POPULARITY
3 episodes with ueba
2 episodes with ueba
2 episodes with ueba
2 episodes with ueba
2 episodes with ueba
2 episodes with ueba
2 episodes with ueba
2 episodes with ueba
What separates a CISO who survives from one who shapes the boardroom? In this episode, Steve Moore sits down with Walt Powell, Lead Field CISO at CDW and author of The CISO 3.0, to unpack the modern CISO playbook—why technical credentials alone no longer cut it, how to build personal eminence, and why most security leaders are still treated as second-class C-suite citizens.Walt traces his path from teaching networking before stateful firewalls existed, to writing CISSP exam questions for ISC2, to running CDW's Global Security Strategy Office. He explains what a field CISO does, why the role is harder than ex-CISOs realize, and how one bad meeting can tarnish a brand built over decades.He and Steve break down the four pillars Walt uses to measure his team—embedded advisory, eminence building, sales enablement, and voice of the customer—and how a karate-style “belt system” maps each consultant's competency. Walt explains why the same skills matrix from The CISO 3.0 works for any CISO trying to spot their own gaps.Walt argues a CISO who is not liked cannot succeed: you are the talent magnet, the culture builder, and the person proving in every board meeting that you belong in the seat. He shares the questions every candidate should ask before accepting the role—from D&O coverage to 10-K disclosure access—and why the 30-60-90 plan should be written before the second interview, not after the offer.The conversation closes with what Walt calls “strategic debt”—the identity and data governance work organizations skipped a decade ago that is now blocking AI adoption. Walt shares lessons from running OpenClaw on a Mac mini, why non-human identity tops every 2026 CISO worry list, and how Deep Research is reshaping senior architects.Key Topics• The modern field CISO role and the four pillars of impact• Why CISOs are still treated as second-class C-suite citizens• Building personal eminence through books, speaking, and writing• The CISO 3.0 skills matrix and self-assessment spider wheel• Two paths to the CISO seat: technical vs. MBA, and the gaps each leaves• Why likability is not optional for a successful CISO• Board readiness and proving you belong in the seat• Interview questions every CISO candidate must ask• Strategic debt: identity and data governance blocking AI adoption• OpenClaw, non-human identity, and the future of senior architectsGuest Bio:Walt Powell is the Lead Field CISO at CDW and a founding member of CDW's Global Security Strategy Office, where he leads a team of former CISOs advising security leaders in the field. A longtime executive coach and ISC2 exam development committee member, Walt is the author of The CISO 3.0: A Guide to Next-Generation Cybersecurity Leadership and Quantum Ready, his book on post-quantum cryptography. Connect with Walt on LinkedIn or at ciso30.com.GET A DEMO:
What happens when an AI agent inside your company starts behaving like an insider threat? In part two, Steve Moore picks the thread back up with former FBI operative Eric O'Neill to explore how agentic AI is rewriting cybersecurity, the legal traps that follow a breach, and why the modern CISO must think like a spy hunter.Eric opens with a sobering reality: ransomware victims who decline to pay are re-attacked at staggering rates. He explains why criminals treat cybercrime as a business, invest weeks in reconnaissance—mapping SharePoint, harvesting file trees, and studying access patterns—and why a botched recovery hands them the same door twice.The conversation turns to the new insider threat hiding in plain sight: rogue AI agents. Eric shares a real case in which one executive's casual query exposed the next round of layoffs and triggered coordinated lawsuits. They unpack how agents inherit excessive access, how attackers hijack them once inside, and why organizations are now building insider-threat programs to monitor AI behavior.Eric argues AI is an accelerant on every unresolved problem—weak identity management, entitlement drift, missing asset inventories, and absent data classification. They debate whether IT and security should be unified under the CISO, why the CISO needs a direct line to the board, and the legal landmines that follow a breach, from cyber insurance to the “reasonable steps” standard.The episode closes with Eric's advice for any new CISO: put “spy hunter” on your resume. Counterintelligence, not perimeter defense, is the discipline that wins today. Tune in for part two of a story-driven conversation on why preparation, mindset, and threat hunting beat any single technology.Key Topics• Why ransomware victims who decline to pay get re-attacked• How attackers map SharePoint, file trees, and access patterns• The new insider threat: rogue and hijacked AI agents• A real case of an AI agent exposing an HR layoff list• Shadow IT and the cost of banning AI outright• Permission structures and second-level reviews for agent actions• Why AI exposes gaps in identity, asset, and data classification• Unifying IT and security under the CISO• Why the CISO needs a direct line to the board• Legal traps: cyber insurance, reasonable steps, and missed alerts• The CISO as counterintelligence officer and spy hunterGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:
What does it feel like to stand in the smoking ruin of a ransomware attack? In this episode, Steve Moore is joined by former FBI undercover operative Eric O'Neill—the man who helped capture Robert Hanssen—to explain why modern cybercrime is just traditional espionage repackaged, and why the dark web has quietly become the world's third-largest economy.Eric traces his path from the FBI's counterintelligence trenches to founding NeXasure AI and writing cybersecurity books that read like spy thrillers. He and Steve unpack the staggering scale of cybercrime, which Eric predicts could reach $20 trillion in global GDP within years—a marketplace selling everything from ransomware kits to stolen credentials.They dismantle the “it won't happen to me” mindset that still lingers in boardrooms. Eric describes how attackers use AI agents to scan for vulnerable systems, walks through how Scattered Spider socially engineered MGM in a ten-minute phone call, and explains why disabled MFA remains the leading point of failure for small and mid-size businesses.Eric then unpacks the painful calculus of paying a ransom. He explains why the FBI says never pay, when OFAC sanctions make payment a federal crime, and why—even after paying—an organization must still do the same forensic, legal, and architectural work. Steve and Eric also detail how attackers resell access and treat victims as repeat customers. The episode closes with a candid look at recovery. Eric and Steve explore why most companies fail at restoration, why rolling back to “before the attack” leaves the original flaw wide open, and why preparation always beats panic. Tune in for a part-one masterclass for any leader who thinks their organization is too small to be a target.Key Topics• How traditional espionage evolved into modern cybercrime• The dark web as the world's third-largest economy• Why every organization is a target, regardless of size• The MGM ransomware attack and Scattered Spider's playbook• Disabled MFA as the leading cause of SMB compromise• Vulnerability assessments versus fire-time remediation costs• The pay-versus-don't-pay ransomware calculus• OFAC sanctions and the legal risks of paying• Why restoring backups is not the same as recovery• The how, where, why, what, and when of breach forensicsGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:
Cybersecurity debates tend to center on tools, frameworks, and threats. But Rob Knoblauch has built a 25-year career in global security leadership by focusing on the soft skills that determine whether a CISO survives, thrives, or burns out. In this episode of The New CISO, Rob joins Steve Moore to trace the through-line from running a multi-node BBS as a kid to serving as Deputy CISO of one of the world's largest banks — and the career lessons he's carried through every chapter.Rob's path wasn't engineered. It began with a VIC-20, a love of video games, and a side passion for DJing that eventually clinched his first big bank interview. Running a BBS taught him identity management, patching, and infrastructure long before those were industry terms, and responding to the Melissa and “I Love You” outbreaks as a twenty-something Toronto Stock Exchange analyst launched his pivot into information security.The conversation turns to leading at scale. Rob walks through the three mentors who shaped him — “the teacher” who grounded him in fundamentals at Bank of Montreal, “the coach” who taught him the collaborative nature of global operations at Scotiabank, and “the general” who sharpened his leadership edge. He frames these not as phases but as lenses he still applies situationally today.Rob and Steve dig into incident response — from taking down Canada's first phishing site with no playbook to running tabletop exercises at the board, C-suite, and technical levels. Rob argues every organization needs a breach coach and that communications is the biggest make-or-break factor in a breach. He also offers a candid take on CISO politics — short tenures, CIO friction, and why trust with your boss matters more than being right.The episode closes with Rob's take on why this may be the best time in history to be a new CISO. AI is stripping away the commodity work that defined earlier generations of the role, leaving more room for strategy, leadership, and real influence. For anyone stepping into the seat, Rob's message is simple: the most valuable skills aren't technical at all.Key Topics• Rob's path from a VIC-20 and a grade-school BBS to the CISO seat• How DJing as “Robbie Knobs” clinched his first big bank interview — and why “notables” matter on a resume• Taking down the first phishing website in Canada with no playbook and a lot of cold calls• The three mentors who shaped his leadership: the teacher, the coach, and the general• Why tabletop exercises at the board, C-suite, and technical levels each matter — and how they differ• The case for engaging a breach coach before a breach happens, not during one• Why communications is the single biggest make-or-break factor in incident response• How AI is reshaping the CISO role by stripping away commodity workGuestRob Knoblauch — Chief Information Security OfficerRob Knoblauch is a seasoned CISO with 25+ years of global information security leadership. He began his career at the Toronto Stock Exchange during the Y2K era and later held increasingly senior roles at Bank of Montreal and Scotiabank, where he spent years as Deputy CISO and VP of Global Security Services. Rob is also a startup advisor and longtime house music DJ performing as “Robbie Knobs.” Connect with Rob on LinkedIn.GET A DEMO:
In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year.This isn't a vendor comparison or a theoretical framework. It's an honest account of what works, what gets misconfigured, and what separates organizations that slow attackers down from those that don't.Topics covered include:Application Control — ThreatLocker and Magic Sword — why app control is probably the single most effective endpoint control against attackers, how the learning period works, why jumping straight to enforcement mode is a mistake, and why executive buy-in is as critical as the technical implementationWDAC vs. traditional App Locker — the differences, what closed-book enforcement actually means for attackers, and the two schools of thought on allow-list vs. block-list approachesStrong identity controls — MFA beyond RDP including SMB, WinRM, and HTTP via products like Silverfort, why push notification MFA falls short, and why number matching mattersProtected Users Group — one of the most powerful and underused Active Directory controls, with a real-world story of how it nearly matched a full third-party identity product in effectiveness during a law firm pen testLeast privilege and admin tiering — why Help Desk is one of the most targeted groups for social engineering, how over-permissioned service accounts hand attackers domain admin in minutes, and the real cost of control path vulnerabilitiesNetwork segmentation and zero trust — why domain controllers don't need internet access, how segmentation limits attacker recon, and where products like Zscaler fit inEDR baselining and UEBA — why plugging in an EDR tool and expecting it to work isn't enough, the case for getting back to behavior-based detection, and why catching recon activity matters more than catching executionDeception — honeypots, canaries, and fake assets — why deception is underrated, why high-fidelity low-false-positive alerts change the game, and what it actually feels like as a pen tester to trip on a well-placed decoy without knowing itAlso mentioned: Spencer and Brad's Tools of the Trade workshop at ILTA Evolve — Denver, end of April.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
What does sharpening a knife over a case of onions have to do with incident response? For Myke Lyons, CISO at Cribl, the answer is everything. Myke trained at the Culinary Institute of America — learning speed and accuracy under the clock of a professional kitchen — before a summer IT job in Manhattan set him on an entirely different path. In this episode of The New CISO, host Steve Moore traces that journey and the surprising parallels between culinary craft and security leadership.The conversation moves through a career that evolved organically: a summer job moving refrigerator-sized printers in a Manhattan ad agency, a crash course in executive white-glove IT support, a breakthrough moment finally cracking subnetting, and a slow expansion from NOC operator to global security leader. Myke credits the kitchen — its insistence on precision and calm under fire — for instilling an operator's mindset that still defines how he leads through incidents today.Mentorship, both formal and accidental, threads through Myke's story. A curmudgeonly colleague who threatened to "replace him with a script" taught him the value of continuous improvement. A trusted mentor reframed the CISO's role with a single line about house fires and lock changes. And years in executive IT support gave Myke an early education in empathy and knowing when not to fix what wasn't asked.Myke and Steve examine a vendor incident where a product leader's dismissive response to a forensics question destroyed credibility with hundreds of customers. The lesson: saying "I don't know, but we'll find out" is not a weakness — it is the most powerful tool a leader has. The same insight applies to M&A due diligence, where reframing technical conversations as expectation-setting exercises turns adversarial interviews into collaborative ones.For Myke, the new CISO is defined by empathy and culture. Know your audience. Think like your customers. Communicate policy changes as explanations, not mandates. Find your internal advocates and invest in them before you need them. The recipe for great security leadership is less about technology than it is about people — and that lesson translates perfectly from the kitchen to the boardroom.Key Topics• Career pivots: from culinary school to IT and cybersecurity• Speed, accuracy, and craft — what kitchen discipline teaches security professionals• Building an operator's mindset and staying calm during security incidents• White-glove executive IT support and the patience, precision, and empathy it develops• Mentorship — formal and accidental — and the lessons that only land in retrospect• The dangers of filling silence with false confidence vs. the power of saying "I don't know"• Crisis communication best practices and what not to do during a vendor incident call• Managing M&A security due diligence with low-emotion, expectation-setting conversations• Building security culture through empathy, clear communication, and internal advocates• Telemetry, log management, and Cribl's role as the data engine for IT and security Guest BioMyke Lyons is the Chief Information Security Officer at Cribl, the AI platform for telemetry trusted by organizations worldwide — including half of the Fortune 100 — to manage IT and security data at any scale.He trained at the Culinary Institute of America with aspirations of becoming a food critic — until a summer IT job in Manhattan set him on an entirely different course. Myke went on to build expertise across networking, NOC operations, and log management, holding CISO positions at Snyk and Collibra before joining Cribl in 2024.Connect with Myke on LinkedIn and learn more about Cribl at cribl.io.GET A DEMO:
Guest: Raffael Marty, Operating Advisor, a SIEM legend since 1999 Topics: You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims? You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one? You call the rise of independent security data pipelines the "SIEM Trojan Horse." How quickly is this abstraction layer turning SIEM into a "swappable" component, and what should SIEM vendors have done differently years ago to prevent this market from existing? This "AI SOC" thing, is this even real? Is AI in a SOC a better label? Do you think major SIEM vendors will own this very soon, like they did with UEBA and SOAR? If volume-based pricing is flawed because it penalizes good security hygiene, what is a better SIEM pricing model that fairly addresses compute, enrichment, and retention costs without just shifting the volume cost to unpredictable query charges? You question the idea that startups can find a better way to release detection rules than large vendors with significant content teams. What metrics should security leaders use to evaluate the quality of a vendor's detection engineering (DE) output beyond just coverage numbers? Can AI fix DE? Resources: Video version The SIEM Maturity Framework: A Practical Scoring Tool for Security Analytics Platforms and raffy.ch/SIEM/ The Gaps That Created the New Wave of SIEM and AI SOC Vendors How AI Impacts the Cyber Market and The Future of SIEM Why Venture Capital Is Betting Against Traditional SIEMs EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future Decoupled SIEM: Brilliant or Stupid? Decoupled SIEM: Where I Think We Are Now?
professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod
In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. Together, David and Stav walk through how the attackers abused legitimate identity features like device registration, MFA resets, inbox forwarding rules, and ServiceNow style access requests to blend into normal business workflows and monetize “digital cash” in the form of gift cards. They dig into why MFA alone is not safety, why identity is now the real perimeter, and how behavioral analytics, UEBA, and ITDR can piece together small signals into a clear story of compromise. You'll come away with practical steps to harden identity posture, spot early warning signs in cloud environments, and protect high value systems where trust can be turned directly into profit. To go deeper on this campaign and the Atlas Lion threat actor, read the Unit 42 article Jingle Thief Inside a Cloud-Based Gift Card Fraud Campaign at https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/ Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/ Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us a textYou can harden your network and still miss the front door: aging edge devices with elevated access, thin logging, and long‑ignored firmware. We dig into the uncomfortable truth behind “set it and forget it” firewalls, VPNs, and gateways, then lay out a practical Domain 7 playbook that helps you detect faster, respond cleaner, and recover without chaos.We start with the incident management sequence that actually works under pressure—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—showing how legal timelines, stakeholder updates, and RTO/RPO planning fit together. From there, we map the controls that pull their weight: next‑gen firewalls and WAFs, IDS/IPS, smart whitelisting and blacklisting, sandboxing that anticipates time‑bomb malware, and when to lean on EDR, MDR, and UEBA to cut through alert fatigue.Then we get hands‑on with vulnerability and patch management, focusing on asset inventory, critical‑first prioritization, scanning automation, and staged deployments with real rollback plans. We connect the dots to change management so fixes don't become outages. Resilience gets its due: backup integrity and rotation, hot/warm/cold recovery sites, multi‑region processing, HA pairs, QoS to preserve critical traffic, and fault‑tolerant design that keeps services running when parts fail.Finally, we round out security operations with disaster recovery drills—from tabletop to full cutover—plus business continuity planning that aligns cyber recovery with revenue‑critical processes. Physical security and personal safety close the loop: layered access, surveillance, environmental controls, and travel and duress protocols that protect your people as well as your data. If you're preparing for the CISSP or sharpening a real program, you'll leave with concrete steps to reduce risk now and a roadmap to mature over time.Enjoyed this deep dive? Subscribe, share with a teammate who owns Domain 7, and leave a quick review to help others find the show. Your feedback shapes future topics and tools we build for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Send us a textHeadlines about a massive F5 Big-IP exposure aren't noise—they're a masterclass in why Security Operations must be disciplined, fast, and auditable. We open with what the F5 situation means for enterprise risk, patch urgency, and long-term persistence threats, then shift into a practical, exam-ready walkthrough of CISSP Domain 7. The goal: help you think like an operator and answer like a pro when pressure spikes.We map investigations from preparation to presentation, showing how evidence collection, handling, and chain of custody turn raw logs into defensible findings. You'll hear how live versus dead forensics trade-offs play out, which artifacts matter across endpoints, networks, and mobile, and why standardized procedures keep teams synchronized. From there, we connect visibility to action: IDS and IPS for detection and control, SIEM for correlation and retention, and egress monitoring to catch data theft and command-and-control that slip past perimeter thinking. Threat intelligence and UEBA add context and behavior baselines so you find the meaningful anomalies without drowning in alerts.We also dig into the operational backbone that keeps environments stable: configuration management, security baselines, and automation to eliminate drift and reduce manual error. Then we anchor on foundational principles—least privilege, need-to-know, separation of duties, job rotation, and PAM—to limit blast radius when credentials or processes fail. Finally, we close with resource protection and media management: classification, encryption, verifiable backups, and secure disposal and transport, so your controls hold up under legal scrutiny and real-world adversaries.Whether you're tightening controls after the F5 news or sharpening focus for the CISSP, this guide to Domain 7 gives you a clear, actionable path. If this was helpful, follow the show, share it with a teammate, and leave a quick review—what Security Operations topic should we explore next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM's Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy
Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Welcome back, Identity Jedi Family! We're kicking off Season 3 with a brand new setup, fresh format, and some heavy-hitting guests lined up just for you!
In a conversation that sets the tone for this year's RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O'Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.Wilson's session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just as seeing, but understanding and acting on what you see—confidence in defense capabilities may be misplaced. Wilson references a study conducted with IDC that highlights this very disconnect: organizations feel secure, yet admit they can't see enough of their environment to justify that confidence.This episode tackles one of the core paradoxes of AI in cybersecurity: it offers the promise of enhanced detection, speed, and insight, but only if applied thoughtfully. Generative AI and large language models (LLMs) aren't magical fixes, and they struggle with large datasets. But when layered atop refined systems like user and entity behavior analytics (UEBA), they can help junior analysts punch above their weight—or even automate early-stage investigations.Wilson doesn't stop at the tools. He zooms out to the business implications, where visibility, talent shortages, and tech complexity converge. He challenges security leaders to rethink what visibility truly means and to recognize the mounting noise problem. The industry is chasing 40% more CVEs year over year—an unsustainable growth curve that demands better signal-to-noise filtering.At its heart, the episode raises important strategic questions: Are businesses merely offloading thinking to machines? Or are they learning how to apply these technologies to think more clearly, act more decisively, and structure teams differently?Whether you're building a SOC strategy, rethinking tooling, or just navigating the AI hype cycle, this conversation with Steve Wilson offers grounded insights with real implications for today—and tomorrow.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What's broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo replaces traditional SIEMs with a real-time security data platform. Devo's integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time. Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark. NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.
Guest: Payal Chakravarty, Director of Product Management, Google SecOps, Google Cloud Topics: What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization? We've heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI enabling more people to be part of the security mission? What are the challenges and risks associated with using GenAI in security operations? We've been down the road of automation for SOCs before–UEBA and SOAR both claimed it–and AI looks a lot like those but with way more matrix math-what are we going to get right this time that we didn't quite live up to last time(s) around? Imagine a SOC or a D&R team of 2029. What AI-based magic is routine at this time? What new things are done by AI? What do humans do? Resources: Live video (LinkedIn, YouTube) [live audio is not great in these] Practical use cases for AI in security operations, Cloud Next 2024 session by Payal EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps 15 must-attend security sessions at Next '24
Summary In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries. Takeaways Consider data residency and compliance requirements when deploying Microsoft Sentinel. Separate operational logs and security logs to optimize cost and focus on relevant data. Use connectors to ingest data from various sources into Microsoft Sentinel. Tune analytics rules to avoid alert fatigue and focus on valuable alerts. Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations. Leverage playbooks and automation to streamline incident response and reduce manual effort. Create workbooks for data visualization and customize them to display relevant information. Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents. ------------------------------------------- Youtube Video Link: https://youtu.be/n9dDfmX-A9Q ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers#free-data-sources Henrik Wojcik: https://www.linkedin.com/in/henrikfrandswojcik/ https://twitter.com/henrikwojcik ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
This week on Dark Rhiino Security's Security Confidential podcast, Host Manoj Tandon talks to Chandra Pandey. Chandra is an expert with 20+ years of experience in the cybersecurity and networking domain. Chandra has been associated with multiple disruptive innovations for cybersecurity and networking domains. Current innovations at Seceon is already used by 6000+ customers around the globe and make industry's best cybersecurity affordable to organizations of any size and eliminate the need for customers to buy 15+ products like SIEM, SOAR, NBAD, UEBA, MDR, Cloud Security, Container Security, IDS etc. 00:00 Introduction00:16 Our Guest06:57 The Culture at Seceon09:32 The culture one comes from or the culture that one finds oneself in, What's more important?11:23 Transitioning from a technical engineer to a business leader12:45 Adapting to changes in the industry13:34 How to get the most out of Ai21:46 Will we ever be able to get rid of the human in the SOC and have the SIEM be automated by AI?23:40 Why develop a SIEM?27:35 Motivation from Chandra ---------------------------------------------------------------------- To learn more about Chandra visit Seceon.com To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity
In this Livestream conversation, I spoke with John Alves from CyberOne Security about the struggles teams face in modernizing a SIEM, controlling costs, and extracting optimal value from their systems. We delve into the issues around single system-of-analysis solutions that attempt to solve detection and analytics use cases within the same tool. We explored the strategic limitations of this type of security architecture, presenting alternative options for effectively mixing and matching data platforms. Be sure to watch the full conversation to get on the path toward achieving the optimal combination of data management and cost control capabilities. If your security architecture is centered around a SIEM that houses all your security and operational data, it's time for an upgrade. Data quantities, cyber attacks, and regulatory requirements are all on the rise, so having a single destination for your data leaves too much room for vulnerabilities. Until recently, buying a SIEM meant deploying its agents, putting all your data into it, and going on your merry way. You were almost 100% confined to that one framework — if you wanted to use UEBA, your vendor or one of their partners provided it. Operating outside your SIEM or bringing in third-party vendors was very limited. Observability Pipelines to the Rescue About five years ago, the concept of an observability pipeline emerged, allowing organizations to funnel their observability and security data through a consistent data plane. The idea of controlling where your data gets stored was born, and vendor-neutral considerations began gaining popularity. Admins can now make copies of events for their SIEM, data lake, UEBA solution, or someone else's data lake — easily turning one event into four events that power different parts of their security stack. By moving data into a data lake instead, admins can analyze data and build dashboards for operations teams without bloating their ingest. Teams have more choice and control over their data than ever before, so they can consider their specific needs when building out their infrastructure. The Benefits of a Data Security Lake During our discussion, John mentioned how this flexibility is no longer a wish-list item for his clients, but a necessity. As the industry transitions to cloud infrastructure and cloud-based computing, organizations require vendor-neutral data that supports their scalability efforts. There are a host of benefits you get from modernizing your security architecture. Reduced License Costs Routing data that isn't needed for security to object storage is one of the best ways to reduce SIEM license costs. Ingest costs go down, and you avoid the upsell for archive data — around a 4- 8x markup — as opposed to using your own object storage or your SIEM cloud platforms archive. You can also store it in a vendor-neutral format, giving you enormous flexibility that you wouldn't get otherwise. We recently worked with a developer team and their debug logs, routing them to a lower-cost S3 bucket instead of their SIEM. All we had to do was create a rule in Cribl Stream to route them to the data lake, and now they're available to be restored whenever necessary. This is just one example of many where we can set customers up to meet their simultaneous need for availability but lower cost and overhead. Increasing Security While Decreasing Engineering Time When you can reduce your SIEM license costs, you no longer have to choose which data sources you can afford to collect. By removing the constraints for engineers that come from not having the raw data when needed, security teams can focus on security and not just moving data around. No more time spent on tasks like going out to a server to manually zip up and pull in logs. The result? Better detections, analytics, and security. Shared Data Within the Organization Each team has a different use case for the data the organization collects — having different pipelines to transform and send data to different sources is invaluable. Putting firewall, threat, traffic, and systems logs into a single destination is a great way to bloat your ingest. And not all logs from a single data source are security relevant. Routing some of them into a storage account or data lake will not only save on ingestion costs and create less noise for security teams, but you can also give access to relevant logs to your infrastructure, firewall, and other teams. Route your threat logs straight into the SIM, but send traffic and other logs straight into the data lake for your infrastructure network team. Compliance With Retention Requirements Another benefit of keeping raw copies of data is complying with retention requirements. If you're manipulating data before it goes into your SIEM, then you're not adhering to some necessary standards. Transform events to get what you need for your SIEM, but keep unmanipulated, raw copies in your data lake. Your IR or legal counsel can control forensic copies. Meet Cyber Insurance Requirements As insurance companies get more sophisticated and start hiring engineers as auditors, they'll dive deeper into your architecture than before. They'll ensure you have a SIEM in place but also check to see if you're putting the right data in and using it appropriately. Government auditors will want to see all your data sources and detections. They'll be ready to write findings if you're not following best practices. The prevalence of bad data or an overwhelming amount of data leads to various issues with detection, and drives costs higher and higher. It is extremely common to witness a year-over-year cost increase of up to 35%, which is clearly unsustainable. Watch the full livestream to hear John and I talk about alternative options for your SIEM platform, so you can be empowered to re-architect your data strategy. With the right strategies, SIEM platform challenges can be overcome, and we're here to help as you embark on this transformative journey.
Guest: David Swift, Security Strategist at Netenrich Topics: Which old Security Information and Event Management (SIEM) lessons apply today? Which old SIEM lessons absolutely do not apply today and will harm you? What are the benefits and costs of SIEM in 2023? What are the top cloud security use cases for SIEM in 2023? What are your favorite challenges with SIEM in 2023 special in the cloud? Are they different from, say, 2013 or perhaps 2003? Do you think SIEM can ever die? Resources: Live video (LinkedIn, YouTube) “Debating SIEM in 2023, Part 1” and “Debating SIEM in 2023, Part 2” blogs “Detection as Code? No, Detection as COOKING!” blog “A Process for Continuous Security Improvement Using Log Analysis” (old but good) “UEBA, It's Just a Use Case” blog “Situational Awareness Is Key to Faster, Better Threat Detection” blog and other SIEM reading MITRE 15 detection techniques paper
TechSpective Podcast Episode 107 IT security teams have a tough job–made more challenging by the growing complexity of the attack surface and technology landscape and the overwhelming volume of information. They need to be able to accelerate the processing … Streamlining Incident Detection with UEBA (User and Entity Behavior Analytics) Read More » The post Streamlining Incident Detection with UEBA (User and Entity Behavior Analytics) appeared first on TechSpective.
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR's role in insider threat, how prevalent investigations are in the post-pandemic work from home environment. Questions and potential sub-topics (5 minimum): What is the difference between insider threat and insider risk? Motivators of insider threat (not much different than espionage,IMO -bryan) (MICE: Money, Ideology, Compromise, and Ego.) https://thestack.technology/pentagon-leaks-insider-threat-sysadmin/ 75% of all insider threats are being kicked off by HR departments. In short, it's proactive. “How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?” UEBA? CASB? Employee surveys that are ‘anonymous'? Someone who reported others and it was dismissed? What if HR ‘gets it wrong' or ‘it's a hunt to find people no into ‘groupthink' or ‘not a culture fit'? https://www.cbsnews.com/news/french-worker-fired-for-not-being-fun-at-work-wins-lawsuit-cubik-responds/ How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? https://securiti.ai/blog/hr-employee-data-protection/ ) Are companies causing the thing they are protecting against? (making an insider threat because they've become repressive?) (hoping there's an ‘everything in moderation idea here… finding the happy medium between responsible ‘observability' and ‘surveillance') Lots of ‘insider threat' tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR? Quiet Quitting - latest term for companies to use to describe “employee has a side gig”. How does this figure into insider threat? Is it assumed that people only have one ‘thing' they do, or did the lack of a commute give people more time during the pandemic to diversify? Solutions for employees? Separate their work and private/side gig? Learn what their contract states to keep conflicts of interest or your current/past employer from taking your cool side project/start-up idea away from you? Solutions for companies? Additional information / pertinent Links (would you like to know more?): (contact info for people to reach out later): https://www.cisa.gov/detecting-and-identifying-insider-threats https://venturebeat.com/data-infrastructure/how-observability-has-changed-in-recent-years-and-whats-coming-next/ https://ccdcoe.org/library/publications/insider-threat-detection-study/ https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454627.pdf (insider threat ontology) https://www.intelligentcio.com/apac/2022/08/01/survey-reveals-organizations-see-malicious-insiders-as-a-route-for-ransomware/ https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/ https://www.fortinet.com/resources/cyberglossary/what-is-ueba https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs https://thecyberwire.com/glossary/mice https://qohash.com/the-high-price-of-trust-the-true-cost-of-insider-threats/ https://abc7chicago.com/classified-documents-jack-teixeira-air-national-guard-arrest/13126206/ (Air National Guardsman accused in military records leak makes 1st court appearance - story still developing as of 16 April 2023) https://www.theverge.com/2020/8/4/21354906/anthony-levandowski-waymo-uber-lawsuit-sentence-18-months-prison-lawsuit Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @bryanbrake@mastodon.social Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec Youtube: https://youtube.com/c/BDSPodcast
Ransomware not covered by cyber insurance, cyberattacks may be impossible to insure without some changes, whatever happened to UEBA, 100,000 students have their data exposed, six tips for hiring cybersecurity talent, and my predictions for 2023. https://www.jurist.org/news/2022/12/ohio-supreme-court-says-insurance-policy-does-not-cover-ransomware-attack-on-software/ https://www.techspot.com/news/97118-cyberattacks-could-soon-become-impossible-insure.html https://www.darkreading.com/dr-tech/how-to-get-the-most-out-of-ueba? https://www.bitdefender.com/blog/hotforsecurity/renowned-education-platform-leaks-personal-data-of-100-000-students-online/ https://www.forbes.com/sites/forbestechcouncil/2022/12/22/six-ways-to-pivot-hiring-strategies-to-attract-cybersecurity-talent/?sh=2b3a54af742e --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message
Em celebração aos 20 anos da ManageEngine, recebemos Harish Sekar, Global speaker e Head-Business Development da ManageEngine um dos maiores especialistas em segurança da informação e Zero Trust do Mundo. The book is on the table em um episódio totalmente em inglês, com a presença ilustre do presidente da ACSoftware, Emanuel Celestino que se uniu ao time para um bate-papo super bacana sobre gestão do Active Directory e desafios da segurança. E pra você que não desenrola no inglês, em breve lançaremos a versão Herbert Richards totalmente em português!Dá o clique e não perca esse episódio especial do Podcafé da TIHarish Sekar: Global speaker, ManageEngine Evangelist Dyogo Junqueira; VP da ACSoftware Guilherme Gomes: Diretor de New Salles da ACSoftware Anderson Fonseca: Diretor de Costumer Experience da ACSoftware Links:Linkedin Harish Sekar: https://www.linkedin.com/in/harish-sekar-42398a17/Soluções ManageEngine: https://www.acsoftware.com.br/manageenginePodCafé da TI é um podcast da ACSoftware seu parceiro ManageEngine no Brasil.https://www.acsoftware.com.br/manageengineInstagram: https://www.instagram.com/acsoftwarebr/Linkedin: https://www.linkedin.com/company/acsoftware
In episode 81 of The Cyber5, we are joined by the Head of Insider Threat at Uber and CEO of Vaillance Group, Shawnee Delaney. In this episode, we provide an overview of different functions within an insider threat program. We also discuss the support open source intelligence provides to such programs and how to change company culture to care about insider threats. We also discuss the ROI metrics that are important to different stakeholders when implementing an insider threat program. Three Takeaways: Departments and Functions within Insider Threat Insider threat programs are relatively new in enterprise security and often change from company to company. Open source intelligence can be a standalone role or be cross functional among all departments. Common departments and functions can be: Open source intelligence. Forensics monitoring. Training and awareness (steering committees for stakeholders, benchmarking). Technical and behavioral monitoring (UEBA or DLP). Supplier due diligence. Global investigations. Global intelligence analysis. 2) Common Problems Faced by Insider Threat Teams Common challenges faced by insider threat teams: Privacy to ensure employee confidentiality is not violated. Tooling to have visibility into malicious events from normal behavior. Finding practitioners that can do the technical monitoring and open source intelligence. Shifting culture to be more security conscious. Focus on physical security issues, like active shooter situations, just as much as data exfiltration and other cyber concerns. 3) Role of Open Source intelligence in Insider Threat Programs An Insider threat program is a key stakeholder for a threat intelligence program, not the individual buyer. Three key areas where open source intelligence (OSINT) supports insider threat programs: Employee lifecycle management: ensuring employees, former employees, and prospects are not an insider threat based on what they post on the internet. Validating red flag indicators with OSINT. Investigations into vendors.
In this month's Investing in Identity series, we dive into notable deals that are shaking up the summer and take a look at what July's stock rally implies for market performance this fall. This month's agenda features: HUMAN, a global leader in safeguarding against bot attacks and fraud has merged with PerimeterX. On the surface, these companies pose competitive threats to one another; however, the use of UEBA to support bot detection, account abuse detection, and fraud prevention, make for an attractive merger We watched the NASDAQ and S&P make a rebound in July. Is this a bear market rally? Hear our predictions moving into the fall for digital identity deal activity and deal count
Security Current podcast - for IT security, networking, risk, compliance and privacy professionals
Congratulations to RackTop Systems for their recognition in the 2021 CISO Choice Awards. In this interview, leading analyst Richard Stiennon talks with Jonathan Halstuch, CTO and Co-Founder of RackTop Systems, to discuss their BrickStor SP solution which was recognized in the Data Security category. BrickStor SP helps to protect data from malicious actors and potential ransomware attacks through integrated UEBA and SOAR technologies. Stay tuned for more interviews from the CISO Choice Awards and for more value-added professional development and technology content, request complimentary access to CISOs Connect today: https://CISOsConnect.com
Los especialistas de Netskope nos acercaron la Píldora SASE. Ese nuevo paradigma que proveyendo de seguridad desde la nube, esta revolucionando la forma de entender la seguridad para los usuarios y empresas. En esta ocasión nos acompañó Nacho Franzoni, Senior Sales Manager de Netskope. Nacho compartió con todos un termino del que seguro empezaremos a oír hablar cada día un poco más. UEBA, acrónimo de User and Entity Behavior Analytics. Gracias a esta tecnología se pueden detectar de forma automatizada comportamientos anómalos que afecten tanto a los usuarios como a los datos de una corporación. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ Píldora SASE: https://www.netskope.com/
En este programa volvemos a contar con la visita de un gran especialista del Centro Criptológico Nacional. Álvaro, responsable del equipo de Respuesta a Incidentes. Álvaro es un gran conocedor de los ataques y cómo se debe responder ante los mismos. Además también nos habló de una de las iniciativas formativas más interesantes que lleva a cabo el CCN. En nuestro apartado de noticias hablamos de dos noticias muy interesantes. La primera está relacionada con los problemas que siguen atravesando profesores, alumnos y personal administrativo y técnico de la Universidad Autónoma de Barcelona después del ataque sufrido en Octubre y del que todavía no han logrado recuperarse. Se prevé que hasta Diciembre no puedan recuperar la normalidad. La segunda noticia esta relacionada con el bloqueo que están sufriendo más de mil gasolineras en Irán por culpa de un ataque que ha bloqueado las tarjetas que se utilizan para repostar combustible y pagar de forma electrónica. Además, como en anteriores programas, los especialistas de Netskope nos acercaron la Píldora SASE. Ese nuevo paradigma que proveyendo de seguridad desde la nube, esta revolucionando la forma de entender la seguridad para los usuarios y empresas. En esta ocasión nos acompañó Nacho Franzoni, Senior Sales Manager de Netskope. Nacho compartió con todos un termino del que seguro empezaremos a oír hablar cada día un poco más. UEBA, acrónimo de User and Entity Behavior Analytics. Gracias a esta tecnología se pueden detectar de forma automatizada comportamientos anómalos que afecten tanto a los usuarios como a los datos de una corporación. También nos acompañó Ruth Velasco, Senior Marketing Manager para el Sur de EMEA en Sophos, quien nos adelantó algunos de los temas que se podrán disfrutar en el Sophos Day que tendrá lugar el próximo 18 de Noviembre de forma virtual. Durante la entrevista con Álvaro pudimos hablar de muchos temas relacionados con la formación y la captación de talento. El CCN desarrolló en 2018 un portal en el que las personas que quieran formarse en ciberseguridad pueden acceder y resolver retos de hacking que ayudan para mejorar y afianzar conocimientos. Además los 10 primeros clasificados en la plataforma, participarán en las próximas Jornadas STIC en una de las actividades más llamativas, consistente en un concurso en directo de hacking. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.ccn-cert.cni.es/soluciones-seguridad/atenea.html Píldora SASE: https://www.netskope.com/ Noticias: https://www.xataka.com/seguridad/ciberataque-a-uab-afectara-finales-ano-dificil-gestion-universidad-acceso-a-su-sistema-informatico-durante-meses https://unaaldia.hispasec.com/2021/11/un-ciberataque-deja-sin-servicio-a-las-gasolineras-en-iran.html
We speak to Eva-Maria Elya, Senior Director World-Wide Channel Sales with Lookout on the market opportunities for MSPs and MSSPs who choose to partner with Lookout.To get the most of your countless cloud apps without risking your data, you need to know exactly what's going on. You also need to be able to detect and respond to threats and have the ability to dynamically control access. Lookout Cloud Access Security Broker (CASB) provides full visibility into the interactions between users, endpoints, cloud apps and your data. It also enables you to dynamically dial in Zero Trust access controls.With continuous monitoring of user and entity behaviour analytics (UEBA), you can detect and respond to insider threats and advanced cyberattacks. Lookout provides advanced data loss prevention that can classify, encrypt and restrict sharing of your data on the fly so that only authorized users have access. They also perform automated assessments of all your cloud apps and infrastructure to ensure they are properly configured.Visit www.lookout.com for more details or visit https://learnsecurity.mysecuritymarketplace.com/course/endpoint-to-cloud-security to deep dive with Don Tan, Regional Director for APJ For the MySec.TV interview - visit https://mysecuritymarketplace.com/av-media/zero-trust-approach-us13-billion-market-opportunity/#lookout #endpoint #casb #ueba #cybersecurity #channelpartners
What began as a tool for helping organizations achieve and maintain compliance, security information and event management , SIEM rapidly evolved into an advanced threat detection practice. SIEM has empowered incident response and security operations centers (Soc) analysts as well as a myriad of other security teams to detect and respond to security incidents. While there may be talk about SIEM joining the line of legacy technologies that are proclaimed "dead", SIEM has been a core system for many security teams, and in different capacities. Furthermore, SIEM (along with its evolution) has been intertwined with relevant threats in the ecosystem as well as the market in which it is used. Systems and infrastructures that security professionals must secure in 2021 are vastly different from the systems in use when SIEM first came to the scene. But even if many have decided that SIEM is a thing of the past, its underlying principles and technology remain visible in many new systems such as SOAR, XDR, MDR and other solutions that integrate SIEM capabilities. Vendors and reimaginations come and go, but SIEM prevails as a technology that should be recognized. There will always be a need for experienced individuals to work with SIEM and know how to apply it to the appropriate business touchpoints. We've put together an overview of the history, definition, use cases as well as benefits and limitations of SIEM to provide a greater understanding of its continued usefulness in any security team's toolstack. What is SIEM? SIEM stands for security information and event management. It provides organizations with detection, analysis and response capabilities for dealing with security events. Initially evolving from log management, SIEM has now existed for over a decade and combines security event management (SEM) and security information management (SIM) to offer real-time monitoring and analysis of security events as well as logging of data. SIEM solutions are basically a single system, a single point that offers teams full visibility into network activity and allows for timely threat response. It collects data from a wide range of sources: user devices, servers, network equipment and security controls such as antivirus, firewalls, IPSs and IDSs. That data is then analysed to find and alert analysts toward unusual behavior in mere seconds, letting them respond to internal and external threats as quickly as possible. SIEM also stores log data to provide a record of activities in a given IT environment, helping to maintain compliance with industry regulations. In the past, SIEM platforms were mostly used by organizations to achieve and maintain compliance with industry-specific and regulatory requirements. What brought about its adoption across many organizations was the Payment Card Industry Data Security Standard (PCI DSS) and similar regulations (HIPAA). As advanced persistent threats (APTs) became a concern for other, smaller organizations, the adoption of SIEM has expanded to include a wide array of infrastructures. Today's SIEM solutions have evolved to address the constantly shifting threat landscape, and is now one of the core technologies used in security operations centers (Soc). Advancements in the SIEM field are bringing forward solutions that unify detection, analysis and response; implement and correlate threat intelligence feeds to provide added intelligence to Socs; and include or converge with user and entity behaviour analytics (UEBA) as well as security orchestration, automation and response (SOAR). How does a SIEM solution work? A SIEM solution works by collecting security event-related logs and data from various sources within a network. These include end-user devices, web, mail, proxy and other servers, network devices, security devices such as IDS and IPS, firewalls, antivirus solutions, cloud environments and assets, as well as all applications on devices. All of the data is collected and analyzed in a centralized loca...
No guests. We interviewed each other! Topics: What would you say are the most things that Chronicle is trying to address today? What are the good ways to use threat intel to detect threats that do not ruin your SOC? What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more? For sure, “the Cloud is not JUST someone else's computer“ - but how does this apply to threat detection? What makes threat detection “cloud-native”? What kinds of ML magic does your mini UEBA inside SCC use? Can you really do automated remediation in the cloud? Resources: Google Cloud Security Summit “Making Invisible Security a Reality with Google” keynote “Security Analytics at Google Speed and Scale” presentation by Anton “Managing Your Security Posture on Google Cloud” presentation by Tim “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” blog Chronicle main site Threat Detection in Logs in Google Cloud SCC video “Modern Threat Detection at Google” (episode 17) “Automate and/or Die?” (episode 3)
This was recorded live on 06/28/2021 Join us as #Fortinet Field CISOs for EMEA Joe Robertson and Alain Sanchez as they discuss the state of securing #5G—including the need for a holistic security strategy that includes #ZeroTrust, #UEBA, and more. Watch the recording on YouTube: https://youtu.be/mhOv6848Tg4
Il tema dell'episodio numero 14 di Jump to the Next è il più attuale nel contesto dell'Information Technology: la sicurezza. Il momento è tra i più delicati; in realtà è un momento che ormai dura da un anno, cioè da quando l'emergenza sanitaria dovuta alla pandemia ha costretto i reparti IT di tutto il mondo a correre ai ripari da un aumento degli attacchi. Ma al di là della contingenza pandemica le superfici di attacco si erano già espanse, poiché cloud e mobilità avevano portato praticamente ovunque la presenza di persone, dati e business. Come affrontare questa situazione? A questa domanda cerchiamo di rispondere proprio con i nostri ospiti scoprendo un approccio innovativo alla cybersecurity, che lascia da parte le regole e si concentra sui risultati specifici dei casi d'uso. Buon ascolto!LE VOCI DI QUESTO EPISODIOElena Semplici - Vendor Manager Exclusive Networks Paolo Cecchi - Regional Sales Director per Italia, Malta e Iberia ExabeamIgor - Responsabile editoriale Radio IT
Il tema dell'episodio numero 14 di Jump to the Next è il più attuale nel contesto dell’Information Technology: la sicurezza.Il momento è tra i più delicati; in realtà è un momento che ormai dura da un anno, cioè da quando l’emergenza sanitaria dovuta alla pandemia ha costretto i reparti IT di tutto il mondo a correre ai ripari da un aumento degli attacchi. Ma al di là della contingenza pandemica le superfici di attacco si erano già espanse, poiché cloud e mobilità avevano portato praticamente ovunque la presenza di persone, dati e business. Come affrontare questa situazione?A questa domanda cerchiamo di rispondere proprio con i nostri ospiti scoprendo un approccio innovativo alla cybersecurity, che lascia da parte le regole e si concentra sui risultati specifici dei casi d'uso. Buon ascolto!LE VOCI DI QUESTO EPISODIOElena Semplici - Vendor Manager Exclusive NetworksPaolo Cecchi - Regional Sales Director per Italia, Malta e Iberia ExabeamIgor - Responsabile editoriale Radio IT
SIEM - vart är vi på väg?I dagens avsnitt av CyberTalks träffar Rolf Niklas Blomquist från Splunk. I avsnittet pratar de om SIEMs roll idag men också hur teknologin fortsatt kommer vara en viktig komponent och hur den passar in i UEBA, SOAR och XDR trenderna. Det blir också en diskussion om hur man kan nå threat sharing på riktigt. See acast.com/privacy for privacy and opt-out information.
In this episode, our cybersecurity expert explains how to equip your organization to deal with advanced persistent threats (APTs). You'll also learn about the four important capabilities a SIEM solution must have to detect and neutralize advanced persistent threats in your network.
Google publishes cross-site leaks wiki NSA warns of state-sponsored attacks on remote-work systems Greater Baltimore Medical Center hit with ransomware attack Thanks to our sponsor, Code42. Organizations are moving faster than ever before and security tools like DLP, UEBA and CASB can’t keep up. Code42 Incydr takes a Zero Trust approach to managing and mitigating data risk from insider threats. Learn more about Code42 Incydr, the insider risk platform that offers insider risk detection and response. For the stories behind the headlines, go to CISOseries.com.
De samtalar hur security operation utvecklas och hur både automation och orchestration blir viktigare komponenter i ett modernt arbete. De pratar också om hur nextGen SIEM och UEBA ökar effekten i en SOC. See acast.com/privacy for privacy and opt-out information.
Os 80 anos de Lennon, Barbie no Movimento Negro, Pix, LGPD e outras siglas que você precisa saber...
How can advancements in technology support security in the workplace? Join us as we discuss how AI and User Behavior Analytics can help with Insider Threats.
Netzpalaver sprach via Remote-Session mit Daniel Döring, Technical Director Security and Strategic Alliances bei Matrix42, über den Schutz des digitalen Workspace, über User- and Entity-Behavior-Analytics, kurz UEBA, und ob, die Analyse des Nutzerverhaltens ausreicht, um den digitalen Workspace zu schützen, bzw. was noch aus Matrix42-Sicht, zu einer umfassenden Endpoint-Security gehört.
Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.
Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.
Neste episódio do Podcafé convidamos o Professor Doutor Anderson Soares para falar um pouco sobre inteligência artificial, os avanços da área em solo tupiniquim e nos contar como eles deram uma surra de I.A. em Stanford! Embarque neste papo descontraído e descubra que os robôs já tomam conta da sua vida e você nem sabia.https://podcafeti.com.br/PodCafé da TI é um podcast da ACSoftware seu parceiro ManageEngine no Brasil.https://www.acsoftware.com.br/manageengine
Welcome to Inuit TechTalk where we invite interesting guests to discuss current and important topics for you working with IT. Erik Tjärnqvist, Product Manager at Inuit, discusses new innovative technology in Active Directory and related areas with Derek Melber, Active Directory MVP.Topics discussed include: user and entity behavior analytics (UEBA), artificial intelligence (AI), passwords and multi factor authentication (MFA).
Perkembangan metode penyerangan cyber attack yang tidak pernah berhenti melakukan inovasi seakan membuat perangkat CyberSecurity yang kita miliki menjadi semakin kurang menunjukkan kegunaan. Di tambah, sebuah kenyataan bahwa tidak seluruhnya ancaman bersumber dari vulnerability pada software dan aplikasi, ada juga yang bersumber dari pengguna baik di sengaja maupun sebagai akibat dari kelalaian. Kita ambil contoh... The post UEBA sebagai Solusi CyberSecurity – E7 written by Faisal Yahya appeared first on Bincang Cyber.
In this podcast, Sid explains the growing importance of User and Entity Behavior Analytics (UEBA) in today's rapidly changing security landscape. Understand how UEBA powered by machine learning assists in securing your IT infrastructure from sophisticated attacks by monitoring the risk score of users and entities in your network.
Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfees advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme. Full Show Notes: https://wiki.securityweekly.com/ES_Episode105 Visit http://securityweekly.com/esw for all the latest episodes!
How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme. Full Show Notes: https://wiki.securityweekly.com/ES_Episode105 Visit http://securityweekly.com/esw for all the latest episodes!
Organizations are suffering from cyber fatigue with too many alerts, too many technologies, and not enough people. This makes it difficult to streamline operations, and decrease the time it takes to detect and remediate security incidents. Companies that rely heavily on security information and event management (SIEM) to support threat detection efforts are increasingly complementing deployments with solutions that advance their analytics capabilities, effectively taking SIEM to the next level. Listen to this episode to learn: How to ensure you have the right building blocks in place for advanced analytics How to identify use cases and build out strategies to support them The positive impact user and entity behavior analytics (UEBA) can have on visibility How threat intelligence can arm you with the insights you need to understand how you are being targeted HowSOCs and IR teams are leveragingendpoint detection and response (EDR) tools and network security analytics for additional capabilities Listen to the podcast recording above or subscribe via iTunes,Stitcher, Google Play, and TuneIn.
Splunk goes shopping, ForeScout joins forces with an endpoint vendor, Carbon Black makes an announcement, ManageEngine has some new integrations, Microsoft is announcing some new security features, and ZoneFox launches a new UEBA platform in the cloud. Matt Alderman joins us for this episode and our topic is how to secure your Cloud services AKA SaaS offerings on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode65 Visit https://www.securityweekly.com/esw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Splunk goes shopping, ForeScout joins forces with an endpoint vendor, Carbon Black makes an announcement, ManageEngine has some new integrations, Microsoft is announcing some new security features, and ZoneFox launches a new UEBA platform in the cloud. Matt Alderman joins us for this episode and our topic is how to secure your Cloud services AKA SaaS offerings on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ES_Episode65 Visit https://www.securityweekly.com/esw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
UCSfm - Café com Notícias - Entrevista 09/02/17 - Artistas Aline Zilli e Jonas Picolli - Grupo Ueba - Espetáculo 'As aventuras do Fusca a Vela' (Moby Dick)
On this week's episode of Security Nation, host Kyle Flaherty welcomes in Matt Hathaway and Eric Sun to break down the alphabet soup that is UBA, UEBA, SOAPA...you get the point. The conversation quickly turns to the Gartner Market Guide, the evolution of SIEM, the integral nature of endpoint agents, and oh so much more. Tune in and learn about: The perils of "portal fatigue" and how to recognize its symptoms. How to get the most out of the Gartner UEBA Market Guide and understand the vendor segmentation. How the creation of UBA helped move the SIEM market and motivate us all to understand how important time is in both detection and investigation. Why InsightIPA should be a beer at some point, but don't tell Nate. How to properly use the "f-word" in the title of a blog post. Security Nation is a podcast dedicated to covering all things infosec – from what’s making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty (@KyleFlaherty) has been knee-deep in the security sector for nearly two decades. At Rapid7 he leads a team of technical marketers with the mission of providing impactful content that helps security professionals do their jobs.
Infoblog 003 - Bloghits - Novo sr. Cabeca de UEBA
© 2020-2026 Ivy Podcast Discovery LLC
