.securityawarenessinsider.ch/e/preisgekronte-security-awareness-praxis/ SRF Espresso Folge zum Thema Booking.com Betrug: https://www.srf.ch/audio/espresso/fieser-booking-betrug-wenn-sich-das-hotel-per-whatsapp-meldet?id=AUDI20250326_RS_0006 Artikel zu Awarenessthemen in der Hoteleriebranche: ÖHV startet Cyber-Security-Offensive für Hotels HDV-Herbsttagung 2024: Hoteliers treffen sich in Mannheim - CIM – Fachmagazin der Eventbranche Schützen Sie Ihren Betrieb vor Cyberattacken - HotellerieSuisse Take Aware in Wuppertal: https://take-aware-events.com/events/take-aware-2025-wuppertal
Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online - LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors - Shawn Edwards - Jay Leek 27:02 - Book Recommendations - R. E. Lee: A Biography - Douglas Southall Freeman 29:34 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
SUMMARYGraham Gold, co-author of the Microsoft Cybersecurity Architect Exam, discusses extensive background in IT, the relevance of cybersecurity architecture in cloud environments, and the evolving landscape of cybersecurity practices.Key topics include the importance of identity management, the challenges of hybrid cloud environments, and strategies for assessing and improving security in cloud applications.The conversation emphasizes the need for visibility, risk management, and a proactive approach to cybersecurity. Moreover Graham Gold discusses critical aspects of modern security architecture, emphasizing the importance of least privilege, segregation of duties, and the roles of SIEM and SOAR in enhancing security operations.He highlights the necessity of automation in security processes to keep pace with the rapid changes in cloud environments.The discussion also covers the state of security awareness in financial services, navigating compliance in the cloud, budgeting for security investments, and the shared responsibility model in cloud security.Finally, Graham provides insights on preparing for the SC-100 exam and his future endeavors in the field of security.CHAPTERS(00:00:00) INTRO (00:00:40) Introduction to Cybersecurity Architecture (00:03:57) Understanding Microsoft Certification Levels (00:05:52) The Relevance of Cybersecurity in Cloud (00:08:03) Shifts in Cybersecurity Architecture with Cloud (00:11:11) Identity as the New Perimeter (00:15:59) Challenges in Hybrid Cloud Environments (00:20:05) Making Sense of Data in the Cloud (00:24:57) Assessing Security in Cloud Environments (00:31:36) Implementing Defense in Depth Strategies (00:33:10) Understanding Least Privilege and Segregation of Duties (00:33:38) The Role of SIEM and SOAR in Security Architecture (00:36:01) Automation in Security Operations (00:38:36) The State of Security Awareness in Financial Services (00:40:39) Navigating Compliance in the Cloud (00:43:22) Budgeting for Security: Prioritizing Investments (00:50:38) The Shared Responsibility Model in Cloud Security (00:53:35) Preparing for the SC-100 Exam and Future Insights
Today we are celebrating our 300th episode! Chris will be joined by some friends as he discusses how the podcast got started - back in 2009, how it has evolved, including the creation of multiple series, and the direction for the future. [April 14, 2025] 00:00 - Intro 00:22 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:45 - Social-Engineer Origin Story 03:59 - The Human Element Series 05:34 - The Security Awareness Series 06:03 - The Doctor Is In Series 06:12 - The SE ETC. Series 06:28 - The 4th Monday Series 07:05 - The Future 07:43 - Amanda Drops By 08:35 - Ooof! 09:12 - SE Trivia 13:17 - A Video Celebration! 21:16 - Neil Fallon Drops By 52:50 - Wrap Up 53:56 - Outro - www.social-engineer.com - www.innocentlivesfoundation.org
BONUS: AI and Cybersecurity - An Introduction to The Hidden Threats in Our Connected World with Dr. Eric Cole In this BONUS episode, we explore the evolving landscape of cybersecurity in the age of artificial intelligence. Dr. Eric Cole, a renowned cybersecurity expert and author of Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World, shares critical insights about how AI is transforming security strategies. From the privacy concerns of our always-connected devices to practical tips for protecting your business and personal information, this conversation offers essential knowledge for navigating our increasingly digital world. The Double-Edged Sword of AI in Cybersecurity "We are giving away our IP, our data, and our privacy. The data set is what gives value to AI." The rise of artificial intelligence presents both opportunities and serious risks in the cybersecurity landscape. Dr. Cole emphasizes that while many focus solely on AI's benefits, we often overlook the fact that we're surrendering vast amounts of our sensitive information, intellectual property, and private data to AI providers. This data becomes the foundation of AI's value and capabilities, creating a significant privacy concern that many organizations fail to properly address. As we embrace these new technologies, we must carefully consider what information we're willing to share and what safeguards should be in place. Modern Attack Vectors: The Human Element "Attacks today are mostly social engineering. We end up having to retrain people to not trust their email." Today's cybersecurity threats have evolved beyond traditional technical exploits to focus primarily on social engineering—manipulating people into compromising their own security. Dr. Cole explains that modern attackers increasingly target the human element, requiring organizations to fundamentally retrain employees to approach communications with healthy skepticism. Particularly concerning are mobile threats, as our phones constantly record audio and other personal data. Dr. Cole warns that "free" apps often come with a hidden price: your privacy and security. Understanding these attack vectors is essential for developing effective defense strategies in both personal and professional contexts. Cybersecurity as a Business Enabler "Security is not a barrier, not an obstacle. Cybersecurity is a business enabler." Dr. Cole challenges the common perception that security measures primarily restrict functionality and impede business operations. Instead, he reframes cybersecurity as a critical business enabler that should be integrated into strategic decision-making. Organizations need to make deliberate decisions about the tradeoffs between security and functionality, understanding that proper security measures protect business continuity and reputation. Dr. Cole particularly warns about supply chain attacks, which have become increasingly prevalent, and emphasizes that awareness is the foundation of any effective protection strategy. He recommends centralizing data for easier security management and advises that client devices should minimize storing sensitive data. Mobile Phones: The Ultimate Tracking Device "You don't go anywhere without your cell phone. Your cell phone is never more than a foot from you it's with you wherever you go... which means if somebody wants to track and monitor you they can." We often worry about theoretical tracking technologies while overlooking the sophisticated tracking device we voluntarily carry everywhere—our mobile phones. Dr. Cole points out the irony that people who would never accept being "chipped" for tracking purposes willingly keep their phones within arm's reach at all times. These devices record our locations, conversations, messages, and activities, creating a comprehensive digital trail of our lives. With access to someone's phone, anyone can trace their movements for months and access an alarming amount of personal information. This risk is compounded when we back up this data to cloud services, effectively giving third parties access to our most sensitive information. Understanding these vulnerabilities is the first step toward more mindful mobile security practices. Business Opportunities in the Security Space "We have too much information, too much data. How can we use that data effectively?" The cybersecurity landscape presents significant business opportunities, particularly in making sense of the overwhelming amount of security data organizations collect. Dr. Cole identifies data correlation and effective data utilization as key investment areas. Modern security systems generate vast quantities of logs and alerts, but transforming this raw information into actionable intelligence remains a challenge. Companies that can develop solutions to effectively analyze, correlate, and extract meaningful insights from security data will find substantial opportunities in the market, helping organizations strengthen their security posture while managing the complexity of modern threats. Essential Training for Security-Conscious Developers "Go for secure coding courses. This helps us understand how software can be exploited." For software developers looking to build more secure applications, Dr. Cole recommends focusing on penetration testing skills and secure coding practices. Understanding how software can be exploited from an attacker's perspective provides invaluable insights for designing more robust systems. By learning the methodologies and techniques used by malicious actors, developers can anticipate potential vulnerabilities and incorporate appropriate safeguards from the beginning of the development process. This proactive approach to security helps create applications that are inherently more resistant to attacks rather than requiring extensive security patches and updates after deployment. About Dr. Eric Cole Dr. Eric Cole is the author of "Cyber Crisis, Protecting Your Business from Real Threats in the Virtual World." He is a renowned cybersecurity expert with over 20 years of experience helping organizations identify vulnerabilities and build robust defense solutions against advanced threats. He has trained over 65,000 professionals worldwide through his best-selling cybersecurity courses and is dedicated to making cyberspace a safe place for all. You can link with Dr. Eric Cole on LinkedIn, or visit his company's website Secure-Anchor.com.
On today's episode, we're going even deeper into my stalker situation. I'll be sharing more details about his delusional tendencies—including how he's gone as far as pretending to be a police officer to manipulate and control people (which is a crime, by the way). I'll also be answering the questions I've received from you all about this ongoing situation.Law enforcement is now more involved (actual police, not to be confused with blue light bandits), we know everything, and we'll be handling it all legally. Tune in for the full update.—https://policecoffee.com/?gad_source=1&gbraid=0AAAAACG7qmJnibJBpoe9p7ReNXovwJMQN&gclid=Cj0KCQjwqIm_BhDnARIsAKBYcmsZOengz4NFStC14G_b2eziJgYpA8kGt2sokaR9i3PcTxs0QmcaPosaAtbGEALw_wcB
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Roy Luongo. Roy is the Chief Information Security Officer for the United States Secret Service. He leads a team in the defense and information assurance of all USSS information systems and solutions. Prior to his current role he was the Director, Joint Mission Operations Center for Cyber Command, providing oversight of mission critical Cyber Operations infrastructures. He has also served as Chief, NSA Red Team and Technical Director for Interactive Operations for the NSA. Roy is a retired Army soldier with 20 years' service within the Intelligence and Cyber career fields. [March 17, 2025] 00:00 - Intro 00:17 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 01:55 - Roy Luongo Intro 02:44 - The Path to CISO of the Secret Service 04:58 - Cybersecurity in Early Education 07:50 - The Entry Level Catch-22 12:24 - Quantifying Risk 14:27 - The Best Way Forward 16:51 - The Effects and Future of AI 20:06 - Understanding Your Needs 22:11 - Advise to Young Roy 24:56 - The Cost of Training 29:01 - Mentors - Ed Skoudis - Brigadier General Brian D. Vile - Shawn Turskey 29:55 - Lollipop Moments - TEDxToronto - Drew Dudley "Leading with Lollipops" 31:33 - Book Recommendations - Cybersecurity Canon - Rick Howard - Kingpin - Kevin Poulsen - Turn the Ship Around! - L. David Marquet 33:49 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Unveiling Cyber Security Insights with David Shipley: The Truth Behind Phishing and Technology Bias Join Jim Love and cybersecurity expert David Shipley in this insightful episode of 'Cyber Security Today.' They delve into the realities of phishing in the workplace, revealing surprising data about email filter leakage rates and the critical role of human behavior in cybersecurity. Discover the importance of balanced security training, the dangers of over-reliance on technology, and the psychological biases that can compromise your organization. Gain actionable insights and learn how to benchmark your cybersecurity efforts effectively. 00:00 Introduction to Cybersecurity Today 00:10 The Fascination with Science and Truth 00:31 Heroes and Influences 00:47 The Reality of Tech Research 01:43 Phishing Email Statistics 03:52 Technology Bias in Cybersecurity 07:30 The Importance of Security Awareness 15:02 Effective Training Strategies 20:53 Optimism Bias and Security 21:57 Exploring Popular Courses and Their Impact 23:33 Understanding Phishing Metrics: Click Rate and Report Rate 26:28 The Importance of Post-Click Report Rate 31:39 Analyzing Industry Trends in Phishing 35:00 Key Takeaways and Future Directions 39:29 Accessing the Annual Report and Final Thoughts
Neue Folge, neuer Host. Heute spricht Dr. Christian Reinhardt mit Walter Hölblinger, Global Head of IT bei Rosenberger Hochfrequenztechnik. Gemeinsam diskutieren sie die Herausforderungen der IT-Sicherheit in einem global agierenden Unternehmen. Walter erklärt, wie Security-Maßnahmen weltweit einheitlich und dennoch flexibel gestaltet werden können und welche Rolle kulturelle und regionale Unterschiede in der Security-Awareness spielen. Zudem spricht er über die Bedeutung von Kommunikation für CISOs und teilt seine Erfahrungen aus der Praxis. Wie gelingt es, Security-Strategien international umzusetzen? Welche Rolle spielt der Human Factor in der IT-Sicherheit? Und welche Erfolgsfaktoren sind für CISOs entscheidend? Diese und weitere Fragen stehen im Mittelpunkt der neuen Folge des Human Firewall Podcasts.
In this episode of "The Free Lawyer," host Gary converses with Sonal Chandler, founder and CEO of Minerva Consulting, about the critical importance of cybersecurity for small to mid-sized law firms. They discuss common vulnerabilities such as weak passwords and lack of multi-factor authentication, emphasizing the need for a cultural shift towards security awareness. Sonal provides practical steps for protecting client data and integrating AI into legal practices. The episode underscores the significance of training, risk management, and fostering a supportive environment for cybersecurity initiatives, aiming to help law firms navigate the evolving digital landscape confidently.Sonal Chandler is the Founder and CEO of Minerva Consulting, a WBENC-certified consulting firm that helps small to mid-sized organizations with: Cyber risk management and compliance AI readiness & integrationThrough Minerva Consulting, Sonal provides fractional vCISO services, including risk assessments, information security program development, and compliance readiness. The firm also conducts Intro to AI workshops and helps businesses embrace AI to drive efficiency and innovation.With experience spanning Fortune 500 companies, boutique consulting firms, and startups, Sonal takes a business-focused approach to cybersecurity and AI, ensuring organizations can implement these technologies without unnecessary complexity.Beyond her consulting work, she hosts Minerva Meets, a podcast exploring the intersection of business, cybersecurity, and AI, and shares insights through her blog, Mind Spark.Cybersecurity Vulnerabilities in Law Firms (00:01:14)Creating a Culture of Security Awareness (00:03:03)Practical Steps for Protecting Client Data (00:04:41)Importance of Cybersecurity (00:05:45)Building Information Security Programs (00:06:53)Challenges of Digital Transformation (00:08:18)Transforming a Law Firm's Cybersecurity Approach (00:10:43)Addressing Remote Work Security Challenges (00:15:53)Integrating AI into Law Practices (00:17:32)Balancing Efficiency and Ethical Obligations (00:20:27)Creating a Culture of Cybersecurity Awareness (00:22:04)Advice for Overwhelmed Lawyers (00:23:48)Setting Clear Objectives (00:24:50)Choosing the Right Solutions (00:25:47)First Steps in Cybersecurity (00:26:06)Would you like to learn more about Breaking Free or order your copy? https://www.garymiles.net/break-free Would you like to schedule a complimentary discovery call? You can do so here: https://calendly.com/garymiles-successcoach/one-one-discovery-call
In the first installment of the SMB SME Series, phishing awareness training SME Cary Johnson discusses the need for third-party audits of security awareness programs. As he noted in a recent LinkedIn post https://www.linkedin.com/posts/activity-7293297179073392644-dJ6P/ "Cybersecurity awareness programs will never truly be effective if we continue to let vendors measure the performance of their own products. A common industry complaint is that many vendor tools and programs prioritize compliance but don't drive real behavioral change. Why? Because we're allowing these vendors to control the narrative by providing the performance metrics for their own product."Join us as we unpack this important issue. You may never look at phishing programs the same.
Fred Burton sits down with Frank Cannon, a seasoned security professional and renowned academic, to explore the importance of fostering a culture of behavioral-based security awareness. Frank shares actionable insights on how to move beyond the "tick-the-box" approach to create a security-first mindset that aligns with both physical and digital safety. Tune in to hear why security isn't just a task, but a behavior embedded in every aspect of organizational life.You'll learn:How to embed a proactive security culture across physical and digital domainsPractical steps to shift from compliance-focused security to meaningful employee engagementUniversal principles for behavioral-based security in corporate and personal settingsSign up for our monthly newsletter here.
Die Schweizerische Bundesbahn (SBB) hat ca. 35'000 Mitarbeitende, 150 verschiedene Berufsgruppen und kommuniziert auf Deutsch, Französisch und Italienisch - eine spannende Umgebung für Verantwortliche für Awareness und Kulturentwicklung wie Manu Alexander. Der Fachexperte für Konzernsicherheit gibt einen Einblick in das aktuelle Programm, selbstentwickelte Tools, den Escape Room uvm. Manu spricht mit Marcus und Katja über Techie-Weltsichten, Japan und wirklich coole Ideen. Manu Alexander auf Linkedin: https://www.linkedin.com/in/manu-alexander/ Übersicht über alle Rhetorik Clubs von Toastmasters International in der Schweiz: https://www.rhetorikclubs.ch/alle-toastmasters.php Rhetorik Club Zürich (Hier ist Manu Mitglied) https://rczh.ch/ Fachausbildung Digital Collaboration Specialist: https://www.ict-berufsbildung.ch/weiterbildung/fachausweis/digital-collaboration-specialist?gad_source=1 Kurs auf edx.org über Hongkong Filme (The University of Hong Kong): https://www.edx.org/learn/film/university-of-hong-kong-hong-kong-cinema-through-a-global-lens-quan-qiu-hua-xia-de-xiang-gang-dian-ying Kurs auf edx.org über Städte (Harvard University) https://www.edx.org/learn/urban-planning/harvard-university-citiesx-the-past-present-and-future-of-urban-life Talk von Manu am Swiss Security Awareness Day 2024: https://switch.mediaspace.cast.switch.ch/media/6+-+Manu+AlexanderA+Security+Awareness+%40SBB/0_owl8u9hd Take-Aware In Wuppertal vom 21.-22. März in Wuppertal: https://www.take-aware-events.com/events/take-aware-2025-wuppertal
Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Peter Warmka. Peter is a Former Senior Intelligence Officer with the CIA with over 20 years' experience in breaching the security of organizations overseas. Peter is the founder of the Orlando-based firm Counterintelligence Institute, LLC and an Adjunct Professor at Webster University's Masters Cybersecurity Program. Peter is passionate about using his expertise in helping city, state, and federal government entities, non-profits, academic institutes, private companies, and individuals safeguard their sensitive proprietary and/or personal data. He is also the author of two books. [Feb 17, 2025] 00:00 - Intro 00:21 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:25 - Peter Warmka Intro 03:14 - Getting Recruited 12:11 - Working Above Cybersecurity 21:33 - Identifying Potential Candidates 23:20 - Tip to CISO's: Learn About AI 25:17 - The Importance of Guardrails 28:37 - Peter's Books - Confessions of a CIA Spy - Peter Warmka - Why Are You Messing With Me? - Peter Warmka 31:10 - Find Peter Warmka online - LinkedIn: in/peterwarmka - Website: counterintelligence-institute.com 32:18 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
As we near the end of the Building Better Developers season on habits, hosts Rob Broadhead and Michael Meloche take a moment to reflect on the journey so far. Throughout this season, they have introduced nearly 30 different habits and challenges, each designed to help developers grow both professionally and personally. In this episode, they review key takeaways, discuss the impact of these habits, and explore how to maintain long-term progress in their habit review for developers. The Power of Habit Review for Developers The core message of this season has been clear: habits are crucial for continuous self-improvement. Small, consistent changes add up over time, whether in development, business, or life. However, the sheer number of habits discussed can feel overwhelming. The hosts emphasize that the key is not to implement all of them at once but to focus on a few at a time, gradually integrating them into daily routines. This habit review for developers helps break down which habits have the most significant impact. Revisiting Key Developer Habits 1. Security Awareness for Developers One of the first habits covered in this season was security awareness. Rob reminds listeners of the importance of regular check-ins to ensure their systems remain secure. Whether updating passwords, checking for vulnerabilities, or staying informed about new cybersecurity threats, making security a habit is vital for developers. In this habit review for developers, security remains a top priority. 2. The Pomodoro Technique for Productivity Michael and Rob discuss the effectiveness of the Pomodoro technique, a time management method that involves working in focused sprints. While Rob has successfully integrated this method into his daily workflow, Michael acknowledges that his work schedule doesn't always allow it. This highlights an essential point—different habits work for others, and adjusting or discard those that don't fit individual needs is okay. A habit review for developers shows which techniques offer the best productivity gains. 3. The Importance of Lists and Prioritization Another key takeaway from this season is the value of making lists and prioritizing tasks. Michael shares how keeping a daily list of essential tasks has helped him stay productive and reduce stress. By tackling the most critical tasks early in the day—often referred to as the eat the frog method—he ensures that important work gets done before distractions arise. Developers can benefit from this habit review for developers by refining their prioritization strategies. 4. Automation and Efficiency for Developers The hosts also revisit the topic of automation. They stress that developers should continuously look for ways to streamline repetitive tasks, freeing up time for higher-value work. With the rise of AI and automation tools, improving efficiency is more important than ever. A habit review for developers shows that automation is key to long-term efficiency. 5. Managing Anxiety and Stress in Software Development One of the more personal topics discussed in this season was how to handle anxiety and stress. Michael emphasizes the importance of mindfulness, taking breaks, and using habits like list-making to stay on top of responsibilities. Recognizing stressors and actively working to mitigate them can make a significant difference in both professional and personal well-being. Developers can use this habit review for developers to incorporate stress management into their workflow. Why Habit Review for Developers Matters As the season winds down, the hosts reflect on why habits are critical. They started the season by discussing the importance of habits and want to end with a potent reminder: habits shape who we are. Developing good habits isn't just about becoming a better developer—it's about creating a sustainable, prosperous, and balanced life. This habit review for developers emphasizes long-term growth. Rob and Michael acknowledge that forming new habits isn't always easy. It requires persistence, trial and error, and a willingness to adapt. Some habits that don't work today might be beneficial in the future, and vice versa. That's why revisiting past habits and evaluating their effectiveness is an ongoing process, and a habit review for developers is a great way to assess progress. Next Steps in the Developer Habit Review For listeners who may have found the season overwhelming, the hosts recommend revisiting past episodes and choosing a few habits to implement first. Once those become second nature, it's easier to add more. Progress is incremental, and the journey toward self-improvement is never truly complete. Performing a habit review for developers regularly helps ensure steady improvement. As they look ahead to the next season, Rob and Michael encourage feedback from their audience. They invite listeners to share their experiences, suggest topics, and reflect on their journey toward building better habits. A structured habit review for developers can guide future growth. Final Thoughts on Habit Review for Developers This season has provided many strategies for improving productivity, efficiency, and well-being. Whether using the Pomodoro technique, automating tasks, prioritizing effectively, or managing stress, each habit discussed can bring positive change. The key is consistency—sticking with what works, adapting when necessary, and continuing the journey of self-improvement. A habit review for developers ensures that the proper habits are reinforced. Stay Connected: Join the Develpreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Security Awareness: Protect Your Code, Your Career, and Your Future Pomodoro Technique: Boost Your Focus and Productivity with Time-Blocking Planning and Scheduling: Essential Habits for Building Better Developers Managing Anxiety and Stress: Insights and Strategies for Daily Life Building Better Habits Videos – With Bonus Content
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by David Holtzman. David has been the CTO for Network Solutions, Chief Scientist at IBM, CTO & Cybersecurity advisor to 2 presidential candidates, and a former intelligence agent. David is now advising on web3 and blockchain. [Jan 20, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:01 - David Holtzman Intro 02:30 - The Ever-Changing Threat Landscape 05:35 - Insecure Software 08:57 - Not All CISO's are Equal 12:05 - Making a Good CISO 15:33 - It's About People 17:34 - Lack of Accountability 21:28 - Rise of the AI 26:31 - The Approach of Web3 29:23 - The Blockchain Fix (For Now) 32:39 - Stuck in the Cloud 36:34 - Find David Holtzman online - Website: davidholtzman.com 36:55 - Book Recommendations - Crossing the Chasm - Geoffrey Moore - How to Survive Identity Theft – David Holtzman - Privacy Lost - David Holtzman 38:46 - Mentors - Steve Jobs - John Perry Barlow 42:16 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Episode 314. I'm joined by Special Forces Intelligence Sergeant Wes Hightower to talk personal security and awareness, methods to limit your attack surface and training. Get Healthy With Mineral King! Die Mean Inc. Got Freeze Dried Beef? Brushbeater Beef has you covered! Check out our new precious metals sponsor! Get the Merch: Brushbeater Store The Guerilla's Guide to the Baofeng Radio is a #1 Bestseller! Knightsbridge Research discount code: SCOUT Radio Contra Sponsors: Civil Defense Manual Tactical Wisdom Blacksmith Publishing Radio Contra Patron Program Brushbeater Training Calendar Brushbeater Forum Palmetto State Armory
Voices of Search // A Search Engine Optimization (SEO) & Content Marketing Podcast
Chris Spann, Senior Technical SEO at Lumar, delves into the rise of SEO security awareness. SEOs leverage a valuable arsenal of tools and insights that can uncover potential vulnerabilities in our websites. However, a communication gap between SEO and security teams often hinders collaboration, resulting in conflicting efforts that can impede progress for both teams. Today, Chris discusses raising SEO security awareness.Connect With: Chris Spann LinkedIn // WebsiteThe Voices of Search Podcast: Email // LinkedIn // TwitterBenjamin Shapiro: Website // LinkedIn // TwitterSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Send us a textIn this special holiday-themed episode of Relating to DevSecOps, hosts Ken and Mike channel their inner Dickens with a retrospective journey through the "Ghosts of DevSecOps Past, Present, and Future." From lessons learned about security awareness and collaboration challenges of the past, to the growing pains and contradictions of today's implementation of security basics, they explore it all. Wrapping up with a hopeful look at future innovations like policy-as-code and preemptive security measures, the hosts outline their visions for a more integrated and automated security future. Packed with insights, humor, and holiday spirit, this is a must-listen for those charting the path forward in DevSecOps.
In this episode, the hosts discuss various cybersecurity vulnerabilities, particularly focusing on recent CVEs, including CVE-2024-49093, CVE-2024-49132, and CVE-2024-49138. They emphasize the importance of patching systems, especially during the holiday season when companies may be more vulnerable. The conversation highlights the need for awareness around phishing scams and other security threats that tend to increase during this time of year.
Forecast: Strong vulnerability management systems roll in, with scattered threat hunting ahead. Brace for ProjectSend exploits and turbulence near Kansas City. In this episode of Storm⚡️Watch, we explore crucial cybersecurity trends and breaking developments across the industry. Our recent community poll revealed fascinating insights into resource allocation priorities, with Vulnerability Management and Patching emerging as the clear frontrunner, chosen by half of respondents. Threat Intelligence and Hunting secured the second spot with 27.3% of votes, while Security Awareness and Incident Response capabilities tied for third place. Breaking news from Kansas City highlights a significant cybersecurity incident with a federal indictment for computer hacking, demonstrating the ongoing challenges in cybercrime enforcement. Meanwhile, the cybersecurity community continues to experience shifts in social media dynamics, particularly noting the ongoing migration of cyber professionals from X (formerly Twitter) to alternative platforms. Censys has made waves with their latest release of Censeye, an innovative automated hunting tool now available to the security community. This development arrives alongside VulnCheck's critical discovery of CVE-2024-11680, a ProjectSend vulnerability currently being exploited in the wild, emphasizing the importance of rapid threat detection and response. The GreyNoise team shares exciting news about "The Greyt Migreytion," heralding the rollout of their new global observation grid, a game-changing advancement in threat detection and response. Storm Watch Homepage >> Learn more about GreyNoise >>
Guest: Daisy Wong, Head of Security Awareness, MedibankOn LinkedIn | https://www.linkedin.com/in/daisywong127/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesKicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.Daisy's career journey, from earning a marketing degree to becoming Medibank's Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.The Power of Communication and Culture in CybersecurityDaisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today's cyber challenges.Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.Breaking Barriers and Building BridgesOne of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.Staying Ahead in an Evolving Threat LandscapeDaisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.Cybersecurity isn't just about systems and software—it's about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Daisy Wong, Head of Security Awareness, MedibankOn LinkedIn | https://www.linkedin.com/in/daisywong127/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesKicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.Daisy's career journey, from earning a marketing degree to becoming Medibank's Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.The Power of Communication and Culture in CybersecurityDaisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today's cyber challenges.Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.Breaking Barriers and Building BridgesOne of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.Staying Ahead in an Evolving Threat LandscapeDaisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.Cybersecurity isn't just about systems and software—it's about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Jacqueline Jayne, The Independent Cybersecurity ExpertOn LinkedIn | https://www.linkedin.com/in/jacquelinejayne/At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smictHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures.One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management.Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No' to the ‘Department of K-N-O-W.'” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level.Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats.Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens.The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation.Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There's a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It's not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesThe top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1OKeeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xGSecurity awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsLLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Jacqueline Jayne, The Independent Cybersecurity ExpertOn LinkedIn | https://www.linkedin.com/in/jacquelinejayne/At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smictHosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures.One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management.Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No' to the ‘Department of K-N-O-W.'” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level.Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats.Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens.The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation.Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There's a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It's not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesThe top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1OKeeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xGSecurity awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsLLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
REPLAY (Original Air Date Aug 28, 2023) Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [August 28, 2023] 00:00 - Intro 00:21 - Patrick Laverty Intro 00:55 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 07:20 - Intro Chat 09:11 - Todays Topic: Tips for Having Difficult Conversations 10:00 - Outline for Parents 12:10 - Map Your Terrain 16:22 - Define Your Goal 17:40 - Decide on Your Pretext 20:05 - Imagine Your Rapport Building 21:50 - Identify Potential Influence Building Techniques 28:47 - Run a Quick Manipulation Check 31:31 - Pump Up the Nonverbals 36:30 - Conduct an Authenticity Check 39:21 - Prepare for Likely Contingencies 40:48 - Solidify Gains 43:40 - Next Month: ??? 44:00 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org Find us online - Chris Hadnagy - Twitter: @humanhacker - LinkedIn: linkedin.com/in/christopherhadnagy - Patrick Laverty - Twitter: @plaverty9 - LinkedIn: linkedin.com/in/plaverty9
REPLAY (Original Air Date Feb 19, 2024) Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mary D'Angelo. Mary helps clients understand the threats that exist on the dark web and how to use that intelligence to bolster their cybersecurity programs. With a solid foundation from the University of Washington, where she earned her Bachelor's degree, Mary has rapidly ascended as a global leader at SearchLight Cyber. Her expertise, honed over six years, delves deep into understanding the nuances of dark web threat actors and their intelligence. Mary's and her company's insights and analyses have been instrumental in shedding light on the shadowy aspects of cyber threats emanating from the dark web. Her work not only aids in neutralizing these threats but also contributes significantly to the broader understanding of cyber security dynamics. Additionally, Mary's passion is volunteering her talents into nonprofit organizations. She was a mentor for Big Brothers and Big Sisters. Recently, she has devoted her time to a nonprofit called, The Innocent Lives Foundation, which uses Dark Web Threat Intelligence to help law enforcement stop child traffickers. [Feb 19, 2024] 00:00 - Intro 00:41 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:56 - Mary D'Angelo Intro 04:12 - What is a Dark Web Threat Intelligence Advisor? 04:36 - One Giant Leap 07:04 - On the Front Lines 11:53 - Deep Web, Dark Web, Clear Web...Oh My! 13:43 - Shifting to the Deep 14:58 - Crime Pays 17:39 - 2024 Forecast 19:00 - Left of Boom 20:53 - All in this Together 21:53 - An Ugly Example 25:19 - Timely 26:30 - Relevant 28:02 - Actionable 29:58 - What's Next? 30:54 - Mentors - Siblings - Larry Littleton 32:05 - Book Recommendations - The Practitioner's Guide to the Dark Web - Searchlight Cyber - The Ride of a Lifetime - Robert Iger - Never Split the Difference - Christopher Voss &Tahl Raz 33:33 - Find Mary D'Angelo Online - LinkedIn: linkedin.com/in/dangelomary 33:55 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Join Chris as he discusses topics and news pertaining to the world of Social Engineering. [Oct 28, 2024] 00:00 - Intro 00:24 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:25 - Gmail Takeover Scam 06:19 - Fidelity Data Breach 07:28 - Cisco Breach 08:45 - Actionable Tips 09:48 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org Find us online: - Chris Hadnagy - Twitter: @humanhacker - LinkedIn: linkedin.com/in/christopherhadnagy
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dmitriy Sokolovskiy, senior vice president, information security, Semrush Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business, so you can take action on exposed identity data to prevent cyber attacks like ransomware. To learn more how to level the playing field against bad actors and combat cyber attacks, visit spycloud.com/headlines. All links and the video of this episode can be found on CISO Series.com
Did You Miss My LinkedIn Live on Cybersecurity Awareness? Catch the Replay! I had the pleasure of sitting down with Tom Kirkham, Founder and CEO of Kirkham IronTech, for an incredible LinkedIn Live discussion on the fundamentals of cybersecurity awareness. Together, we broke down the essential steps everyone should take to protect themselves and their organizations from today's evolving cyber threats. Tom shared valuable insights and practical tips that are easy to implement right away. If you couldn't join us live, don't worry—you can still catch the replay! Watch it now and take control of your cybersecurity. #Cybersecurity #CyberAwareness #LevelUpCyber #SkillsBasedHiring #CybersecurityFundamentals #CyberUp
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Stacey Edmonds. Stacey is a multi-disciplinary EdTech innovator and Digital Safety Pioneer, driven by a commitment to democratizing knowledge. Stacey's expertise, encompassing social science, education, EdTech, and multi-platform screen production, culminated in the founding of Lively, which we will hear all about on this podcast. Since 2002, Stacey has been designing and delivering enterprise-wide cyber safety upskilling programs. In 2023, embodying her mission to make knowledge accessible, Stacey launched 'Dodgy or Not?' – a social enterprise offering an engaging approach to digital safety education. She continues to bridge the gap between emerging technologies and practical education, driving innovation in AI ethics and digital literacy - she is also known for deepfaking herself. [Oct 21, 2024] 00:00 - Intro 00:19 - Intro Links: Social-Engineer.com - http://www.social-engineer.com/ Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb CLUTCH - http://www.pro-rock.com/ innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:00 - Stacey Edmonds Intro 04:18 - Teaching, Trains & Turkeys 08:43 - Toilets vs Videos 11:16 - Dodgy or Not? 15:15 - Social Engineering for Good! 17:46 - Pause for the Cause 20:17 - Training in Real Time 24:11 - Real Time Threat Detection 27:49 - Culture is Everything 30:33 - Find Stacey Edmonds online LinkedIn: in/staceyedmonds/ 31:28 – Mentors Carolyn Breeze Chris Hadnagy Janine Thompson Steve Rowe Shane Bell 33:58 - Book Recommendations Feel The Fear and Do It Anyway - Susan Jeffers The Hitchhiker's Guide to the Galaxy - Douglas Adams 1984 - George Orwell Man-Made – Tracey Spicer 35:51 - Wrap Up & Outro www.social-engineer.com www.innocentlivesfoundation.org
Season 23 of the Building Better Developers podcast kicks off with a focus on building better habits. The first episode covers a critical topic for developers and tech enthusiasts: security awareness. Hosted by Rob Broadhead and Michael Meloche, the episode stresses the need for vigilance. In today's rapidly evolving digital world, staying aware is more important than ever. A Shift Toward Actionable Advice The hosts emphasize that this season will be more actionable than ever. Unlike the last season that focused on the developer journey, Season 23 targets building better habits. These habits promote more effective and responsible development practices. Each episode will cover specific skills, tools, or behaviors. Developers will learn how to integrate these into their daily routines. Security awareness, the focus of this episode, is a vital habit. It directly impacts both personal and professional data security. Action Item: schedule at least 30 minutes to explore security awareness. Use a search engine to find security awareness tools or vendors, many of which offer free content or trial periods. This will help you stay updated on the latest scams and security threats. Why Security Awareness is Crucial Security threats are more common than ever. Phishing scams and social engineering are just a few hacker tactics. Hackers have many methods to exploit vulnerabilities. Rob explains that developers may feel confident spotting threats. However, even tech-savvy individuals can fall for well-executed scams. Security awareness isn't just for IT professionals; it's for everyone. Those in technical fields may assume they're immune, but they're not. Rob shares a story to illustrate the importance of security awareness. He received a suspicious email from what appeared to be a legitimate state tax office. At first, it seemed like a scam. After thorough research and contacting the organization, it turned out to be a valid notice. This example shows that, even when cautious, it's crucial to verify suspicious communications before taking action. Taking Security Awareness Seriously Instead of a daily habit challenge, Rob suggests scheduling regular security check-ins. He recommends doing this throughout the year. Set aside time every few months to review your security posture. This includes both personal and organizational security. These check-ins could involve: Updating passwords Reviewing email security alerts Exploring the latest security awareness tools or vendors Rob notes that many security awareness vendors offer free resources or trial periods. These vendors frequently update their content with the latest scam and threat information, making it easier to stay informed. He mentions well-known providers like KnowBe4, Mimecast, and INFOSEC. All of these offer accessible programs to help individuals and organizations stay current on emerging threats. Key Steps for Developers Michael offers valuable insights by suggesting developers use secure password managers like KeePass or LastPass. These tools help store credentials safely. He stresses the importance of regularly reviewing and updating passwords, especially for financial accounts. Michael warns against reusing passwords across different platforms. This common mistake can lead to widespread vulnerability if one account is compromised. Another key security tip is to use multi-factor authentication (MFA) whenever possible. Rob and Michael both agree that MFA provides an essential layer of protection. It helps prevent unauthorized access, even if login credentials are compromised. For businesses, Michael advises checking industry-specific security requirements to ensure compliance with regulations. This is especially important in sectors like healthcare and finance, where security breaches can have legal and financial consequences. The Role of Technology in Building Better Security Awareness Habits Developers are uniquely positioned to integrate security into their daily work. Whether implementing MFA in an app or securing dependencies with tools like OWASP, security should be a habit—not an afterthought. Rob emphasizes that even if security isn't your main focus, regular check-ins are essential. Ongoing education can help prevent security vulnerabilities from becoming serious issues. Rob shares additional resources for developers looking to improve their security practices. Tools like OWASP help developers identify and fix vulnerabilities in third-party dependencies, integrating security into the development process. For more structured programs, vendors like INFOSEC and NinjaO offer comprehensive security awareness training tailored for both businesses and developers. Final Thoughts The episode encourages developers to adopt security habits as part of their routine. Rob and Michael suggest starting with simple steps. Subscribe to security awareness vendors and set regular reminders for security reviews. Security awareness is an ongoing responsibility. Staying informed and vigilant protects both personal data and organizational systems. As Season 23 progresses, more practical advice will be shared. This guidance will help you build essential habits to enhance your career and safeguard your future. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Cybersecurity Best Practices Improve Security Awareness – Interview With Tyler Ward Organization Security Tips and Tricks Security Assessments – Find Your Vulnerabilities The Developer Journey Videos – With Bonus Content
Maddie Regis speaks with Tom Bowyer, Director of Security at Automox, about the intersection of IT and cybersecurity. Tom shares his career journey, the importance of collaboration between IT and security teams, and insights into SOC compliance reports. He emphasizes the need for transparency, experimentation, and proactive problem-solving in enhancing cybersecurity.
In an era where cyber threats are becoming increasingly sophisticated and devastating, organizations can no longer afford to treat cybersecurity as the sole responsibility of their security teams. This episode of the Pure Report features industry veterans Jason Walker, Tech Strategy Director of Cyber Resilience, and Jason Langer, Tech Evangelist, to explore why cyber resilience must be approached as a team sport, breaking down the traditional silos between IT operations and security teams. Drawing from their extensive experience in data protection and security, the two Jasons delve into the stark realities of cyber impacts, including the sobering statistic that one in five organizations report employee terminations following outages. They examine the NIST Cybersecurity Framework through a collaborative lens, offering insights into how different teams can work together across the five key areas: Identify, Protect, Detect, Respond, and Recover. Through real-world examples and strategic discussions, listeners will develop a deeper understanding of why alignment between IT leaders and CISOs is crucial for building true cyber resilience. As organizations grapple with evolving threats, this timely discussion during Cybersecurity Awareness Month offers actionable strategies for fostering cross-team collaboration. The episode explores the evolution of cybersecurity conversations over the past five years, provides practical advice for improving security posture through teamwork, and highlights Pure Storage's role in enabling organizations to build robust cyber resilience strategies. Whether you're an IT professional, security specialist, or business leader, this episode provides valuable insights into transforming your organization's approach to cybersecurity from a siloed responsibility to a collaborative effort. For more information on Pure Storage and Cyber Resiliency during CyberSecurity Awareness Month, go to: www.purestorage.com/cyber-resilience.
Unveiling the Truth: Insights into Cyber Security Awareness and Phishing In a special crossover episode of Cyber Security Today and Hashtag Trending, host Jim Love discusses the biases and challenges in technology marketing research with guest David Shipley, head of Beauceron Security. The conversation examines the significance of security awareness, focusing on phishing simulations. Shipley shares insights from his research, emphasizing the optimal frequency of monthly phishing tests and the importance of reporting rates. The episode also covers the psychological aspects of cyber security, sustainability of gamification in training, and highlights the need for balancing training demands to avoid negative impacts of overtraining. Listeners are encouraged to reflect on the insights shared and respond with their thoughts on the program's format. 00:00 Introduction and Overview 00:15 The Problem with Technology Marketing Research 00:46 Bias in Research and Media 01:33 Importance of Objective Research 02:24 Introducing David Shipley and His Research 03:08 Understanding Human Behavior in Cybersecurity 05:38 Phishing Research and Findings 07:19 Effective Phishing Simulations 15:02 Insights from Phishing Data 22:14 The Importance of Reporting and Feedback 22:32 Multi-Channel Communication Strategies 23:53 Gamification and Personal Cyber Risk Scores 25:16 Behavioral Economics in Cybersecurity 27:07 The Impact of Intrinsic Motivation 29:22 The Role of Psychology in Cybersecurity 30:15 The Framing Effect and Security Perception 32:19 Optimism Bias and Security Awareness 35:00 The Dunning-Kruger Effect in Training 37:29 Anchoring Bias and Phishing Indicators 39:03 Key Takeaways and Final Thoughts
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility. Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers. C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests. Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information. Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions. Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness. Timestamps: (03:26) Discussion on initial contact fraud (07:12) Exploration of tax fraud and W-2 phishing (13:35) Examination of C-suite fraud and the importance of processes (19:25) Lawyer Fraud and Enterprise vs. SMB Differences (23:47) Banking Fraud and Processes (26:39) Gift Card Fraud Episode Resources: Security Lab LinkedIn Group What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.
Leveraging IT Hygiene to Build a Culture of SecurityTune in to this insightful episode with Dawn Armstrong about third-party risk, IT hygiene, security awareness, and advocating for gender equality. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mark Kreitzman. Mark is a seasoned cybersecurity veteran with over two decades of experience building robust security solutions. As General Manager of Efani, he safeguards mobile phone users from the escalating threat of SIM swap attacks. Mark's deep understanding of the evolving mobile landscape makes him a trusted authority on protecting privacy and securing communications in our increasingly connected world. [Sept 16, 2024] 00:00 - Intro 00:19 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:09 - Mark Kreitzman Intro 02:41 - Finding Some Good in the Horrible 07:29 - What's in a Name? 09:18 - Port Swapping: An Overview 14:22 - Let's Talk Solutions 18:49 - What Efani Does 24:35 - Odd Relationships 32:39 - Find Mark Kreitzman online - Website: www.efani.com - YouTube: www.youtube.com/@efani 34:57 - Mentors 38:25 - Book Recommendations - How to Lie with Statistics - Darrell Huff 40:03 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Diane M. Janosek, PhD, JD, is the former training director/commandant at the National Security Agency's National Cryptologic University, and most recently deputy director of NSA Compliance. Today, she is the CEO at Janos LLC and award-winning cybersecurity leader, author, and sought-after speaker. In this episode, she joins host Paul John Spaulding to discuss the value of security awareness training, how companies can employ it across organizations, and more. This episode is brought to you by Cybersecurity Ventures, page one for the global cyber economy, and a trusted source for cybersecurity facts, figures, and statistics. To learn more, visit https://cybersecurityventures.com
In this episode of the Post Status Happiness Hour, Michelle Frechette talks with Nathan Ingram and Kathy Zant. They delve into the critical topic of online security, emphasizing the necessity of user education, particularly for WordPress users. Nathan from Solid WP and the Academy introduces Monster Secure, a new course designed to help agencies educate their clients on security best practices. Kathy, an online security expert, shares her experiences and stresses the importance of security education for overall business protection. The discussion highlights the challenges of online security, the evolving nature of cyber threats, and the need for proactive measures to safeguard digital assets.Top TakeawaysSecurity Awareness is Critical & Need for Vigilance: Effective security involves more than just technical measures; it requires continuous vigilance and education about potential threats. Kathy Zant and Nathan Ingram emphasize the importance of understanding and responding to security risks proactively.Education and Empowering Users: Both Kathy and Nathan stress the significance of educating users and clients about security. They argue that security knowledge should be accessible to everyone, not just experts.Security is for Everyone, Not Just Big Targets: Nathan explains that hackers don't only target large, high-profile websites; they also exploit smaller, less-secure sites for resources. This underscores that security is a concern for everyone, regardless of the size or perceived importance of their websiteMentioned In The Show:Thomas RaefWeWatchYourWebsiteSolid WPSolid AcademyMonster SecureGo Safely OnlineLearnDashJack KitterhingYouTube
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Kimberly Sims. Kimberly is the Deputy CISO, Director of Cyber Operations and Cloud Security for American Century Investments. Kimberly has over 17 years' experience in the Financial Services sector. Prior to joining American Century, Kimberly ran the Information Security Program for the second-largest capital market's desk in the world, responsible for securing systems that process a trillion-dollar debt portfolio. Kimberly is an advisory member, and IT lead for the Charter for Veterans, a non-profit organization assisting recovering combat wounded veterans. She is an advocate for mentorship and coaching across the security industry and participates in several industry groups. [Aug 19, 2024] 00:00 - Intro 00:22 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:01 - Kimberly Sims Intro 03:49 - Inspired by a Book 05:32 - Making a Giant Leap! 06:59 - Biggest Mistakes 09:14 - Lessons Learned 11:07 - Security Ambassador 13:23 - Overcoming the Fear 15:20 - Executive Order 17:06 - People, Process, Technology 18:38 - Back to Basics 20:11 - Resiliency Programs 23:14 - The Take Home 24:47 - Jump In! 25:46 - Book Recommendations - Blink - Malcolm Gladwell - Pitch Perfect - Bill McGowan - Permission to Screw Up - Kristen Hadeed 27:49 - Mentors 29:12 - Find Kimberly Sims online - LinkedIn: in/kimberly-sims-733510/ 29:26 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by May Brooks-Kempler. May is a cybersecurity expert who has transformed her early curiosity, hacking 90's computer games, into a distinguished cybersecurity career. As a board member of ISC2, an educator, a CISO and the founder of the Think Safe Cyber community, she is dedicated to making the online world a safer place for everyone. [July 15, 2024] 00:00 - Intro 00:19 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:17 - May Brooks-Kempler Intro 03:55 - Twist of Fate 05:10 - A Moment of Silence 05:51 - Blame Grandma 08:15 - An Unclear Path 11:34 - It Takes a Village 13:40 - Considering the Other Side 16:10 - Start with "Why" 20:41 - "It's Never Personal - CyberWise Parenting Course - Listeners get 20% off with the coupon SOCIAL - TEDx – Think Cyber 27:47 - Lifelong Learning 30:50 - Going Public 32:57 - Find May Brooks-Kempler online - LinkedIn: in/may-brooks-kempler - Instagram: @cybermaynia 33:46 - Mentors - Avi Weissman - Oren Bratt - Itzik Kochav 35:54 - Book Recommendations - Human Hacking - Christopher Hadnagy - Countdown to Zero Day - Kim Zetter - Do You Talk Funny? - David Nihill - Start with Why - Simon Sinek 37:17 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Sigita Jurkynaitė. Sigita works as Information Security Manager at Nord Security, where she is responsible for company's Information Security Management System, ensuring compliance with international standards and regulations, and security training and awareness. Previously, Sigita worked at Research and Education Network Association GÉANT, where she led a wide range of international projects and teams, information security community activities and Special Interest Groups. She organized cyber security trainings, conferences and workshops in Europe and Asian countries. Sigita was Director of CyberSOC at NRD Cyber Security prior to joining Nord Security. Sigita holds a Master's Degree of Business Management at the ISM University of Management and Economics, where she researched the relationships between people's knowledge, attitude and behavior towards cyber security in organizations. [June 17, 2024] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:50 - Sigita Jurkynaitė Intro 04:03 - It's Not All Tech 06:24 - A Change in Attitude 09:26 - On the Same Team 13:51 - Back to Basics 14:52 - Reporting, Not Ratio 17:06 - Win Fabulous Prizes! 19:33 - The Toxic List 23:01 - Making it Fun - SWITCH Security Awareness Activities 27:25 - The Power of Ownership 29:28 - One Size Does NOT Fit All! 31:21 - Mentors - Aunshul Rege - Nicole Harris - Don't You Know That You're Toxic? - Fleur van Leusden 34:10 - Book Recommendations - The Security Culture Playbook - Kai Roer & Perry Carpenter 35:11 - Find Sigita Jurkynaitė online - LinkedIn: linkedin.com/in/sigita-jurkynaite 35:38 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org