POPULARITY
With the increase in targeted cyber attacks, it's more important than ever for organizations to quickly identify and respond to threats. AI is helping security teams by acting as virtual analysts, handling much of the investigation work. However, human oversight is still essential for the final steps and judgment. Today's guest is Michael Lyborg. Michael is the Chief Information Security Officer at Swimlane. Prior to taking his current role, Michael was Global Vice President of Advisory Services, a highly sought-after expert by the world's largest Fortune 500 companies and global government agencies to advise on the creation and operation of industry-leading security operations. In this episode Michael shares his experience and wisdom on today's cybersecurity challenges. We talk about the balance of automation and human oversight, the risks and rewards of putting AI into security operations, and defense in depth strategies. Michael also covers how military style threat assessments can help with cybersecurity, how AI is evolving for threat prioritization and analysis, and the need for continuous testing and monitoring to prevent automation failures. If you want to know how to stay ahead in a complex cyber world, this episode is full of practical advice. Show Notes: [01:06] Michael has been with Swimlane for about 7 years mainly focusing on larger enterprises, government clients, and partners. He's helping with the automation journey and experience. He also built security programs for other companies and was a Marine. [02:07] Prior to the Marines, he did IT and network security. Michael is originally from Sweden. [04:22] Operational risk management or conducting a limited threat assessment. He's always thinking like a hacker and looking for gaps in security. [06:29] Michael tells a story about his wife's recent experience with a cybersecurity scam. [12:11] How a company decides what level of friction is appropriate to implement proper security. [13:59] Michael talks about balancing what is and isn't automated. [16:16] Michael shares the story about his early days of automation. [17:23] Continuously review and monitor your automations. [18:41] Starting with documentation is a good first step. [21:45] Michael talks about how awesome it is being able to work in security and automation and help businesses grow and achieve outcomes. He believes in automating the mundane tasks. [22:26] We learn about AI being involved in the defensive side of cybersecurity. [24:50] AI can also bridge the gap between the security team and non-technical people. [26:33] We discuss places where AI probably shouldn't be used. [27:58] Find where AI works for you and then think about incorporating it in your security services. [31:01] The importance of having controls in place when using AI whether it's for security or data analysis. [33:00] Risk can be reduced by training on specific tasks. [34:18] Michael shares the value of mixing human and artificial intelligence through Swimlane. [39:08] The importance of bridging gaps and getting rid of silos. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Michael Lyborg on Swimlane Michael Lyborg on LinkedIn
Richard Staynings, Chief Security Strategist at Cylera is our feature interview this week, interviewed by Frank Victory. News from NWSL, Red Rocks, Spekit, Fluid Trucks, Lumen, Red Canary, Swimlane and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Just for Kicks: Denver Is Getting a National Women's Soccer League Team Colorado once again boasts the world's most-attended amphitheater Denver to Pueblo in 11 minutes? Hyperloop testing will begin soon in southern Colorado. Denver company acquires AI startup Fast-growing Denver company sells for $10 million in bankruptcy Colorado's new hands-free law, which bans cellphone use while driving, goes into effect Jan. 1 Colorado Department of Law Adopts Amendments to Colorado Privacy Act Rules US telco Lumen says its network is now clear of China's Salt Typhoon hackers | TechCrunch A defender's guide to identity attacks | Red Canary Swimlane Named to Inc.'s 2024 Best in Business List Job Openings: Alterra Mountain Co - IT Security Architect PatientNow - Cybersecurity Engineer NBC Universal - Director, Infrastructure Security Services Spectrum - Security Engineer III Scout Clean Energy - Senior Manager of Cybersecurity and Technology S&P Global - Business Information Security Officer - Enterprise Data Organization Bank of America - Cyber Security Product Manager - Third Party Cyber Assurance York Space Systems - Cyber Security Systems Engineer General Atomics - Space Cyber Security Architect NREL - Cybersecurity Engineer Upcoming Events: Check out the full calendar ISACA Denver - January Chapter Meeting (Online) - 1/9 Let's Talk Software Security - Is Software Security a CISO Priority?- 1/16 CSA Colorado - Building Security Automation That Works-- from Alert Overload to Streamlined Response - 1/21 ISSA Pikes Peak - Chapter Meeting - 1/22 ISACA Denver - SheLeadsTech Event - 1/24 Wild West Hackin' Fest @ Mile High 2025 - 2/4-7 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
This week, in the enterprise security news, A funding that looks like an acquisition And two for-sure acquisitions Rumors that there are funding problems for early stage cyber startups, and we'll see a lot more acquisitions before the end of the year Speaking of rumors, Crowdstrike did NOT like last week's Action1 acquisition rumor! Shortening detection engineering feedback loops HoneyAgents More reflections on Black Hat 2024 The attacker does NOT just have to get it right once and the defender does NOT have to get it right every time Remember BEC scams? Yeah, they're still enterprise enemy #1 All that and more, in the news this week on Enterprise Security Weekly! SquareX With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren't focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions. This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks. Segment Resources: DEF CON talk abstract Enterprise use cases for SquareX Data Sheet Why Browser Native Solutions are better than Cloud Based Proxies Blog on the Many Failures of Secure Web Gateways This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks! Tanium The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage. In this interview, Tanium's Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption. Segment Resources: The Future of Converged Endpoint Management is Autonomous Endpoint Management (AEM) This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them! Swimlane and GenAI Join Swimlane CISO, Mike Lyborg and Security Weekly's Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Swimlane and ProCircular ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount. Segment Resources: ProCircular Case Study ProCircular Web Site This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-373
This week, in the enterprise security news, A funding that looks like an acquisition And two for-sure acquisitions Rumors that there are funding problems for early stage cyber startups, and we'll see a lot more acquisitions before the end of the year Speaking of rumors, Crowdstrike did NOT like last week's Action1 acquisition rumor! Shortening detection engineering feedback loops HoneyAgents More reflections on Black Hat 2024 The attacker does NOT just have to get it right once and the defender does NOT have to get it right every time Remember BEC scams? Yeah, they're still enterprise enemy #1 All that and more, in the news this week on Enterprise Security Weekly! SquareX With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren't focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions. This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks. Segment Resources: DEF CON talk abstract Enterprise use cases for SquareX Data Sheet Why Browser Native Solutions are better than Cloud Based Proxies Blog on the Many Failures of Secure Web Gateways This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks! Tanium The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage. In this interview, Tanium's Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption. Segment Resources: The Future of Converged Endpoint Management is Autonomous Endpoint Management (AEM) This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them! Swimlane and GenAI Join Swimlane CISO, Mike Lyborg and Security Weekly's Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Swimlane and ProCircular ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount. Segment Resources: ProCircular Case Study ProCircular Web Site This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-373
Swimlane and GenAI Join Swimlane CISO, Mike Lyborg and Security Weekly's Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Swimlane and ProCircular ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount. Segment Resources: ProCircular Case Study ProCircular Web Site This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Show Notes: https://securityweekly.com/esw-373
Swimlane and GenAI Join Swimlane CISO, Mike Lyborg and Security Weekly's Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Swimlane and ProCircular ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount. Segment Resources: ProCircular Case Study ProCircular Web Site This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them! Show Notes: https://securityweekly.com/esw-373
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them! The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it's imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture. Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them! In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure. Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them! Show Notes: https://securityweekly.com/vault-esw-11
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them! The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it's imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture. Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them! In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure. Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them! Show Notes: https://securityweekly.com/vault-esw-11
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them! The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it's imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture. Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them! In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure. Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them! Show Notes: https://securityweekly.com/vault-esw-11
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them! The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it's imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture. Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them! In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure. Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them! Show Notes: https://securityweekly.com/vault-esw-11
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Materiality Evidence Disclosure Show Notes: https://securityweekly.com/bsw-347
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Materiality Evidence Disclosure Show Notes: https://securityweekly.com/bsw-347
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementation timelines Best practices to prepare Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program https://www.forbes.com/sites/forbesbusinesscouncil/2024/02/13/the-department-of-defenses-cmmc-requirement-and-what-it-means-for-american-businesses/?sh=7ccbc268b7b5 https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/ The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Materiality Evidence Disclosure Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-347
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementation timelines Best practices to prepare Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program https://www.forbes.com/sites/forbesbusinesscouncil/2024/02/13/the-department-of-defenses-cmmc-requirement-and-what-it-means-for-american-businesses/?sh=7ccbc268b7b5 https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/ The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Materiality Evidence Disclosure Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-347
On this episode of The Cybersecurity Defenders Podcast, we have a conversation with JP Bourget, Founder and President of Blue Cycle, who shares some hard-won lessons from his entrepreneurial journey.JP Bourget specializes in empowering Blue Teams and Security Operations Centers (SOCs) by implementing cutting-edge methodologies to enhance Cyber Maturity. His expertise spans automation, data engineering, API integration, and advocating security-as-code principles. Additionally, he holds the role of Entrepreneur in Residence (EIR) at Lytical Ventures.Previously, JP was the Founder and Chief Security Officer (CSO) of Syncurity, a company acquired by Swimlane and an early pioneer in the Security Orchestration, Automation, and Response (SOAR) landscape. Syncurity's flagship product, IR-Flow, revolutionized alert triage, allowing organizations to optimize their security efforts efficiently.Before co-founding Syncurity, JP honed his skills as the Network Security Manager at Arnold Magnetic Technologies, a prominent global manufacturing enterprise valued at $250 million.JP can be found on LinkedIn here.
New phishing techniques. Arrests in the Genesis Market case. APT43's Archipelago. Russia's turn in the Security Council chair immediately becomes an occasion for disinformation. Our guest is Nick Tausek from Swimlane to discuss supply chain attack trends. Tim Starks from the Washington Post has the latest on the DOJ's attempts to disrupt cyber crime. And, make robo-love, not robo-war: nuisance-level hacktivism in the interest of Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/66 Selected reading. New Phishing Campaign Exploits YouTube Attribution Links, Cloudflare Captcha (Vade Security) Criminal Marketplace Disrupted in International Cyber Operation (U.S. Department of Justice) Takedown of notorious hacker marketplace selling your identity to criminals | Europol (Europol) Notorious criminal marketplace selling victim identities taken down in international operation (National Crime Agency) Check your hack (Politie) Carr Announces Investigation into Suspected Users of Genesis Dark Web Marketplace Following FBI Takedown of Illicit Site (Office of Attorney General of Georgia Chris Carr) U.S., European Police Shut Down Hacker Marketplace, Make 119 Arrests (Wall Street Journal) 120 Arrested as Cybercrime Website Genesis Market Seized by FBI (SecurityWeek) International cops put the squeeze on Genesis Market users (Register) FBI obtained detailed database exposing 60,000 users of the cybercrime bazaar Genesis Market (CyberScoop) Genesis Black Market Dismantled, But Experts Warn of Potential Vacuum (Nextgov.com) How we're protecting users from government-backed attacks from North Korea (Google) Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks (The Hacker News) ‘Outrageous': Russia Accused of Spreading Disinformation at U.N. Event (New York Times) Des hackers ont acheté 23.000 euros de sex-toys avec de l'argent russe (20 minutes) Thanks to Ukrainian hackers, war freak orders £20,000 worth drones for Russian soldiers, gets sex toys instead (First Post) Ukrainian hackers exchange Russian fighter's drone order for dildos (New York Post) ‘It's bullshit': Inside the weird, get-rich-quick world of dropshipping (WIRED)
One of the main goals of the Biden Administration's new National Cybersecurity Strategy is to favor long-term investments by protecting against urgent threats now and building a resilient cybersecurity posture for the future. Cody Cornell, co-founder and chief strategy officer at Swimlane who has worked in IT and security roles at the Defense Information Systems Agency and the Department of Homeland Security, explains how the U.S. can defend against supply chain attacks and emphasize community-driven threat detection. With the FedRAMP Authorization Act now codified into law, the FedRAMP program is now the federal government's security assessment and authorization approach for working with cloud providers. Matt Goodrich, head of transformation at Schellman and former FedRAMP director at the General Services Administration, discusses the evolution of the FedRAMP program. The Daily Scoop Podcast is available every Tuesday and Thursday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.
Dustin Lehr, Senior Director of Platform Security at FiveTran, and co-founder at Katilyt Security is our feature interview this week. News from Karman+, CyberGRX, Swimlane, Red Canary, LogRhythm, Lares, and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Several big-budget films, TV shows are either currently filming in Colorado or will be soon Dutch asteroid mining company to relocate to Denver in a win for Colorado's space industry Meet the newest cohort of the Denver-based Techstars Workforce Development Accelerator Tech workers 'rejecting' return to office, Denver company's survey finds 17 Colorado companies rank on Deloitte's list of fastest-growing tech businesses Red Canary Provides First-Ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services Swimlane Ranked Among the Top 25 Fastest-Growing Cybersecurity Companies Deep-Dive Analysis of Multi-Factor Authentication Request Generation Attacks Choosing the Right Application Security Assessment Company Holland & Hart CISO Joe McComb Named 2022 Top Global CISO by Cyber Defense Magazine Job Openings: Uplight - Product Security Engineer Weld County - CISO Vertafore - VP of Information Security CommonSpirit Health - Director IT Cybersecurity Kaiser Permanente - Senior Director, Cyber Risk Defense Western Union - Senior Information Security Analyst Denver Health - IS ANALYST SECURITY III DISH Networks - GRC Information Security Business Partner Flexential - Compliance Specialist FBI - Special Agent: Cybersecurity/Technology Background Upcoming Events: This Week and Next: ISC2 Pikes Peak - Annual Chapter Meeting - 12/9 ISSA & ISACA - Holiday Party - 12/13 Let's Talk Software Security - Practicing Security Within Company Culture - 12/16 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Patrick Crawson, Chairman and CEO of Resurface Labs is our feature interview this week. News from Bucksnort Saloon, EverCommerce, Housecall Pro, Swimlane, Red Canary, Ping Identity, Automox and a lot more. Make sure to join us at the Colorado = Security picnic on 8/20! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel The Bucksnort Saloon Is Closed and For Sale The top 5 cutting-edge industries in Colorado One year after public debut, EverCommerce CEO discusses lessons learned Denver tech company raises $125 million to expand operations worldwide Swimlane raises $70M for its low-code cybersecurity automation platform What software engineers should know before joining Red Canary Ping Identity launches $50M venture capital fund to support identity security startups Automox employees report 18% workforce layoffs, company cites 'broader economic climate' Gates named to US CSO50 2022 security awards showcase Top 100 CISOs Job Openings: Uplight - Cloud Security Engineer Red Robin - Vice President, Chief Information Security Officer Insurity - Chief Information Security Officer Google - Program Manager, Enterprise Threat Management Strive Health - Director of Privacy Gusto - Privacy and IP Program Manager Elastic - InfoSec Governance and Customer Trust Manager Spectrum - Senior Manager - Cybersecurity Threat Remediation Management BI Inc - Security Engineer Senior Pulte Mortgage - Security Operations Specialist Zayo - Senior Cybersecurity Analyst - GRC Upcoming Events: This Week and Next: Denver ISSA - July Chapter Meeting - 7/13 Let's Talk Software Security - Software Security Roles & Responsibilities - 7/15 C.Springs ISSA - July Meeting - 7/19 CSA Colorado - July Meeting - 7/19 C.Springs ISSA - July Mini Seminar - 7/23 ISC2 Pikes Peak - July Meeting - 7/27 Denver ISSA - Privacy Special Interest Group Meeting - 8/10 Colorado = Security Picnic - 8/20 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Happy new year to you all from your favorite podcast hosts. News from MoonBike, Delta-Montrose Electric Association, CyberUp, Lares, Red Canary, Coalfire, Swimlane and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Colorado pay equity law is 1 year old. Here's how many complaints it's produced. French 'snowbike' startup opens Boulder HQ to expand US access Colorado ranked top state for women-led startups for the second consecutive year Colorado energy company loses 25 years of data after cyberattack while still rebuilding network | ZDNet Nonprofit that provides cybersecurity apprenticeships expands to Denver area The Top 3 Security Program Tasks to Tackle in the New Year Trust Issues: Proactive transparency drives good business The Secure Development Lifecycle Introducing Atomic Operator: a cross-platform Atomic Red Team execution framework Kubernetes Hunting & Visibility Job Openings: Red Canary - Business Solutions Analyst State of Colorado - CISO Bonusly - IT Security Engineer City of Colorado Springs - Cyber Security Analyst II Yugabyte - Senior Security Program Manager DISH - Wireless CI/CD Engineer The Trade Desk - Information Security Analyst Prologis - Senior Analyst, IT Governance, Risk, and Compliance (GRC) Woodward - Manager - Information Security & Compliance DenverWater - IT Security Architecture and Operations Manager Upcoming Events: This Week and Next: ISSA C.Springs - Open House at Whirlyball - 1/11 Denver ISSA - January Chapter Meeting: Annual CISO Panel - 1/12 ASIS Denver - Coffee Chat with Kami Dukes - 1/13 Denver ISACA - January Meeting: The Intersection of Cyber Insurance, Breaches, and the Colorado Privacy Act - 1/13 ISSA C.Springs - January Meeting - 1/18 CSA Colorado - January Meeting In Person - 1/18 Let's Talk Software Security! - Software Security Program Strategy - 1/21 ISSA C.Springs - January Mini Seminar - 1/22 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Michelle Wilson, CISO at Celebrity Financial is our guest this week, interviewed by Jason Jaques. News from Palantir, Swimlane, Ping Identity, Thinkst, VirtualArmour, Coalfire and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel 169 Colorado laws went into effect Tuesday. A state parks pass with your vehicle registration is one of them. An Innovative Solution to Denver's Housing Woes is Taking Shape on West Colfax Here's what Palantir's been up to since quietly moving to Denver one year ago Colorado County Clerk Charged with Cybercrime The Unbundling of Authentication vs Authorization - What You Need to Know Executive Order on Zero Trust — What it Means for Federal Agencies Good attacks make good detections make good attacks make.. The Risks of Public WiFi (& How to Protect Yourself) Rumors of an upcoming, major change to ISO 27002 Job Openings: Red Canary - Director, Corporate Security Red Canary - Product Security Engineer Red Canary - IT Support Manager State of Colorado - Director of Cyber - Security & Investigations Crocs - Sr. Manager, IT Security Red Robin - Manager of IT Security Operations CoBank - Security Manager- Threat Management TriState Generation - Cyber Security Engineer Computershare - Security Monitoring Analyst Guild Education - Information Security Analyst Upcoming Events: This Week and Next: ASIS - Coffee Chat with DEN - 9/14 ISSA C.Springs - 11th Annual Peak Cyber Symposium - 9/14-16 ISSA Denver - Women in Security September Meeting - 9/15 ISACA Denver - September "Imagine a World Without Passwords & IT Fraud Investigations" - 9/16 CSA Colorado - September Meeting | Protecting Ephemeral Workloads" - 9/20 OWASP Denver/Boulder - September | Cover your ass(ets) - 9/21 ISC2 Pike's Peak - September Hybrid Meeting - 9/22 SecureSet - [Virtual] Intro to Machine Learning for Cybersecurity - 9/23 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
News from Tipico Group, TCBY, CyberGRX, Red Canary, Swimlane, zvelo, Ping Identity, Stack Hawk and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Colorado expansion eyed by one of largest sportsbooks in the world Broomfield-based TCBY is innovating to stay relevant as it reaches middle age Denver region seeing a rise in “super commuters” See the Colorado companies on the 2021 Inc. 5000 list Remote access tool or trojan? How to detect misbehaving RATs Swimlane | Swimlane named to Colorado Startup's fastest growing… zvelo Releases Malicious Detailed Detection Feed™ CyberGRX blog - The Future of Cybersecurity is Collaboration Ping Identity Blog - Passwordless: A Complete Guide to Passwordless Authentication Job Openings: Red Canary - Director, Product Security Red Canary - Program Manager, Trust Red Canary - Director, Corporate Security Red Canary - Product Security Engineer Ball Aerospace - Enterprise Security Director - Chief Information Security Officer CE Broker - Director of Information Security Crocs - Sr. Manager, IT Security Western Governors University - Application Security Engineer/Sr IT Security Analyst Colorado Judicial Branch - Information Security Analyst DirectDefense- Security Analyst Intrado - Infosec Analyst Airespring - Associate Product Manager Upcoming Events: This Week and Next: CSA Denver - August Meeting - 8/24 ISSA Denver - August Special Meeting - 8/25 ISC2 Pike's Peak - August Hybrid Meeting - 8/25 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Our feature interview this week is Cody Cornell, co-founder & Chief Strategy Officer at Swimlane. News from Hershey, Lily Sweets, Intueat, EverCommerce, FileInvite, Cloudrise, Swimlane, Coalfire, LogRhythm and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Hershey's spends $425 million buying Colorado snack company Colorado has the third-most popular convention center in U.S., according to new ranking Personal chef platform grows as Denverites host dinner parties again Denver-based EverCommerce announces pricing of IPO, begins trading on Nasdaq Why this New Zealand tech startup chose Denver for its US HQ Cloudrise Closes Seed Round of Funding Swimlane : Becomes System of Record for Cybersecurity with Latest Release What is FedRAMP+? Cybersecurity and the water supply: managing a growing risk worldwide Job Openings: Kaiser Permanente - Sr. Program Manager, Cyber Security, Vulnerability Management Cobalt.io - Security Program Manager Xerox - vCISO/Fractional CISO Denver Water - IT Security Analyst Centura Health - Security Engineer Senior Sigma Computing - Head of Information Security Ibotta - Security Architect JumpCloud - Security Engineer Incident Response Dish Network - Wireless Security Architect Upcoming Events: This Week and Next: Cyber Mountain C.Springs - Hybrid First Friday - 7/9 ISSA Denver - July meeting - 7/14 Secure Software Development Lifecycles [SSDLC] - 7/16 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Teressa Gehrke, Founder at PopCykol is our guest this week. Check out the PopCykol website for more information. News from United Airlines, Boom Supersonic, Datadog, JBS, Guild Education, Coalfire, Swimlane, Lares, Randori, Husch Blackwell, Red Canary, and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver metro is getting a new area code next spring United Airlines buys 15 supersonic planes from Colorado-based jet startup Ransomware attack on Colorado-based JBS USA rattles beef industry, White House gets involved New York-based Datadog plans to bring 400 high-paying tech jobs to Denver Denver unicorn raises $150M Series E funding that values company at $3.75B Nearly 200 companies with Colorado customers reported data breaches in past 16 months Significantly Amended (Again) Colorado Privacy Act Passes Senate Coalfire acquires Denim Group Swimlane announces Key Additions to Leadership Team Introducing Sysmon Config Pusher Biden's Cybersecurity EO: The Wrong Issues What the White House Ransomware Memo Got Wrong What is normal? Profiling System32 binaries to detect DLL Search Order Hijacking European Commission Adopts New Standard Contractual Clauses Job Openings: Platform.sh - Security Engineer (Remote) Spectrust - SENIOR DEVSECOPS ENGINEER RxRevu - Senior DevSecOps Engineer The Trade Desk - Information Security Engineer Opentext - Senior Research Engineer - Network Security 1 Department of Energy - Information Technology Auditor (Recent Graduate) PayPal - Senior Product Security Engineer Jeffco Public Schools - Senior Information Security Analyst Oracle - Development Security Manager Ball Aerospace - Security Architect Senior Upcoming Events: This Week and Next: NCC - Cyber Patriot Camps - 6/7-25 RMISC - 6/8-10 What is Threat Modeling and why should I care? - 6/11 ASIS - PROPAGANDA AND EXTREMISM TODAY - 6/17 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Mike Kalac, CISO at Paymentus is our guest this week, interviewed by Jason Jaques. News from Pit Liquor, Boom Supersonic, Ball Corp, LogRhythm, Swimlane, Red Canary and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel This Colorado natural deodorant startup is using liquor to snuff out odor Red Rocks concerts to return to full capacity on June 21 So long Stapleton, hello Central Park: Denver City Council cements neighborhood name change Boom Supersonic aims to fly 'anywhere in the world in four hours for $100' Iconic Pikes Peak Cog Railway set to reopen this week after $100 million in repairs Ball Corporation Brings Ball Aluminum Cup™ to Major Retailers in all 50 States Cybersecurity analysts a pressing need for Front Range’s growing high-tech industry LogRhythm and Zscaler Partner to Streamline Website Access Control Swimlane | Why You Need a True SOAR Solution for Your Business Needs,… Tales from decrypt: Differentiating decryptors from ransomware Job Openings: Gates - VP of IT Security (CISO) Western Union - Cyber Security Senior Engineer, Application Defense Zoom - Security Investigator Guild Education - Senior Information Security Analyst Aegon - Senior Global Security Operations Center Analyst - Tier II-1 NREL - Chief Cybersecurity Engineer Bestow - Senior Information Security Analyst Visa - Senior Cybersecurity Engineer TTEC - Information Security Engineer Presidio - Engineer, Cyber, Cloud Security Upcoming Events: This Week and Next: ISC2 Pikes Peak - May Meeting - 5/26 ISSA C.Spring - CISSP Training (1 of 6) - 6/5 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Proudly brought to you in association with S A Partners, a world-leading business transformation consultancy.IntroductionWelcome to episode 35 of the Enterprise Excellence Podcast. It is terrific to have Pascal Denis and Laurent Simon back for the second episode of this two-part series. Today we will be exploring the 2nd and third swim lane elements from their book Harnessing Digital Disruption. A fun and bluesy start to this one! Check out Pascal's international blues band hereOverview of the previous episodeSustained transformation requires these three swimlanes to be run in parallel:good soil - leadership development program, clarity of purpose and strategic logictrunk - flex your innovation muscles and maintain itfruits - protect core business and ignite new growthThe foundation of digital literacy, leaders leading by example, enabling the right behaviours, enabling suitable investments to drive business is vital. How do you balance the contradictory objectives: protect core business while investing in building the future with a new business model? We dove into Swimlane 1 in episode 34, and if this is of interest to you, please listen to that here #34 Harnessing Digital Disruption with Pascal Dennis and Laurent Simon - part 1 of 2. SummaryIn this episode, we will deep dive into: Swimlane #2 - Develop your Digital Innovation Capability, Your Innovation Muscle, Team of Capable InnovatorsSwimlane #3 - Deploy Impactful Innovation ProjectsThe Four Battles to Fight and WinWe have provided many soundbites of this episode, and will make them available on our YouTube channel.Swimlane #2 - Develop your Digital Innovation CapabilityPascal and Laurent believe that there should be 1 per 100 innovators in your organisation, and supporting them well is vital. This swimlane involves them installing a pragmatic, scalable innovation system at your company.There are four elements to the innovation system that Pascal and Laurent's team installs.The Pragmatic Innovators FrameworkThe Pragmatic Innovators AcademyThe Pragmatic Innovators NetworkFocused InterventionsSwimlane #3 - Deploy Impactful Innovation Projects101 Build the right culture - enrich the soil201 Build digital innovation capability - strengthen the trunk of the tree301 and 302 Deliver successful innovation projects.The Four Battles to Fight and WinFearRemove guessworkScatter or diffusion of effortIgnoranceTwo-minute tip on harnessing digital disruption? 44:26min Laurent: For me, it would be focus on customer journey reform because that's the most effective, scalable and proven way to reform your company. So, if you gradually turn your projects into customer journey initiatives, then you're you're on the right track.Pascal: And I would add, to sustain the transformation. Build the soil, the leadership, culture, vision, digital hypothesis and strategy. Build the muscles, you know, you're pragmatic innovators, all the things we've talked about today. And then, with respect to the fruit, define your innovation portfolio. Make sure everything fits together. They link to one another. They link to your overall aspiration, and then you've got a good chance at sustaining it. Key TakeawaysBring together Hipsters, Hackers and Hustlers. The importance of the pragmatic innovator's networkSA Partners
Kim Decker, Privacy Program Manager at Ping Identity, interviewed by Janelle Hsai. News from The Last Gameboard, Coalfire, Swimlane, CyberGRX, Webroot and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Is Denver the most dog-friendly city in the country? This new study says yes. Colorado restaurants, hotels greet Covid restriction changes with relief and confusion Denver gaming startup raises $4M to bring tabletop platform to life Front Range Passenger Rail plan zooms through Colorado Senate Significantly Amended Colorado Privacy Act Passes out of Senate Committee Coalfire Establishes Chief Product Officer Position Swimlane and Elastic Partner to Deliver an Extensible Framework for Security Operations Teams CyberGRX Attack Scenario Analytics to Provide Critical Cyber Defense Insights Another NFT explainer, with a bonus look at the data security implications Job Openings: Upcoming Events: This Week and Next: ISSA C.Springs - May Meeting - 5/18 CSA - May Meeting - 5/18 OWASP - May Meeting - 5/19 ISACA Denver - May Meeting - 5/20 ISSA C.Springs - Mini seminar - 5/22 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Prabodh Telang, Information Security Officer at Credit Union of Colorado, is our feature guest this week and is interviewed by Jason Jaques. News from Optiv, Red Canary, Swimlane, Ping Identity Coalfire and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel All US states ranked from best to worst, according to Americans What are NFTs and what do they have to do with art? MCA Denver is hosting an event with the answers. Troy Guard's Grange Hall Is Taking Shape in Greenwood Village Chicago and Denver Led the Nation in VC Funding Growth in Q1 2021 Optiv Security Announces Key Executive Appointments to Support Growth Strategy Red Canary Adds New Executives to Expand Global Operations - Red Canary Swimlane | Common REST API Authentication Methods Explained Ping Identity Named to CRN’s 2021 Security 100 List Avoid oversights in HIPAA risk management - Coalfire Job Openings: Mindoula - VP of Security and IT AECOM - Senior Director, Enterprise Security Architect Homebot - Director of Security CoBank - Senior Manager, Infrastructure Security Proofpoint - Sr. Manager, SIEM Brown and Caldwell - Senior Cyber Security Analyst Medtronic - Principal Product Security Engineer OpenTable - Senior Security Engineer Universal Studios - GRC Analyst, PCI University of Colorado - Security and Compliance Analyst Upcoming Events: This Week and Next: ASIS - YP : HAPPY HOUR WITH TONY YORK - 4/27 Colorado = Security - Poker Night - 4/27 ISCs Pikes Peak - April Meeting - 4/28 ISC2 Denver - Special Groups Meeting - 4/29 C.Springs Cyber - Hybrid First Friday - 5/7 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Desiree Robinson, Sr Information Security Manager @ Smarsh, is our feature guest this week and is interviewed by Janelle Hsia and they discuss Bitsbox (https://bitsbox.com). News from Whataburger, Air France, PopSockets, Vizio, Swimlane, Coalfire, Optiv and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Whataburger unveils plans for return to Colorado DIA lands new direct flights to Paris via new-to-Denver airline Major network television series shooting pilot in Denver and Durango area In push for increased sustainability, PopSockets launches plant-based phone grip Publicly traded entertainment giant to open Denver office Hackers try to extort University of Colorado in cyberattack Swimlane Expansion Into Six New APAC Countries Leads to 500% Year Over Year Regional Growth Coalfire ramps up for StateRAMP — What you need to know… Improving the Digital Identity Act of 2020 Job Openings: UCCS - Director of IT Security and Compliance and Information Secuirty Officer Arrow - Identity and Access Management Audit Assurance Analyst Lumen - Splunk Enterprise Security Architect Zayo - Cyber Security Analyst III SWIMLANE INC - Professional Services Engineer/Consultant (US West) Centura Health - Security Engineer Terumo BCT - Product Security Analyst RTD - Manager, Cybersecurity Operations Colorado Judicial Branch - Lead Security Architect Paladina Health - Manager, IT Security (Remote) Upcoming Events: This Week and Next: ISSA C.Springs - April Meeting - 4/20 ASIS - A CASE STUDY: WORKFORCE INCLUSION PRESENTED BY DEN - 4/20 CSA - April Meeting - 4/20 ISSA COS Cyberfocus Days - 4/20-22 OWASP - April Meeting - 4/21 ISACA Denver - April General Meeting - 4/21-23 ASIS - YP : HAPPY HOUR WITH TONY YORK - 4/27 ISCs Pikes Peak - April Meeting - 4/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Welcome! It is another busy week on the technology front. We discuss Facial Recognition and some of the problems with false positives and how you can see if your pictures are included in some of these websites. Then we discuss Amy Klobachers anti-trust legislation against big tech. Then we get into Info-Sec Careers and something you might want to know before considering a career move. We also discuss Zero-Trust and why you must be thinking about that if you want to be secure and there is even more, so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: Strengthening Zero Trust Architecture Here’s a Way to Learn if Facial Recognition Systems Used Your Photos Scalpers aren’t the main reason you can’t find a new console What I Wish I Knew at the Start of My InfoSec Career Chrome users have faced 3 security concerns over the past 24 hours Klobuchar targets Big Tech with biggest antitrust overhaul in 45 years I Fought the Dark Web and the Dark Web Won How the United States Lost to Hackers --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to talk a little bit about scalpers. They're not the main reason you can't find a new gaming console. I've had a number of people ask about getting into information security. I'm going to give you some tips about what I wish I knew at the start of my career. Hello everybody. Craig Peterson here. I want to start out by talking a little bit about the facial recognition systems and there are a lot of concerns, legitimately, a lot of concerns because now our privacy is getting worse and worse. I'm going to talk next week a little bit, at least it's on my schedule about what's happening with GPS and pros and cons to it because there are some very concerning things about GPS. Much of our business and private lives is based on GPS, nowadays. You're in a plane, you're in a boat, trains, I guess don't use GPS a whole lot, but we depend on them in our cars, everywhere. We'll talk a little bit about that next week. When it comes to facial recognition, it has come to the forefront. Now we know that, for instance, London, England was probably the most surveilled city in the world. I don't think that's anywhere near true now, considering what the Chinese have been doing to their citizens. No, I probably shouldn't call them citizens. I'm not sure what the right thing would be to call them, but the people living over there in China are under a constant eye. They're even watching them over there for jaywalking and they use facial recognition systems to automatically send them a ticket. Oh, also this social credit score they have over there where if you do jaywalk or do something else, you get points taken off of your social credit score. If your score reaches a certain point, you can't even take public transportation anymore. That's how they're controlling people. One of the many ways that they're controlling people in China. These facial recognition systems are used there. We know they've been in use in London where they're trying to track people and reverse engineer crimes, someone commits a crime. There are sensors that listen for gunshots, for instance, and then they will just backtrack all of the people that were in the area. Okay. Watching them where they work, as you remember, it's being recorded. So you're here now, where did you come from? Some of that same type of technology was used in Washington, DC for what happened on January six, with the riot of well, 80 people. Some riot. We're also now aware of what was done in Oregon and in Washington state and New York City where they were tracking people as well now. Did they get charged? Did they go to jail? They were using facial recognition systems and they were figuring out where they were, where they had been. They were also looking forward to the fact, because unlike China, where they want to know where everybody is and they've got this whole social credit system. What we were doing is finding people who were committing serious crimes. The police obviously don't want to go into that area because there are so many rioters and they were armed with all kinds of things, the baseball bats, but they had frozen bottles of water. No, I don't know. I threw a bottle of water at him. You had. That thing, deep, frozen, in a deep freeze, below zero degrees, which is way cold Fahrenheit. You brought it with you and you use that liter bottle to bash someone over the head. We saw this again and again. So you find those people. You don't arrest them right away. You don't send the police in. No reason to put their lives in any more danger than they are everyday, normally. Then what you do is track them as they leave. Now when they were leaving, they were using facial recognition to figure out who was there and where did they go? That facial recognition technology then was able to track them down. Once they got into an area where there weren't a lot of rioters or no rioters about to get in their car, or however it is, they got there, they arrested them. Of course, some of these rioters, real rioters, right? Where there's hundreds of people rioting, not 80. They were able to track them down. Some of them were arrested, some of them were charged. In a lot of these cases, the mayor said, no, don't do anything. Just let them I was going to set them riot, but that's not how they phrased it. I'm trying to remember how they phrased it. So we are seeing. Facial recognition used in law enforcement. It's one thing to track them either. What happens over in London where a crime is committed and they now track everybody back to figure out where did they come from? What car did they get into? Did they get out of it initially? Then what was the license plate number and who owns that car? Crime-solving that way, where they don't necessarily recognize your face. They don't know it's you. However, now we're finding more and more of that happening, where the systems recognize your face and they know it's you, and they know what your social media accounts. They know obviously where you live, it's all tied in. A lot of cases is tied in via your driver's license or now these federally mandated national ID cards that so many people are carrying around. Apparently, I'll have to carry around to next time I get my license because my state has finally decided they are not going to issue regular driver's licenses anymore, which definitely bothers me. I'm sure you can figure that out too. How were they identifying people? It's one thing to see a face and okay. There's the face here. Okay. There's a face there. There's okay. Here. Okay. So he just got into this car to leave. That's one thing, right? I think that's pretty legit. You don't have a particular right to privacy when you're in a public place. In fact, you have no right to privacy when you enter a public place. So I don't have a problem with that. Now we're using artificial intelligence and we've talked about some of them before, Clearview is a great example, clearview.ai. Here's a company that some would argue illegally captured scraped. What kind of her kind of wording you want to use pictures of people all from all over the internet and the police can subscribe to their service and Clearview says, Oh no, we only let police at it, although there's evidence that would suggest otherwise. They're allowing all kinds of third parties access to the database, but you can put a person's picture into their software. Their software, by the way, includes a mobile app, so it can be done on the street and you know who they are. Now, this is getting RoboCop-ish. If e you've ever seen the movie Robocop. Actually, there's a series of these things with the Ed two Oh nines. What happened is the police officer could go out and he'd be patrolling in the streets and he come across some people in the computer in that kind of the heads up display would figure out, okay, that's this person they've been arrested 20 times a felony, this and that, and okay that person was shoplifting with their names and addresses and things right there in the screen. That's been a theme of science fiction movies for very long time. I interviewed probably about a decade ago, a guy out at the consumer electronic show who had a very cool device that you could wear. It was designed for policemen and it was like a pair of big goggles back in the day, right? This is before Google glass and some of these other things came out, but they were able to with this the heads-up display put anything you wanted on it. So it's coming, it's not here yet. It's going to be here even more in the future. If you want to check if your photo is part of all of this stash and there are billions literally of photos that Clearview AI has out there, but you can check at least the basics. So many of us use this website online that allowed us to upload our photos and share them with friends and relatives and family, and put it together, and have a really great little album that you could share with people. That was on a site called flicker. Today, many of us are uploading our photos to Amazon or to Google. Apple, of course, has many of them. What happened with flicker is they went out of business. They got sold and resold few times. What they ended up doing is selling the pictures online. There's people I talked about this a couple of years ago, this guy driving down the highway and he sees a billboard with his picture on it, not the sort of thing that he was expecting that's for sure. It's probably not something you expected when you uploaded your photos to flicker. So take a minute. Go to a website called exposing.ai. This particular website is specifically aimed at flicker photos. It'll tell you if it has found your picture. So you can, you put in your flicker username and they'll let you know if your flicker photos have been taken and used for facial recognition by a few different companies. Dive face, face scrub, mega phase Pippa, VGG face, and many others. You can just put in your username. You can put in a tag that you tagged that photo when you uploaded it, or the URL of a photo. If you have a photo, it is online and it's yours and you want to see if anybody else is using it somewhere on the internet. The easy way to do this is to go to Google image search. You can upload the image, you can give it the URL of the image, and it'll tell you if it finds matching images or at least images that are close to it online. Stick around. Visit me online Craig Peterson dot com. During the lockdown, we've had a lot of things that have become difficult to get your hands on. Turns out that includes various types of games like your PS5's, but it extends a whole lot further than that. Hi everybody. Craig Peterson here. Here we go, man, another fallout from the whole lockdown thing. This is a pretty darn big deal because it's affected the entire computer industry. We've heard a lot of complaints about how difficult it's been to get a Sony PlayStation five or a Microsoft X-Box series SX. They both hit store shelves last year, but they have been almost impossible to find at any of the major retailers. There's a great little article that was in ARS Technica, and they put together a graph based on some data obtained from E-bay. This data was looking at the availability and costs specifically of the PS five. Now, this is a fairly advanced computer, frankly, in order to play these video games, of course, it's got a lot of graphics capability built right into this silly thing. It seems that there were a certain number of consoles sold on certain days at certain prices. You can see this massive price increase. It just jumped right up in November. Pretty much stayed up there in the thousand dollars plus range. Isn't that amazing. It went down in January and is more or less flat right now. You can get them on eBay for about 380 bucks right now. Why is that? What's been going on here. We've got scalpers. Obviously, a thousand dollars is a lot higher than the $380 you can get it for right now. It turns out that there is a huge problem and the problem we're seeing is affecting the entire computer world. There are certain chips for which there is a shortage. Why is there a shortage? Well, it had to do with the lockdown. Companies were trying to figure out, okay, how many of these devices am I going to sell when everybody's locked down? They miscalculated, frankly. It wasn't a problem with supply. It was that these companies that had been ordering these components cut their orders back or stopped them entirely. You've got Sony and others out there, Microsoft's console as well, trying to find the parts. They have had a very hard time. Well, what happens when it's hard to find something? Either the quality is going to go down to keep the price the same or the price is going to go up. There's only a couple of ways that it really can go. They're estimating right now that these constraints on the supply chain are probably going to last for a few more months. We've seen it big time in the computer world, particularly in the storage space. You may not be aware of it, but there are, of course, hard disks that aren't really disks called SSD, which is a solid-state disk. Okay. You probably know about that. I wrote up a thing, in fact, Because people were asking me about what to buy, to upgrade their computers. If you have a slower computer, putting an SSD in is usually a very good idea, but there are many grades of SSDs. In fact, I've got a little document. If you want it to send an email to me@craigpeterson.com. I'll be glad to send you a copy. I wrote this for one of our clients. It drives me crazy. They need a new computer, in this case, a desktop. So they say, Hey Craig, can you guys go ahead and work us up a quote? So we look at what they're using the computer for. We look at the longevity of that computer so that they get the best bang for their buck and usefulness. How useful is it going to be? Is it going to be offline just five minutes a day, by the way, adds up to over $2,000 a year for just an average salary of a data entry worker. It adds up pretty quickly if it goes down. We put together this proposal and this was for a customed Dell machine and we specify all of the components that go into it. That's an important thing to remember because these components all have varying levels of quality. We sent them the quote and we've done this before, right? Who's the fool here, them or us. They said no. I went to the Dell site and I got this special going on and then I can get the same computer for 300 bucks. Not true. It's not true. Now, you guys are the best and brightest, right? This sort of stuff, you can't compare a Yugo to a beautiful Cadillac right there. There's no comparison between the two, but that's what they were doing. They needed an F150 in order to haul stuff but instead of getting the F150, they just got a little hatchback that they can maybe throw a couple of things in the back, but they needed a big bed pickup truck. That just drives me crazy. So I wrote this probably three or four-page long, a thing explaining why you need to buy the right kind of hardware. Why the stuff that they're selling you at a discount isn't going to work for you and things need to be included, include things like the hardware encryption and SSDs. Again, I'll send you this report if you want it. Just let me know, call me@craigpeterson.com. I started this whole thing because we're talking about SSDs. SSDs are not all created equal. Some of these SSDs store one bit per little bubble, if you will. Some of them store two bits on them store three-bit bits. They're all constrained in their lifetime based on how many writes are occurring to that disc. You've got to look at that as well to figure it out. Now, of course, I got into SSDs because we were talking about the capacity in manufacturing and the shortage that we're seeing right now. If some of these game consoles, there is a shortage in all of these types of disks, there's even a shortage of memory and certain CPUs. The disc shortage started a few years ago when there was massive flooding in Indonesia. That's where a lot of the hard disks are made. Now, these are the things that spin, right? Now we've got new technology that lets us pack more data into the SSDs. Whereas we were seeing the hard disk go up in size. I remember my first one was, I think it was five megabytes. It was just, Whoa, how could I have used five Meg and then 10 megabytes? Of course, hard disks, reasonably priced ones tend to 12 terabyte drives and again, multiple different types of drives. There's the more server-oriented that if there's an error on the disk, the disc stays alive and it repairs itself in real-time in the background. Then there's the stuff you get as consumers where if the disc starts failing, the whole disc goes offline until it fits fixes itself. Then there's real crap. The ones like these green drives from Western digital, that I do not like. I just had confirmation on that this week that are even cheaper, but all of these are hard to get right now. We will see eventually all of these supplies back in line. The manufacturers can make them. The whole lockdown hasn't really been a problem for them. The problem has been that people aren't ordering because they're afraid during the lockdown that people wouldn't be buying computers. Of course, we found the opposite to be true. Didn't we. People were buying these consoles to play video games. Buying computers to work from home. Trying to buy network security stuff as well. That's really changed the whole thing. When we get back, let's get into we'll get into the InfoSec career a little bit later if you miss it. If you're thinking about getting into information security. Make sure you go online to Craig peterson.com. So you can catch that. We'll talk about that, but let's do something I think that might affect a lot of people and that's Chrome users, three security problems in the last week. Hey, you guys are the best and brightest. You know what I think about Google and Google Chrome? Just this last week, over one 24 hour period, Chrome had three security problems. We're going to talk about that right now. Hi, everybody. Craig Peterson here. Google is evil. I've established that I think, before, the things they do, the things they have been doing to us. Remember their motto used to be, don't be evil. They removed that from the website a couple of years ago. Now, no longer don't be evil. Nowadays they're doing pretty much everything they can to, maybe be evil is a little strong a word, but they're pretty much-doing everything they can to get as much information about you and sell it. Do you remember his goal? Larry Page when they were starting it up. The goal was okay, where we are going to get all of the world's information and democratize it. Make it available for everyone, anyone out there who wants to get at it. Frankly, it's been pretty good until fairly recently. At which point I switched over to duck duck go. Chrome is another one of their products. Microsoft frankly, jumped right onto the Chrome bandwagon. What they ended up doing over Microsoft is taking Google's open-source version of the base of Chrome. They call it chromium. It's the guts, if you will, of the Google Chrome browser and they made it available to anyone that wants to get their hands on it. So Microsoft got their hands on it and messed around with it a little bit. As Microsoft is wont to do. They came up with their Edge browser. The latest Edge is really Google Chrome in disguise. There are others out there too. You probably know if you've been through one of my courses when I'm talking about browsers. The Epic browser is a pretty good browser. It is designed to be more or less safe. But we go into that a lot more detail. In which cases is it not et cetera. Some people have used the Tor browser, which ties into the Onion network that provides even more anonymity. So there are options. Of course, Safaris available from Apple for almost every platform now. It is a very fast browser and it does a lot to try and keep your data secure. The same thing's true with Firefox. In the Improving Windows Security Course, I go into the problems with each one of these, including Firefox and what you have to consider. This past week we had a bit of an issue. If you attended my webinars last year. This would have been in 2020. I went through some of the privacy plugins that you can use for your browser. You might remember that one of them was something called the Great Suspender. Highly recommended at the time. Got to add that in there because I don't want you to just go grab it. It was recommended. I used it, extensively on a bunch of different browsers, because what the Great Suspender did is save your machine's memory CPU, frankly, even a little bit of disc I/O when you were on a tab on your web browser, your tab would just respond. Normally everything looks good, but if you're like me, you probably opened another tab or maybe another window and then another tab or another window. You just dig deeper and deeper as you're looking into something, trying to figure something out. You might have 20 or 30 or 40 or 50 tabs. Open each one of those tabs represents a different thread, a different process, basically on your computer. That means it's using memory, it's using CPU and it might be also hitting your disk, using your disk. The Great Suspenders said wait a minute, now you haven't used this tab in whatever you set it for, I usually had it about 15 minutes. What I'm going to do now, Yes, I'm going to take a snapshot of this page. I am going to just release all of the resources that were associated with the page. If you go back to that tab, all you have now is a snapshot, just a picture of what was on the page. You can see what was on the page and depending on how you configure the Great Suspender, I had it set up so that if I activated a tab again, it would automatically reload that page. You could have had it so that if you got to that picture and you really wanted it, you'd click on it and it would reload the page. Very. Handy. It allowed you to have hundreds of potentially of tabs open quote-unquote, when in fact they weren't open and they weren't using hardly any resources at all. The Great suspender this last June was sold. The original person who wrote this thing, and it's a great little really great, actually a little piece of software decided that he wanted to make some money off of it. Why not? He sold it. It's unclear as to who actually owns it or controls it right now and who he sold it to because the name of the account, the developer account, is the Great Suspender. So that's not going to help you at all. It started showing some signs of what Google and what people are calling malice, under this new ownership. There was a thread in GitHub that was published in November and GitHub is where so much of this code is stored, right. It started to show some signs of frankly, of malice under this new ownership. They said that a new version contained malicious code that tracked users and manipulated web requests. Now the Great Suspender did normally manipulate web requests, in order to keep everything flowing and smooth. So you might go to a website and then it suspends it, and it might use a different URL and the URL is going to cause the Great Suspender inside your browser to be called. Okay. So I'm not sure what they mean about the manipulation here, but Google removed it. It's gone like that and no warning or anything else just within the last week. They completely removed the Great Suspender, not just from the store, they removed it from your machines where you were using it. It said this - the extension contains malware, that's the only warning they gave. That is the only background they gave. They really haven't said a whole lot. People, by the way, who were using the Great Suspender were really left in a lurch because any suspended tabs when Google went bye-bye, any suspended tabs you had were a lost. How's that for a terrible thing? Absolutely terrible. There is a Reddit thread out there that you can see. They talk about how you can get your tabs back. So if you had followed my advice back then and put it on, good for you. However, the problem is that it turned out to ultimately be malicious. So that's a big deal. Remember I said three security problems in 24 hours, Google on Thursday, released a Chrome update that fixes what it called a zero-day vulnerability in the browser. This is another buffer, overflow problem. If you're programming, you know what that means in version eight, which is Google's open-source Javascript engine, and they rated it as high. Again, Google didn't say much about what the vulnerability was. Probably didn't want to encourage people to try and use it, but they said it was existing in the wild. That's not very good. Then sync abuse, a security researcher reported on Thursday as well. Hackers were using malware that abused the Chrome sync feature to bypass firewalls so the malware could connect to command and control servers. Not good. If you are using, if you have Chrome, I have it because I have to, cause I have to test things out. If you are using it, make sure it is up to date. Most of the time Chrome will update itself, but this week is one where you should double-check Chrome and make sure it really has been updated. Cause these are some pretty nasties. All right. I'm sure you're familiar with Senator Amy Klobuchar. She ran for President, under of course the Democrat ticket, this last election cycle. She is targeting big tech, at least. That's what she says. We'll talk about the reality. Hello everybody. Craig Peterson here. Thanks so much for joining us today. I really appreciate it. And I appreciate hearing from you as well. Any questions? I have so much information to give you guys we're starting some training courses, free email training, just everything me@craigpeterson.com. Any questions as well and visit me online at Craig peterson.com. Senator Amy Klobuchar, is a Democrat from Minnesota and she has introduced a bill here in Congress and supposedly big tech is in her crosshairs. Now I think that's really funny because it's not in reality. Okay. Here's an article from ARS Technica a very good website, by the way, on some of the tech. It says not only our major firms, such as Apple, Amazon, Facebook, and Google under investigation for allegedly breaking existing antitrust law. A newly proposed bill in the Senate would make it harder for these and other firms to become so troublingly large in the first place. If you've been listening to me for a while, I have friends that have been absolutely destroyed by some of these big tech firms. Where companies have gone ahead and then announced a product because they found, Oh, wait a minute. These guys over here, they're doing pretty darn well with that product. Let's see if we can't figure out if there's really a market forward or not end up, they're competing with us. So here's what we'll do. Let's go ahead and announce. We're going to have a product and it's going to be better than their product, and you can get it from us and you can rely on us. Don't pay attention to that small company over there. They are entirely unreliable. All of a sudden that small company's sales plummet because people are waiting for big co to come up with their version of whatever it might be. Then they'll compare it to and maybe buy it a bit later on. That's a way that many of these companies have grown and grown in a very big way. Senator Klobuchar introduced this bill called Clara. Should have called it Clarice. The competition and anti-trust law enforcement reform act. This would be the largest overhaul to the US antitrust legislation in almost 50 years if it became law. It's interesting because her statement says while the United States once had some of the most effective antitrust laws in the world. Our economy today faces and massive competition problem. I'm a little confused here. It looks like she is asking for competition. I don't know. I don't understand it. I thought she was one of these far-left ones. I remember the debates quite well. They're looking at expanding resources. In other words, give them more money at the federal trade commission, the department of justice in their antitrust division. They're looking to pursue a review of more mergers, more aggressively. Now my knee jerk reaction is, these big companies usually we'll fail. They usually just keep getting greedier and bigger. Look at what happened to GM. They went bankrupt and unfortunately, they use tax dollars to bail them out. Chrysler has gone bankrupt twice, and they've used our tax dollars to bail them out. I don't think that's a good idea. Remember our tax dollars mean our time. We have to put in our time, we can't spend with our families. Time, we cannot spend on vacation. Time we cannot spend relaxing. It takes our time now, where we have to work to make money, to give to the government, to bail out companies that are failures. What the government decided to do rather than let these bigger companies fail as they ultimately always do. If you're old enough, you'll remember back in the seventies and eighties, IBM, too big to fail. They owned the business, the computer business in the sixties and seventies, and they just fell off the edge. Didn't they? That usually happens. I'm not sure a hundred percent is going to happen with the social media companies but I suspect they are. Look at what's happening right now. If you have kids that are under 20, do they have a Facebook account? Even in their thirties, under 20-year-olds, they don't use Facebook anymore. Facebook is likely to die off unless they change in a big way. So what's Facebook do? They buy competitors. They buy WhatsApp. We've talked about WhatsApp before and my thoughts on that. They buy Instagram. They buy competitors and they use competitors too. Change their business model a little bit and move laterally rather than vertically. That's not a bad idea in business. Frankly, most businesses expand their product line, expand their way of doing things by acquiring successful small businesses. So I get that. I think that's wonderful. But what the Senator is proposing is that we have the government decide if a business should be allowed to acquire another business. There is a line in there where I agree with her. I'm not a hundred percent sure where that line should go. We've had antitrust laws here in the United States since 1800s, a very long time. The Sherman act short and simple back then it made it illegal to monopolize or attempt to monopolize or conspire to monopolize the market. I liked that one. How about if you're defining the market? There's two sides to this, one side often overlooked. You've got the side of the supplier. You've got Facebook or GM or whoever. You say Facebook is the 800-pound gorilla. They own this market. So what should you do about Facebook? That's what she's trying to figure out here. What should we do? They're saying we should have a government regulator decide if it's a monopoly or not. We know how well that ends up working. You end up with a revolving door, the regulators working for the corporations, and then going back to the regulators right back and forth. It's absolutely crazy. That side of it. There is another side and this other side is frankly not that new, but it has gotten worse more recently. It's called a monopsony. What this is where you have a lot of suppliers. So you'd have a whole lot of Facebook' for instance, but only one purchaser. You said, Craig, what are you talking about? We're the best and brightest. I'm not quite sure where you're going with this. Here's where we're going. Monopsony is typified by Walmart. Walmart is well-known as a company that you do not want to sell to. If you're a small business, you look at it, say, Oh yeah we got Walmart. They're going to sell our product. Okay. Okay. Great for you. It's not wonderful. Walmart took out every rubber hose they had, and they beat the supplier over the head and shoulders and back until they capitulated. Walmart was routinely criticized for this forcing vendors to lower prices until it became unsustainable. I can think of a few of these products right off the top of my head. Do you remember Rubbermaid, right? It was the. The dominant force for those rubber containers at Walmart. Then all of a sudden it wasn't there anymore. Do you remember that? Because they couldn't sell it to Walmart at the prices Walmart wanted it at. That's one way Walmart keeps the prices low. With this monopsony problem. We're talking about a lot of companies that make competing products, but there's really one 800 pound gorilla. That's buying it. Walmart has a huge share of the US retail market. Of course, now they've been one-upped by our friends over at Amazon. Amazon is there now in that kind of the same position. If you're going to sell something, you pretty much have to have it on Amazon. Amazon's basically going to dictate how much you can sell it for. Isn't that interesting. By the way, that word monopsony dates back almost a hundred years as well. Antitrust laws have never addressed the idea of this kind of anti-competitive behavior from the bottom-up direction. It's an interesting way. So what do I think is the way to go on all of this stuff? First of all, we'll see if it ever becomes law. They tried something similar with a bill back in 2019, and it didn't get very far. With the Democrats controlling the white house, the house of representatives, and the Senate. The idea of reform being passed is more feasible, but there's one other side to this. This goes back to my friends who have had their businesses effectively stolen by large companies. That is when we're looking at more regulation, which is exactly what she's proposing. More regulators, more money going to the regulators. They're making the entire marketplace harder. If you're a small company and do you have to comply with all of these new rules, you now have to make all of these regulators happy. What are the odds? You're going to be able to do that compared to the big guys. The big guys can quite easily afford all of the attorneys, all of the regulatory compliance people, everybody that's needed. But you can't. So the big companies love this sort of thing because the regulations make it easier for them to keep competitors out of the market. They're keeping competitors out of the market. We've already established that they're buying competitors, so they don't have to compete with them. Now we're going to make matters worse with this Klobuchar bill. By doing what? By increasing regulation, making it harder to compete. I propose that we'll actually have more monopolies after this. I would much rather just keep it simple and watch out for monopolies. If a company makes mistakes and is going under, let it go under. Any parts of that company that have any value will be sold. That's what bankruptcy laws all about. If, someone who's thinking about maybe getting into an information security career. Or maybe you're looking at another career because right now there are millions of jobs open in InfoSec. We're going to talk about it. What do I wish I knew? Hi everybody, Craig Peterson here. Thanks so much for joining me. You probably know that I have been in information security for a very long time. It started out as I had to protect my own company. When I got nailed 30 years ago with what was called the Morris worm. If you've been on any of my webinars where I do a little background, you heard my story there. It just scared me to death. I almost lost a bunch of clients because of this worm. The worm is a piece of software that gets onto a computer and then spreads to other computers. Nowadays, we have a lot of things that act like worms. For instance, ransomware gets in and starts to spread. We have all kinds of bad guys that are doing the same thing. They'll get onto a machine in your network. Then they'll manually start looking around and seeing what you have, what file servers you have. Oh, let's connect to the G drive or whatever you call that file server drive or shared drive. They will look through your files and just the rest of the story, right? You guys are the best and brightest. You really are. So here's where I come down. I think there is a lot of opportunities here and I did a little presentation for a mastermind group. I'm a member of last week. I talked about a guy that became a friend of mine who is in his late fifties is right around 60 years old and decided he needed a new career. His prior career had literally disappeared. They had just been destroyed. He was in retail and he was managing a store and he had a lot of clients. Of course, that job went away and he was looking for, what do I do next? He's been listening to me for a very long time on the radio and decided that maybe he should look into an InfoSe career. So he did. I used him as a case study with my mastermind group. What should people be looking to do and how can I help them? So I figured let's do this because I saw an article in Dark Reading. That's one of my favorite websites for all of these articles on security. They were talking about exactly that, what should I be doing now, if I want a security career? What are the things I should know and do? The author of this is Joan Goodchild, an easy name to pronounce. What happened to her? She points out, do you know information security can be really rewarding? I absolutely agree with that. It is a thankless job, you miss one thing and something gets in. Someone brings it from home you don't quite have everything in place or everything up to date. The biggest problem I've seen and I see with this friend of mine that I talked about in the mastermind is that we don't think we know enough. It's something called imposters syndrome. You've probably heard of it. It exists in a lot of different facets of our lives, not just in careers. So he has imposter syndrome, as do a lot of people who are in cybersecurity because there's so much to know. That's why I've said forever businesses cannot do cybersecurity. Antivirus isn't going to work for you. Basic firewalls are not going to work for you. Even if you have the right equipment in place if you don't know how to manage it and set it up. All of this stuff, it's just not possible to do. Maybe you should look at a security career, cybersecurity. Let's run through some of the things that she put in there. Of course, I'll add my little side things, but she asked a bunch of people in cybersecurity, specifically what do you wish you would have known when you first started. Here's Gregory Touhill, president of Applegate, federal Brigadier general retired in first, us CSO under president Barack Obama, CSO is the chief information security officer for the federal government. He said. I love this quote. Cybersecurity is a full-contact team sport. There is no single person who is an expert on all of the various aspects of the area of the discipline. Once I got over myself and recognize that I couldn't do it all, I focused on building the right team of experts to solve issues before they become problems. That revelation triggered great future success. So there you go. I think that's absolutely phenomenal to remember. You're going to have imposter syndrome if you decide to go into this, but the bottom line is to work with a team. If you can find a vendor like me, that knows what they're doing, that has people that can help you out because you cannot just be out there yourself. Next point here. This is from Wayne Pruitt, cyber-range, technical trainer in North America. I've seen him before. He's been on one of my webinars where I was teaching about cybersecurity. To be effective in cybersecurity you need to have an understanding of all areas of information technology. Boy, is that true? If an analyst does not understand how a web application communicates with a database on the backend, how will he know if the traffic he's seen is normal or malicious? Without this understanding, analysts are just relying on security tools to make the determination. Hopefully, those tools are configured correctly. Sometimes you have to learn the basics. Don't understand the more complex. Again, this goes into you've got to have a team. You have to have multiple people who can help out at different levels because frankly, you can't know it all. Going back to that the general Brigadier general, he had such a good point. Next up is a chief strategist at Point 3 security. Her name is Chloe Messdaghi. I really wish I knew how little diversity and inclusion were practiced. When I first entered the industry, many of us in our current organizations are now working for to improve the situation are gaining ground. But within my first year, I felt like I had entered the 1940s. I personally think this is ridiculous. Men are attracted to certain things and certain careers, women, the same thing. There are some careers that are dominated by women and some that are men. One of my daughters works with me and she is a cybersecurity analyst and she's just finishing some more training. In fact, our people tend to spend about a third of their time in training and she's very good and it has nothing to do with the fact that my daughter's a girl. So come on, quit seeing sex and seeing the race everywhere. It's just crazy. It's out there and she's right there aren't many women that are in this career. Next up here, Lakshmi Hanspal. She is CSO of a company called Box whom I have used before. They've got some very good products for file sharing. I switched over to Dropbox. I like some of the stuff a little bit better having come from a traditional stuff background. It was not until I entered higher leadership roles and began formulating hiring strategies that I realized the more diverse teams solve the toughest challenges, skills, such as critical thinking, how to manage risk trade-offs and cybersecurity not being a zero-sum game are extremely fundamental and understanding and thriving in the security industry. It is obvious she spent some time writing that and trying to put in lots of big words. She is right. We when we're talking about diversity in this case, what she's talking about are the diversity of skills, critical thinking, managing trade-offs, and understanding that we all have to work together on a team in the cybersecurity field. I thought she had a really great point. Next up, we have Josh Rickard security research engineer over at Swimlane. I wish I knew and understood that an organization's priorities are guide rails for information security teams, as with most starting in InfoSec. I wanted to solve all the security issues I came across, but this is impossible. Understanding business priorities while communicating potential risks is critical. Okay. But helping the business with those priorities gives you credibility. Wow. I'm going to save that one, frankly, because that is something that we all need to remember. I've had people on my team that was just a hundred percent focused on doing the right thing, quote unquote, on the cybersecurity front, and to them, the right thing was to make sure there are no holes. So I can see that from a certain perspective. And again, back to the diversity of thought, having someone like that on your team is a good idea, but it does have to be tempered. Mary Writz VP product development over at ForgeRock. When I started 20 years ago as a penetration tester at IBM. I wondered how I even got the job because I did not feel qualified in hindsight. No one was truly qualified because it was such a young domain. I was hired because of my technical background, my curiosity, my interest, fast forward, 10 years, I was teaching a technical audience how to build hunt teams and I expect everyone in the audience knew more than me. A gentleman in the audience raised his hand and said, you're assuming we know what we're doing, but we don't. After we all laughed, we shared our notes and learned from each other. Wow. So insightful here, because again, she's pointing out. The curiosity requirement. I think if you're not curious, you're not going to spend the time it takes to investigate and to learn more. We're going to cover a few more. You're listening to Craig Peterson and online@craigpeterson.com. We're talking right now about InfoSec, information security. Have you thought about maybe taking up a bit of a new career? Well there are some estimated 2 million open jobs in this one. Of course, this is Craig Peterson. We were just talking about this article that appeared in dark reading. Now, dark reading is an online magazine, right? It's a website. And they had this article that I absolutely had to read because it reminded me of someone I know. One of our listeners, who decided he needed a new career. He'd lost his job. He'd been out of work for over a year and he had been managing a retail camera shop and they shut it down. He was stuck. What do I do? He'd been listening to the show for a long time. He decided he wanted to go into information security. He took some courses on it and he got himself a job. A full-time job being the chief IT security guy for this company after just a few months. So that tells you how desperate these companies are. Kind of jerking his chain a little bit, but not right, because he just barely had any background. If you want me to connect you with him, if you are serious about thinking about one of these careers, I'll be glad to forward your request to him, just to see if he's willing to talk to you. Just email me ME@craigpeterson.com and make sure you mentioned what this is all about. So I know what's going on. Ran Harel, he's a security principal and product manager over at Semperis said, when I was growing up, I was quite an introvert, by the way, that sounds like a lot of us in it. I didn't realize until much later on in my career, just how great the security and tech community are looking back. I realize how quickly I could have solved so many issues, by just asking on an IRC channel or forum. IRC is an internet relay chat, a bit of a technical thing, but it's an online chat. I would tell my former self, the problem you are facing now is probably been dealt with multiple times in the past year alone. Don't be afraid to ask the InfoSec community and then learn from them. That's absolutely true. I found an online IRC channel basically, and they were set up just to talk about CMMC is this new standard that department of defense contractors are having to use. As you probably know, we have clients that are manufacturers and make things for the Department of Defense and they have to maintain security. It's been interesting going in there answering questions for people and even asking a couple of questions. It is a great resource. This particular kind of IRC is over on discuss. You can find them all over the place. Reddit has a bunch of subreddits. It's dealing with these things, including, by the way, getting into an InfoSec career. So keep that in mind. There's lots of people like myself that are more than willing to help because some of the stuff can get pretty confusing. All right. The next one. Is from Cody Cornell, chief security officer, and co-founder over at swimlane. He said, apply for jobs. You are not qualified for everyone else is. Man. I have seen that so many times everybody from PhDs all the way on, down throughout a high school and who have sent me applications that they were not even close to qualified for. Now, you can probably guess with me, I don't care if you have a degree. All I care about is can you do the work. Can you get along with the team are you really going to pull your weight and contribute? I have seen many times that the answer to that is no, but I've seen other times where, wow, this person's really impressive. So again, apply for jobs you're not qualified for because everybody is. Security changes every day. New skills techniques and the needs of organizations are always shifting. And to be able to check every box from an experience and skills perspective is generally impossible. Looking back at 20 years of jobs in the security space, I don't believe that I was ever a hundred percent qualified for any of them, but felt confident that I could successfully do them. So keep that in mind. Okay. Again, imposter syndrome, we're all worried about it. This applies to more than just InfoSec. This applies to every job, every part of life, we all feel as though we're impostors and that we're not really qualified, but the question is, can you figure it out? Can you really do it? Next up here is Chris Robert, a hacker in residence, he calls himself over at Semperis and he says, overall, the most important lessons that I'd tell my younger self are not tech-based. Rather they focus on the human aspect of working in the cybersecurity industry. I think cybersecurity professionals in general, tend to focus on technology and ignore the human element, which is a mistake and something we need to collectively learn from and improve. I agree with him on that as well. However, we know humans are going to make mistakes, so make sure you got the technology in place that will help to mitigate those types of problems. Next up, we've got Marlys Rogers. She's CISO over at the CSAA insurance group that's a lot of four-letter acronyms. You are nothing without data. Data is queen. Coming from an insurance person, right? Without hard data, you can only speak to security in more imagined ways or ways. The board and C-suite are aware of in the media cost-benefit is only achievable with related data points. Demonstrating how much we are fighting off and how the tools, processes, and people make that happen. Next up we have Edward Frye, he's CSO over at our Aryaka. When I first started out, I was fairly impatient and wanted to get things done right away. While there are some things that need to be done right now, not everything needs to be done. Now have the ability to prioritize and focus on the items that will have the biggest impact. I think one of the biggest lessons I've learned along the way is while we may need to move quickly, this race is a marathon, not a sprint. Patience is essential for security pros. I can certainly see that one. Chris Morgan, senior cyber threat intelligence analyst over at Digital Shadows, despite the way that many in media liked to portray cyber threats, not everything will bring about the end of the world. For those getting into incident response and threats, try to have a sense of perspective and establish the facts before allowing your colleagues to push too quickly towards remediation mitigation, et cetera. Expectation management amongst senior colleagues is also something you'll frequently have to do to avoid them breaking down over a mere phishing site. The quote, one of my former colleagues try to avoid chicken, little central. I've seen that before as well. The next one is things are changing daily and the last one is the perception of security is still a challenge. So great little article by Joan Goodchild. You'll see it in my newsletter, which we're trying to get out now Sunday mornings. You can click through on the link if you'd like to read more. As you can see. 2 million open jobs while between one and 3 million, depending on whose numbers you're going at in cybersecurity. You don't have to be an expert. As I said, one of our listeners went from not knowing much about it at all, he can install windows that's it, to having a job in cybersecurity in less than six months. I'm doing a special presentation coming up next month for the New England Society of Physicians and Psychiatrists. We're going to be talking a little bit about what we will talk about right now. What can you do to keep your patient information safe? What can we do as patients to help make sure our data's safe. You'll also find me on pretty much every podcast platform out there. Just search for my name, Craig Peterson. I have a podcast and it makes it pretty easy. I've found some of them don't understand if you try and search for Craig Peterson, tech talk, some of them do. I've been a little inconsistent with my naming over the years, but what the heck you can find me. It's easy enough to do. I've got this new kind of purple-ish logo that you can look for to make sure it's the right one. And then you can listen to subscribe, please subscribe. It helps all of our numbers. You can also, of course, by listening online with one of these devices, help our numbers too. Cause it's you guys that are important. The more subscribers we have, the way these algorithms work, the more promotion we'll get. I think that's frankly, a very good thing as well. What do you do if you need to see a doctor, that question has a different answer today than it did a year ago. I won't be able to say that in about another month, right? Because mid-March is when everything changed last year, 2020, man, what a year? To see a doctor nowadays, we are typically going online, aren't we? You're going to talk to them. So many doctors have been using some of these platforms that are just not secure things like zoom, for instance, which we know isn't secure. Now, the fed kind of loosen things up a little bit under the Trump administration saying, Hey. People need to see doctors. The HIPAA PCI rules were loosened up a little bit in order to make things a little bit better. Then there's the whole DSS thing with HIPAA. All of these rules are just across the board are loosened up. That has caused us to have more of our information stolen. I'm going to be talking a little bit about this FBI, actually multi-agency warning that came out about the whole medical biz and what we need to be doing. Bottom line, Zoom is not something we should be using when we're talking to our doctors. Now, this really bothers me too. Zoom is bad. We know that it's not secure and it should not be used for medical discussions, but Zoom has been private labeling its services so that you can go out and say, Hey, zoom, I want to use you and I'm going to call it my XYZ medical platform. People have done that. Businesses have done that. Not really realizing how insecure Zoom is. I'm going to give them the benefit of the doubt here. You go and you use the XYZ medical platform and you have no clue of Zoom. Other than man, this looks a lot like Zoom, that's the dead giveaway. Keep an eye out for that because a lot of these platforms just aren't secure. I do use Zoom for basic webinars because everybody has it. Everybody knows how to use it. I have WebEx and the WebEx version of it is secure. In fact, all the basic versions, even of WebEx are secure and I can have a thousand people on a webinar or which is a great way to go. It's all secure end to end. Unlike again, what Zoom had been doing, which is it might be secure from your desktop, but it gets to a server where it's no longer secure. That kind of problem that telegram has, frankly. If you are talking to your doctor, try and use an approved platform. That's how you can keep it safer. If you're a doctor and you have medical records be really careful. Zoom has done some just terrible things from a security standpoint. For instance, installing a complete web server on a Mac and allowing access to the Mac now via the webserver. Are you nuts? What the heck are you doing? That's just crazy. Just so insecure. This is all part of a bigger discussion and the discussion has to do with Zero trust architectures. We're seeing this more and more. A couple of you, Danny. I know you reached out to me asking specifically about zero trust architectures. Now Danny owns a chain of. Coffee shops and his family does as well. He says, Hey, listen, what should I do to become secure? So I helped them out. I got him a little Cisco platform, and second Cisco go that he can use as much more secure than the stuff you buy the big box retailers or your buying at Amazon, et cetera, and got it all configured for him and running. Then he heard me talk at about zero trust and said, Hey, can I do zero trust with this Cisco go, this Muraki go, is actually what it is and the answer is, well so here's the concept that businesses should be using, not just medical businesses, but businesses in general and zero trust means that you do not trust the devices, even the ones that you own that are on your network. You don't trust them to be secure. You don't trust them to talk to other devices without explicit permission. Instead of having a switch that allows everything to talk to everything or a wifi network where everything can talk to everything, you have very narrow, very explicit ways that devices can talk to each other. That's what zero trust is all about. That's where the businesses are moving. There's zero trust architecture, and it doesn't refer to just a specific piece of technology. Obviously, we're talking about the idea that devices, and even on top of that, the users who are using the devices only have the bare minimum access they need in order to perform their job. Some businesses look at this and say that's a problem. I'm going to get complaints that someone needs access to this and such. You need that because here's what can happen. You've got this data that's sitting out there might be your intellectual property. You might be a doctor in a doctor's office and you've got patient records. You might have the records from your PCI your credit card records that you have. I put on. Those are sitting there on your network that is in fact a little dangerous because now you've got something the bad guys want. It's dangerous if the bad guys find it and they take it, you could lose your business. It's that simple. They are not allowing you to use the excuse anymore because of COVID. That excuse doesn't work anymore. The same thing's true with the credit card numbers that you have the excuse of I'm just a small business. It's not a big deal. Doesn't work anymore. They are taking away your credit card privileges. We had an outreach from a client that became a client, that had their ability to take credit cards taken away from them because again, there was a leak. So we have to be careful when you're talking and you have private information, or if you don't want your machine to be hacked, do not use things like Zoom. I covered this extensively in my Improving Windows Security course. So keep an eye out for that as well. If you're not on my email list, you won't find out about this stuff. Go right now to Craig peterson.com. If you scroll down to the bottom of that homepage and sign up for that newsletter so you can get all of what I talk about here and more. Hey, thanks to some hackers out there. Your application for unemployment benefits might've been approved and you didn't apply for it in the first place. Turns out somebody stealing our information again. Hi everybody. Craig Peterson here. Hey, this is a big concern of mine and I've often wondered because I have not been receiving these stimulus checks. I did not get the first round. I did not get the second round and I contacted the IRS and the IRS says depends on when you filed for 2019. Oh my gosh. Of course, I was a little late filing that year. They still haven't caught up. I guess that's good news, right? That the IRS data processing centers are terrible. It goes back to aren't you glad we don't get the government we pay for is the bottom line here, but I've been concerned. Did somebody steal my refund? Did somebody steal my unemployment benefits, did somebody steal my stimulus checks? It is happening more and more. There is a great little article talking about this, where someone had stolen the author's John personal information again. Now we probably all have had our personal information stolen, whether you're aware of it or not. As usual, I recommend that you go to have I been poned.com and pwnd is spelled, pwn, D have I been poned.com and find out whether or not your data has been stolen and is out there on the dark web. They have a really good database of a lot of these major hacks. Many of us have been hacked via these credit bureaus and one in particular Equifax who have all kinds of personal information about us, had it all stolen. It's easy enough for people to steal our identities file fake tax returns. That's why the IRS is telling you, Hey, file your return as soon as possible. That way when the bad guy's file, we'll know it's the bad guys cause you already filed it. As opposed to you file your tax return and the IRS comes back and says, Oh, you already filed. We already sent you a refund or whatever. You already filed it. That is a terrible thing to have to happen because now you have to fight and you have to prove it wasn't you. How do you prove a negative? It's almost impossible. At least in this case, hopefully, the check was sent to some state 50 States away, another side of the world. So you can say, Hey, listen, I never been there, then they can hopefully track where it was deposited. Although now the bad guys are using these websites that have banks behind them, or maybe it's a bank with a website that is designed for people to get a debit card and an account just like that. That, in fact, it's what was used to hack my buddy. My 75-year-old buddy has been out delivering meals and had his paychecks stolen through one of those. These fraudulent job claims are happening more and more. It's really a rampant scam. We've had warnings coming out from the FBI and they have really accelerated during the lockdown because now we've had these jobless benefits increased, people, making more money staying in their home than they made on the job. Disincentives for working, frankly. He's saying here the author again, John Wasik, that a third of a million people in his state alone were victims of the scam. This is an Illinois. This is where he lives. A third of the people in the state of Illinois, including several people that he knew. We've got some national tallies underway. I don't know if you've seen these. I've seen them on TV and read about them, California. It is crazy. People were applying for California unemployment that didn't live in the state at all, would come into the state and once you're there in the state pick up the check, right? Cause that's all they were doing. Some people have been caught with more than a million dollars worth of California unemployment money. Of course, it wasn't a check, it was actually a debit card. The same basic deal and California is estimating that more than $11 billion was stolen. Can you imagine that tens of millions of people could have been scammed because of this? This is the third time the author had been a victim of identity theft and fraud. He wanted to know how could they get his information. Well, I've told you, check it out on, have I been poned. It'll tell you which breaches your information was in. It does it based on your email address. It'll also tell what type of data was stolen in those breaches. So it's important stuff. I think you should definitely have a look at it. He is very upset and I can understand it. Data breaches last year, more than 737 million data files are ripped off according to act.com. Frankly, that was a digital pandemic, with more and more of us working at home. I just talked about the last segment. Your doctor's office and you are talking to your doctor. How now? Cause you don't go into the office. There are so many ways they can steal it. The FBI's recording now a 400% increase in cybercrime reports that we had this mega hack of corporate and government systems. This whole thing we've talked about before called the SolarWinds hack, although it was really more of a Microsoft hack, and it went out via SolarWinds as well as other things. Be careful everybody out there. If you find yourself in these breach reports on, have I been poned make sure you go to the website. Set yourself up with a new password. At the very least use a password manager. I just responded to an email before, when it went on the air today, from a listener who was talking about two-factor authentication. He's worried about what to use. I sent him my special report on two-factor authentication, but it is the bottom line, quite a problem. Again, Use one password, use two-factor authentication with one password. Don't use SMS as that and you'll be relatively safe. I don't know I can't say do this and you'll be safe. I don't think there's any way to be sure your safe. Having these organizations, businesses, government agencies hacked all the time that don't seem to care about losing our data, right? Oh, it's a cost of doing business,
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw214
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw214
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Nick Tausek from Swimlane joined Technado this week to discuss security orchestration, automation and response (SOAR). He also shared an article he wrote about closing the security workforce gap before giving his thoughts in a Deja News segment about the way Parler data was archived before it went offline. In other news, the team looked at a Thunderbolt 4 monitor from LG that was released at CES, how Windows 10X compares to Chrome OS, Systemd 248 unlocking encrypted volumes via TPM2, a scary Windows 10 bug that can corrupt a hard drive, and BitLocker’s lock-screen bypass flaw.
Our feature guest this week is Joey Stanford, Security, Compliance and Data Protection Officer at Platform.sh. News from unumAI, Parler, Haekka, Roxbox, Swimlane, LogRhythm, Coalfire, Ping Identity, JumpCloud and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Here are the top 10 most stolen vehicles from Denver in 2020 Denver tech firm tries to solve political-polling errors by ditching surveys Parler, founded by University of Denver grads, is squeezed as Trump seeks new online megaphone Trump administration passes up Colorado, will move US Space Command to Alabama Meet the 21 Colorado startups to watch in 2021 Meet the finalists: ColoradoCIO's 2021 CIO of the Year ORBIE Awards Introducing James Brear, Our New CEO | Swimlane LogRhythm Acquires Threat Detection Platform MistNet | Business Wire Coalfire acquires penetration testing management platform Ping Identity Wins Glassdoor Employees’ Choice Award JumpCloud Extends Oversubscribed Series E to $100 Million and Adds Chief Revenue Officer Job Openings: Ping Identity - Business Analyst, Information Security Ping Identity - Manager, GRC (Privacy Programs) Ping Identity - Product Security Engineer Fast Enterprises - Information Security Analyst Schenker - IT GOVERNANCE SPECIALIST-SECURITY Black Hills Energy - Corporate IT Security Analyst (Frederick) Slack - Associate Risk & Compliance Engineer, ITGC - Security US Department of the Interior - IT Cybersecurity Specialist, GS-2210-12/13 (DH) PulteGroup - Senior IT Security Analyst Ball Corp - Manager, IT Audit Upcoming Events: This Week and Next: C.Springs ISSA - January Meeting - 1/19 CSA - January Virtual Meeting - 1/19 OWASP - January Chapter Meeting - 1/20 ISACA Denver - January Chapter Meeting with IIA - 1/21 ASIS - WIS : COFFEE CHAT WITH DAWN GREGORY - 1/21 C.Springs ISSA - January Mini Seminar - 1/23 ASIS - YP NETWORKING HAPPY HOUR WITH TAYLOR PASANELLO - 1/26 ISC2 Pikes Peak - January Meeting - 1/27 Denver ISSA - Your presence matters! How to show up as your best on video - 1/27 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
News from CLMBR, Larimer Square, Kleos, Husch Blackwell, Webroot, LogRhythm, Swimlane, Coalfire and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel 21-year-old CU Boulder senior to build 3D-printed school in Madagascar Pitbull, Jay-Z headline investors in this Denver fitness startup Larimer Square sale official as North Carolina’s Asana Partners closes on historic Denver block Denver ranks top 10 for most moved-to U.S. cities during COVID-19 pandemic European aerospace company becomes latest to choose Denver as home of U.S. office The California Privacy Rights Act Goes into Effect Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021 How to Mitigate Docker Container Security Risk Swimlane Integration with Stellar Cyber Brings Customized Automation to Incident Response Azure Policies - Coalfire Job Openings: Ping Identity - Manager, GRC (Privacy Programs) Ping Identity - Manager of GRC Ping Identity - Product Security Engineer Presidio - Sr. Solutions Architect, Cyber Security Nordstrom - Technical Program Manager 2, Governance Risk and Compliance OpenText (Webroot) - Threat Research Analyst Aims Community College - Identity Management Security Analyst Sikorsky Aircraft Corporation - Defensive Cyber Engineer Richey May - CyberSecurity Engineer II NREL - Graduate Summer Internship - Microgrid Control for Cyber Security and Resilience View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
News from: mcSquares, Prieto Battery, Boa Technologies, Coalfire, LogRhythm, Intelisecure, Red Canary, Swimlane and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Parker ranks No. 2 in Money.com list of Best Places to Live in America Colorado state workers ordered to take unpaid furlough amid state budget shortfall Denver startup mcSquares changes Shark Tank deal, sees growth amid Covid-19 Hercules Electric Vehicles and Prieto Battery, Inc. Establish Strategic Partnership for Battery Technology in 2025 Hercules Trucks | Business Wire Denver-based sports equipment company acquired for $454 million Coalfire - Offensive Security Testing Using Cloud Tools LogRhythm - New Cybersecurity Maturity Model Certification (CMMC) Updates Intelisecure - Microsoft 365 Endpoint DLP: Is it Ready for the Enterprise? Red Canary - Nothing to hide: seeking out rootkits on enterprise systems Key Takeaways from Gartner’s 2020 Market Guide for SOAR… | Swimlane Job Openings: Lunavi - Manager of Information Security Western Union - Manager, Information Security IHS Markit - Sr. Principal Cloud Security Architect Vail Resorts - Infosec and Privacy Analyst Visa - Cybersecurity Analyst, Applied Cryptography Cognizant - SENIOR MANAGER, ENTERPRISE SECURITY OPERATIONS Red Canary - Security Analyst, Cloud Workload Protection (Remote) IronNet Cybersecurity - Vice President, Worldwide Sales Operations (US Remote) Upcoming Events: This Week and Next: NCC - [WEBINAR] Election Interference & Data Breaches - 10/1 ISACA Denver - ISACA COMMUNITY DAY - 10/3 ISSA C.Springs - October Online Series - 10/8 NoCo ISSA - October Chapter Meeting - 10/8 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Zapraszam na rozmowę z Marcinem Masłowskim na temat mapowania procesów. linki z podcastu: http://lepszymanager.pl/ https://szkolajakosci.pl/ http://inzynierjakosci.pl/
Matt Alderman, CEO of Security Weekly is our feature guest this week. News from: Carvana, Palantir, FullContact, Liberty Global, Webroot, Swimlane, Coalfire, Ping Identity and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Carvana ‘car vending machine’ proposed at I-25 and Evans Palantir moves its HQ from Palo Alto to Denver as plans to go public percolate Leaked S-1 screenshots show Palantir losing $579M in 2019 This community group wants to connect Colorado startups to growth capital Denver tech company FullContact brings on new CEO, grows privacy-driven ad tech Liberty Global to acquire Swiss telecom company in deal valued at $7.5B WFH for the Long Haul? These Tips Will Help You Create a Cyber Resilient Home Network | Webroot Understanding the Fundamental Rights of the Data Subject… | Swimlane Coalfire Blog - Chasing doorbells: Finding IoT vulnerabilities in embedded devices How Capital One Put Identity in the Cloud Job Openings: Ping Identity - GRC Analyst State of Colorado - Chief Information Officer and Executive Director - Office of Information Technology Cognizant - MANAGER-SECURITY ARCHITECURE & ENGINEERING (100% REMOTE) Trustwave - Information Security Advisor Bank of America - Network Security Engineer deepwatch - Security Analyst III - Weekday Afternoon (remote) Western Union - IT Audit Manager Interstate Restoration - IT Network Security Administrator FedEx - Cyber Security Advisor – Infrastructure Security Root9B - Defensive Cyber Operations Analyst Upcoming Events: This Week and Next: Denver ISSA - A Behavior Centric Approach to Securing Data - 8/25 ISC2 Pikes Peak - August Chapter Meeting - 8/26 ASIS - WOMEN IN SECURITY COFFEE CHAT W/ KERI DARLING - 8/27 DC303 - August Meeting - 8/28 ASIS - WEBINAR: DE-ESCALATING DANGEROUS SITUATIONS - 9/3 C.Springs ISSA - September 2020 Online Series - 9/3 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
We’ve got a roundtable discussion with James Carder (CSO at LogRhythm), Steve Winterfeld (Advisory CISO at Akamai) and Alex Wood as our feature interview this week. News from: Boulder AI, Techtonic, Uncharted, PAIRIN, Guild Education, Automox, VirtualArmour, Ping Identity, LogRhythm, Swimlane, Red Canary, and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Boulder-based visual intelligence company lands contract with City of Denver, Colorado to improve pedestrian safety Nearly one-third of new pandemic unemployment claims last week were fake, Colorado’s labor department says Techtonic pledges to hire 100 people of color as apprentices in Colorado Why Denver-based Uncharted shifted to a four-day, 32 hour workweek Denver company PAIRIN doubles down on technology that makes hiring more equitable Meet the 2020 CNBC Disruptor 50 companies Automox Appoints CrowdStrike Co-Founder Dmitri Alperovitch to Board of Directors Proximity Tracing & You: What to Expect as the World Returns to Work Ping Identity - Keep Me Safe, Make Me Happy (Part 2) 7 Steps to Building A Security Operations Center (SOC) | LogRhythm The Role of Preparation and Process in Incident Response | Swimlane Keeping tabs on the Blue Mockingbird Monero miner Job Openings: TAC - Security Program Manager DispatchHealth - Vice President of Information Technology and Security Officer Elliott Management - Information System Security Manager DISH Network - Senior Cyber Security Threat Hunter Twilio - Lead Offensive Security & Assessments Engineer Cognizant - Project Manager, Corporate Security State of Colorado - Security Solutions Architect (IAM) Maxar - Cyber Security Operations Analyst NREL - Cyber Security Analyst WorkBoard - Information Security Intern Upcoming Events: This Week and Next: ISSA Denver - John Stock: Securing connected devices and preventing wireless attacks - 6/23 ISC2 Pikes Peak - June Chapter Meeting - 6/24 ISSA C.Springs - June Online Series - 6/25 ISSA Denver - Toby Zimmerer: Addressing the need to dispose of data - 6/25 DC303 - Android App Reverse Engineering - 6/26 Ockomothon - 6/27 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
News from: Sphero, Pie Insurance, CyberGRX, Bluprint, deepwatch, Red Canary, Richey May, Swimlane and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Sphero names new CEO, spins off public safety-focused company Colorado’s unemployment system, slammed with coronavirus claims, inadvertently exposed people’s private data Insurance tech company raises $127M, plans to grow in Denver Endeavor Selects 10 Entrepreneurs Leading Five Companies at the Third Virtual International Selection Panel Bluprint, formerly Craftsy, is shutting down, laying off 137 employees deepwatch Announces New Chief Technology Officer EDR security tools: a buyer's guide to choosing the right vendor Benefits of an Effective Internal Audit Program The 2020 SANS Automation and Integration Survey Results are | Swimlane Job Openings: Ping Identity - GRC Analyst DCP Midstream - Security Analyst IV Ball Aerospace - Information Security Director Netskope - Vulnerability Assessment Analyst VMWare - Senior Product Security Program Manager DaVita - Director, Senior Corporate Counsel - Privacy Spectrum - Senior Manager Network Security Operations A-LIGN - Senior IT Auditor PwC - CyberArk Senior Associate Front Range Community College - Faculty, Computer Science, Information Technology and Cybersecurity (CSITC) Upcoming Events: This Week and Next: ISSA C.Springs - CISSP Online Prep June 2020 Register Now! - 6/5 (Session 1 of 6) ISSA Denver - Alex Holden: Dark Web Review - A Deep Dive Into A Dark World - 6/4 ISSA Denver - Priyank Nigam: Radio Frequency (RF) Hacking 101 - 6/9 ISSA C.Springs - June Online Series - 6/11 NoCo ISSA - June Chapter Meeting - 6/11 ISSA Denver - Zechariah Oluleke Akinpelu: Practical Approach to Application Security - XSS, SQL Injection and Web Shell Exploitation - 6/11 Other Notable Upcoming Events View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Erik Huffman, Entrepreneur, Researcher & Cyberpsychologist is our feature guest this week. News from: Strava, VF Corp, Arrow Electronics, DaVita, Zayo, Anschutz Corp, Liberty Global, Ball Corp, Vail Resorts, Boston Market, National Cybersecurity Center, Manetu, ThreatX, DarkOwl, Swimlane and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Sträva Coffee Gifting Five, $1,000.00 "Golden Tickets" to Customers Good Works: VF Corp. brands donate convention refunds, Colorado brewing industry launches unique relief campaign Exclusive: 13 prominent CEOs form new group to improve the well-being of Denver Boston Market sold to emerging East Coast restaurant operator These Industries Are Hiring Now in Colorado $3M grant a ‘huge win’ for cybersecurity in Colorado Springs – from Colorado Springs Business Journal Consumer Data Privacy Startup in Colorado Raises $3.5M Veteran Tech Executive Gene Fay Named CEO at ThreatX | Business Wire DarkOwl Selects BlueVoyant to Deliver Comprehensive Managed Detection and Response Security Service Responding to Insider Threats with SOAR | Swimlane Job Openings: Ping Identity - GRC Analyst Ping Identity - Product Security Engineer Staples - Senior Application Security Architect ULA- Information Security Architect 6 Synoptek - Director/CISO Charter/Spectrum - Vulnerability Engineer I - Vulnerability and Remediation Zoll Data Systems - Information Security Engineer State of Colorado - Senior Security Engineer Arrow - Corporate IT Auditor I PwC- Cloud Security DevOps Engineer Upcoming Events: This Week and Next: Global Cyber Alliance - DMARC Bootcamp! - 5/4 Hang out a Shingle Starting Your Cybersecurity Company (Douglas Brush and Daniel Ayala) - 5/5 Hacker Business Models: They are out innovating the Rest of Us (by Steve Winterfeld) - 5/7 NoCo ISSA - May Chapter Meeting - 5/14 Other Notable Upcoming Events ??? View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Organizations may be hesitant to share attack vectors, data breaches and other cybersecurity information, but that siloed approach is holding cybersecurity back, says Cody Cornell, co-founder and CEO of Swimlane. On today's episode, Cody discusses the open sharing of security information, how it can transform cybersecurity from a source of consternation into an opportunity and ways to get your company to buy into this new way of thinking.– The COVID-19 pandemic is impacting communities around the world. See what Infosec is doing to help: https://www.infosecinstitute.com/covid-19-response/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastCody is responsible for the strategic direction of Swimlane and the development of its security automation and orchestration solution. His passion for open exchange of security information and deep vendor integration drives him to pursue opportunities to maximize the value his customers receive from their investments in security operations. In 2011, Cody co-founded Phoenix Data Security Inc., a cybersecurity professional services organization known for their ability to blend strategy and engineering with an organization’s business requirements. After beginning his career in the U.S. Coast Guard, Cody spent 15 years in IT and security, including roles with the U.S. Defense Information Systems Agency, Department of Homeland Security, American Express and IBM Global Business Services.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.
This week, we talk Enterprise News, to discuss F-Secure launching protection and response service to protect remote workers, Sectigo and Infineon integrate to advance IoT security with automated certificate provisioning, Enhanced continuous threat detection and secure remote access with the Claroty Platform, and some acquisition and funding updates from SafeBreach, Swimlane, & Syncurity! In our second segment, we welcome Mark Orsi, President of the Global Resilience Federation, to talk about the Business Impacts and Security Risks with Working from Home! In our final segment, we welcome Peter Warmka, Founder of the Counterintelligence Institute, to discuss how The Threat of Social Engineering Goes Well Beyond Phishing! Show Notes: https://wiki.securityweekly.com/ESWEpisode180 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss F-Secure launching protection and response service to protect remote workers, Sectigo and Infineon integrate to advance IoT security with automated certificate provisioning, Enhanced continuous threat detection and secure remote access with the Claroty Platform, and some acquisition and funding updates from SafeBreach, Swimlane, & Syncurity! In our second segment, we welcome Mark Orsi, President of the Global Resilience Federation, to talk about the Business Impacts and Security Risks with Working from Home! In our final segment, we welcome Peter Warmka, Founder of the Counterintelligence Institute, to discuss how The Threat of Social Engineering Goes Well Beyond Phishing! Show Notes: https://wiki.securityweekly.com/ESWEpisode180 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week in the Enterprise Security News, Breach-and-Attack Simulation Firm SafeBreach Raises $19 Million, F-Secure launches protection and response service to protect remote workers, Swimlane acquires Syncurity to spur growth and affirm commitment to SOAR market, DefenseCode ThunderScan SAST 2.1.0 supports Go and ABAP languages, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode180