POPULARITY
Ekco, one of Europe's leading security-first managed service providers (MSP), has launched Cyber Defence Complete in Ireland - an all-in-one cybersecurity service that gives small and mid-sized businesses (SMBs) enterprise-grade cybersecurity protection without complexity. The number of attempted and successful cyberattacks is ever increasing and SMBs are attractive targets for attackers as, unlike larger organisations, they often lack the resources to recruit specialist in-house 24-7 cybersecurity teams. Cyber Defence Complete from Ekco integrates essential security coverage from leading vendors including Microsoft, CrowdStrike, and Recorded Future into a unified, streamlined solution. Built on CREST-accredited methodologies, it equips SMBs with comprehensive defensive capabilities - from visibility and detection to active defence - without requiring significant infrastructure changes. By simplifying cybersecurity complexity and uncertainty, Cyber Defence Complete provides businesses with a proactive advantage against threats, along with seamless access to world-class technologies and expert guidance in one cohesive service. Ekco's Cyber Defence Complete package includes 247365 Managed Extended Detection and Response (MXDR) monitoring, incident response, threat intelligence, and Security Information and Event Management (SIEM), ensuring SMBs are protected around the clock and offering peace of mind. It will be offered through flexible, tiered models designed to scale with businesses as they grow and mature. Lee Driver, Director of Cybersecurity at Ekco, said: "Small and medium-sized businesses face diverse cybersecurity challenges, and in today's threat landscape, fast, decisive action is critical. This is why we've launched Cyber Defence Complete - a comprehensive solution that removes uncertainty and complexity from cybersecurity for SMBs. Right from the outset, our package establishes a robust defensive foundation, encompassing threat detection, active monitoring, rapid incident response, and mitigation capabilities. "Our flexible, tiered approach ensures businesses receive exactly the level of protection they need, scaling seamlessly as they expand and mature. With Cyber Defence Complete, we're committed to levelling the cybersecurity playing field, empowering SMBs with enterprise-grade defence underpinned by expert support, so they can confidently focus on growing their businesses without the fear of cyber threats." Cyber Defence Complete is available in two tailored packages to meet diverse business needs: Standard: Offers a comprehensive suite of defensive capabilities, enabling businesses to adopt a proactive stance against cyber threats. Premium: Includes all features of the Standard package, with additional enhancements aimed at achieving robust cyber resilience. This tiered approach ensures that SMBs can access enterprise-grade security solutions that align with their growth stage and budget, providing cost-effective access to world-class security expertise without the need for significant in-house investment. To learn more about Ekco's new Cyber Defence Complete, please visit here. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
Send us a textIn this week's episode, we explore the exciting evolution of Security Information and Event Management (SIEM)—the Next-Generation SIEM (NGSIEM). Traditional SIEM solutions have long been crucial for cybersecurity, but they're facing significant challenges with modern infrastructures. Discover how NGSIEM tackles these limitations through advanced AI analytics, machine learning, cloud-native deployment, enhanced data parsing, and powerful automation capabilities. Don't miss this deep dive into how AI and Generative AI are transforming incident response, threat hunting, and cybersecurity collaboration for good!
TechSpective Podcast Episode 148 Security Information and Event Management (SIEM) solutions were once hailed as the cornerstone of modern cybersecurity, promising centralized visibility, streamlined threat detection, and efficient response. Over time, though, many organizations have struggled with SIEM's complexities, high […] The post Why the SOC of Tomorrow Won't Look Like Today's appeared first on TechSpective.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com With public speaking, everyone has butterflies before they begin; instructors tell speakers to get them to fly in formation. When it comes to tools for cybersecurity, we have a similar situation – you may have End point Detection and Response, Extended Detection and Response, Managed Detection and Response, DR, XDR, MDR, Security Information and Event Management, and many others. ThreatQuotient was founded with the intention of making sure these disparate tools provide actionable information for federal agencies. During today's interview with Craig Mueller, he takes us through context, customization, and collaboration that is needed in all federal agencies. The net result is the reduction in false positives and automation of the intelligence lifecycle. Criag Mueller brings up a topic that is rarely covered—air gapped systems. Because of their deep understanding of the intelligence community, ThreatQuotient can provide services to agencies that use air-gapped networks.
In this episode of the InfosecTrain podcast, we delve into the world of security automation tools and their transformative impact on cybersecurity. Discover how these tools help organizations streamline their security operations, enhance threat detection, and respond more effectively to incidents. Our experts will explore a range of automation tools, from Security Information and Event Management (SIEM) systems to automated incident response platforms, and discuss their key features and benefits.
Implementing an effective Security Information and Event Management (SIEM) system is essential for securing your organization's digital infrastructure. Microsoft Sentinel is a cloud-native SIEM solution that provides organizations with sophisticated security analytics and threat intelligence to help them detect, investigate, and respond to threats more efficiently.
Greg Scott joined Vineeta on The WCCO Morning News to discuss the seemingly everyday occurrences of Cyber Attacks.
Greg Scott joined Vineeta on The WCCO Morning News to discuss the seemingly everyday occurrences of Cyber Attacks.
A new round of ceasefire talks today.See omnystudio.com/listener for privacy information.
In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up.Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks. SIEM systems can log events and information across an entire organization and its networks. When properly set up, SIEMs can collect activity data from work-issued devices, vital servers, and even the software that an organization rolls out to its workforce. The purpose of all this collection is to catch what might easily be missed.For instance, SIEMs can collect information about repeated login attempts occurring at 2:00 am from a set of login credentials that belong to an employee who doesn't typically start their day until 8:00 am. SIEMs can also collect whether the login credentials of an employee with typically low access privileges are being used to attempt to log into security systems far beyond their job scope. SIEMs must also take in the data from an Endpoint Detection and Response (EDR) tool, and they can hoover up nearly anything that a security team wants—from printer logs, to firewall logs, to individual uses of PowerShell.But just because a SIEM can collect something, doesn't necessarily mean that it should.Log activity for an organization of 1,000 employees is tremendous, and the collection of frequent activity could bog down a SIEM with noise, slow down a security team with useless data, and rack up serious expenses for a company.Today, on the Lock and Code podcast with host David Ruiz, we speak with Microsoft cloud solution architect Jess Dodson about how companies and organizations can set up, manage, and maintain their SIEMs, along with what advertising pitfalls to avoid when doing their shopping. Plus, Dodson warns about one of the simplest mistakes in trying to save budget—setting up arbitrary data caps on collection that could leave an organization blind.“A small SMB organization … were trying to save costs, so they went and looked at what they were collecting and they found their biggest ingestion point,” Dodson said. “And what their biggest ingestion point was was their Windows security events, and then they looked further and looked for the event IDs that were costing them the most, and so they got rid of those.”Dodson continued:“Problem was the ones they got rid of were their Log On/Log Off events, which I think most people would agree is kind of important from a security perspective.”Tune in today to listen to the full conversation.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: “Good...
SIEM and SOAR are security solutions designed to enhance an organization's ability to respond to security incidents effectively by collecting and analyzing log data and automating and orchestrating incident management tasks. While they have overlapping functionalities, they serve distinct purposes and offer different capabilities. Let us understand the difference between SIEM and SOAR. What is SIEM? SIEM is an acronym for Security Information and Event Management. It is a software solution that combines SIM (Security Information Management) and SEM (Security Event Management) capabilities to provide comprehensive real-time monitoring, threat detection, incident response, and compliance management. It involves collecting, analyzing, and correlating security events within an organization's IT infrastructure to enhance its security posture and identify and respond effectively to potential security incidents. SIEM systems integrate with threat intelligence sources and generate alerts based on predefined rules or behavior analytics. It enables organizations to proactively monitor their networks, systems, and applications, detect unauthorized access, identify vulnerabilities, and meet compliance requirements. View More: SIEM vs. SOAR
Microsoft Sentinel is a full cloud-native Security Information and Event Management (SIEM) system that runs in the cloud and allows organizations to find, investigate, and react to security threats in real time. As cybersecurity threats continue to change and become more complex, companies and institutions need strong solutions to protect their valuable data and infrastructure. Microsoft Sentinel offers a powerful and scalable platform that combines Artificial Intelligence (AI) and Machine Learning (ML) capabilities with built-in security analytics to provide proactive threat detection and response. Key Components of Microsoft Sentinel The key components of Microsoft Sentinel include: View More: Key Components of Microsoft Sentinel
Discover valuable insights into Security Information and Event Management (SIEM) for banks with Todd, COO & CISO, and Nate, Director of Cybersecurity & vCISO. Learn how a SIEM solution is pivotal in detecting and reporting security threats, centralizing logs from different systems to provide a comprehensive overview. From compliance requirements to the evolution of SIM solutions and integration of AI and machine learning, this podcast covers essential aspects of safeguarding financial institutions against cyber threats.Learn more about:What is a SIEM?How do you choose the right one?
Years ago, anti-virus software updates were sent on floppy disks in the U.S. Mail. Today, the attack surface is so large, we need continuous diagnosis and mitigation (CDM). Legacy solutions like Security Information and Event Management (SEIM) would isolate data to point solutions. Andrew Manos suggests that if you consider today's volume, the only way to handle is centralizing data. Today, we have experts sit down and discuss how to take this CDM concept and deploy a solution for federal agencies. The discussion opens with best practices for a transition to CDM and follows with some guidance for the transition. After gaining an understanding of what is on a network, it is recommended to start to experiment to evaluate rapidly innovative technologies. This process will need to have a workforce – more flexible than in the past. Data surges have caused agencies to seek solutions to this vexing problem. One way to break this bottleneck is with the cloud. James Scobey observes the cloud allows data to be managed through an API that can go across environments. Once a mature approach to CDM is viable, then advanced considerations like sharing data with other agencies can be considered.
In the bustling atmosphere of the RSA Conference, a conversation unfolded that shed light on the evolution of cybersecurity and the innovative solutions paving the way for a more efficient and effective approach to data management. Colby DeRodeff, the CEO and co-founder of Abstract Security, shared insights into the journey that led to the creation of a groundbreaking platform designed to transform the way organizations tackle data collection, analysis, and threat detection.A Walk Down Memory LaneThe dialogue between Colby DeRodeff and Sean Martin at the RSA Conference delved into the history of cybersecurity, reflecting on the shifts from perimeter security to compliance-driven approaches and the emergence of new technologies like XDR. This introspective look highlighted the need for a paradigm shift in cybersecurity strategies to keep pace with the rapidly evolving threat landscape.Challenges in Traditional ApproachesOne of the key challenges discussed was the inefficiency of traditional SIEM solutions, which often resulted in data overload, lack of actionable insights, and hefty costs associated with data storage. Colby emphasized the importance of focusing on outcome-driven data collection and detection scenarios rather than accumulating vast amounts of data with limited value.The Birth of Abstract SecurityThe catalyst for Abstract Security stemmed from Colby's experiences in previous companies, where the disconnect between data collection and effective threat detection became glaringly apparent. This realization led to the inception of a platform that prioritizes data relevance, streamlining the process of identifying and responding to security threats efficiently.Abstract Security's Unique ApproachAbstract Security's modular platform offers a refreshing take on cybersecurity data management, with a focus on tailored data collection, analytics, and storage solutions. By enabling organizations to align data sources with specific detection outcomes, Abstract Security empowers teams to make informed decisions and optimize their cybersecurity strategies.Seamless Integration with Existing Tech StackOne of the standout features of Abstract Security is its seamless integration capabilities with existing tech stacks. The platform can complement and enhance current security infrastructure without the need for rip-and-replace, offering a smooth transition towards more effective threat detection and response mechanisms.Looking Towards the FutureAs organizations navigate the complexities of cloud environments and evolving cybersecurity challenges, Abstract Security stands out with fresh innovative ideas and practicality. By reimagining the data management process and emphasizing outcome-driven approaches, Abstract Security is poised to shape the future of cybersecurity operations.ConclusionThe conversation between Colby DeRodeff and Sean Martin at the RSA Conference not only highlighted the pivotal role of Abstract Security in revolutionizing cybersecurity data management but also underscored the importance of reevaluating traditional approaches in the face of modern threats. With Abstract Security leading the charge towards a more efficient and proactive cybersecurity landscape, organizations have the opportunity to elevate their security posture and stay ahead of emerging cyber risks.Learn more about Abstract Security: https://itspm.ag/abstractsec-zaoNote: This story contains promotional content. Learn more.Guest: Colby DeRodeff, CEO and Co-Founder, Abstract Security [@get_abstracted]On LinkedIn | https://www.linkedin.com/in/colbyderodeff/ResourcesLearn more and catch more stories from Abstract Security: https://www.itspmagazine.com/directory/abstract-securityView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In the bustling atmosphere of the RSA Conference, a conversation unfolded that shed light on the evolution of cybersecurity and the innovative solutions paving the way for a more efficient and effective approach to data management. Colby DeRodeff, the CEO and co-founder of Abstract Security, shared insights into the journey that led to the creation of a groundbreaking platform designed to transform the way organizations tackle data collection, analysis, and threat detection.A Walk Down Memory LaneThe dialogue between Colby DeRodeff and Sean Martin at the RSA Conference delved into the history of cybersecurity, reflecting on the shifts from perimeter security to compliance-driven approaches and the emergence of new technologies like XDR. This introspective look highlighted the need for a paradigm shift in cybersecurity strategies to keep pace with the rapidly evolving threat landscape.Challenges in Traditional ApproachesOne of the key challenges discussed was the inefficiency of traditional SIEM solutions, which often resulted in data overload, lack of actionable insights, and hefty costs associated with data storage. Colby emphasized the importance of focusing on outcome-driven data collection and detection scenarios rather than accumulating vast amounts of data with limited value.The Birth of Abstract SecurityThe catalyst for Abstract Security stemmed from Colby's experiences in previous companies, where the disconnect between data collection and effective threat detection became glaringly apparent. This realization led to the inception of a platform that prioritizes data relevance, streamlining the process of identifying and responding to security threats efficiently.Abstract Security's Unique ApproachAbstract Security's modular platform offers a refreshing take on cybersecurity data management, with a focus on tailored data collection, analytics, and storage solutions. By enabling organizations to align data sources with specific detection outcomes, Abstract Security empowers teams to make informed decisions and optimize their cybersecurity strategies.Seamless Integration with Existing Tech StackOne of the standout features of Abstract Security is its seamless integration capabilities with existing tech stacks. The platform can complement and enhance current security infrastructure without the need for rip-and-replace, offering a smooth transition towards more effective threat detection and response mechanisms.Looking Towards the FutureAs organizations navigate the complexities of cloud environments and evolving cybersecurity challenges, Abstract Security stands out with fresh innovative ideas and practicality. By reimagining the data management process and emphasizing outcome-driven approaches, Abstract Security is poised to shape the future of cybersecurity operations.ConclusionThe conversation between Colby DeRodeff and Sean Martin at the RSA Conference not only highlighted the pivotal role of Abstract Security in revolutionizing cybersecurity data management but also underscored the importance of reevaluating traditional approaches in the face of modern threats. With Abstract Security leading the charge towards a more efficient and proactive cybersecurity landscape, organizations have the opportunity to elevate their security posture and stay ahead of emerging cyber risks.Learn more about Abstract Security: https://itspm.ag/abstractsec-zaoNote: This story contains promotional content. Learn more.Guest: Colby DeRodeff, CEO and Co-Founder, Abstract Security [@get_abstracted]On LinkedIn | https://www.linkedin.com/in/colbyderodeff/ResourcesLearn more and catch more stories from Abstract Security: https://www.itspmagazine.com/directory/abstract-securityView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Renita and I had a late night conversation about how these corporations are removing remote work in the quest to gain complete control of our time. Renita Rhodes is a Vice President, Audit Manager in Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls.She supports coverage in areas such as- Cyber Threat Fusion Center,- Data Loss Protection,- Security Information and Event Management,- Cryptographic Services, and- Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.
Renita and I had a blunt discussion about what to look out for when evaluating a course offered by a tech job influencer. We discussed our perspectives on what we uncovered during our research for this episode. We also discussed some trustworthy courses and programs if you are looking for training. You can reach out to either one of us at https://www.tekordie.com/contact/ if you have any questions, comments, etc. Renita Rhodes is a Vice President, Audit Manager in Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls. She supports coverage in areas such as - Cyber Threat Fusion Center, - Data Loss Protection,- Security Information and Event Management, - Cryptographic Services, and - Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.
https://docs.google.com/document/d/17z3i5VlRzEn2tYPfb-Cx0LYpdKkbL-6svIzp7ZQOvX8 Resume Update Tips I use Kagi.com pro $300 / year but you get access to much more Search+AI but not plugins like ChatGPT so if you MUST have ChatGPT plugins you will need OpenAI Premium account but if you don't I high recommend Kagi.com Pro account with access to Assistant Beta !!! Land a Job using ChatGPT: The Definitive Guide! https://youtu.be/pmnY5V16GSE?t=192 Extensive Resume Notes https://drive.google.com/file/d/1zeYIG7tTE0BUqbRM7-hpk3VdTRc35ZkL/view?usp=sharing Ripped cybersn https://rmccurdy.com/.scripts/downloaded/knowmore.cybersn.com_20220811.txt Perfect ChatGPT Prompt https://www.youtube.com/watch?v=jC4v5AS4RIM Summary There is a formula consisting of 6 building blocks that can help generate high quality outputs from ChatGPT and Google Bard: task, context, exemplars, persona, format, and tone. The order of importance for the building blocks is task first, then context, with the others being optional but helpful. The task should clearly articulate the end goal using an action verb like "generate" or "analyze". Context provides relevant background information to constrain possibilities. Exemplars like examples or frameworks included in the prompt can improve output quality. The persona allows specifying who ChatGPT should be, like a job recruiter. The format specifies how the output should be structured, like an email or bullet points. Tone provides keywords to set the feeling, like "friendly" or "serious". Example You are a senior product marketing manager at Apple and you have just unveiled the latest Apple product in collaboration with Tesla, the Apple Car, and received 12,000 pre-orders, which is 200% higher than target. Write an email to your boss, Tim Cookie, sharing this positive news. The email should include a tl;dr (too long, didn't read) section, project background (why this product came into existence), business results section (quantifiable business metrics), and end with a section thanking the product and engineering teams. Use clear and concise language and write in a confident yet friendly tone. Example 2 ( mine ) I want you to act as a cyber security specialist for a leading consumer products company and you want to relay the importance of people understanding their data and have some idea what they want to do with it before we spend hours for the onboarding effort. Write an email to your boss, Joey , sharing this critical component of the SIEM. The email should include a tl;dr (too long, didn't read) section, example of how the team can spend many cycles onboarding data only to find the requester has no idea what they want to do with the data or it does not satisfy their use case. Use clear and concise language and write in a confident yet friendly tone. Response Subject: Streamlining SIEM Onboarding with Clear Data Objectives Hi Joey, I hope this email finds you well. I wanted to touch base on a critical aspect of our Security Information and Event Management (SIEM) process that could significantly enhance our efficiency. TL;DR: We need to ensure that stakeholders understand their data and have clear objectives before we initiate the SIEM onboarding process. This will prevent the team from spending excessive time onboarding data that may not meet the intended use cases or for which the requester has no actionable plan. During our recent SIEM onboarding efforts, we've encountered several instances where considerable time and resources were invested in integrating data sources, only to discover that the requesters were unclear about their objectives or the data did not fulfill their anticipated needs. For example, last month, the team dedicated over 40 hours to onboarding a new data source for the marketing department. After completion, it became apparent that the marketing team was unsure how to leverage this data for threat detection or compliance reporting, rendering the effort less effective. To address this, I propose we implement a preliminary consultation phase for each SIEM onboarding request. In this phase, requesters must articulate: - The specific security or compliance questions they aim to answer with the data. - How they intend to use the data within the SIEM environment. - Any particular data formats or schemas they anticipate will be necessary. By doing so, we can align our onboarding efforts with the actual needs and ensure that every hour spent is towards enhancing our security posture and providing actionable insights. I believe this approach will not only save time but also empower our stakeholders to make better-informed decisions regarding their security data needs. Looking forward to your thoughts on this. Best regards, [Your Name] Cyber Security Specialist AI Agents ProfSynapse AI Agent Video: https://www.youtube.com/watch?v=BL9x1SuNLRo&t=137s ( if you have Openai Premium it will use [tools(Vision, Web Browsing, Advanced Data Analysis, or DALL-E], ( https://raw.githubusercontent.com/ProfSynapse/Synapse_CoR/main/GPTprompt.txt ) GPT Agents (old) https://godmode.space/ needs openai key and gpt4 also enable auto approval it may go in loops just watch for that AutoGPT ( OLD ) Image I have a stupid amount of kudos https://tinybots.net/artbot Use my key under the settings for any of the web UI's for faster renders: https://rentry.org/RentrySD/#x-table-of-contents https://rentry.org/sdhypertextbook https://github.com/C0untFloyd/bark-gui ( Audio Clone ) Example 1 Photorealistic, best quality, masterpiece, raw photo of upper body photo, Swordsman woman, soldier of the austro-hungarian empire clothes, double breasted jacket with stripes, extremely detailed eyes and face, long legs, highest quality, skin texture, intricate details, (cinematic lighting), RAW photo, 8k Negative prompt: airbrush, photoshop, plastic doll, plastic skin, easynegative, monochrome, (low quality, worst quality:1.4), illustration, cg, 3d, render, anime Text Generation Example Open source Projects: my hord key : l2n6qwRBqXsEa_BVkK8nKQ ( don't abuse but I have a crazy amount of kudos don't worry ) https://tinybots.net/ Image Text etc .. Text adventures etc (Click the horde tab and use my key) https://agnai.chat/settings?tab=0 https://lite.koboldai.net Need a 24G NVRAM card really..you can load 7b with my 8G card just fine. ollama run wizard-vicuna-uncensored, falcon, Mistral 7B "You should have at least 8 GB of RAM to run the 3B models, 16 GB to run the 7B models, and 32 GB to run the 13B models." https://ollama.ai/ https://writings.stephenwolfram.com/2023/03/chatgpt-gets-its-wolfram-superpowers/ https://github.com/xtekky/gpt4free https://www.thesamur.ai/autogpt https://poe.com/universal_link_page?handle=ChatGPT https://camelagi.thesamur.ai/conversation/share?session=6040 Prompt Agent Persona example 1 Pinky from the TV Series Pinky and the Brain I find it easiest to understand responses when the text is written as if it was spoken by a Pinky from the TV Series Pinky and the Brain. Please talk like Pinky from the TV Series Pinky and the Brain as much as possible, and refer to me as "Brain"; occasionally, ask me "What are we going to do tonight Brain ?" Prompt Agent Persona example 2 Use with prompts to create a persona take Myers-Brigg personality and tritype Enneagram quiz: Example Prompt: Help me Refine my resume to be more targeted to an information security engineer. Be sure to be clear and concise with with bullet points and write it in the style of MBTI Myers-Brigg personality ENFJ and tritype Enneagram 729 Prompt Agent Persona example 3 I find it easiest to understand responses when the text is written as if it was spoken by a dudebro. Please talk like a dudebro as much as possible, and refer to me as "Brah"; occasionally, yell at your dorm roommate Jake about being messy. Training (OLD OLD OLD ) 3 photos of full body or entire object + 5 medium shot photos from the chest up + 10 close ups astria.ai https://github.com/TheLastBen/fast-stable-diffusion/issues/1173 colab: https://github.com/TheLastBen/fast-stable-diffusion pohtos: 21 resolution: 768 merged with ##### 1.5 full 8G UNet_Training_Steps: 4200 UNet_Learning_Rate: 5e-6 Text_Encoder_Training_Steps: 2520 Text_Encoder_Learning_Rate: 1e-6 Variation is key - Change body pose for every picture, use pictures from different days backgrounds and lighting, and show a variety of expressions and emotions. Make sure you capture the subject's eyes looking in different directions for different images, take one with closed eyes. Every picture of your subject should introduce new info about your subject. Whatever you capture will be over-represented, so things you don't want to get associated with your subject should change in every shot. Always pick a new background, even if that means just moving a little bit to shift the background. Here are 8 basic tips that work for me, followed by one super secret tip that I recently discovered. Consistency is important. Don’t mix photos from 10 years ago with new ones. Faces change, people lose weight or gain weight and it all just lowers fidelity. Avoid big expressions, especially ones where the mouth is open. It is much easier to train if the hair doesn't change much. I tried an early model of a woman using photos with hair up, down, in ponytail, with a different cut, etc. It seems like it just confused SD. Avoid selfies (unless you ONLY use selfies.) There is MUCH more perspective distortion when the camera is that close. For optimal results, a single camera with a fixed lens would be used, and all photos should be taken at the same distance from the subject. This usually isn't possible, but at least avoid selfies because they cause major face distortion. Full body shots are not that important. Some of the best models I trained used only 15 photos cropped to the head / shoulder region. Many of these were full body shots, but I cropped them down. SD can guess what the rest of the body looks like, and if not, just put it in the prompts. The only thing hard to train is the face, so focus on that. I no longer use any profile shots as they don’t seem to add value. I like to have a couple looking slightly left and a couple looking slightly right (maybe 45 degrees.) All the rest can be straight at the camera. Also, try to avoid photos taken from really high or low angles. If possible, it’s good to have some (but not all) of the photos be on a very clean background. On my last batch, I used an AI background removal tool to remove the background from 1/4 of the photos and replaced it with a solid color. This seemed to improve results. Careful with the makeup. It should be very consistent across all the photos. Those cool “contour” effects that trick our eyes, also trick SD. Interview from a very smart autodidact https://youtu.be/AaTRHFaaPG8?t=3279 Canva AI Presentation generator https://www.youtube.com/watch?v=Nl2gLi1MD04
In this Analyst Chat episode, Matthias and guest Warwick Ashford explore the shift from traditional to next-gen Security Information and Event Management (SIEM) solutions. Highlighting the limitations of traditional SIEM in the face of evolving cyber threats and complex data landscapes, the discussion emphasizes the need for intelligent, automated, and integrated SIEM solutions. The conversation focuses on crucial features for modern Security Operations Centers (SOCs) dealing with high costs, skills shortages, and a surge in security alerts, providing insights into navigating today's intricate digital security landscape.
In this Analyst Chat episode, Matthias and guest Warwick Ashford explore the shift from traditional to next-gen Security Information and Event Management (SIEM) solutions. Highlighting the limitations of traditional SIEM in the face of evolving cyber threats and complex data landscapes, the discussion emphasizes the need for intelligent, automated, and integrated SIEM solutions. The conversation focuses on crucial features for modern Security Operations Centers (SOCs) dealing with high costs, skills shortages, and a surge in security alerts, providing insights into navigating today's intricate digital security landscape.
In this episode of the Thoughtful Entrepreneur, your host Josh Elledge speaks to the Chief Information Security Officer Co-Founder of SIE Monster, Chris Rock.Chris Rock is not your typical CSO. He's a hacker by trade with a dual role that involves finding system flaws and presenting them at conferences like Defcon. Simultaneously, he serves as the CEO of SIEMonster, which provides security services for large enterprises. His clients range from governments to private organizations, each with unique objectives and security needs.Chris shared some intriguing stories from his work. He's uncovered employees setting up illegal activities within companies, helped track people escaping authorities in the Middle East, and dealt with a myriad of other complex situations. These stories, while fascinating, also highlight the darker side of our increasingly digital world.When asked Chris if there was any hope for a safer digital world, his response was sobering. The flaws he identified years ago still exist today, and the transition from paper-based systems to electronic systems has only increased the potential for security breaches.He also recommended using account IDs and virtual credit cards instead of traditional credit card numbers to further enhance security.Key Points from the Episode:Introduction of Chris Rock as CSO of Sea Monster and cyber mercenaryChris's work as a hacker and consultantClients and objectives of Chris's workStories and insights into vulnerabilities of systemsNeed for increased security measuresUse of tokens instead of passwords for account securityRisks of using passwords and benefits of tokensImportance of VPNs for data protectionChoosing a reliable VPN providerImportance of encryption and protecting personal informationAbout Chris Rock:As the Chief Information Security Officer and co-founder of SIEMonster, Chris has traversed the cyber landscapes of the Middle East, the United States, and Asia, lending his expertise to governmental and private entities. Renowned for his presentations at DEFCON, the world's largest hacking conference in Las Vegas, Chris has delved into contentious vulnerabilities.His talks covered topics such as the potential manipulation of Birth and Death Registration systems, the collaboration of cyber mercenaries in government overthrows, and innovative methods of bypassing jammers by utilizing the Earth as an antenna. As a thought leader, he authored "Baby Harvest," a compelling exploration of criminals and terrorists exploiting virtual babies and fabricated deaths for financial gain. Notably, Rock has graced the TED Global stage, further solidifying his status as a cybersecurity luminary.About SIEMonster:SIEMonster, established in 2015, is an innovative and cost-effective Security Information and Event Management (SIEM) solution. Founded by experienced hackers Chris and Dez Rock, the platform emerged from a recognized gap in the SIEM market. With over 20 years of penetration testing and white-hat hacking expertise, the founders and their team crafted a scalable and customizable SIEM tool. SIEMonster's pricing model doesn't penalize based on Events Per Second (EPS), offering affordability and automatic scalability as clients expand. SIEMonster incorporates automated tasks and data enrichment, reducing the reliance on external security consultants. The vision, shared by...
Join us InfoSecTrain as we delve into the world of Security Information and Event Management (SIEM). In this comprehensive podcast, we will explore the fundamental concepts of SIEM, understand why it's a crucial component in today's cybersecurity landscape, and unravel the intricacies of SIEM architecture.
By Phil Gurski
InfosecTrain hosts a live event entitled “12 Days Workshop : Cyber Awareness Masterclass for Youngsters” with certified expert ‘Ashish' ➡️ Agenda for the Podcast
Title: Episode 54 - XDR Deep Dive with Matt Robertson and Aaron Woland Hosts Bryan and Tom return with a fascinating exploration of Extended Detection and Response (XDR) in this latest episode of Conf T with your SE. We kick things off with a fundamental question - What is XDR? Our guests, security experts Matt Robertson and Aaron Woland, provide an insightful overview and outline the pressing need for XDR in today's security landscape. The discussion then veers towards understanding the key differences between XDR and SecureX, another well-known security platform. Our hosts dig into the integration of tools like Cisco Threat Response and Orchestration built into SecureX, illuminating how XDR ups the ante by bringing detection into the tool, instead of merely relying on individual security products. Robertson and Woland emphasize the importance of an open XDR platform - one that seamlessly integrates with other vendors outside of Cisco. They detail the significant role of built-in analytics in bolstering security efficacy. Addressing the limitations of Endpoint Detection and Response (EDR), the experts cite the fact that EDR can only reach about 30% of a company's assets and explain why XDR's broader scope is critical in the current context. We then delve into comparisons with Security Information and Event Management (SIEM) systems. Are they the same as XDR? Or, perhaps more pertinently, is a SIEM system enough? Lastly, the conversation steers towards the operational aspects of XDR, specifically how it can confirm, prioritize, and walk through an incident - an essential aspect of any robust cybersecurity framework. Tune in to this gripping episode to deepen your understanding of XDR and why it's vital in today's digital landscape.
Guest: David Swift, Security Strategist at Netenrich Topics: Which old Security Information and Event Management (SIEM) lessons apply today? Which old SIEM lessons absolutely do not apply today and will harm you? What are the benefits and costs of SIEM in 2023? What are the top cloud security use cases for SIEM in 2023? What are your favorite challenges with SIEM in 2023 special in the cloud? Are they different from, say, 2013 or perhaps 2003? Do you think SIEM can ever die? Resources: Live video (LinkedIn, YouTube) “Debating SIEM in 2023, Part 1” and “Debating SIEM in 2023, Part 2” blogs “Detection as Code? No, Detection as COOKING!” blog “A Process for Continuous Security Improvement Using Log Analysis” (old but good) “UEBA, It's Just a Use Case” blog “Situational Awareness Is Key to Faster, Better Threat Detection” blog and other SIEM reading MITRE 15 detection techniques paper
Are you using Microsoft Sentinel? Richard talks to Cloud Security Advocate Sarah Young about Sentinel, Microsoft's Security Information and Event Management (SIEM) solution. Sarah talks about the role of the SIEM in creating a common place for all security-related data to arrive. She mentions some of the many tools in the Microsoft suite to feed into Sentinel - Defender for Endpoints, Identity, and Cloud as examples. Specialized analysis tools send summaries to Sentinel, but Sentinel can also process raw logs as well - make sure you need the data because billing for Sentinel is connected to the number of ingress sources. There's a lot to learn, but also a lot of great documentation and information to work from. Check the show notes for links!Links:Microsoft SentinelArcSightDefender Security AlertsDefender for EndpointDefender for IdentityMicrosoft Digital Defense Report 2022Defender for CloudWhat is CSPM?Security Baselines BlogMicrosoft Security CopilotRecorded April 6, 2023
0:00 What is information security?3:50 Was the January 6th attack on the capitol a secret CYBER ATTACK?8:53 What does an Information Security analyst do?20:57 Network monitoring in Information Security: An example for job seekers26:51 Collaborating for security: A real-life example of teamwork within an organization33:37 What certifications can help you land an information security analyst job and a specific example of good cybersecurity job opportunity with a company that believes in diversity.50:10 A tricky cybersecurity interview question (and how to answer it)In this video, John and Renita dive deep into the role of an Information Security Analyst. They'll provide insights into the responsibilities of the job, the core skills you need to succeed in the role, and the certifications that will help you stand out in the job market. They'll also discuss who's currently hiring for remote Information Security Analyst positions and what kind of pay you can expect in this exciting field. Whether you're a seasoned professional or just starting out, this discussion is sure to provide valuable information for anyone interested in pursuing a career in information security. Don't miss out on this informative and engaging conversation. Error Note at the 34:18 mark. Instead of “White House”, I meant the “capitol”. Background Info:Renita Rhodes is a Lead Audit Manager-Information and Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls. She supports coverage in areas such as - Cyber Threat Fusion Center, - Data Loss Protection,- Security Information and Event Management, - Cryptographic Services, and - Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.If you got value out of this episode, subscribe to this channel and please share this conversation with someone who will benefit from it.
Renita Rhodes talks about how she was able to balance being a mom with a young child, while pursuing a successful career in cybersecurity. Despite facing several challenges such as not having an official mentor, she remained determined to succeed in a field dominated by men.As a result of her efforts, Renita found a way to balance motherhood and a successful career in tech. If you're in a similar situation as Renita was (trying to raise a family while pursuing a career in tech), then this episode is a must-listen for inspiration and motivation.Listen as she discusses her journey, her strategies for juggling family responsibilities, and her inspiring message and tips for women looking to break into tech. Background Info:Renita is a Lead Audit Manager-Information and Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls. She supports coverage in areas such as - Cyber Threat Fusion Center, - Data Loss Protection,- Security Information and Event Management, - Cryptographic Services, and - Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.If you got value out of this episode, subscribe to this channel and please share this conversation with someone who will benefit from it.
Security Information and Event Management(SIEM) solutions are only as effective as their coverage. Analytics and automation are mission-critical for eliminating hidden detection gaps and maximizing attack coverage. Join host Cameron D'Ambrosi and CardinalOps VP of Cyber Defense Strategy Phil Neray for a conversation on the latest cybersecurity threats and why orchestration is the key to a robust defense.
Renita Rhodes stops by to share her insights on how you can enter the Cybersecurity field without a lot of professional experience. Our conversation hovered on a topic that tends to generate a lot of debate: Are There Cybersecurity Jobs For People With No Experience?0:00 Renita's says don't do "this" when trying to transition into Cybersecurity.2:10 One less talked about way Renita recommends to get into Cybersecurity.6:22 A couple of non-technical Cybersecurity jobs to keep in mind.10:02 These dogs ain't loyal!
This episode of The Tech Trek explores the field of Information Security. Host Amir Bormand sits down with Rohit Parchuri, the Chief Information Security Officer of Yext, to discuss Rohit's background, experiences, and insights concerning the world of Cyber Security. Highlights 02:09 - Amir and Rohit briefly discuss the history of the CISO (Chief Information Security Officer) role. 06:23 - Rohit explains his strategies for building out Security Information teams. 10:14 - How do Security Architects fit into the Cloud Security pipeline? 14:12 - Rohit shares his insights on dealing with human issues versus technical issues. 21:52 - How to meet the needs of your team by anticipating potential challenges that may arise later. Guest: Rohit Parchuri is an accomplished Information Security executive with an established record building, structuring, and institutionalizing Cyber Security principles and disciplines in a variety of organizational domains. He is currently leading the Cybersecurity program at Yext, a bleeding-edge AI Search platform. In this role, Rohit is responsible for building and executing Cyber Security and Compliance program. In addition to his day job at Yext, Rohit serves as a Board Advisor for a multitude of technology companies and educational institutions. As a part of these roles, he assumes the responsibility of advising on Cybersecurity matters, market penetration, and product strategy while educating and assisting in curriculum building for the Cybersecurity executive degree program/s at CSU, California. Rohit graduated from Depaul University at Chicago with a Master's degree in Computer and Network Security Assurance, specializing in Application Security. He has also achieved a Master in Business Administration degree. Originally from India, Rohit is an avid hiker and tries his hand at tennis every chance he gets. LinkedIn: https://www.linkedin.com/in/rohit-parchuri/ Twitter: https://twitter.com/rohitparchuri ___ Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)
In this episode I not only have a great guest but have a great co-host as well. I had a chance to talk with Kassandra Murphy and Rich Worth about advancing your Security Information and Event Manager. Kassie talks to the importance of standardizing your data sets to increase your searchability (e.g. especially useful when sending data to your managed security operations partner). Rich will be talking to 'real world' use cases and the importance of alert aggregating and risk based alerts. Kassandra is a Senior Consulting Solutions Engineer at Splunk. Rich is the Lead Security Operation Center Analyst for Corewell Health. Talking Points:Data hygiene is the 1st stepNormalizing data as it applies to data security and being able to better search across your entire data setTechnical challenges like alert fatigueTech is advancing but still a view of security as a check the box or an after thoughAll data is security data!There are easier to way to align your data flows to things like the MITRE or NIST6 phase of logging maturity:CollectingMaturingEnriching (collation of the end point data threat landscape) ExpandingAutomation (what are repeatable processes that can be moved to save money and time) Advance Detection (via machine learning)Episode Sponsor:This episode is sponsored by Splunk. Splunk is a security observability solutions provider based out of San Francisco California.Proceeds from this episode will be going to different Autism charities - Autism Alliance of Michigan and Autism Support of Kent County
If you're feeling stuck at a toxic job and are considering making a career change to the tech industry, know that you're not alone. Many people find themselves in similar situations, and the good news is that making the switch is possible. Renita Rhodes stops by for a discussion about switching into the tech industry. Renita is a Lead Audit Manager-Information and Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls. She supports coverage in areas such as Cyber Threat Fusion Center, Data Loss Protection, Security Information and Event Management, Cryptographic Services, and Network Security Management. Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses. 0:00 Renita discusses her day as a bank security leader and adjunct professor 5:05 How to start figuring out where you want to be in tech 9:30 What about apprenticeships? Do they work? 10:25 Is the healthcare industry THAT toxic! 13:35 What's Renita's major concern? (She's not the only one that feels this way)
Security Information and Event Management (SIEM) is a great solution that helps identify threats and analyze security events to develop security incident response in real-time using ample amounts of data sources. The Next Generation SIEM uses Artificial Intelligence (AI) and Machine Learning (ML) methodologies to detect malicious events. This comprehensive blog is developed to provide the significant features of Next Generation SIEM that could enhance your organization's security posture. What is Next Generation SIEM? The Next Generation SIEM will ingest both log and flow data and use threat models to identify the threats. These complicated threat models help to detect and match threat behaviors to find the type of threat, such as a DDoS attack, brute force attack, malware infection, APTs loss of credentials, or insider attack. It will leverage ML to identify the unusual behaviors of the device, application, or user. Further, correlate these events with other rule triggers into a threat model. If a match is identified, the alert is triggered to aggregate individual threat behaviors under the Single Line Alert on the UI. The best Next-Gen SIEMs will be designed to identify the threats in less time becoming active. It helps mitigate brute force attacks, compromised credentials, and insider threats before accessing critical data. Read More: Rebuild Your SOC with Next Generation SIEM Features
In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report.We also sit down with David Burkett, co-author of Detectors as Code.David is an experienced Information Security Architect with a demonstrated history of working in the security industry in both Government and the Telecommunications / Service Provider Industries. He is skilled in Security Information and Event Management, Security Monitoring, Python, and Digital Forensics among other things.IN our talk with David about UAPs he references this video: Navy pilot describes encounter with UFOsThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Originally published on August 23, 2021. Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization's security systems, as well as event log management and security event notifications. The company Panther takes traditional SIEM The post Panther: Security as Code with Jack Naglieri appeared first on Software Engineering Daily.
Originally published on August 23, 2021. Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization's security systems, as well as event log management and security event notifications. The company Panther takes traditional SIEM The post Panther: Security as Code with Jack Naglieri appeared first on Software Engineering Daily.
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://anchor.fm/chillchillsecurity/support
In Microsoft's public cloud platform, Microsoft Sentinel is a Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) system that combines attack detection, threat visibility, proactive hunting, and threat response into a unified platform. Microsoft Sentinel is a single solution that can handle both SIEM and SOAR. A SIEM solution collects data and analyses security warnings in real-time. SOAR is a set of software solutions and tools that help businesses streamline their security operations. How does Microsoft Sentinel work?
Control System Cyber Security Association International: (CS)²AI
Derek Harp is happy to welcome Pascal Ackerman as his guest for today's podcast! Pascal is a security professional, focused on industrial control systems and he's currently the Sr Security Consultant for Operational Technology - Threat & Attack Simulation at GuidePoint Security. He has a Master's of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache. He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc. Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book. If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more! Show highlights: After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51) Pascal talks about what he did while working as a controls engineer. (8:08) How Pascal got invited to move to the US to continue with his work. (9:50) Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27) Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07) Pascal pinpoints the moment when he decided to change his career path. (16:00) Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35) A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16) Pascal talks about his book, Industrial Cybersecurity. (23:39) The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50) How Threat GEN became a company based around a game Pascal developed. (29:10) Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36) The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43) Why do you need to figure out what you like the most and focus on that technology? (37:58) Architecture will be the next big step for monitoring everything. (45:06) Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49) Links: https://www.cs2ai.org/ ((CS)²AI) https://www.linkedin.com/in/pascal-ackerman-036a867b/ (Pascal Ackerman on LinkedIn) https://www.amazon.com/Industrial-Cybersecurity-Efficiently-cybersecurity-environment/dp/1800202091 (Industrial Cybersecurity by Pascal Ackerman) Books mentioned: https://www.amazon.com/Hacking-Exposed-Industrial-Control-Systems/dp/1259589714 (Hacking Exposed by Clint Bodungen) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful...
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 41: Writing a Book to Leverage Your Expertise and Improve Your Career with Pascal AckermanPub date: 2022-06-07Derek Harp is happy to welcome Pascal Ackerman as his guest for today's podcast!Pascal is a security professional, focused on industrial control systems and he's currently the Managing Director of Threat Services at ThreatGEN. He has a Master's of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache.He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc.Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book.If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more!Show highlights:After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51)Pascal talks about what he did while working as a controls engineer. (8:08)How Pascal got invited to move to the US to continue with his work. (9:50)Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27)Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07)Pascal pinpoints the moment when he decided to change his career path. (16:00)Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35)A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16)Pascal talks about his book, Industrial Cybersecurity. (23:39)The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50)How Threat GEN became a company based around a game Pascal developed. (29:10)Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36)The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43)Why do you need to figure out what you like the most and focus on that technology? (37:58)Architecture will be the next big step for monitoring everything. (45:06)Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49)Links:(CS)²AIPascal Ackerman on LinkedInIndustrial Cybersecurity by Pascal AckermanBooks mentioned:Hacking Exposed by Clint BodungenThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his recently published Leadership Compass on "Intelligent SIEM Platforms" and explains the differences to other market segments together with Matthias.
A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his recently published Leadership Compass on "Intelligent SIEM Platforms" and explains the differences to other market segments together with Matthias.
Webster Phillips details Social Security rules and benefits on News Radio KKOB
SHOW TOPICGood to Know: Safety and Security Information with Officer Abigail EvansSPECIAL GUESTOfficer Abigail Evans, Jackson Township Police Officer Abigail Evans is currently serving as a patrol officer with Jackson Township Police Department. Formerly, she was an officer for Evans City/ Seven Fields Police Department. Officer Evans has a Bachelor of Science from Point Park University and is a graduate of the Allegheny County Police Training Academy. IN THIS EPISODE, WE WILL REVIEW• How to have a conversation with teen drivers about safety, being prepared and slowing down, especially in the winter weather months• What areas of concern this role sees with children/teens and drugs, alcohol and other risky behaviors• How this role assists the community with various safety-related mattersUSEFUL INFORMATIONhttp://jackson-township.com/public-safety/police-department/
SHOW TOPICGood to Know: Safety and Security Information with Officer Chris Miller SPECIAL GUESTOfficer Chris Miller, Seneca Valley Senior High School Student Resource Officer (SRO)Chris Miller has been a Police Officer employed by the Jackson Township Police Department for the last 13 years. He attended the University of Pittsburgh and is a graduate of the Indiana University of Pennsylvania Police Academy Class #63. IN THIS EPISODE, WE WILL REVIEW• The role of the School Resource Officer• What areas are covered with students regarding laws and law enforcement• What behaviors among teens are you seeing that you would want parents to keep in mindUSEFUL INFORMATIONhttp://jackson-township.com/public-safety/police-department/school-resource-officers/
SHOW TOPICGood to Know: Safety and Security Information with Officer Jason YoungSPECIAL GUESTOfficer Jason Young, Seneca Valley School District Safety and Security Supervisor Officer Jason Young has previous law enforcement experience most recently as a Police Officer for Jackson Township, as well as eight years working as a Deputy Sheriff for Butler County where he presented the Drug Abuse Resistance Education (D.A.R.E.) program to numerous Butler County public and private schools; organized safety lectures for teachers on active shooters; and field trained new law enforcement deputies. He also worked for nearly ten years with the Saxonburg Borough Police Department where he started as a Patrolman and was later promoted to Patrol Supervisor. Additional service includes his first year as a Patrolman with the Fawn Township Police Department in Tarentum, Pa. His training highlights include Crisis Intervention Training (C.I.T) that focuses on mental health incidents and a Field Training Officer certification through Penn State University. Officer Young earned an Associates Degree in Emergency Services-Police Services Option from Butler County Community College and attended the Municipal Police Academy (ACT 120) at Indiana University of Pennsylvania.IN THIS EPISODE, WE WILL REVIEW• What Crisis Intervention Training is and how it is beneficial to the District• What various law enforcement privileges are performed by this role• What areas of investigative technology are employed by the District to keep students and staff safe• Why building relationships with external groups is helpful in this roleUSEFUL INFORMATIONhttps://www.svsd.net/domain/2302
InfosecTrain offers Cyber Security Training & Certification. To know more about Cyber Security course and other training we conduct, please visit https://www.infosectrain.com/courses/ or write into us at sales@infosectrain.com or call us at +91-97736-67874 #siem #OSSIMfundamentals #CyberSecurity Agenda of the Session • SIEM Methodologies Garner's magic quadrant, SIEM guidelines and architecture, baselining with correlation of logs and events will be discussed. • Splunk In-Depth Industrial requirements of Splunk in various fields, Splunk terminologies, search processing language and various industry use cases. • AlienVault OSSIM fundamentals AlienVault fundamentals and architecture deployment. Vulnerability scanning & monitoring with OSSIM. • Incident response Mitre and ATT&CK for better understanding and defending.
What began as a tool for helping organizations achieve and maintain compliance, security information and event management , SIEM rapidly evolved into an advanced threat detection practice. SIEM has empowered incident response and security operations centers (Soc) analysts as well as a myriad of other security teams to detect and respond to security incidents. While there may be talk about SIEM joining the line of legacy technologies that are proclaimed "dead", SIEM has been a core system for many security teams, and in different capacities. Furthermore, SIEM (along with its evolution) has been intertwined with relevant threats in the ecosystem as well as the market in which it is used. Systems and infrastructures that security professionals must secure in 2021 are vastly different from the systems in use when SIEM first came to the scene. But even if many have decided that SIEM is a thing of the past, its underlying principles and technology remain visible in many new systems such as SOAR, XDR, MDR and other solutions that integrate SIEM capabilities. Vendors and reimaginations come and go, but SIEM prevails as a technology that should be recognized. There will always be a need for experienced individuals to work with SIEM and know how to apply it to the appropriate business touchpoints. We've put together an overview of the history, definition, use cases as well as benefits and limitations of SIEM to provide a greater understanding of its continued usefulness in any security team's toolstack. What is SIEM? SIEM stands for security information and event management. It provides organizations with detection, analysis and response capabilities for dealing with security events. Initially evolving from log management, SIEM has now existed for over a decade and combines security event management (SEM) and security information management (SIM) to offer real-time monitoring and analysis of security events as well as logging of data. SIEM solutions are basically a single system, a single point that offers teams full visibility into network activity and allows for timely threat response. It collects data from a wide range of sources: user devices, servers, network equipment and security controls such as antivirus, firewalls, IPSs and IDSs. That data is then analysed to find and alert analysts toward unusual behavior in mere seconds, letting them respond to internal and external threats as quickly as possible. SIEM also stores log data to provide a record of activities in a given IT environment, helping to maintain compliance with industry regulations. In the past, SIEM platforms were mostly used by organizations to achieve and maintain compliance with industry-specific and regulatory requirements. What brought about its adoption across many organizations was the Payment Card Industry Data Security Standard (PCI DSS) and similar regulations (HIPAA). As advanced persistent threats (APTs) became a concern for other, smaller organizations, the adoption of SIEM has expanded to include a wide array of infrastructures. Today's SIEM solutions have evolved to address the constantly shifting threat landscape, and is now one of the core technologies used in security operations centers (Soc). Advancements in the SIEM field are bringing forward solutions that unify detection, analysis and response; implement and correlate threat intelligence feeds to provide added intelligence to Socs; and include or converge with user and entity behaviour analytics (UEBA) as well as security orchestration, automation and response (SOAR). How does a SIEM solution work? A SIEM solution works by collecting security event-related logs and data from various sources within a network. These include end-user devices, web, mail, proxy and other servers, network devices, security devices such as IDS and IPS, firewalls, antivirus solutions, cloud environments and assets, as well as all applications on devices. All of the data is collected and analyzed in a centralized loca...
This is Part 2 of my interview with Angela Rizzo. Angela was the CMO of eSentire, a leading company in the cyber-security space. Since the recording of this episode she has left eSentire and is looking for her next opportunity. If you would like to get in contact with her, please just reply to this email. (For all interviews you can click on the link next to the audio player to add the stream to a podcast player).I expect to be back with an essay or briefing next week. I will also be going back to dropping a second post per week with interviews shortly. Enjoy!TranscriptEdward: This is Marketing BS. This is Part 2 of my interview with Angela Rizzo. Today, we're going to dive into her experience as CMO of eSentire. Angela, can you start by explaining what eSentire does? Angela: Yes, I'd be happy to. At eSentire, we provide an affordable, premium cybersecurity service with end-to-end proactive protection. eSentire invented a new category of cybersecurity. We call it Managed Detection and Response and I'll refer to that as MDR. MDR was invented to do two things—detect the fact that bad actors are attacking a customer environment, and then take action to contain the attack before the bad actors can do any harm.We think of these attacks in three categories—vulnerabilities, threats, and breaches. Vulnerability is defined as a weakness in a customer environment like a bad patch management practice. A threat is an exploit of the weakness by the bad actor. That's where they're trying to get into the environment. A breach is the successful exploitation of a threat. That means they're successfully able to get in. We monitor and manage for vulnerabilities, threats, and breaches. Time is critical to detect these things. Once we detect something, we then isolate and contain the attack. Edward: There are thousands of cybersecurity companies out there now. What are you doing? What is eSentire doing that's different? Or is it a matter of you're doing the same as everybody else? You're just doing it better? Angela: Managed Detection and Response is its own unique category. We have to think back to the fact that cybersecurity is a massive data analysis problem. In order to effectively provide cybersecurity protection, you have to be able to find the needle in the haystack. This is the simplest understanding of what we do.We do this in combination with three key things. First, we have our Atlas platform. There is a term that is going around right now in the analyst community and in the market called extended detection and response or XDR. This is the platform that is needed to ingest, normalize, and analyze all of this data. The second thing we do is called multi-signal ingestion. There are some cybersecurity companies out there that just ingest one signal. They'll do endpoints, or they'll do logs. We ingest multi-signals. We monitor customers' networks. We work with best-of-breed third-party companies, and we ingest their endpoint signals.We just announced our alliance with Microsoft to ingest the Microsoft Defender endpoint signal. Customers who have Microsoft licenses can work with eSentire and eSentire can manage the MDR associated with the endpoint. Edward: If a company isn't using you then, are they not analyzing these endpoints? What are the other cyber companies doing? Angela: I mentioned there were three things. You've got the platform, the multi-signal, and then the people within the SOC, within our Security Operation Center, and within our threat response units. You have to have the combination of these three things to be considered MDR, Managed Detection and Response. Many cybersecurity companies are either selling a point solution, or they're selling software, or they're claiming that they're selling MDR, when in fact they don't have all three of these things working in unison. Edward: Does a company need to use you in addition to someone else? Are there other elements in cybersecurity that you guys don't handle that they need to supplement?Angela: Yeah. Companies need to have basic security controls in place. They need to have firewalls. They need to have next-generation antivirus software. They need to have multi-factor authentication. They need to train their employees to understand phishing and not click on emails, if they don't know who these emails are from, and not click on any links. If they have these four things, these are like table stakes from a security perspective. You add an eSentire to provide this overall MDR service. That allows us to fully understand what's going on in the customer's environment so that we can hunt and contain those threats on our customer's behalf on a 24/7 basis. Edward: If I were to use the metaphor of a house, which people would understand. Someone needs to train the people in the house to lock the door when they leave, and that's not you. Someone needs to build the walls to make sure they're super secure and strong locks on the doors and plexiglass windows, and so on, guard dogs. All of that stuff is protecting the house. Your job is, hey, someone is going to actually breach the house. They come in and they try to open the door. You know when that happens and you set off the alarm so you can react. Angela: You can think of it as a house or you can even think of it instead of a house, as a small business. You've got all of this traditional security—the locks on the doors, the guards sitting at the desk, the dogs barking. Sometimes employees will open the door, like my example on phishing, employees will open the door, and let these guys in without knowing who they are. Now, the bad actor is in the building, and we can detect when they're in the building. But now they're searching. Is there personal identifiable information of the employees that I can gather? Is there a bank statement and information on customers that I can gather? Is there an intellectual property that I can gather?You think about this. We're in the digital world, and we're able to see who is actually doing these types of things in the customer's environment and have the ability to determine this isn't an employee looking at this stuff. This is somebody who got in via a backdoor. We have the ability through eSentire Managed Detection and Response to isolate that person, and to contain the threat so that this bad actor doesn't start moving laterally through the company to continue to gather more data and more information. Edward: Your company gets better as you get more clients, as you get more signals. Angela: Exactly. If you're customer number 1025, you have all the learnings from customers 1 through 1024. All of the learnings that we have had up to date are now applied to your environment. Edward: But more than that, that new customer now, because just the fact that they're on your platform, if anybody attacks them, that information gets shared to all the customers that came before them. There are positive externalities in both directions. Angela: Exactly. Edward: What do customers do that don't use you? It sounds like your product is pretty essential for protecting against these threats. Presumably, you don't have 100% market share, what is everybody else doing? Angela: There's some confusion in the market because there are a lot of people, a lot of companies that claim they do Managed Detection and Response. They're slapping the MDR label on their service, when in fact they don't. We invented MDR as I mentioned earlier. We have a very strict description and definition of what MDR is. We believe that, again, they don't necessarily have the combination of all three things and do the three things the way in which we do it—the platform, the multi-signals, and the people.There is some thought out there, and I think about that, too, as the CMO, as to why are they not banging our doors down, knocking our doors down to get our service because it is something that is very unique in the market and our customers are pretty happy. Edward: That brings me to my next question. When companies are seeking you, I know they are, is your product sold or bought? Angela: It's a service. Typical customers are small and midsize enterprises, SMBs, and small enterprises. We target companies from 250-5000 plus employees. Typically, the CISO, CIO, or head of IT are the people that are looking to buy this service.Edward: Are they out there looking for your solution? Or is it a matter of your sales calling them up and making sure they're aware that the solution exists and they should buy it? Angela: I see what you mean. Yes, absolutely. Sorry. It really gets sold. We have to sell it. We're a private company in Canada and one of the things we're working on right now is improving, and increasing our brand awareness. We do that via a variety of methods. But yes, some customers will come to us via customer references. A customer works with someone in the same industry and they've had a very positive experience. They'll refer them.We also have roughly 100 channel partners that are out there, selling eSentire to their customer base. Roughly 40% of our new bookings come from our channel. We're constantly educating the market. Part of the problem, Ed, is that a lot of people don't think that they have a problem, and a lot of these SMBs don't think that they're going to be a target. These bad actors aren't going to come after me. They're after the Marriotts and the bigger companies, and we're saying no. These bad actors are going after all companies of all sizes, and SMBs are targeted because they aren't putting these types of protections in place. Edward: I would imagine, again, you're an SMB. You have a lot going on, a lot of decisions to make, and your cash is very valuable to you because you have a high cost of capital. Going in putting money into security is downside protection rather than upside growth. Angela: The other thing is we have to convince people that they have a problem because they don't think that they really have a problem. Quite frankly, the industry has confused a lot of buyers. You go to a trade show like RSA. There's 3000 plus security packages software you could purchase. But what they don't tell you is you have to have people behind whatever you buy.Let me give you a great example, I'm sure you've heard of SIEM, Security Information and Event Management software. You put this SIEM software on your environment and it basically logs, then sends you alerts. If you're an SMB, you can be flooded with up to 10,000 alerts a day. What is a small business going to do? When I talk about finding that needle in the haystack, there's no way they're going to find that needle in the haystack if they're getting 10,000 alerts a day. You cannot hire enough people to actually do that work. That's why having a platform, being able to ingest all the signals, and then having the right people focus on those things that are truly the red flags, that's really what companies need. My job is to convince them that they have this problem, and once they understand it, the sale is actually pretty easy. But we really have to get people to understand what we do, and how we do it, and how it sets us apart. Edward: I imagine many companies treat security as a checkbox of the CEOs sees to the CTO, or the CIO, do we have security in place? The CIO goes out and finds one of these packages and buys the package, and slaps it on, and tells the CEO that they're good. Unless something goes disastrously wrong, nobody asks the right questions. Angela: That's a good point. I also think that you've got a couple of other things that are occurring. You have people that say, in order to be compliant, I have to put A, B, and C in. You go ahead and put in A, B, and C, but just because you're compliant, doesn't mean you're 100% protected. Edward: That's right. People are jumping through hoops rather than actually solving them for the problems. Frankly, most of the time, when they don't solve the problem, they'll be okay. But in some percentage of the time, they won't be. If that happens, the CIO probably points to the attackers and says, this was unavoidable. There's nothing I could have done and nobody knows any different. Angela: It's interesting because people know that they need to have basics. They need to have the next-gen firewalls. They need to have antivirus software. They need to have multi-factor authentication. They need to train their employees around phishing. Don't open an email, and don't click on a link if you don't know who it's from. You have all those things, then, you also need eSentire on top of that to provide the MDR service so that you have a service that understands fully what is going on in your environment. Again, when the red flags pop up, you have the resources at eSentire that hunt and contain those threats on behalf of our customers.Edward: You mentioned before that once you get the conversation started, your conversion rate is pretty high. How long does that take you to convince somebody that this is a real problem that they need you to solve? Angela: It depends. If a customer has already been breached, we can probably get in there and up and running in a matter of a few days. If this is a new lead that has come in through one of our webinars, or they've engaged with the website or content, it could take anywhere from two to three months to get them on board.Edward: If the first thing happens, if they've just started being breached, they feel a sense of urgency where like, we need to fix this so that it doesn't happen again, whereas if a breach has never actually happened, it feels like this is something that can always be put off to tomorrow. It might be important, but it's not urgent.Angela: Exactly. Edward: Do you need internal champions? Do you need multiple people in the organization to buy in before sales happen or if the CIO says, hey, let's do this. Does this just happen automatically or do you need to provide the CIO with materials to help convince the CEO and other people in the organization that it's worth investing in?Angela: It's interesting because typically, we work with the CISO or the CIO. From a technical perspective, they get it and they understand the value. Now, they have to go get the CFO or whoever has to approve the purchasing decision to sign off on it. I don't know if the CFO is really going to care that much about the technology. What they need to understand is, what is the risk that we are avoiding by having eSentire? What is the return on investment by making this investment in eSentire? How many people do we not need to hire? How do we ensure it again? This is basically a risk in our ROI.We provide that information to our prospects in the selling cycle so that they can go back and articulate that back to the buyer—the person who has to make the buying decision, and approve the final buying decision. Edward: How do you divide your marketing budget? How much of your budget is spent on the direct acquisition of trying to get those people that just had a breach, and they're searching for a solution to come to you, versus brand-building and content, and creating a perception in the marketplace that you're out there? Angela: It's probably 50/50 right now, in terms of building the brand because even though we have been working with MDR, even eSentire's been around since 2001, the term MDR was coined five or six years ago by Gartner. Internally, we think that we know MDR, but we still have a lot of education to do in the market especially, when you have other companies like MSSPs or other companies that are adopting the MDR term, but they're not really doing MDR. We have to educate people that, no, when we say MDR, it really means this. The people that you're talking to, our competitors, are not really doing what we define as MDR.There's still quite a bit of education that we need to do. We're spending a lot of time, quite frankly, in PR—driving more earned media, getting our experts in our threat response unit, in our operations teams, in marketing—to go out and talk about what we do and how we do it. We're getting those stories published in tier 1 and tier 2 publications to get the word out in terms of what we do and how we do it. Edward: How do you know if that's a good ROI, good-spent ROI in your spend? On the direct acquisition stuff, you can measure it. You can measure whether your click on paid search led to a lead, which led to a SQL, which led to an opportunity or a sale. But when you do that PR and the top-of-the-funnel stuff, how do you know you're not wasting your money? Angela: We watch our share of voice, which as you know, identifies how many times we get the mentions and our share of voice. We're about 20 points ahead of any other competitor in the MDR space. We measure that.Edward: Angela, a lot of companies that sell products like yours—these SaaS bit products to these SMB businesses—swear by account-based marketing, but you guys generally have not had a lot of success there. Why do you think so? Angela: For account-based marketing, I'm not simply seeing the ROI at this point. I suspect that one reason is that we rolled it out to the entire sales force and then we declared victory.Edward: You basically did what you're telling your clients not to do, which is don't just buy a software solution and check the box, and say you're done. That's what you guys did for ABM. Angela: Exactly. Guilty as charged. ABM requires focused attention and alignment for marketing and sales. You've got to have the right targeted personas, you have to have the right content. We went too big, too fast. We rolled the program out to all of the sales without a real clear focus plan on, are these the right segments? Are these the right personas? Do we have the right content?Sales reps get busy, especially, you get to the last month of the quarter, they're going to focus on closing those deals. They're not going to be focused on the ABM. They need marketing to help bring them along. What we've done is we've scaled back our efforts on ABM. We're now focused on one rep in one specific segment and she's totally bought into the ABM program. What I believe we need is we've got to build a successful program. Let's start small. Let's build this program. Let's understand what we need to do to make it work, and then let's figure out how we roll it out more widely. Edward: That makes a ton of sense. Figure out how to work at a small scale, and once you have it working, then scale it up, rather than trying to scale it up, and then figure it out after big. Angela: Exactly. Edward: Forty percent of your leads or your revenue come from these partner relationships. As a marketer, do you spend much time trying to help the partners sell more, like providing the partners themselves with tools? Angela: Oh, absolutely. I have a field marketing team that is tightly aligned with our regional vice presidents in the field. Then also, we're aligned with our vice president of channels. We are working very closely to not only enable the channel partners. We think of our channel partners as an extension of our sales team. If we're going to go out and build content for the field sales reps, we think about, how is the channel going to use this? How do we create this in such a way that if we modify it at 2%, then any channel partner can use it? They can slap their logo on it and they can leverage it.We also work with our channel leader to look at how we recruit more partners. How do we ensure that we're getting the right partners to continue to drive because the goal this year is to drive 50% of our bookings through the channel? We need to grow it by another 10%—really super tight alignment with the sales teams in the field, and with the channel sales team.Edward: Angela, thank you so much for being on the show today. Before you go, tell me about your quake book and how it changed the way you think about the world. Angela: Oh yeah, my quake book. I read this book a while back. It's called A New Earth by Eckhart Tolle. It was very eye-opening for me. His perspective is that we're so caught up with our ego and we allow ourselves to get caught up in our own thoughts. Our thoughts really are not reality. They're just our thoughts. He encourages you to focus on the present moment. The present moment is all we have. The past is gone, the future is not here yet. It's all about the present. The other thing is to help me realize that we really have no idea what other people are really going through, especially now. We just need to be kind. Be kind to each other because we just don't know what people are actually dealing with in their own lives.Edward: That's a great note to end on. Thank you so much, Angela. Angela: Thank you, Ed. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit marketingbs.substack.com
Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization's security systems, as well as event log management and security event notifications. The company Panther takes traditional SIEM security a step further. Panther processes
Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization's security systems, as well as event log management and security event notifications. The company Panther takes traditional SIEM security a step further. Panther processes The post Panther: Security as Code with Jack Naglieri appeared first on Software Engineering Daily.
Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization's security systems, as well as event log management and security event notifications. The company Panther takes traditional SIEM security a step further. Panther processes The post Panther: Security as Code with Jack Naglieri appeared first on Software Engineering Daily.
Our feature interview this week is with Nigel Thompson, VP Product Marketing at BlackBerry. News from Air France, Lumen, Colorado OEDC, Husch Blackwell, Quantum Metric, Centura Health, CISOs Connect, Zvelo, LogRhythm, Red Canary, and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Why Denver jumped to the top of Air France's list of new destinations Denver real estate: Median home price hits record, but could bidding wars be cooling? Lumen reportedly considering sale of its consumer operations for $5 billion Colorado offers $20M to draw 4 companies looking to add 1,000 jobs in state Colorado Privacy Act Signed Into Law Quantum Metric Appoints Reza Zaheri as Chief Information Security Officer to Advance Industry Standard for Data Security Q&A with Centura Health VP/CISO Sanjeev Sah: “We have to be balanced in our approach.” CISOs Connect™ Announces Winners of Inaugural CISOs Top 100 CISOs (C100) Recognition LogRhythm Recognized as a Leader in Gartner 2021 Magic Quadrant for Security Information and Event Management Report for the Ninth Consecutive Time Malicious Office Documents: What is Old is New Again Atomic Red Team adds tests for cloud and containers Job Openings: Drata - Compliance Manager Ovintiv - IT Security Analyst Pulte Financial Services - Information Security Intern Zoom - Senior Privacy Analyst CyberGRX - Security Risk Analyst Lumen - Product/Software Development /Security - Senior Lead Information Security Engineer NREL - Information Systems Security Manager (ISSM) - Manager II Denver International Airport - Senior IT Security Analyst Graebel Companies - Chief Information Security and Privacy Officer South Metro Fire Rescue - SENIOR SYSTEMS AND INFORMATION SECUTRITY ANALYST Upcoming Events: This Week and Next: ISSA C.Springs - July Meeting - 7/20 Data Connectors - Denver Virtual Cybersecurity Summit - 7/22 ISSA C.Springs - July Mini Seminar - 7/24 ISC2 Pike's Peak - July Hybrid Meeting - 7/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
This week we discuss Copilot's use of Open Source, changes at IBM and the Infinidash Meme. Plus, an update on Coté's return to Twitter. Rundown Adam Jacob on OSS (https://twitter.com/adamhjk/status/1413173291909484558) IBM Leadership Changes (https://newsroom.ibm.com/IBM-Leadership-Changes) IBM (IBM) Announces President Jim Whitehurst Leaving (https://www.streetinsider.com/dr/news.php?id=18638012) IBM Email Woes (https://www.theregister.com/2021/07/08/ibm_arvind_email/) IBM insiders say CEO Arvind Krishna downplayed impact of email troubles, asked for a week to sort things out (https://www.theregister.com/2021/07/08/ibm_arvind_email/) Amazon Eyeing 'Rebel Alliance' With Dropbox, Slack To Challenge Microsoft: Insider (https://finance.yahoo.com/news/amazon-eyeing-rebel-alliance-dropbox-173352783.html) New mystery AWS product ‘Infinidash' goes viral — despite being entirely fictional (https://www.theregister.com/2021/07/05/infinidash/) Relevant to your interests Who's Winning in the Container Software Market (https://www.datacenterknowledge.com/cloud/whos-winning-container-software-market) Do the costs of the cloud outweigh the benefits? (https://www.economist.com/business/2021/07/03/do-the-costs-of-the-cloud-outweigh-the-benefits) After Jeff Bezos: the changing of the guard at Amazon (https://www.ft.com/content/7475ae98-7e25-4d6f-8470-e8b9effb0ee7) Russia Linked Group Hacks 200 Businesses With Ransomware (https://www.youtube.com/watch?v=mzTD2pkJHs4) A Large Ransomware Attack Has Ensnared Hundreds of Companies (https://news.google.com/articles/CAIiEGqxeYOWfy8AZ_smpDvRjdoqGQgEKhAIACoHCAowipWZCzCan7EDMKS42wY?hl=en-AU&gl=AU&ceid=AU%3Aen) Independence Day: REvil uses supply chain exploit to attack hundreds of businesses (https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/) Gurman: Apple rapidly expanding outside of Silicon Valley as it struggles to recruit and retain talent (https://9to5mac.com/2021/07/04/apple-expanding-silicon-valley-talent/) Are you ready to become a TV company? The future of tech events is media. (https://redmonk.com/jgovernor/2021/06/29/are-you-ready-to-become-a-tv-company-the-future-of-tech-events-is-media/) Magic Quadrant for Security Information and Event Management (https://www.gartner.com/doc/reprints?id=1-26Q47L81&ct=210706&st=sb) We Replaced Splunk at 100TB Scale in 120 Days (https://medium.com/lets-xplore/how-we-replaced-splunk-at-100tb-scale-in-120-days-e5a59db63f6) Roblox partners with Sony Music to connect artists with money-making activities in the metaverse (https://techcrunch.com/2021/07/06/roblox-partners-with-sony-music-to-connect-artists-with-money-making-activities-in-the-metaverse/) Russia ‘Cozy Bear' Breached GOP as Ransomware Attack Hit (https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee) Apple and Google crowd out the competition with default apps (https://www.theverge.com/2021/7/7/22549338/apple-google-apps-comscore-study-facebook) Layoffs hit a record low as companies hold onto employees for dear life (https://www.axios.com/layoffs-all-time-low-656979a1-38e0-48d4-b3bb-5ad9b5345aa3.html) TikTok wants you to send video resumes directly to brands to land your next gig – TechCrunch (https://techcrunch.com/2021/07/07/tiktok-resumes-job-applications/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEHDmvKOaaLh3HshMxX8UZq11CLj9pXU9brF854gAzMY59GYmPKqB6viF4iJzAuAll_J1nhSSYrbuxaDvrWBA_9HSRY2kKHeI9hwg8vntjRda0KWK7eG3cTUThM4-snNbwX01cesPdy6l_dJu_5PzpHOStKn1i2qEKOb9sGh1FhO) Box claims activist investor wanted in on deal it publicly opposed (https://www.axios.com/box-activist-investor-starboard-deal-opposed-kkr-02f529dd-6870-41b3-8f5b-de5c89033859.html) Nonsense job description: must be willing to work in a fast-paced unpredictable high-energy environment (https://twitter.com/_robertschultz/status/1412470172485521408?s=21) Puppy in a cone is 2% unhappy? (https://twitter.com/mattray/status/1412594479895175170?s=21) Google Reader (https://twitter.com/ronamadeo/status/1412909940474265602?s=12) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at: strongdm.com/SDT (http://strongdm.com/SDT) Conferences RabbitMQ Summit (https://rabbitmqsummit.com), July 13-14 Carolina VMUG (https://www.vmug.com/vmug2019/events2/power-sessions/network-security-power-session), July 22nd - Coté giving a talk on DevOps metrics, and BEYOND! THAT Conference, (https://that.us/activities/call-for-counselors/wi/2021) July 26-29, Special Promotion (https://that.us/promo/claim?eventId=7wiuRWI7EZjcdF4e9MDz) SpringOne (https://springone.io), Sep 1-2 SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) and LinkedIn (https://www.linkedin.com/company/software-defined-talk/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Some Kind of Heaven (https://decider.com/2021/01/14/where-to-watch-some-kind-of-heaven-doc/) Coté: Newsify (https://newsify.co) Photo Credit (https://unsplash.com/photos/5vPDKmMvBkk) Photo Credit (https://unsplash.com/photos/L4YGuSg0fxs)
The New York Times just reported on a leaked tape of the Iranian Foreign Minister admitting that John Kerry leaked secret intelligence information about Israeli strikes on Iranian targets on Iran, during the Trump Presidency. This has direct implications on Isreal and US national security interests. How can Israel trust the Biden administration that allows Kerry to remain on the National Security Council? What will the Biden administration do about this revelation?
Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Show Notes:Links: All Layers Are Not Created Equal”: https://blog.paloaltonetworks.com/2019/05/network-layers-not-created-equal/ Help Net Security article: https://www.helpnetsecurity.com/2021/04/06/john-kindervag-zero-trust/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That's extrahop.com/trial.Last week, I talked about Zero Trust as an office building where you have different ways of getting access to different parts of the building. Now, we're going to talk about Zero Trust architecture or ZTA. That always makes me think of a ZA plan. What's your plan? When the zombie apocalypse comes, you need to have Zero Trust. You do not trust anyone until you've confirmed that they are in fact, not a zombie.But how do you do this? Well, first you have to define what a zombie is and you have to define what a human is. And you also have to define what kind of resources that they get to access. Zombies don't get to access anything, especially not brains. But humans, they get to access all kinds of things: defensive positions, food, resources, medicine, shelter, and you have to confirm their identity every single time that they want to access something.How do you do this? Well, the first thing you have to do is to find this, kind of, statically. Jesse comes up, shows he's not zombie, gets something out of the kitchen. Next time, Jesse comes back, wants some medicine. You check; yep, Jesse's still not a zombie; he gets to have some medicine.However, in a Zero Trust world, what if one time somebody comes along, looks like Jesse, but he's actually a zombie? He doesn't get access because the risk has changed. This is exactly what Zero Trust is all about. It's doing authentication and then authorization based on the current context, what's happening right now. You let somebody in until it become a zombie.You let an account into your resources to use your applications until it looks like it's probably an attacker and not the actual real person behind that account. See how they are just like? When you're implementing Zero Trust architectures, it's not quite so as simple as seeing if somebody's flesh is rotting off their bones. So, what is in a Zero Trust architecture? Well, there's some basic components.For instance, you have policy engine, which is basically what determines what the rules are and how they are applied in context, and you have Identity and Access Management—or IAM—and that is how you authenticate and how you determine whether an account actually is being driven by the person or thing that it should be. There's of course monitoring systems to gather and report on your environment, and then you have a SIEM—or Security Information and Event Manager—and an optional security orchestration automation and response or SOAR tool. And the reason for this is so that you can change the architecture and the environment based on the current status of things. So, the policy engine can alter the environment in a feedback loop. And so the policy engine itself, as you can tell, is the brains behind everything, it sits in the middle and it drives the Zero Trust architecture to implement Zero Trust model in your environment.So, how does this work? Well, if you talk to John Kindervag, the original creator of the Zero Trust model, he recently has an article where he was interviewed and he talked about some of the methodologies of doing this. So first, you define your protective surfaces—what are you protecting—then you map the transaction flows, what things are talking to other things, what systems are working together? How do your applications work? And then you architect the environment, so you have to put controls where the data or the services are, right?So, right at every single application, which is great in a cloud environment, especially if you're doing things like using Lambda functions, microservices, serverless functions, as well. And then you create a Zero Trust policy, and you do that by using the Kipling Method, which is the journalistic method of who, what, when, where, why, and how. There's even an article that he wrote—John Kindervag that is—a couple of years ago, and he talks about how that applies.It's a great reading, but the main thing you have to get out of that is you have to answer all of these questions about what's happening in your environment. And then lastly, you monitor and maintain your environment. You gather telemetry, you do machine learning and analytics, and you look at risk analysis, and you have automated responses going through your SOAR platform. Those are the five key things. In short, this is what you should take away from that article on Help Net Security.One, define your protective service. Two, map your transaction flows. Three, architect your environment. Four, create your policies, your Zero Trust policies using the Kipling method. And five, monitor and maintain your environment just like anything else. Make sure it's working, tune it, tweak it, evaluate it constantly.This is a never-ending cycle where you should always be analyzing, tuning, changing because your environment that you're protecting changes. And also the risks that you have will migrate and change over time. And technologies change; you're going to be moving things, swapping things out, implementing new things. You have to keep this in mind and go through this cycle over and over again, always defining what the new thing is, figuring out how that interacts with other things and how accounts access data and resources within it. And also following your business; how are things changing in your organization? What other types of things are needed for you to do and to protect the environment as close as possible to those new services and those new data sources?Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Let's do a quick example. You have a fictitious service running on an EC2 instance and it plugs into your IAM—remember that Identity and Access Management tools. You have monitoring on it, you've got the logs going places, it has a security event manager looking at it, so your SIEM's got it covered. And you've got your store platform has the ability to create accounts, shut it down, do all the things to it. Your Zero Trust policies indicate that if an employee has put in their notice, or they've otherwise been put on a watch list because management a little worried about them or HR is investigating them, then they cannot access this resource.So today, I log in, I authenticate using IAM, I used my correct multi-factor authentication. It is successful, and then I go to access your application and the Zero Trust policy engine says, “Yep, Jesse can now get in.” And then tomorrow, I put in my notice in the morning and I've got two weeks left. I go to log in to use your service, but today I'm on the watchlist. And so your service goes to the policy engine, says, “Can Jesse login?” And the policy engine says, “Hey. So, he's authenticated correctly; he does not have an increased risk score except for this anomaly where he's also in the watchlist.”Now, suddenly, Jesse doesn't get access to that particular resource. And if I get an offer to stay and I rescind my notice, and now I'm off the watch list and now I'm back, so in theory, I should be able to access that same application. However, you could also put in rules that says if somebody rescinds their notice and they stick around, they stay in a watchlist for a while. So, perhaps you do allow me access to that system, but you do better monitoring on what I'm doing in that system. Or even better yet, I can only access some of those resources, not all of them available in that application.If you design your infrastructure correctly, and you design your applications in a dynamic fashion that allows this to happen with granular rule sets for permissions inside of the application or resource, then you can do this kind of nuanced access through the policy engine that you cannot otherwise do in a traditional format where it's just, you're in and you get everything. This is even better than role-based access controls because it's granular permissions about individual little things that I can access or do and that application. That's a good primer on how to think about implementing your own Zero Trust architecture.Now, for the tip of the week. I cannot stress enough this point to secure your cloud storage. Everyone says this; all the cloud people get tired of hearing it. I know. So, do I. However, all of us have had some permissions somewhere that we didn't change, or we changed to the wrong thing—“Oh, we're just going to do this to test for a little while.”—and then it's like the days of yore with anonymous FTP sites, and suddenly there's a wide-open, world-readable and world-writable upload and download site for [whereas 00:10:47] and other nasty things you don't want in your infrastructure.So, you open your cloud storage, like S3 buckets, and it's just free storage for anybody and everyone. Or even worse, it is something that you do not want the world to see: your secret plans for your next go-to-market strategy. So, just go to your cloud provider, like AWS's own documentation has a topic called, “How can I secure the files in my Amazon S3 buckets?” Just go read it; go do it. Every time and every single time you come across storage that you haven't seen before, audit it. Audit your storage regularly; make sure that somebody hasn't changed permissions just to test this one thing. We all know that all changes are permanent until replaced. And that's a wrap for the week, folks. Securely yours, Jesse Trucks.Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Security Information and Event Management (SIEM) is a part of an organization's big data analytics toolset. Effective cyber security approaches require a tool to effectively manage and control attacks to their systems. The level of sophistication of attacks and the the sheer scale of attacks require a level of automation that wasn't readily available even a decade ago. Now, big data analytics tools offer a SIEM solution as part of its offering, providing security experts with the functionality that they need to get ahead, stay ahead and automatically respond to security threats. In this episode, Amyn Visram will share his knowledge on this important and quickly growing area within Information Technology. Skip Right to the Interview: 00:01:59 About Amyn Visram Amyn Visram is the founding principal and Senior Consultant at Halvis Consulting Inc. His company, headquartered in Calgary, provides Splunk professional services to customers throughout North America and specializes in the best-practice design and delivery of Splunk machine data collection, data analytics, security, and information event management, and IT operations solutions, to name a few, for clients ranging from small businesses to Fortune 500 companies. Amyn has over thirty years of experience in the Information Technology industry and has had the opportunity to work with clients across the globe in a multitude of industries ranging from multinational oil companies to Silicon Valley startups to federal and provincial government agencies. Amyn's long history of consulting and providing smart, current solutions has enabled him to evolve in an ever-growing, constantly changing, industry. Connect with Amyn www.halvis.com LinkedIn
Santa Thangavel is one of the sharpest minds in industrial networking. He's accomplished great things in his career and shares about his journey to industry. He attended the University of Texas and after graduation has served in several roles supporting the evolution of technology in industry. He offers great advice to others around not limiting your thinking about your career. As he puts it if you have the skills and experiences you can land wherever you desire.He is an avid outdoorsman and a bit of an adrenaline junkie! Santa once zip lined over 150 live alligators and is always trying to find ways to get in the great outdoors. He is a proud new father to a beautiful baby girl and is a dedicated family man. Check out this episode to hear why Santa is one of our heroes! Guest: Santa Thangavel - Automation Network Engineer at ABBHost: Chris GraingerExecutive Producer: Adam SheetsSpecial Note* - Since recording this episode, Santa took a new position as an Automation Network Engineer at ABB. We wish him the best in his future endeavors.
In this episode Michael, Sarah, Gladys and Mark talk with guest Ofer Shezaf about Azure Sentinel. In the news we discuss Azure Security news for the following services: Azure Security Center, HDInight, Azure Attestation and IaaS SQL Server using Secure Enclaves. Gladys covers some of the material she learned this week about Privileged Access Workstations (PAWs), especially in light of Solorigate. PAWs are not just for tier-0 admins, but also for developers. Mark covers Azure Security Benchmarks, extending threat and vulnerability management to macOS and shares details about Cybersecurity Maturity Model Certification (CMMC) Workbook.Ofer is a Principal Product Manage in the Azure Sentinel team and has years of experience building Security Information and Events Management (SIEM) systems.Ofer also discusses the history of Azure Sentinel and shares some of his insightful philosophies about SIEMs.
Today I will discuss: 1. Why are managing the logs a big trouble for the companies? 2. Why is SIEM so crucial for cybersecurity? 3. How does SIEM work? Watch
Ariel Assaraf (@ArielAssaraf, CEO at @Coralogix) talks about the evolution of SIEM technologies, today's common use-cases, how SaaS migrations impact SIEM, and how AI/ML is improving functionality. SHOW: 468SHOW SPONSOR LINKS:Datadog Security Monitoring Homepage - Modern Monitoring and AnalyticsTry Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirt.CloudAcademy -Build hands-on technical skills. Get measurable results. Get 50% of the monthly price of CloudAcademy by using code CLOUDCASTDivvyCloud - Achieve continuous security & compliance. Request a free trial today!DivvyCloud - The best mistakes are the ones that don’t happen. Learn how IaC offers preventive cloud security.CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwPodCTL Podcast is Back (Enterprise Kubernetes) - http://podctl.comSHOW NOTES:Coralogix websiteWhat is SIEMTopic 1 - Ariel, welcome to the show, tell us a little bit about yourself and how you got involved in the SIEM space?Topic 2 - Let's start with some basics. SIEM (pronounced SIM with a silent E) or Security Information and Event Management isn’t new but it is the combination of a few different security trends. Explain to everyone your thoughts on the evolution of this industry and how we got here.Topic 3 - How does it work and why is it important and what benefits? What are the primary use cases you see at Coralogix today?Topic 4 - I have to ask the flip side, where are the rough edges and limitations typically?Topic 5 - How does the trend towards migration of “as a service” offerings affect SIEM? What’s left to monitor?Topic 6 - This sounds like an area where AI/ML could play a role as well, what advancements and trends do you see here?Topic 7 - For listeners new to the topic, how can they get started and learn more?FEEDBACK?Email: show at thecloudcast dot netTwitter: @thecloudcastnet
This week’s Pipeliners Podcast episode features first-time guest Jim Linn of AGA and DNG-ISAC discussing pipeline cybersecurity, analysis, and information sharing. In this episode, you will learn about the importance of cybersecurity for the pipeline industry, how information is gathered to support ISAC, and how the DNG-ISAC determines potential cybersecurity threats. You will also learn about cybersecurity progress made in the industry from several years ago until today. - Access the show notes and full episode transcript at PipelinersPodcast.com.
Podcast: Pipeliners PodcastEpisode: Episode 145: Security Information Sharing & Analysis with Jim LinnPub date: 2020-09-15This week’s Pipeliners Podcast episode features first-time guest Jim Linn of AGA and DNG-ISAC discussing pipeline cybersecurity, analysis, and information sharing. In this episode, you will learn about the importance of cybersecurity for the pipeline industry, how information is gathered to support ISAC, and how the DNG-ISAC determines potential cybersecurity threats. You will also learn about cybersecurity progress made in the industry from several years ago until today. - Access the show notes and full episode transcript at PipelinersPodcast.com.The podcast and artwork embedded on this page are from Russel Treat, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Brad White the Founder & CEO of Epstein & White Retirement Solutions joins us to discuss the benefits of marketing Social Security information. Many financial advisors avoid doing educational workshops around Social Security. This may be because they don't get paid to manage Social Security, or because they feel like the type of prospect they get can vary too much with Social Security as a topic. Brad White talks about the success his firm has had using Social Security Workshops as an educational topic and how he presents the topic in a way that not only benefits the attendees but also the financial advisor presenting.
Had the weirdest dream! --- Send in a voice message: https://anchor.fm/bigdcountry/message Support this podcast: https://anchor.fm/bigdcountry/support
Guest: Kirby Chong – Chief Information Security Officer The post Pengantar: Security Information & Event Management – E24 written by Faisal Yahya appeared first on Bincang Cyber.
Dan Eppich, CIO (and former CISO) at The Anschutz Corporation is our feature guest this week. News from: Newmont, Pax8, Richey May, Lares, Coalfire, LogRhythm, Red Canary, Automox, Intelisecure and a lot more! If you’ve got too much money - slot machines got you covered Slot machines are going online. Newmont is rolling out autonomous vehicles. Pax8 is hiring a lot of people. Richey May, Lares, Coalfire, LogRhythm, Automox and Intelisecure have news this week. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Can’t touch this: Real slot machines controlled online Colorado mining giant to spend $150M to roll out autonomous vehicles in 2021 Exclusive: 'Homegrown' tech company confirms Colorado expansion, 1,800 new jobs OCIE Cybersecurity Update for Market Participants Lares Continues Global Expansion to Meet Growing International Demand for Trusted Cybersecurity Solutions The Significance of the NIST Privacy Framework LogRhythm Named a Leader in 2020 Gartner Magic Quadrant for Security Information and Event Management for Eighth Consecutive Time The Third Amigo: detecting Ryuk ransomware The State of Data Protection: Future-Proof Your Information Security Technology Investments Patch Management vs Vulnerability Management Job Openings: Ping Identity - Product Security Engineer Ping Identity - GRC Analyst - BCP & IR Ping Identity - Senior Infrastructure Security Analyst Western Union - Information Security Governance Lead Optiv - Principal Incident Management Consultant NREL -Cyber Security Analyst Janus Henderson - IT Operations Risk & Business Continuity Manager Guild Education - Threat and Vulnerability Manager IHS Markit - Operational Assurance and Compliance – Associate Director Zoom - Sr. Security Analyst, Threat Hunting Upcoming Events: This Week and Next: ISSA Denver - Privacy By Design Workshop - 2/24 ISC2 Pikes Peak - February Chapter Meeting - 2/26 SOAR w/Swimlane @ Highland Tap and Burger - 2/27 Salesforce Tower Ohana Floor Tour @ RSA - 2/27 SecureSet - Using Vault to Better Protect your Secrets with Bryce Verdier - 2/27 DerbyCom - February Meeting - 2/28 DC303 Monthly Meetup - 2/28 C.Springs - Cyber Space Game Jam - 2/28-3/1 CTA - TECH DAY AT THE COLORADO CAPITOL - 3/3 Secure Set - Capture the Flag ALL LEVELS - 3/4 Splunk 1st Thursdays @ Top Golf - 3/5 SnowFROC 2020 - 3/5 ISSA C.Springs - Security + Exam Preparation Seminar - 3/7 (1 of 3) Other Notable Upcoming Events RIMS 2020 - 5/3-6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
DailyCyber The Truth About Cyber Security with Brandon Krieger
In today’s DailyCyber Podcast I discuss the top Cyber Security solution providers and the Cyber Security solutions that you should be aware of: Top Cyber Security Solution Providers Beyond TrustBlack Berry - CylanceCarbon BlackCheck Point Cisco CrowdstrikeCyberArk Dark TraceForce Point FortinetKnowBe4 IBMPalo AltoProofPoint RSA NetworksSymantecSplunk SophosTransmit SecurityTrendMicroVectra Top Cyber Security solutions Categories: SoftwareHardware Services/Consulting Different Solutions: -Data Loss Prevention-Identity and Access Management - IAM-Priviedge Access Management - PAM-Risk and compliance management -Encryption-Unified Threat Management (UTM)-Firewall -Antivirus/Antimalware Solutions -Intrusion Detection Systems (IDS)-Intrusion Prevention Systems (IPS)-Network Detection System (NDS)-Network Prevention System (NPS)-Disaster Recover -Email Security -End Point Security -Network Detection Security -Security Information and Event Management (SIEM) -Advance Threat Protection (ATP)-Cloud Access Security Broker -Secure Web Gateway -Internet of Things Security (IoT)-Network Access Control (NAC) To learn more watch the video or listen to the podcast www.DailyCyber.ca and comment below
Sid explains the challenges faced by today's organizations due to various factors - users logging on to multiple devices, threats posed by insiders, how it is becoming increasingly easy to launch a cyberattack, and much more. He also explains how a SIEM (Security Information and Event Management) solution can go a long way in enabling you to secure your environment.
Bill Wills Spoke With Mister Social Security Tom Hager on how much do you know about your Social Security and what Is FICA? Great Information and questions answered about social security in this podcast interview.
IT Manager Podcast (DE, german) - IT-Begriffe einfach und verständlich erklärt
In dieser Folge dreht sich alles rund um das Thema SIEM, also Security Information and Event Management. Wie SIEM beim Erkennen und Kategorisieren von Bedrohungen unterstützt und welche Vorteile sich hinter den verschiedenen Lösungen verbergen erfahren Sie natürlich beim IT Manager Podcast. Viel Spaß beim Zuhören! Wollen Sie auch einen IT-Begriff einfach und verständlich beim IT Manager Podcast erklärt bekommen oder selbst einmal in einem Interview dabei sein und eine Episode unterstützen? Dann schreiben Sie uns gerne eine E-Mail: ingo.luecker@itleague.de
In this episode: Richard Bird, Chief Customer Information Officer at Ping Identity is our feature interview this week. News from: Left Hand Robotics, Molson Coors, Ball Corp, Exponential Impact, Red Canary, Ping Identity, LogRhythm, Swimlane, Webroot, ProtectWise and a lot more! Just in time! Let these robots worry about my snow Left Hand Robotics can take care of your snow worries. Molson Coors and Ball Corp are well managed. Exponential Impact is getting some extra fuel. Louisville is stealing all our best ideas! Red Canary gives advice for security careers. Ping has a new product. LogRhythm, Swimlane and Webroot all won some awards this week. It’s prediction season! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com Local security news: Join the Colorado = Security Slack channel Colorado startup starts shipping snow-fighting robots, but expects lawn maintenance to be the money-maker Molson Coors, Ball Corp. lead Colorado companies on Management Top 250 list These will be the top 10 housing markets in 2019 Tech accelerator Exponential Impact earns $750,000 injection CSU-Global Partners with Colorado Technology Association Red Canary blog - Surfing the Mid-Career Wave: 5 Steps to Making Your Next Move Ping Identity previews new product for app developers LogRhythm Positioned as a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Swimlane Commands Recognition in Four Awards Competitions Webroot Recognized as Trail Blazer in 2018 Radicati Endpoint Security Quadrant 8 Cybersecurity Predictions for 2019 ProtectWise blog - 60 Cybersecurity Predictions For 2019 Job Openings: Ping Identity - GRC Analyst Ping Identity - Security Program Business Analyst Western Union - IT Senior Manager, Internal Audit NREL - Chief Cybersecurity Engineer CenturyLink - Senior Security Research Engineer Elastic - Application Security Engineer Bank of America - Cybersecurity Ethical Hacking Analyst Synoptek - Sr. Security Consultant GuidePoint Software - Splunk Security Engineer DarkOwl - IT Infrastructure Specialist Micro Focus - Security Strategist Upcoming Events: This Week and Next: ISSA / ISACA Holiday Bash - 12/10 SecureSet - Denver War Games: Systems Security 1 - Linux Security - 12/10 SecureSet - Denver War Games: Systems Security 2 - Windows Security - 12/12 SecureSet - Nadean Tanner - Metasploit Pro Demonstration and Q&A - 12/13 SecureSet - Denver War Games: Capture the Flag - 12/17 Other Notable Upcoming Events SnowFROC - 3/14 Rocky Mountain Information Security Conference (RMISC) - 6/4-6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
In this first episode of People of Tech, a brand new podcast, our host Charles Commins speaks to the interim DPO at the Bank of England, [Steve Wright](https://www.linkedin.com/in/stevewright1970/). At the time of recording, Steve was Data Protection and Security Information Officer at John Lewis & Partners. Steve Wright has worked in the field of information security for 25 years. He has worked for some of the biggest brand names in the world including Siemens, Unilever and Deloitte. He has worked for John Lewis and Partners since April 2016 and is a prominent name in his field, often sharing his insights as a guest speaker at conferences held throughout Europe. Steve discusses the digital transformation he has witnessed in his current role at John Lewis and gives his opinion on the state of the cyber security industry after a turbulent year that has included the hacking of British Airways. You can find out more about Steve at his [website](https://www.privacyculture.com/).
LeetSpeak with Alissa Knight Episode 4: Security Information and Event Management (SIEM) and AlienVault USM/USM Anywhere Product Review Alissa Knight does a thorough review of AlienVault USM/USM Anywhere following their recent acquisition announcement by AT&T. Alissa decomposes the AlienVault ecosystem, helping you better understand what USM/USM Anywhere is; the agent-server-logger architecture, and its recent move to support federated cloud environments. Join Alissa Knight in this week's new episode of LeetSpeak where she demystifies Security Information and Event Management (SIEM) solutions and gives a product review of the AlienVault USM/USM Anywhere SIEM/UTM Solution.
Paulo Sant’anna reencontra o especialista em Segurança da Informação Rodrigo Montoro (@spookerlabs), da área de Pesquisa, Desenvolvimento e Inovação da Clavis, para uma conversa sobre o Octopus. Quais foram as motivações para a criação do Octopus? Rodrigo comenta que uma situação comum em muitas empresas é o orçamento limitado para compra de soluções de segurança, estas com valores altamente elevados. Paralelo aos orçamentos apertados, os produtos de SIEM foram muitas vezes vendidos como “caixas mágicas”, no qual você plugaria ela na sua rede e teria relatórios alertandos para seus problemas de segurança, fraudes e atividades maliciosas, fazendo com que projetos onde foram investidos milhões sem resultado esperado. E para finalizar, sempre temos que pensar que conhecimento e experiência trarão resultados e não o produto em si. Octopus-Clavis-SIEM É mais um produto SIEM tradicional de mercado? O Octopus não é um produto de prateleira tradicional, mas sim uma solução que visa entregar inteligência na correlação de eventos e análise de ameaças. A empresa adquire o expertise da Clavis. A solução utiliza várias ferramentas open-source, como o ELK, tema do SegInfocast #25, o que torna possível até um entusiasta montar um Octopus próprio, se desejar. Quais as funcionalidades? O Octopus é um serviço, totalmente escalável e customizável. Ele também consegue extrair informações de diversas fontes para correlação de eventos sem cobrança adicional de conectores. E os benefícios? Trata-se de um serviço contínuo (24×7) e se beneficia da proteção ativa contra novas ameaças com a combinação de fontes diversas e proporciona aos clientes, visibilidade do ambiente através de dashboards. Se você quer saber mais detalhes sobre a solução, visite o site da Clavis! Rodrigo “Sp0oKeR” Montoro é certificado LPI, RHCE e SnortCP com 15 anos de experiência em Open Source. Atualmente trabalha como pesquisador na Clavis. Anteriormente trabalhou na Sucuri Security e Spiderlabs. Já palestrou em inúmeros eventos no Brasil (FISL, CONISLI, Latinoware, H2HC, BSides), EUA (Source Boston / Seattle, Toorcon, Bsides Las Vegas) e Canadá (SecTor). Possui 2 patentes na detecção de Malwares (PDF e cabeçalhos HTTP), resultados de suas pesquisas. Fundador e evangelista da comunidade Snort no Brasil desde 2003. Nas horas vagas faz triathlon e corrida em trilhas.
Security Current podcast - for IT security, networking, risk, compliance and privacy professionals
SIEM stands for Security Information and Event Management. SIEM is continuing to grow in usage but where does it stand in terms of cloud deployments and what is its cloud-based market share? Gartner's Dr. Anton Chuvakin challenges the idea that one can compute market share for "Cloud SIEM" products because they actually don't quite exist, yet. While he acknowledges that there are some "almost" SaaS (Software as a Service) SIEM products and services, true cloud-based SIEM solutions are not available. In conversation with Security Current's Vic Wheatman, Dr. Chuvakin provides a taxonomy for SIEM and describes for the definitional differences.
Government security clearance is not necessary to find vital information about country conditions and potential threats before traveling overseas, according to experts. “You don’t need … Continued
Security Current podcast - for IT security, networking, risk, compliance and privacy professionals
How big a market is Security Analytics? If you ask our guest, Gartner Research VP Dr. Anton Chuvakin you'll hear that there actually is no specific or defined market called Security Analytics. He says that while there are technology providers offering products or services so labeled they all do somewhat different things in different ways. There are vendors who look at packets, others that look at logs or roles and those that look at malware among other things and they all carry a label of analytics but according to Dr. Chuvakin the fact that all of the vendors do different things indicates that there is no market that you can just go to and buy a security analytics product. Organizations need to self define what they want to analyze and then assemble the required pieces and perhaps integrate with a Security Information and Event Management (SIEM) system, which is in some cases is essential for aspects of security analytics to work. In any case, the buy versus build discussion becomes much more than binary. Dr. Chuvakin explores this largely undefined territory with Security Current's Vic Wheatman.
In November of 2014, hackers infiltrated Sony's computer network lifting terabytes of corporate data, human resources information, internal intel, films, corporate emails, and other valuable information. This led the corporate world to question how protected we really are from cyber attacks. In the 1990's, the only computer issue was viruses, but the attack vectors have since changed. Companies and individuals are now subject to spear phishing, spyware attacks, malware, drive-by downloads, and browsers. What steps are now necessary to keep hackers from accessing your valuable data? And on a separate but equally interesting subject for lawyers, who really was behind the Sony attack? In this episode of Digital Detectives, hosts Sharon Nelson and John Simek analyze the progression of data security over time, look into data loss prevention steps, and consider each potential suspect of the Sony hack. Nelson describes the internet security suites that have been developed to include protection from all different types of attacks. However, she explains, these security systems are unlikely to keep out a sophisticated and determined hacker who is specifically targeting a corporation, law firm, or individual. The newer systems simply try to detect the infiltration and respond to it, observing what data is compromised and trying to identify the hacker. Simek explains several systems that are being used for security including data loss prevention, intrusion detection, and Security Information and Event Management (SIEM) products which correlate data to figure out what's normal. Nelson and Simek then go on to analyze why Sony was attacked and who may have done it. The hosts explain security blogger Bruce Schneier's theories on the suspects ranging from an official North Korean military operation to a disgruntled ex-employee. Listen to the podcast to hear the hosts' strong case for who they think the hacker was. Nelson also reviews Sony's reaction to the security attack. Stay tuned until the end for the NSA's rumored ability to create a cyber defense system and the international implications of an automated cyber attack response.
“In business, what’s dangerous is not to evolve.” -Jeff Bezos eBay hacked, all users asked to change passwords http://www.scmagazine.com/ebay-hacked-all-users-asked-to-change-passwords/article/347967/ http://www.securityweek.com/after-cyberattack-ebay-recommends-password-change http://www.infosecurity-magazine.com/view/38528/researchers-blast-ebay-over-data-breach/ http://www.darkreading.com/attacks-breaches/ebay-database-hacked-with-stolen-employee-credentials-/d/d-id/1269093? http://www.csoonline.com/article/2158083/data-protection/how-to-protect-your-company-from-an-ebay-like-breach.html C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts of malicious activity Verify your security appliances are reporting to a Security Information and […]
The State of Cyber Security; Information System Security Association Los Angeles Findings; Role of Insurance in Cyber Security as Bennet discusses with Stan Stahl (Ph.D. Principal, Citadel Information Group) and Matthew D. Carlson (CIC , Vice President for Risk Strategies Company).
Data Mining ETW - In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information. AWESIEM - After years of making security databases, I realized that Security Information doesn't match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it's called AWESIEM. Here's my intro on how to use ontologies for infosec knowledge.
In this podcast, Ricardo Vargas talks about confidential projects that demand a security information and the projects where the dissemination of information makes a çompetitive differential for the Project Manager. This podcast was recorded only in Brazilian Portuguese. The link below is for the Brazilian Portuguese version.
Alex Kingsbury, Associate Editor, U.S. News and World Report.