Podcasts about Vectra

This week on The Cyber Revolution Podcast, Adam Hewitt, CEO of Cyber Revolution, is joined by Brett, a former student who successfully transitioned from a 14-year teaching career into cybersecurity.Brett shares his journey, from discovering Cyber Revolution through a Facebook ad to landing his first cybersecurity role as an Associate Cybersecurity Consultant at Vectra, just two weeks before Christmas of 2024. He discusses the challenges of changing careers, the learning process, and the importance of a growth mindset.Key Takeaways from this Episode:Why Brett decided to leave the teaching profession after 14 years.How he discovered cybersecurity and why Cyber Revolution's flexible, industry-connected program appealed to him.The role of Cyber Revolution's job placement program and career exploration sessions in his success.His experience interviewing with Vectra, including being interviewed by a previous Cyber Revolution graduate.The importance of persistence, learning, and leveraging transferable skills.His top three tips.If you're considering a career change into cybersecurity, Brett's story provides valuable insights and encouragement.Chapters:00:00 - Introduction to the Cyber Revolution Podcast02:14 - Brett's Journey: From Teacher to Cyber05:51 - Choosing Cyber Revolution: Flexibility & Connections09:37 - Landing the Role at Vectra with Delaney13:28 - Finding Your Fit in Cybersecurity17:19 - Overcoming Doubts and Embracing Learning20:55 - Brett's Top 3 Tips: Just Do It!22:47 - Outro and Final ThoughtsConnect with Adam:Website: ⁠⁠⁠https://cyberrevolution.com.au⁠⁠⁠Follow us on Facebook: ⁠⁠⁠https://www.facebook.com/cyberrevolutionaus⁠⁠⁠Subscribe to our YouTube channel: ⁠⁠⁠https://www.youtube.com/@cyberrevolutionaus⁠⁠⁠Follow us on Instagram: ⁠⁠⁠https://www.instagram.com/cybrevolution_aus/

Unimot wejdzie w sektor wydobycia gazu ziemnego. Innova przejęła ubezpieczeniową Grupę Punkta. CCC pozyska 1,4 mld zł na wykup akcji Modivo. Rosyjski oligarcha Wiaczesław Mosze Kantor został wykreślony z unijnej listy sankcyjnej, ale został wpisany na polską. UOKiK postawił zarzuty spółce Vectra za jednostronne zmiany umów i bezprawne podwyższanie opłat abonamentowych.Zasubskrybuj prasówkę na www.businessupdate.pl.Podcast powstał przy pomocy ElevenLabs.

De Porsche 911 Turbo bestaat 50 jaar! Samen met Stéphan Vermeulen, die alle generaties testte vanaf de 996, blikt Roy terug op deze ultieme alleskunner. Maar zouden ze er zelf eentje willen hebben...? Verder een live-analyse van de Zeekr 001 en Stéphan blikt terug op zomerse Spaanse vuren met een Vectra diesel begin jaren '00. Veel luisterplezier!See omnystudio.com/listener for privacy information.

曾經在國內投產的德系品牌除了現今還偶爾在路上可以看得到的VW T4外，Opel當年也曾陸續投產了兩款，一款是中型四門房車Astra，而另一款則是今天的主角--第二代Vectra，也稱之為Vectra B！Vectra B於1995年誕生，承襲著第一代的低風阻、寬大行李廂的優勢外，潰縮式腳踏板、氬氣安全氣囊等安全配備均在Vectra B上出現。國內原先以進口方式引進2.0升車型，一年多後式投產，除了2.0升引擎進行調整外，並增加1.8升車型。雖說Vectra B在國內銷售上並沒有大鳴大放，但卻是少數國產化的德系車款之一，上集先說明Vectra車系由來及其國產化後前期歷史，本集則著重於後期的演變，一起來回憶這段故事吧！ CELSIORS Youtube頻道：https://www.youtube.com/channel/UCo3IxZ-cdzucOFOOY3CBe1w⁠ -- Hosting provided by SoundOn

曾經在國內投產的德系品牌除了現今還偶爾在路上可以看得到的VW T4外，Opel當年也曾陸續投產了兩款，一款是中型四門房車Astra，而另一款則是今天的主角--第二代Vectra，也稱之為Vectra B！Vectra B於1995年誕生，承襲著第一代的低風阻、寬大行李廂的優勢外，潰縮式腳踏板、氬氣安全氣囊等安全配備均在Vectra B上出現。國內原先以進口方式引進2.0升車型，一年多後式投產，除了2.0升引擎進行調整外，並增加1.8升車型。雖說Vectra B在國內銷售上並沒有大鳴大放，但卻是少數國產化的德系車款之一，本集先說明Vectra車系由來及其國產化後前期歷史，下集則著重於後期的演變，一起來回憶這段故事吧！ CELSIORS Youtube頻道：https://www.youtube.com/channel/UCo3IxZ-cdzucOFOOY3CBe1w⁠ -- Hosting provided by SoundOn

Tengo cierta debilidad por los “veteranos” Opel Coupé. En este vídeo damos un repaso a esos coches… ¡os van a encantar! Y además, ya sabéis que me atraen los coches olvidados… sobre todo cuando son injustamente olvidados. O, casi peor aún, mal recordados. Probablemente este sería el caso del Opel Calibra, un excelente Coupé al que la historia y muchos aficionados no le han hecho justicia. Pero nosotros sí. Este video es muy especial, porque lo hago como regalo para un buen amigo. Y es que tengo un gran aprecio a Gustavo Boyero, de “La Petite Atelier” que restaura los coches hasta dejarlos no como nuevos, sino mejor que nuevos, ¡mucho mejor! Lo podréis comprobar, porque muchas de las imágenes que vamos a usar, las de un Opel Calibra azul, es un coche restaurado por él. Opel siempre había tenido en su gama modelos coupé, pero el paso de la propulsión trasera a la tracción delantera pillo “con el paso cambiado” a la gama de coupés. Bueno, este paso y el increíble éxito del Opel Kadett “Grand Sport Injection” … que por ese nombre a lo mejor no lo reconocéis, pero si digo GSi, seguro que sí. El éxito de este modelo entre los usuarios más deportivos, tanto en sus versiones de 8 válvulas presentado en 1984 como sobre todo de 16 válvulas que llegó en 1987, hizo que no hubiese demasiadas prisas por lanzar un Coupé de tracción delantera. Y es que en la gama Opel siempre, al menos más o menos desde 1960, ha habido modelos Coupé de mayores o menores pretensiones deportivas. Se puede decir que todo comienza con el Opel Rekord P2 Coupé de 1960. Apenas 3 años después se presenta un coche por el que tengo especial simpatía, el Kadett A Coupé de 1963, cuya versión más potente ofrecía 53 CV… no muy deportivo, pero es que este coche nace para competir con el VW Escarabajo. Ese mismo año aparece el Rekord A Coupé, un modelo mucho mayor y con mayores pretensiones y con motores de hasta 1.7 litros que se acercaban ya a los 100 CV. La gama Kadett sigue crecido y en 1965 el nuevo Kadett, el serie B ofrece nada menos que 8 carrocerías distintas… y una de ellas, ¡cómo no! Coupé. Otro coupé de Opel que me encanta y que de nuevo crece en potencia, con motores de hasta 1.9 litros y 106 CV. En 1965 se ponen las cosas serias, pues aparece un pedazo de Coupé para mi espectacular, el Diplomat Coupé con un motor nada menos que V8 de 5,4 litros y 230 CV. Era el “compañero ideal” para el Diplomat berlina, coches como decía la publicidad de la época “para gente con clase” y yo añadiría que con mucho dinero. El Commodore ha sido un coche que me ha seducido desde siempre. El primero de 1967, el Commodore A Coupé me gusta, pero el B Coupé de 1972, es un coche que me enamoró… sí, lo digo siempre, los amores de la adolescencia nunca se olvidan y yo con 12 añitos me enamoré de esta coche gracias a un cromo de una colección. Además, en estos modelos llegan los motores de 6 cilindros e inyección, en el B de 2.8 litros y 160 CV. Era un coche que podía competir sin demérito son los todopoderosos BMW 3.0 CS, pero prácticamente a mitad de precio. Otra saga espectacular son los Manta, aunque en este caso decidir si me gusta más el primero, el A de (1970 – 1975), o el segundo, el B de (1975 – 1981), me costaría más. Ambos los tuve y creo que los tengo en miniatura estática, no en Slot, y me parecían preciosos. Y no olvidéis que el Opel Manta 400 de 1981 fue homologado en Grupo B, pero la versión de serie ofrecía unos números espectaculares: 960 kg, motor 2,4 litros de 144 CV. En la versión de competición alcanzaba casi los 300 CV y, poca broma, con este modelo ganó Walter Röhrl el Mundial de rallyes de 1982. No me puedo olvidar de otro mito de los Rallyes, el Kadett C Coupé de 1973 y de otro “derivado” de una berlina, que me encantó en su momento, el Monza A1 de 1978, derivado del Senator y que era más GT que deportivo puro, pero con el que podías hacer unas derrapadas espectaculares… lo sé por experiencia propia, recuerdo aquella sesión de fotos. Y no quiero dejar de mencionar a un Opel Coupé que pretendía ser, y para mí lo consiguió, un Corvette en pequeño: Me refiero el Opel GT. Por supuesto al primero de 1968. Pero a principios de los años 80 en la oferta de Opel no había Coupés . En 1989 aparece el Opel Vectra, que supuso un verdadero salto en calidad, seguridad y equipamiento. Y para este modelo desarrollaron una plataforma específica que se benefició de la experiencia de Opel con sus Kadett, pero que era muy superior. Y que usaron en un Coupé. Por fin en el Salón de Fráncfort de 1989 pude asistir a la presentación del Calibra… me gustó, pero no me entusiasmó su línea, quizás influenciado por lo mucho que me gustaban los Opel Coupé más antiguos. Pero apenas unas semanas después pude probar los iniciales 2.0 litros tanto las versiones de 8 válvulas y 115 CV como la de 16 válvulas y 150 CV. Y recuerdo perfectamente el titular: “El mejor Opel tracción delantera”. El Calibra tenía muchas virtudes. Sin duda, una de ellas los motores, magníficos, tanto los dos que he citado como los que llegaron después, un V6 2.5 de 170 CV y el 2.0 con Turbo y 204 CV que iba necesariamente acompañado de la tracción 4x4. Otra virtud era la aerodinámica, que se traducía en silencio de marcha y consumos ajustados. El equipamiento, tanto de confort como de seguridad, era muy bueno, la habitabilidad para tratarse de un coupé era destacable, pero todo esto no era lo mejor… Lo mejor era el bastidor que, si en el Vectra iba bien, en un coche más pequeño, ligero y con tarados de suspensiones más firmes, iba de lujo. El Calibra era estable, eficaz, predecible y con buena motricidad. El Kadett GSi era un referente y ahora es un icono. Pero recuerdo muchas de las pruebas de entonces donde acabábamos diciendo que este modelo con un bastidor mejor, más afinado y más progresivo, sería el arma absoluto… Pues eso, justamente, es el Calibra, un Kadett GSi, más bonito, más aerodinámico, pero sobre todo con un bastidor a la altura de los motores, incluido el potente y casi salvaje 16V de 150 CV. Era una combinación perfecta. A medida que pasaba el tiempo, la estética, que me gustaba pero no me entusiasmaba, comenzó a seducirme más y más. Y tiene una virtud: Es intemporal. Este modelo, a pesar de sus 34 años de edad, sigue manteniéndose joven. La conclusión es que la historia y la memoria de los aficionados ha tratado mal al Opel Calibra que tiene muchos méritos para ser un coche coleccionado y deseado. Es, como he dicho y en mi opinión, el ultimo verdadero Coupé de Opel, una marca con gran tradición en este terreno. Fue y es un coche excepcional, con magníficos motores y un comportamiento soberbio, sino el mejor, al menos de los mejores de entre los coches de tracción delantera y similar potencia de esos años.

Roy heeft deze week Stéphan en Michiel te gast om terut te blikken op de jaren '80 en de middenklassers van de jaren '00! We pakken er een vergelijkende test bij uit 2005 toen we niet minder dan 13(!) D-segmenter sedan tegen elkaar konden zetten. En ook actueel nieuws: Porsche heeft zijn 911 een hybride aandrijving gegeven. Roy ging bij het merk langs. See omnystudio.com/listener for privacy information.

In 1990 Vauxhall was on top of the world. Ford's serious misstep with the Sierra in the early 1980s, meant Vauxhall's well put together Cavalier had cleaned up. The third generation Cavalier had continued those inroads in the late 80s, along with the excellent Astra and Nova that completed their mass car lineup. So, surely the next generation car, the Vectra, would do just as well? I'm sure you can tell from the build-up, that that didn't happen, but why?

Join us on our latest discussion as we explore the transformative potential of artificial intelligence in tribal enterprises. In collaboration with Vectra AI, this episode of the TribalHub podcast digs into the key benefits of integrating AI technologies into tribal operations. From enhancing cybersecurity to optimizing operational efficiency, we discuss how AI solutions can empower tribal organizations to thrive in the digital age.  Connect with Vectra AI and Justin Raisor on LinkedIn! Learn how the Soboba Band of Luiseno Indians uses Vectra to identify threats for their government and casino from Steven Nino, CIO of the Soboba Band.  Link here.

Closing the cybersecurity gap - acting fast against critical threatsAligning to current compliance standards without the heavy-liftingLeveraging AI-powered tools to maximise your security investmentsThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Mike Johnson, Global Cyber Threat & Incident Response Manager, Verifonehttps://www.linkedin.com/in/mike---johnson/Matt Hardy, Head of Security, Liberishttps://www.linkedin.com/in/matthardy67/Kiarash Kia, Founder, Stealth Startuphttps://www.linkedin.com/in/kiarashkia/Dan Crossley, Director, Security Engineering, Vectra.aihttps://www.linkedin.com/in/crossleydaniel

This week on the Revenue Insights Podcast we are joined by Willem Hendrickx, CRO at Vectra AI. In this episode, Lee and Willem explore Vectra AI's sales function, including their approach to partnerships, combining quality and quantity for the 2024 pipeline, and Willem's approach to leadership. Willem is CRO at Vectra AI, an AI-driven threat detection and response solution for hybrid and multi-cloud enterprises. He has been with Vectra for four years, and also acts as the SVP International. Prior to joining the company, Willem was Founder and Chairman of the Board at GIG Technology.

In this week's episode we speak to Jamie Bentley, CEO of Stephenson Personal Care.Jamie tells us all about how it feels to take over as fifth generation in a family firm, selling in the states looking like a cross between Tim Nice-but-Dim and Hugh Grant, the feeling when landing your first million dollar deal and how a brilliant ‘train set' analogy sparked his Eureka moment.Plus he tells us about a great opportunity to get MBA students to work on your new business idea.INTRODUCING JAMIE BENTLEYHaving studied Business and Financial Management at the University of North London, quickly followed by a brief stretch in the hospitality industry as a ski guide and water sports instructor, Jamie joined Univar on their Management Development Programme where he spent 4 years learning about the specialty chemicals and ingredients industries.In 1997, being the fifth generation of the Bentley family, he then joined Stephenson Group. Initially he began as a sales representative developing products for the personal care industry that did not exist at the company, eventually building what has become today's Stephenson Personal Care business.Slowly divesting the more mature industrial parts of the business over the years to focus completely on the personal care sector, today Stephenson Group exports personal care ingredients to 62 countries. EPISODE HIGHLIGHTS[00:01:00] Introducing Stephenson Personal Care[00:02:00] Jamie Bentley's background story[00:04:10] Early learnings[00:06:00] Old school sales and a clever tweak[00:08:00] Joining the family business[00:10:00] How the personal care division started and grew[00:17:20] The first $1m sales order[00:19:30] The eureka moment[00:24:30] The process of divesting non-core business and the learnings from it[00:29:30] Using MBA students to develop a spin-out idea[00:33:00] Managing people smarter than you[00:36:00] The learnings from taking over a family businessKEY TAKEAWAYS & BUSINESS LEARNINGS• Watch. Mouth shut, ears open, eyes open. Watch and learn.• You learn most information from the shopfloor of your business and your client's business (the people who are doing the doing)• Take care of all your clients, but in the early days make sure you take most care of the big clients• Think of your business as a train set. You cant break train set, you just change it• Surround yourself with great people and learn how to manage people better than you• You need proper trusted finance advice and the same with corporate lawyers when selling a business• Strategy is as much about what you don't do, as you do do• Give staff the room to failBEST MOMENTS“I was described as lazy or stupid at school. I then did an IQ test and they determined I was lazy”“I worked out as a rep I could 8 calls a day. The trucks were doing 30 deliveries a day, so abandoned my Vectra and sat in the passenger seat of one of the wagons”“We had a Drawing Room at home that was only used for Christmas and bollockings… and my dad took me into the Drawing Room…”“If I'd had my eureka moment 10 years earlier, we'd have been 10 years ahead now”“Yours is the most complicated loss-making business I have ever seen”“He said 'come to the meeting to sell the business but don't bring any lawyers or accountants' ”VALUABLE RESOURCES FOR YOUWebsite: www.leedsbusinesspodcast.com Website: https://www.stephensonpersonalcare.com/ .LinkedIn: https://www.linkedin.com/in/jamie-bentley-soap/ Instagram (business):...

Today we're talking about how 3D Imaging and virtual reality are shaping plastic surgery. If you've had a breast augmentation with us, then you probably already know about our swanky Vectra machine that uses a simulation to help patients test different implants before committing. The Vectra is great for other surgeries too, like breast lifts to correct asymmetry, mastopexy and augmentations, and rhinoplasties. Today, Richard and Kim explain how exactly 3D simulation works, what the limitations are, and what the future of plastic surgery looks like in terms of AI and virtual reality.

Non-surgical skin tightening is the “holy grail” of plastic surgery, and Ellacor is the latest and greatest step toward it.  Since conducting the clinical trials for Ellacor, Florida plastic surgeon Dr. Jason Pozner has treated hundreds of patients – including himself!  By punching out numerous tiny cylinders of loose skin and stimulating the surrounding skin's healing response, Ellacor is designed to reduce laxity and generate healthier skin without leaving any scars. Dr. Pozner joins Dr. Bass to discuss what it does, how it works, and how it was developed. Listen as Drs. Bass and Pozner discuss downtime, aftercare, what they think about what it can and cannot do, and who the ideal patients are for this innovative new technology.  About Dr. Jason Pozner Jason Pozner, MD, is the co-founder and medical director of Sanctuary Medical Center in Boca Raton, Florida. Dr. Pozner was an assistant professor of plastic surgery at Johns Hopkins Medical Center in Maryland and currently serves as adjunct clinical faculty in the Department of Plastic Surgery at the Cleveland Clinic in Florida. Learn more about guest Dr. Jason Pozner Check out Dr. Pozner's Instagram About Dr. Lawrence Bass Innovator. Industry veteran. In-demand Park Avenue board certified plastic surgeon, Dr. Lawrence Bass is a true master of his craft, not only in the OR but as an industry pioneer in the development and evaluation of new aesthetic technologies. With locations in both Manhattan (on Park Avenue between 62nd and 63rd Streets) and in Great Neck, Long Island, Dr. Bass has earned his reputation as the plastic surgeon for the most discerning patients in NYC and beyond. To learn more, visit the Bass Plastic Surgery website or follow the team on Instagram @drbassnyc Subscribe to the Park Avenue Plastic Surgery Class newsletter to be notified of new episodes & receive exclusive invitations, offers, and information from Dr. Bass.   

W jedenastym odcinku podcastu „Cudne rozmowy o marketingu” Joanna Cudna porozmawia o najnowszych trendach i wyzwaniach w e-commerce. Zapyta gościa o innowacyjne kampanie i strategie, które zdominowały branżę w ostatnim roku, oraz postara się spojrzeć w przyszłość, zastanawiając się, co przyniesie rok 2024.

Dane PKB za 2023 wskazują na ciągle niską konsumpcję; na nowego prezesa PZU typowani są Jakub Karnowski, Andrzej Klesyk i Cezary Stypułkowski; według Bain&Co wartość przejęć strategicznych spadła w Polsce do 10 mld USD w 2023 r.; a prezes UOKIK zarzuca spółce Vectra stosowanie postanowień abuzywnych w umowach z konsumentami.

Saab 900於1978年誕生，從其誕生至1993年這段期間所生產的Saab 900一般稱之為Classic，而1993~1998所生產的則稱之為New Generation(NG900)。Saab 900的”垂尾”在Classic時期就已成為該車系的特徵，而我們最初所認識的Saab 900也是這個時期的產品。Saab 900是一款獨樹一幟的Sedan，不僅外型，連內裝、按鍵位置配置亦與眾不同。本專題共分四集，本集開始介紹'93~'98年間大量採用GM體系Opel底盤等所推出的第二代、也就是俗稱的NG900，請慢用！ CELSIORS Youtube頻道：https://www.youtube.com/channel/UCo3IxZ-cdzucOFOOY3CBe1w

Email Us: TheDayAfter@THENEWBLXCK.com WhatsAPP: 07564841073 Join us in our twitter community - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://shorturl.at/jkrNQ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ The Day After, (00:00) Intro: (02:37) BHM: Lest We Forget - HORN OF AFRICA (ETHIOPIA, ERITREA, SOMALI, DJIBOUTI) (38:05) Headlines: Israeli forces move further into Gaza as Netanyahu declares ‘time for war', Senior Labour MP suspended over 'deeply offensive' comments at pro-Palestine rally, Suella Braverman calls pro-Palestine demonstrations ‘hate marches' (46:13) What you Saying? Travelling the world: My do's and don'ts! Is the modern way of navigating the world robbing us of a full & immersive experience?

W dziewiątym odcinku podcastu „Cudne rozmowy o marketingu” Joanna Cudna rozmawia o tym, dlaczego warto przeprowadzać audyt kampanii Google Ads. W odcinku przyjrzymy się bliżej, dlaczego dokładny audyt kampanii Google Ads jest kluczowy w wydobywaniu cennych danych, które mogą znacząco podnieść efektywność i ROI z działań reklamowych. Gościem odcinka jest Jarosław Koniec - PPC Development & Operations Coordinator w Cube Group. Jarek jest pasjonatem digital marketingu z ponad 11-letnim doświadczeniem w branży. Specjalizuje się w planowaniu i realizacji kampanii efektywnościowych. Posiada wszechstronną wiedzę i doświadczenie w obszarach kampanii w Google, Paid Social czy Programmatic. W Cube Group pomaga Klientom osiągać cele biznesowe, prowadząc skuteczne kampanie dla największych marek z branży e-commerce, telekomunikacji, ochrony zdrowia czy beauty. W portfolio Jarka znajdują się m.in. Polpharma, Vectra, Orange, BZ WBK czy InviMed. Obecnie jako PPC Development & Operations Coordinator w Cube Group nadzoruję pracę zespołu specjalistów SEM, Programmatic i Paid Social. Z odcinka dowiesz się: ✅ Na czym polega audyt Google Ads? ✅W jakich sytuacjach audyt Google Ads może być szczególnie przydatny? ✅Jakie elementy kampanii są analizowane podczas audytu Google Ads? ✅Czy audyt kampanii Google Ads może być przeprowadzany wyłącznie przez specjalistę, czy też można wykorzystać do tego narzędzia? Nie masz czasu na przesłuchanie całego odcinka? Przejdź do pytania, które Cię najbardziej interesuje już teraz! (2:01) Po co przeprowadzać audyt kampanii Google Ads? (3:20) Kiedy audyt powinien być ‘must have' przy prowadzeniu działań reklamowych? (6:39) W jakiej sytuacji należy przeprowadzić audyt kampanii? (8:55) Jaki jest zakres audytu? (16:00) Czy można podczas pracy nad audytem korzystać z jakichś narzędzi? (17:42) Czy wprowadzenie wytycznych audytowych wiąże się z tańszym pozyskaniem klienta i wyższym ROI?(18:52) Jak wygląda współpraca z agencją i w jakiej formie otrzymuje się wyniki audytu? (22:07) Czy istnieją przykłady wdrożenia wytycznych audytowych, które pomogły w realizacji celów biznesowych? ⭐ Śledź nas również na mediach społecznościowych, aby otrzymać jeszcze więcej informacji ze świata marketingu. Facebook ► https://cutt.ly/WwJY92o3 LinkedIn ► https://cutt.ly/uwJY9Qvy

We're at the TribalNet Conference & Tradeshow with Justin Raisor, Regional Sales Manager at Vectra for Federal Civilian Enterprise and Native American Tribes/Gaming. Listen in as host Michelle Bouschor discusses Zero Trust, Security Operation Centers, and their role in a tribal technology department with Justin.   Also, learn more about the upcoming Blue Team Workshop that is being hosted on 10/12.  This workshop welcomes anyone in the tribal space who is security-minded, regardless of experience level!     Show Notes: Blue Team Workshop | October 12, 2023 | Virtual Event:  Learn More & Register:  https://info.vectra.ai/blueteamworkshop_oct12 Learn more about Vectra:  https://www.vectra.ai/ Connect with Justin Raisor:  https://www.linkedin.com/in/vectra-jraisor/   Have a topic you'd like TribalHub to cover on the podcast?  Email contactus@tribalhub.com.    

The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading. Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg)  Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal)  The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal)  Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal)  ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters)  MGM Resorts says cyberattack could have material effect on company (NBC News)  MGM Resorts cybersecurity breach could cost millions, expert says (KLAS)  MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire) macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek)  “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence)  Unit 42 Attack Surface Threat Report (Palo Alto Networks) The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal)  Learn more about your ad choices. Visit megaphone.fm/adchoices

En este programa vamos a ver alguno de los usos positivos de la Inteligencia Artificial. En un momento en el que todo el mundo esta muy preocupado por las repercusiones de la Inteligencia Artificial y de cómo se firman manifiestos para pedir una pausa, nosotros hablamos con una empresa que la utiliza para mejorar la seguridad de las empresas. Vectra.ai utiliza la IA para detectar de cuando estan atacando una empresa, pero poniendo el foco en un punto donde no se suele mirar. La red interna de las organizaciones. Quizás porque tradicionalmente se supone que es segura o porque se espera que otras herramientas ayuden a detectar los ataques, no ha sido normalmente un punto de atención. De la mano de Eutimio Fernandez, Country Manager de Vectra en España nos acercamos a las soluciones de Vectra y a como la IA nos ayuda a defendernos y a mejorar los costes de la ciberseguridad. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/

En este programa vamos a ver alguno de los usos positivos de la Inteligencia Artificial. En un momento en el que todo el mundo esta muy preocupado por las repercusiones de la Inteligencia Artificial y de cómo se firman manifiestos para pedir una pausa, nosotros hablamos con una empresa que la utiliza para mejorar la seguridad de las empresas. Vectra.ai utiliza la IA para detectar de cuando estan atacando una empresa, pero poniendo el foco en un punto donde no se suele mirar. La red interna de las organizaciones. Quizás porque tradicionalmente se supone que es segura o porque se espera que otras herramientas ayuden a detectar los ataques, no ha sido normalmente un punto de atención. De la mano de Eutimio Fernandez, Country Manager de Vectra en España nos acercamos a las soluciones de Vectra y a como la IA nos ayuda a defendernos y a mejorar los costes de la ciberseguridad. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ Panda https://www.pandasecurity.com/es/

On today's episode of the Security Vendor spin-off series, our host Harry Baily was joined by Jaime Buelta, Principal Software Engineer at Vectra AI. During the episode, Jaime shares his experience getting into the industry and whether people should follow a similar route to him.  Jaime also talks about the biggest challenge he faced entering the industry and how it actually made him the engineer he is today.  Learn more from Jaime: https://www.linkedin.com/in/jaime-buelta-27305817/ Want to stay up to date with new episodes? Follow our LinkedIn page for all the latest podcast updates!Head to: https://www.linkedin.com/company/the-route-to-networking-podcast/Interested in following a similar career path? Why don't you take a look at our jobs page, where you can find your next job opportunity? Head to: www.hamilton-barnes.com/jobs/

Dale O'Grady joins us from Vectra AI, joins Rod and Brodie to demonstrate the integrations of Vectra's capabilities within Microsoft Sentinel. Show notes and links: Vectra® uses artificial intelligence to automate real-time cyber attack detection and response – from network users and IoT devices to data centers and the cloud. All internal traffic is continuously monitored to detect hidden attacks in progress. Detected threats are instantly correlated with host devices that are under attack and unique context shows where attackers are and what they are doing. Threats that pose the biggest risk to an organization are automatically scored and prioritized based on their severity and certainty, which, enables security operations teams to quickly focus their time and resources on preventing and mitigating loss. https://www.vectra.ai/ Microsoft Azure Marketplace - Vectra AI https://azuremarketplace.microsoft.com/en-us/marketplace/apps/vectraaiinc.ai_vectra_detect_mss? Vectra AI Detect connector for Microsoft Sentinel https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/vectra-ai-detect

Download “Joe's 12 Best Business Automation Tricks To Increase Revenue” from https://automatingsuccess.net/  Vinod Kettay, CEO of Vectra Automation (www.vectraglobal.com) talks about his passion for automation and his background working for General Motors. He also discusses the origins of Vectra Automation and how they automate the creation of engineering drawings, which is the essential bridge between product engineering and manufacturing. In this episode Joe Langton and Vinod Kettay discuss: Automating Engineering Drawings Across Industries AI vs. Machine Learning: Which is More Accurate? The Challenges of Automating and Adapting to Change A Software as a Service Company for Mechanical Manufacturing Systems www.vectraglobal.com https://www.linkedin.com/in/vinodkettay/ https://www.linkedin.com/company/vectraautomation/ Connect with Joe Langton and Automating Success: Website: http://AutomatingSuccess.net   TikTok: https://www.tiktok.com/@automatingsuccess Instagram: https://www.instagram.com/AutomatingSuccess YouTube: https://www.youtube.com/@automatingsuccess

Out of all the phrases that technology has generated in the past ten years, I think I like the phrase, “cloud washing” the most.  The concept is that a traditional company would promote itself as always being cloud native.  Kind of like being a Monday morning quarterback. In 2023, the variation on that theme is “Artificial Intelligence washing.”  Now that AI is a trending phrase you can see technology websites suddenly claiming the long history they have with artificial intelligence, or, what may be called, “artificial intelligence washing.” This brings us to today's interview with Chris Howard from Vectra. The company has been knee-deep in Artificial Intelligence since 2010.  As Chris explains, they have honed that knowledge to be able to apply it to the world of cybersecurity.  During the interview, Chris explains how Vectra deals with an insider threat.  They have focused on techniques to understand how an insider moves within a network.  The overall approach to this is what Vectra calls “Attack Signal Intelligence.” Without divulging proprietary information, Vectra has proven itself to be able to isolate and respond to a variety of malicious actors. Essentially, they have trained AI to think like an attacker and give the appropriate defensive response.    Chris describes a case study where a person was let into the network with appropriate credentials as a test to see Vectra's capabilities. Merely by watching behavior, the algorithms from Vectra were able to isolate the malicious actor. Realistically, attacks are so prevalent that defense is almost impossible for a human without an automated tool. The safety provided by Vectra doesn't stop with the installation of the Vectra platform. It has been designed to continuously learn new threats and respond accordingly. Listen to the interview to gain a better understanding of an advanced way to handle cyber threats.   Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com    

Out of all the phrases that technology has generated in the past ten years, I think I like the phrase, “cloud washing” the most.  The concept is that a traditional company would promote itself as always being cloud native.  Kind of like being a Monday morning quarterback. In 2023, the variation on that theme is “Artificial Intelligence washing.”  Now that AI is a trending phrase you can see technology websites suddenly claiming the long history they have with artificial intelligence, or, what may be called, “artificial intelligence washing.” This brings us to today's interview with Chris Howard from Vectra. The company has been knee-deep in Artificial Intelligence since 2010.  As Chris explains, they have honed that knowledge to be able to apply it to the world of cybersecurity.  During the interview, Chris explains how Vectra deals with an insider threat.  They have focused on techniques to understand how an insider moves within a network.  The overall approach to this is what Vectra calls “Attack Signal Intelligence.” Without divulging proprietary information, Vectra has proven itself to be able to isolate and respond to a variety of malicious actors. Essentially, they have trained AI to think like an attacker and give the appropriate defensive response.    Chris describes a case study where a person was let into the network with appropriate credentials as a test to see Vectra's capabilities. Merely by watching behavior, the algorithms from Vectra were able to isolate the malicious actor. Realistically, attacks are so prevalent that defense is almost impossible for a human without an automated tool. The safety provided by Vectra doesn't stop with the installation of the Vectra platform. It has been designed to continuously learn new threats and respond accordingly. Listen to the interview to gain a better understanding of an advanced way to handle cyber threats.   Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com    

Megyn Kelly attacked Madonna last week for changing her appearance with the aid of plastic surgery.  Today we discuss the overdone look or the gaunt look of the Hollywood elite - two clashing trends.  We also discuss how the new Vectra camera can help determine what size breast implants to use in augmentations.  

For many people, the first experience in a cosmetic practice is the consultation, and the mystery of the process can be intimidating. Here at LJC, we want you to know exactly what to expect from beginning to end! Our patient coordinator Marissa is here to walk us through every step of the consultation journey. If you aren't sure which procedure or provider will help you achieve your goals, patient coordinators ask all the right questions to help you find the perfect procedure and the dream team. The consultation can be up to two hours long depending on how much you need to discuss. Our providers take their time to get to know you and your goals because your happiness in your results is our number one priority. At LJC, we want you to have a relationship with us for many years to come, and you will find that whether by email, text message, phone, Zoom, or face to face our philosophy is to be helpful and educate first. Learn about our free consultations https://www.ljcsc.com/your-dream-starts-here/your-free-consultation/ Prepare for your consultation by viewing our before and after photos https://www.ljcsc.com/gallery/ Meet Marissa and our other patient care coordinators https://www.ljcsc.com/about/meet-the-team/patient-coordinators/ Read about how you can find the right provider for you https://www.ljcsc.com/your-dream-starts-here/how-to-choose-a-provider/ Take a screenshot of this podcast episode with your phone and show it at your consultation or appointment, or mention the promo code PODCAST to receive $25 off any service or product of $50 or more at La Jolla Cosmetic, redeemable in the med spa (https://www.ljcsc.com/) or toward any service with our plastic surgeons. La Jolla Cosmetic is located just off the I-5 San Diego Freeway at 9850 Genesee Ave, Suite 130 in the Ximed building on the Scripps Memorial Hospital campus. To learn more, go to https://www.ljcsc.com/ or follow the team on Instagram https://www.instagram.com/ljcsc/ The La Jolla Cosmetic Podcast is a production of The Axis http://www.theaxis.io/ Special Guest: Marissa.

Ahoy! and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader.  My name is G. Mark Hardy, and today we're going to -- talk like a pirate.  ARRR As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. On today's episode we are going to talk about the 9 Cs of Cyber Security.  Note these are not the 9 Seas that you might find today, the 19th of September, which happens to be the 20th annual International Talk like a Pirate Day.  They are the nine words that begin with the letter C (but not the letter ARRR): Controls, Compliance, Continuity, Coverage, Complexity, Competency, Communication, Convenience, Consistency. Please note that this talk is inspired by an article by Mark Wojtasiak from Vectra, but we have modified the content to be more aligned with our thoughts at CISO Tradecraft. Now before we go into the 9 Cs, it's important to understand that the 9 Cs represent three equal groups of three.  Be sure to look at the show notes which will link to our CISO Tradecraft website that shows a 9-box picture which should make this easier to understand.  But if you're listening, imagine a three-by-three grid where each row corresponds to a different stakeholder.  Each stakeholder is going to be concerned with different things, and by identifying three important priorities for each, we have our grid.  Make sense?  Okay, let's dig in. The first row in our grid is the focus of Executive Leaders. First, this group of executives such as the CEO, CIO, and CISO ensure that the IT controls and objectives are working as desired.  Next, these executives want attestations and audits to ensure that compliance is being achieved and the organization is not just paying lip service to those requirements.  Thirdly, they also want business continuity.  IT systems must be constantly available despite attacks from ransomware, hardware failures, and power outages. The second row in our grid is the focus of Software Development shops. This group consists of Architects, Developers, Engineers, and Administrators.  First, they need to ensure they understand the Coverage of their IT systems in asset inventories -- can we account for all hardware and software.  Next, developers should be concerned with how Complexity in their environment can reduce security, as these tend to work at cross-purposes.  Lastly, developers care about Competency of their teams to build software correctly; that competency is a key predictor of the end quality of what is ultimately produced. The third and final row in our grid is the focus of Security Operations Centers. This group consists of Incident Handlers and Responders, Threat Intelligence Teams, and Business Information System Officers commonly known as BISOs.  They need to provide clear communication that informs others what they need to do, they need processes and tools that enable convenience so as to reduce friction.  Finally, they need to be consistent.  No one wants a fire department that only shows up 25% of the time. So now that we have a high-level overview of the 9 C's let's start going into detail on each one of them.  We'll start with the focus of executive leaders.  Again, that is controls, compliance, and continuity. Controls- According to James Hall's book on Accounting Information Systems[i], General Computer Controls are "specific activities performed by persons or systems designed to ensure that business objectives are met." Three common control frameworks that we see inside of organizations today are COBIT, COSO, and ITIL. COBIT®, which stands for The Control Objectives for Information Technology was built by the IT Governance Institute and the Information Systems Audit and Controls Organization, better known as ISACA®.  COBIT® is primarily focused on IT compliance, audit issues, and IT service, which should not be a surprise given its roots from ISACA® which is an Audit and Controls organization.  Overall, COBIT® 2019, the latest version, is based on the following six principles[ii] (note that the prior version, COBIT® 5[iii], had five): Provide stakeholder value Holistic approach Dynamic governance system Governance distinct from management Tailored to enterprise needs End-to-end governance system COSO  stands for The Committee of Sponsoring Organizations of the Treadway Commission.  Their latest version is the 2017 Enterprise Risk Management - Integrated Framework, which is designed to address "enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.[iv]"  COSO states that internal controls are a PROCESS, effected by leadership, to provide reasonable assurance with respect to effectiveness, reliability, and compliance[v].  The framework consists of five interrelated principles[vi]: Governance and culture Strategy and objective-setting Performance Review and revision, and Information, communication, and reporting To support these principles, COSO defines internal controls as consisting of five interrelated components: Control environments, Risk Assessments, Control Activities, Information and Communication, and Monitoring Activities. The third framework is ITIL®, which stands for Information Technology Infrastructure Library. First published in 1989 (the latest update is 2019/2020), ITIL® is managed and maintained by AXELOS, a joint venture between the Government of the United Kingdom and PeopleCert, which acquired AXELOS in 2021. According to their website[vii], "ITIL 4 is an adaptable framework for managing services within the digital era.  Through our best practice modules, ITIL 4 helps to optimize digital technologies to co-create value with consumers, drive business strategy, and embrace digital transformation." (Talk about buzzword compliance).  ITIL® 4 focuses on process and service management through service strategy, service design, service transition, service operation, and continual service improvement.  What is interesting is that there is no third-party assessment of ITIL® compliance in an organization, only individual certification. At the end of the day an organization needs to pick one of these popular control frameworks and show controls are being followed.  This isn't just a best practice; it's also required by Sarbanes Oxley.  SOX has two sections that require control attestations that impact cyber.  Section 302 requires corporate management, executives, and financial officers to perform quarterly assessments which: Evaluate the effectiveness of disclosure controls, Evaluate changes in internal controls over financial reporting, Disclose all known control deficiencies and weaknesses, and Disclose acts of fraud. Since financial services run on IT applications, cybersecurity is generally in scope for showing weaknesses and deficiencies.  SOX Section 404 requires an annual assessment by both management and independent auditors.  This requires organizations to: Evaluate design and operating effectiveness of internal controls over financial reporting, Disclose all known controls and significant deficiencies, and disclose acts of fraud. Once we understand the requirements for controls, we need to be Compliant. Compliance is the second C we are discussing today.  Remember the CFO and CEO need to produce annual and quarterly reports to regulators such as the SEC.  So, if you as a CISO can help them obtain a clean bill of health or fix previous audit findings, you help the business. A useful tool to consult in terms of compliance is a concept from the Institute of Internal Auditors known as the three lines model or three lines of defense[viii].  This model has as a foundation six principles: Governance Governing body roles Management and first- and second-line roles Third line roles Third line independence, and Creating and protecting value The first line of defense is the business and process owners who maintain internal controls.  You can think of a software developer who should write secure software because there is an IT Control that says so.  That developer is expected to run application security scans and vulnerability scans to find bugs in their code.  They are also expected to fix these issues before releasing to production.  The second line of defense are elements of an organization that focus on risk management and compliance.  Your cyber team is a perfect example of this.  If the developer doesn't fix the application vulnerabilities before sending code to production, then the company is at risk.  Cyber teams generally track and report vulnerability findings to the business units to ensure better compliance with IT controls. Finally, the third line of defense is internal audit.  Internal audit might assess an IT control on secure software development and say we have an issue.  The developers push out bad code with vulnerabilities.  Cyber tells the developers to fix, yet we are observing trends that the total vulnerabilities are only increasing.  This systemic risk is problematic, and we recommend management comply with the IT controls by making immediate fixes to this risky situation. Now, other than the observation that the ultimate line of defense (internal auditors) is defined by the Institute of Internal Auditors (no conflict of interest there), note that internal auditors can report directly to the board.  Developers and CISOs typically cannot.  One of the most powerful weapons in an auditor's toolbox is the "finding."  The U.S. Code defines what represents a finding[ix] in the context of federal awards, to include: Significant deficiencies and material weaknesses in internal control and significant instances of abuse Material noncompliance with the provisions of Federal statutes or regulations Known questioned costs, specifically identified by the auditor, greater than $25,000 for a type of compliance requirement Internal auditors have both a mandate from and access to the board to ensure that the organization meets compliance requirements.  So, if you've been unsuccessful in getting funding for what you consider a critical security asset, maybe, just maybe, you casually point that out to the auditors so that it ends up in a finding.  After all, findings get funded.  Don't get caught, though, or you'll have some explaining to do to your boss who previously turned you down. Management cares a lot about Continuity. Remember, if the business is down, then it's not making money, and it's probably losing money by the hour.  If the business isn't making money, then they can't pay for the cyber department.  So, among your goals as a cyber executive is to ensure the continuity of revenue-generation services.  To start, you must identify what those activities are and find ways to protect the services by reducing the likelihood of vulnerabilities found in those systems.  You also need to ensure regular backup activities are occurring, disaster recovery exercises are performed, Business Continuity Plans are tested, and tabletops are executed.  Each of these activities has the potential to identify gaps which cause harm to the continuity that executives care about. How do you identify revenue-generating elements of the business?  Ask.  But do your homework first.  If you're a publicly traded company, the annual report will often break out lines of business showing profit and loss for each.  Even if it's losing money today, it still may be vital to the organization.  Think, ahem, about your department -- you're probably not making a profit for the company in the security suite, but your services are definitely important.  Look at the IT systems that support each line of business and assess their criticality to the success of that business component.  In today's digitized workplace, the answer will almost always be "yes," but since you don't have unlimited resources, you need to rack and stack what has to be protected first.  A Business Impact Analysis, or BIA, involves meeting with key executives throughout the organization, assessing the importance and value of IT-supported business processes, ranking them in the order in which they need to be assured, and then acting on that knowledge.  [I thought we had done an episode on BIA, but I checked back and couldn't find one.  So, expect to learn more about that in a future episode.] Backups and disaster recovery exercises are a must in today's world of ransomware and surprise risks, but make sure that you're not just hand-waving and assuming that what you think is working really is working.  Do what I call "core sampling" -- get with your team and dig way down until you reach some individual file from a particular date or can observe all logs collected for some arbitrary 5-minute period.  It's not that that information is critical in and of itself, but your team's ability to get to that information quickly and accurately should increase your confidence that they could do the same thing when a true outage occurs. Lastly, tabletop exercises are a great way to ensure that your team (as well as others from around the organization, up to and including senior leadership) know what to do when certain circumstances occur.  The advantage of tabletops is that they don't require much time and effort from the participants to go through emergency response procedures.  The disadvantage of tabletops is that you risk groupthink when everyone thinks someone else took care of that "assumed" item.  Companies have been caught flat-footed when the emergency diesel generator doesn't kick in because no one in the tabletop tests ever thought to check it for fuel, and the tank was empty.  Things change, and there's nothing like a full-scale test where people have to physically go to or do the things they would in a true emergency.  That's a reason why kids in school don't discuss what to do in a fire drill, they actually do what needs to be done -- get out of the building.  Be careful here you don't have a paper tiger for a continuity plan -- it's too late when things start to come apart to realize you hadn't truly done your homework. Those are the three Cs for executives -- controls, compliance, and continuity.  Now let's move on to developers. If you remember, the three Cs for developers are coverage, complexity, and competency. Developers need to care about Coverage. When we talk about coverage, we want to ensure that we know everything that is in our environment.  That includes having a complete and up-to-date asset inventory, knowing our processes are free from security oversight, as well as ensuring that our security controls are deployed across all of our potential attack surfaces.  "We've got your covered" is usually considered reassuring -- it's a statement that someone has thought of what needs to be protected. Specifically, our technical team members are the only ones who can generally tell if the IT asset inventory is correct.  They are the ones who run the tools, update the agents (assuming we're not agentless), and push the reporting.  If the scanning tools we use are missing hardware or software, then those gaps represent potential landing zones for enemy forces.  The Center for Internet Security's Critical Controls start with these two imperatives.  Essentially, if you don't know what you have, how can you secure it? Knowing our processes is key.  For developers today, it's much more likely that they're using a DevOps continuous integration / continuous delivery, or CI/CD process, rather than the classic waterfall methodology.  Agile is often an important part of what we do, and that continuous feedback loop between developer and customer helps to ensure that we cover requirements correctly (while being careful to avoid scope creep.)  Throughout our development cycle, there are numerous places where security belongs -- the art we call DevSecOps.  By putting all of our security processes into version control -- essentially automating the work and moving away from paper-based processes, we create a toolchain that automates our security functionality from pre-commit to commit to acceptance to production to operations.  Doing this right ensures that security in our development environment is covered. Beyond just the development pipeline, we need to cover our production environment.  Now that we've identified all hardware and software and secured our development pipeline, we need to ensure that our security tools are deployed effectively throughout the enterprise to provide protective coverage.  We may know how many servers we have, but if we don't scan continuously to ensure that the defenses are running and up to date, we are effectively outsourcing that work to bad actors, who fundamentally charge higher billing rates than developers when they take down critical systems via ransomware. In his book Data and Goliath, Bruce Schnier wrote, "Complexity is the worst enemy of security, and our systems are getting more complex all the time.[x]" Complexity is inversely correlated to security. If there are two hundred settings that you need to configure properly to make containers secure, that's a big deal.  It becomes a bigger deal when the team only understands how to apply 150 of those settings.  Essentially, your company is left with fifty opportunities for misconfiguration to be abused by bad actors.  Therefore, when possible, focus your understanding on how to minimize complexity.  For example, instead of running your own containers on premises with Kubernetes, try using Amazon Elastic Container Services.  There's a significant amount of configuration complexity decrease.  In addition, using cloud-based services give us a lot of capabilities -- elastic scaling, load balancers, multiple regions and availability zones, and even resistance to DDoS attacks.  That's a lot of overhead to ensure in a high-availability application running on servers in your data center.  Consider using AWS lambda where all of that is already handled as a service for our company.  Remember that complexity makes security more difficult and generally increases the costs of maintenance.  So only increase complexity when the business benefit exceeds the costs. From a business connectivity perspective, consider the complexity of relationships.  Many years ago, data centers were self-contained with 3270 green screens (or punched card readers if you go back far enough) as input and fan-fold line printer generated paper as output.  Essentially, the only connection that mattered was reliable electrical power. Today, we have to be aware of what's going on in our industry, our customers, our suppliers, consumers, service providers, and if we have them, joint ventures or partners.[xi]  This complex web of competing demands stretches our existing strategies, and sometimes rends holes in our coverage.  I would add to that awareness, complexity in our workforce.  How did COVID-19 affect your coverage of endpoints, for example?  Most work-from-home arrangements lost the benefit of the protection of the enterprise security bubble, with firewalls, scanners, and closely-manage endpoints.  Just issuing a VPN credential to a developer working from home doesn't do much when junior sits down at mom's computer to play some online game and downloads who-knows-what.  Consider standardizing your endpoints for manageability -- remove the complexity.  When I was in the Navy, we had exactly two endpoint configurations from which to choose, even though the Navy-Marine Corps Intranet, or NMCI, was the largest intranet in the world at the time.  Although frustrating when you have to explain to the admiral why his staff can't get fancier computers, the offsetting benefit is that when an emergency patch has to get pushed, you know it's going to "take" everywhere. Number six is Competency -- another crucial skill for developers. If your organization doesn't have competent developers, then more vulnerabilities are going to emerge.  So how do most other industries show competencies?  They use a licensure and certification process.  For example, teenagers in the United States must obtain a driver's license before they are legally approved to drive on their own.  Nearly all of us have been through the process -- get a manual when you get a learner's permit, go to a driving school to learn the basics, practice with your terrified parents, and after you reach the minimum age, try not to terrify the DMV employee in the passenger seat.  In the UK, the Driver and Vehicle Standards Agency recommends a minimum of 47 hours of lessons before taking the driving test, which still has only a 52% pass rate on the first attempt[xii]. Now ask yourself, is developing and deploying apps riskier than driving a car?  If so, consider creating a Developer Driver's License exam that identifies when developers are competent before your company gives them the SSH keys to your servers.  Before your new developer sits for the exam you also need to provide the training that identifies the Rules of the Road.  For example, ask: When a new application is purchased, what processes should be followed? When are third party vendor assessments needed?  How does one document applications into asset inventory systems and Configuration Management Databases? If you can build the Driver's Education Training equivalent for developer and measure competency via an exam, you can reduce the risk that comes from bad development and create a sense of accomplishment among your team. So, to summarize so far, for executives we have controls, compliance, and continuity, and for developers we have coverage, complexity, and competency.  It's now time to move to the last three for our security operations center:  clarity, context, and community. The seventh C is Communication. Let's learn from a couple quotes on effective communication. Peter Drucker said, “The most important thing in communication is hearing what isn't said.”  When you share an idea do you look at the person you are informing to see if they understand the idea?  What body language are you seeing?  Are they bored and not facing you, are they engaged and leaning in and paying close attention, or are they closed off with arms crossed?  We've probably all heard the term "active listening."  If you want to ensure the other party understands what you're saying (or if you're trying to show them you understand what they are saying), ask the listener to repeat back in their own words what the speaker has just said.  You'd be amazed how few people are needed to play the game of "telegraph" and distort a message to the point it is no longer recognizable. George Bernard Shaw said, “The single biggest problem in communication is the illusion that it has taken place.”  When you present a technical topic on a new risk to executives, ask questions to ensure they understand what you just shared.  If you don't do so, how do you know when you might be overwhelming them with information that goes right over their heads.  There's always the danger that someone will not want to look stupid and will just nod along like a bobblehead pretending to understand something about which they have absolutely no clue.  Richard Feynman had said, "If you can't explain it to a six-year-old, you don't understand it yourself."  Well, let me offer G Mark's corollary to that quote:  "If you can't explain it to a six-year-old, you can't explain it to your board."  And sometimes the big boss.  And sometimes your manager.  And sometimes your co-worker.  Ask for feedback; make sure the message is understood. Earl Wilson said, “Science may never come up with a better office communication system than the coffee break.”  When you want to launch a really important initiative that needs group buy-in, did you first have one-on-ones to solicit feedback?  Did you have an ear at the water cooler to understand when people say yes but really mean no?  Do you know how to connect with people so you can ask for a favor when you really don't have the resources necessary to make something happen?  Unless you are in the military, you can't issue lawful orders to your subordinates and demand that they carry them out.  You have to structure your communication in such a way that expectations are made clear, but also have to allow for some push-back, depending on the maturity of the relationship you've developed with your team.  [War story:  Just this past week, Apple upgraded to iOS 16.  We use iPhones exclusively as corporate-issued handsets, so I sent a single sentence message to my senior IT team member:  "Please prepare and send an email to all who have an iPhone with steps on how to update the OS soonest.  Thank you."  To me, that seemed like clear communication.  The next day I get a response, "People are slowly updating to 16.0 on their own and as the phone prompts them."  After a second request where I point out "slowly" has not been our strategy for responding to exploitable security vulnerabilities, I get a long explanation of how Apple upgrades work, how he's never been questioned in his long career -- essentially the person spent five times as much time explaining why he will NOT do the task rather than just doing it.  And today 80% of the devices are still not updated.  At times like this I'm reminded of Strother Martin in Cool Hand Luke:  "What we have here is failure to communicate."  So, my lesson for everyone is even though you think your communications are crystal clear, they may not be perceived as such.] Our last quote is from Walt Disney who said, “Of all our inventions for mass communication, pictures still speak the most universally understood language.”  If you believe that pictures are more effective than words, think about how you can create the best pictures in your emails and slide decks to communicate effectively.  I remember a British officer who had visited the Pentagon years ago who commented, "PowerPoint is the language of the US military."  I think he's right, at least in that context.  Ask yourself, are pictures part of your language? Convenience is our eighth C that we are going to talk about. How do we make something convenient?  We do it by automating the routine and removing the time wasters.  In terms of a SOC, we see technology in this space emerging with the use of Security Orchestration, Automation, and Response, or SOAR technologies.  Convenience can come in a lot of ways.  Have we created helpful playbooks that identify a process to follow?  If so, we can save time during a crisis when we don't have a minute to spare.  Have we created simple processes that work via forms versus emails?  It's a lot easier to track how many forms have been submitted and filter on field data versus aggregating unstructured emails.  One thing you might consider as a way to improve convenience are Chatbots.  What if someone could ask a Chatbot a Frequently Asked Question and get a quick, automated, and accurate response?  That convenience helps people, and it saves the SOC time.  If you go that route, as new questions get asked, do you have a way to rank them by frequency and add them as new logic to the chatbot?  If you do, your chatbot gets more useful and provides even greater convenience to the workforce.  How great would it be to hear your colleagues saying it was so convenient to report an incident and see that it was handled in such a timely manner.  Find ways to build that experience and you will become the partner the business wants. Last, but not least, is the 9th C of Consistency. Want to know how to create an audit finding?  Try not being consistent.  Auditors hate that and love to point out inconsistencies in systems.  I'm sure there are auditors right now listening to this podcast smiling with joy saying, "yup, that's me."  Want to know how to pass every audit standard?  Try passing the CARE Standard for cyber security.  CARE is a Gartner acronym that means Consistent, Adequate, Reasonable and Effective.  Auditors look at the Consistency of controls by performing tests to determine if the control is working the same way over time across the organization.  Auditors also look for Adequacy to determine if you have satisfactory controls in line with business needs.  Auditors ensure that your practices are Reasonable by identifying if there exist appropriate, fair, and moderate controls.  Finally, auditors look at Effectiveness to ensure the controls are producing the desired or intended outcomes.  So, in a nutshell, show Auditors that you CARE about cyber security. Okay, let's review.  Our nine Cs are for executives, developers, and SOC teams.  Executives should master controls, compliance, and continuity; developers should master coverage, complexity, and competency; and SOC teams should focus on clarity, communications, and consistency.  If you paid careful attention, I think you would find lessons for security leaders in all nine boxes across the model.  Essentially, don't conclude because boxes four through nine are not for executives that you don't need to master them -- all of this is important to being successful in your security leadership career. Well thanks again for listening to the CISO Tradecraft podcast as we discussed the 9 C's.  And for International Talk Like a Pirate Day, I do have a rrr-request:  if you like our show, please take a few seconds to rate us five stars on your favorite podcast provider.  Another CISO pointed out to me this past week that we came up first on Spotify when searching for C-I-S-O, and that's because those rankings are crowd-sourced.  It's a great way to say thank you for the time and effort we put into our show, and I thank you in advance.  This is your host G. Marrrrk Hardy, and please remember to stay safe out there as you continually practice your CISO Trrrradecraft. References https://www.vectra.ai/blogpost/the-9-cs-of-cybersecurity-value https://en.wikipedia.org/wiki/Information_technology_controls https://www.isaca.org/resources/cobit https://www.apexgloballearning.com/cobit-vs-itil-governance-framework-company-choose-infographic/ https://www.slideshare.net/alfid/it-control-objectives-framework-a-relationship-between-coso-cobit-and-itil https://internalaudit.olemiss.edu/the-three-lines-of-defense/ https://www.linkedin.com/pulse/15-quotes-effective-communication-jim-dent-lssbb-dtm/ https://www.gartner.com/en/articles/4-metrics-that-prove-your-cybersecurity-program-works?utm_medium=socialandutm_source=facebookandutm_campaign=SM_GB_YOY_GTR_SOC_SF1_SM-SWGandutm_content=andsf249612431=1andfbclid=IwAR1dnx-9BqaO8ahzs1HHcO2KAVWzYmY6FH-PmNoh1P4r0689unQuJ4CeQNk   [i] Hall, James A. (1996).  Accounting Information Systems.  Cengage Learning, 754 [ii] https://www.isaca.org/resources/news-and-trends/industry-news/2020/cobit-2019-and-cobit-5-comparison [iii] https://www.itgovernance.co.uk/cobit [iv] https://www.coso.org/SitePages/Enterprise-Risk-Management-Integrating-with-Strategy-and-Performance-2017.aspx [v] https://www.marquette.edu/riskunit/internalaudit/coso_model.shtml [vi] https://www.coso.org/Shared%20Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf [vii] https://www.axelos.com/certifications/itil-service-management/what-is-itil [viii] https://www.theiia.org/globalassets/site/about-us/advocacy/three-lines-model-updated.pdf [ix] https://www.law.cornell.edu/cfr/text/2/200.516 [x] https://www.goodreads.com/quotes/7441842-complexity-is-the-worst-enemy-of-security-and-our-systems [xi] https://www.pwc.com/gx/en/issues/reinventing-the-future/take-on-tomorrow/simplifying-cybersecurity.html [xii] https://www.moneyshake.com/shaking-news/car-how-tos/how-to-pass-your-uk-driving-test

Esse episódio é para você que acha estranho uma menina de Dezoito se passar por Quatorze e se chamar Onze! Ou um monstro de um mundo debaixo da terra ter uma flor como cabeça e não raízes! Ou um vilão chamado Vectra não ser um Transformer! Para esses e outros bagulhos estranhos, chegue ouvir nossa análise ainda mais estranha da quarta temporada de Stranger Things! (Contém spoilers a partir dos 20min e 15s). // Sinal VERDE de aleatoriedade. // =================== Bancada #169: Nathan Cirino / Gabriel Gaspar (Gaga) / Alexandre Feitosa // Montagem: Alexandre Feitosa Edição e Finalização: Nathan Cirino Arte de capa: Matheus Alves (Mac) // Conteúdo Creative Commons. Atribuição Não Comercial - Sem Derivações 4.0 Internacional (CC BY-NC-ND 4.0) // =================== *APOIE O BALAIO! Doe pelo PicPay! (@balaio.podcast) Ou pelo PIX: balaiopodcast@gmail.com =================== Nossos contatos: Twitter: @balaiopodcast Instagram: @balaiopodcast Tik Tok: /balaiopodcast Telegram (canal): t.me/balaiopodcastcanal E-mail: balaiopodcast@gmail.com -------------------------- Músicas do #169 Running up that Hill - Kate Bush Master of Puppets - Metallica My heart Will Go On - Celine Dion Stranger Things 4 Original Sound Track - Oppening Stranger Things 4 Original Sound Track - Into Hell Stranger Things 4 Original Sound Track - Phrophecies Stranger Things 4 Original Sound Track - The Red Army is the Strongest Stranger Things 4 Original Sound Track - Debussy Clair de Lune --- Send in a voice message: https://anchor.fm/balaiopodcast/message

Cutting edge technology allows the docs to make miracles a daily occurrence. From three dimensional facial analysis that will allow a patient to see the “after” before they go into surgery to getting an accurate idea of what you'll look like with breast augmentation…. 3D imaging is an invaluable tool in the cosmetic plastic surgery game. Learn all about it, this week on FOREVER YOUNG! See omnystudio.com/listener for privacy information. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Oliver Tavakoli is Chief Technology Officer at Vectra. Oliver is a technologist who has alternated between working for large and small companies throughout his 25-year career.Oliver will be visiting Australia at the end of May and discussing how Ransomware will be coming to a cloud near you. Oliver points to this concept as a thought experiment on what to expect next.Ransomware and software supply chain attacks have dominated the cybersecurity news feeds and have certainly also captured the attention of mainstream media. While supply chain attacks have already shown a clear appreciation for target organisations' cloud footprints and have leveraged that understanding to pull off some of the more impressive attacks, almost all ransomware attacks have continued to focus primarily on traditional on-premise IT estates. This is because tools to attack these environments (Metasploit, Cobalt Strike, Bloodhound, etc.) have been available for more than a decade and that many hackers have great familiarity with these tools and that there continue to be many organisations whose environments are insufficiently hardened to withstand an attack by a moderately skilled adversary.Two trends will drive ransomware to the cloud:1. the inexorable movement of most data of value to the cloud (in this context, “cloud” is intended to cover both SaaS-delivered applications like Office 365 and public clouds like AWS and Azure) and2. the gradual availability of tools (for example Rhino Security Labs Pacu) to attack clouds and hackers' increased familiarity with them. This presentation will discuss what this combination of Ransomware and cloud is likely to look like.Prior to joining Vectra, Oliver spent more than seven years at Juniper as chief technical officer for the security business. Oliver joined Juniper as a result of its acquisition of Funk Software, where he was CTO and better known as developer #1 for Steel-Belted Radius. Prior to joining Funk Software, Oliver co-founded Trilogy Inc. and prior to that, he did stints at Novell, Fluent Machines and IBM.He is a technologist with experience managing larger (100+ member) teams, but with a bias towards leading small teams of smart technical individuals who want to change organisations through articulations of compelling visions, implementation of elegant architectures and building of highly collaborative technical communities. His specialties include networking architectures, systems software design, computer security principles, organisational design.Oliver received an MS in mathematics and a BA in mathematics and computer science from the University of Tennessee.Recorded via Singapore, Friday 20 May, 2022.

D/L Link: https://www.dropbox.com/s/7vux6tkhfs4c21f/26.04.2022%20-%20The%20El%20Show%20With%20DJ%20Vectra-%20P%20.mp3?dl=0 Listen to The El Show every 2nd & 4th Tuesday of the month 13:00 - 15:00 Lock in via Mode.London or via Radio Cult Socials: Instagram: @moderadio.london @ELFormosax Twitter: @moderadiolondon @ELFormosax

Snake Oilers isn't our regular weekly podcast, it's a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We'll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company's cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud's Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google's Cloud-Native SIEM Platform

Las marcas puramente generalistas han ofrecido sino siempre, casi siempre, en sus gamas, un modelo deportivo. Y si no siempre, casi siempre, han fracasado. Los deportivos de las marcas generalistas sistemáticamente han fracasado… aunque hay explicaciones y hay excepciones… ¿Es lo mismo coupé que deportivo? Sí y no. De un coche con carrocería coupé se espera una cierta deportividad, por prestaciones y comportamiento. Pero hay coches muy deportivos con carrocerías nada deportivas, como son todos los Gti y algunos ejemplos paradigmáticos, como puede ser el Mitsubishi Evo, un coche muy deportivo con carrocería de taxi… Los coches deportivos solo mantienen su valor y su caché si son de marcas Premium… o semi-Premium y que siempre han cuidado mucho esta categoría. El caso Toyota. Si atendemos a su variada gama, que empieza muy abajo Toyota es una marca generalista. Pero es una marca que, en muchos mercados, entre ellos es español, se percibe como algo más que generalista, quizás, entre otras cosas, a su contrastada calidad. Y también, quizás, porque siempre han cuidado este segmento de los coches deportivos. Toyota siempre ha ofrecido deportivos de mucho nivel. No podemos olvidar al excelente Supra ni al Celica ni al MR2 de motor central. Y en la actualidad sigue cuidando este segmento. Volkswagen: La sombra del Golf es alargada. VW es otra de esas marcas que podíamos definir como semi-Premium y que siempre ha cuidado el segmento de los deportivos, con coches como el Corrado y las sucesivas generaciones de Scirocco… pero siempre a la sombra del Golf. Los refinados Honda. No me quiero olvidar de Honda, otra marca muy especial y que siempre ha tenido deportivos en su gama, algunos muy modestos, como el S600 que pude conducir en un rallye de regularidad, el precioso S2000, el polivalente Prelude o su majestad el NSX. Hyundai Coupé. En este caso no hay duda: Hyundai es una marca generalista. Y en sus comienzos, una marca con imagen casi de Low Cost, como era el caso de todas las coreanas. Pero es que Hyundai se lo curró de verdad. Fui a la presentación de la primera generación (1996-1999) y probé la versión de 1.8 litros y 130 CV. Muchos compañeros míos decían que el coche era muy feo, algunos que corría poco y ninguno que no fuese muy bien de bastidor… Los fracasados. He elegido unos pocos, aunque hay más. Los he elegido por que son coches todos ellos que probé en su momento y algunos de ellos, también después, ya como clásicos. Vamos por orden alfabético. Citroën SM (1970-1975) ¿Un fracaso el SM? Ya sabéis que es un coche que me encanta, pero sí, fue un fracaso. El Citroën SM debutó casi al mismo tiempo que la crisis del petróleo. Y por mucho motor Maserati que llevase un deportivo tan caro, tracción delantera y bastante delicado… no interesaba demasiado. ¿Se adelantó a su tiempo? Puede ser. Ford Cougar (1998-2002) También estuve en la presentación de este coche en Alemania. Y acerté en su momento cuando dije que este coche no iba a triunfar. ¿Era un mal coche? Pues no, pero no era deportivo para nada y su estética, en mi opinión, era un poco anodina. Fiat Coupé (1993-2000) Honestamente, no so muy fan de Chris Bangle, diseñador de este coche… que desde luego es original y llamativo, pero no me parece un coche de verdad bonito. Aunque voy a ser honesto: Al contrario de muchos de los coches de esta lista, que han envejecido mal, creo que a este coupé la pasa lo contrario. Opel Calibra (1989-1997) Este coche no era ni más ni menos que un Vectra con carrocería coupé. Pero con la aparición del V6, del Turbo, de 4x4 y su participación en el DTM, se le dio bastante lustre. Peugeot 406 Coupé (1995-2005) Este coche no solo fue diseñado por Pininfarina, sino incluso fabricado cerca de Turín. Y es que es un coche bonito que tuvo éxito, del que se vendieron más de 100.000 ejemplares. Suponía el retorno de la marca a este segmento y se ofrecían versiones con motor 2.0 litros de 136 CV y un V6 de 3.0 litros y 207. Siempre fue un coche cerca del concepto GT, coche bonito pero práctico y cómodo, y lejos del concepto deportivo. Renault Fuego (1980-1982) Poner una carrocería coupé y un motor más potente a un R18 no lo convierte en deportivo. Y luego ya, si para colmo, le pones un motor turbodiésel… pues ¿Qué queréis que os diga? El Fuego fue un buen coche, especialmente valorado en Argentina, donde se le vio mucho en competición. Conclusión. Los usuarios amantes de los deportivos valoran mucho la marca. Pero esto no es solo una cuestión de “marquismo”, que también, sino de diversión al volante. El mayor problema de los deportivos generalistas es que no eran deportivos, sino coches con carrocerías más bonitas destinadas a personas que no necesitaban una berlina.

The one in which James and David indulge in their Bond fantasies, Ed Harris doesn't drive a Vectra, and there's some chat about cars which would allow James to travel with not one but two Hammer Horror actresses sitting alongside him in the front.

Hitesh is the CEO of Vectra, a leader in the threat detection and response for cloud and data center workloads. Vectra was founded in 2011 to leverage AI/ML to detect network threats and has since seen phenomenal growth in the business.In this episode, we'll talk about security, the state of the public and the private market, the great resignation, and above all product and company building. 

From CarPlay to coaches, this week's Car-Chum podcast has it all.  How about robotised manual gearboxes from Saab (the Sensonic, remember them?), a daily driving Model T and a Golf GTI chase with a 1950s Bristol?  Yep.  All of that, too.  Ferraris, fat Lexuses and Dacias all duke it out for a coveted page on this year's Car-Chum Calendar.

Talking Synths is a weekly podcast where Syntaur's crew chats about all manner of synthology. In this special episode of Talking Synths, Syntaur's Carlos Morales sits down with Jered Flickinger of Future Retro and takes a sneak peek at the soon-to-be-released Vectra synthesizer. Future Retro was founded by Jered in 1997, and has released a hosty of unique products like the 777, Revolution, XS, Mobius, 512, and now the Vectra.  Linktree: Syntaur Instagram: @syntaursynths Facebook: Syntaur Twitter: @syntaursynths Tik Tok: @syntaur

Hoy hablaremos de los nuevos lanzamientos de la semana incluyendo los nuevos boutiques de Roland, actualizaciones de Bitwig y la serie keylab mkii de Arturia, el nuevo sinte Vectra de Future Retro y más. https://youtu.be/-okiywY7g6o

Join Randy and Nour to welcome Marty Sanders, Senior Vice President Americas at Vectra AI onto this weeks episode of Tech Sales Insights LIVE: 'Driving Exponential Growth' Send in a voice message: https://anchor.fm/salescommunity/message

About Chris Morales: We're here this week with an AI and threat modeling guru, Chris Morales! He's Netenrich's FIRST CISO and Head of Security Strategy overseeing the strategic development, implementation, and market execution of the company's security solutions and processes. Chris has 20-something years of information security experience, having previously led advisory services and security analytics for Vectra AI – while at Vectra he educated many of the Cloud Security Alliance chapter members on dissecting a Microsoft Office 365 attack. During his career, he has advised and designed incident response and threat management programs for some of the world's largest enterprises. Chris has held senior roles in cybersecurity engineering, consulting, sales and research at companies such as HyTrust, an Entrust company, NSS Labs, 451 Research, Accuvant (acquired by Blackstone Group), McAfee and IBM. He is also currently a council member with CompTIA Cybersecurity and advisory board member for Saporo. He not only brings his wicked smart knowledge on cyber; his candor and wit is refreshing. To boot, he's from the friendship state – Texas, so listen to this podcast – it's like hearing from a friend!Guest Chris Morales LinkedIn: https://www.linkedin.com/in/cmatx/ (https://www.linkedin.com/in/cmatx/)   Twitter: https://twitter.com/MoralesATX (https://twitter.com/MoralesATX) Highlights: 0:00 - Introductions & About Netenrich Netenrich, Ingram Micro and expanding from roots Evolving IT & Security specialization Moving from consulting to CISO 7:10 - Pathway to CISO What's the definition who makes a good CxO? Six Types of CISO - Ref: https://www.forrester.com/blogs/the-future-of-the-ciso-six-types-of-security-leaders/ (Forrester Article, Jan 2020) Identifying different types of personalities for industries Every company is a tech company 14:26 - Difference: Secure Operations vs. Security Operations Question of proactive vs reactive Two different focuses - predictive with cultural challenges and buy in Enhancing customer experience Situational awareness is important with looking at same set of data between groups to communicate daily. 18:16 - Bring Value of "Why Do I Care?" Entire management chain needs to care Alignment is important with the C-suite Look at data, threat modeling to share how and why it impacts key holder Chris learned a lot from statistical analysis and appreciation of data 22:48 - How Chris Came To Security Started as Computer Science to make video games Dropped out of college to launch his own business Joined the military Listened to his Dad talk about "The Art of War," Sun Tzu Spent time hacking to get video games Moving positions and being open to job challenges 31:35 - Advice to Future Leaders The title doesn't mean anything It's more important on what you do Have insight and empathy on why people do things, and learn their pain points Don't worry about being good at everything. Pick one thing and be good at it Hacking is social engineering Security breached through end users is a failure of the security team Don't be afraid to fail as a leader People are the victims, not the problem People are suffering from our technology problem 37:25 - How Chris Avoids Burn Out The question - How do you get more sleep? There is no magic answer and sometimes hitting the wall can be scary "I Am Me" - Chris needs to write this book on addressing burn out Do what you like and works for you. Burn out - Working too hard and no one cares. Final Thoughts: On avoiding burn out: Working hard is ok, but recognize when you are working too hard and no one cares.

In this episode of the Endace Packet Forensic files I talk with Tim Wade, Technical Director from the Office of the CTO at Vectra.AI, who shares his insights into the “SOC Modernization” trend and three pillars that he suggests require a change in thinking to ultimately be successful.Tim starts with a fundamental change in philosophy - he suggests SOC teams need to shift from a “prevention” to a “resiliency” approach to cyberdefense. He illustrates the importance of taking incremental and iterative steps with monthly and even weekly measurement and review cycles to evaluate progress.Tim suggests SOC teams need to better understand the rules of the game so they can step back and actively work to break them - because that is exactly what our treat actor adversaries are doing every day. Challenge everything and think like your opponent.Finally, Tim advises CISOs that modernization needs to address challenges holistically. Not just focusing on technologies, but also ensuring they are working on people and processes and gaps in training, communication, and thinking.

Ali Phillips is an executive vice president and partner at Obermeyer Wood Investment Council, an independent registered investment advisor and financial planning firm based in Aspen and Denver, Colorado. Ali manages client relationships, working closely with individuals and multigenerational families, as well as advises on asset allocation and investment strategy. Prior to joining Obermeyer Wood in 2005, Ali was a vice president at Goldman Sachs and worked at Salomon Brothers in the US and London. In our conversation we discussed the concept of human capital and how our best savings and investment is taking our profession and leveraging it. We also talked about the challenge of finding a fulfilling non-traditional career in the mountains, but that it may take flexibility, patience, and focus to find the right fit. Lastly, we dove into investment strategy and the importance of a slow and steady approach versus taking a big gamble with your hard earned wealth.  ----- This episode is brought to you by Basalt River Park, a new riverfront neighborhood in historic downtown Basalt, Colorado. After an extraordinary community-wide planning effort, Basalt River Park is pleased to offer five brand new Waters Edge residences impeccably designed by CCY Architects. The homes overlook the Roaring Fork River and have easy walkability to downtown Basalt. To stay in the know, call (970) 927-8080 or visit https://www.basaltriverpark.com/. ----- This episode is brought to you by SH Building Group. The experienced team of professionals at SH Built, consists of client, site, accounting, subcontractor, design, and craft building specialists. They integrate the latest construction management technology into every project and offer Home Guardianship Services and Advanced inspections. Start planning your project today, call (970) 438-0925 or visit https://shbuilt.com/ (https://shbuilt.com/). ----- This episode is brought to you by Vectra Bank Colorado. Are you looking to buy a new home? Or, perhaps you are planning to refinance, renovate, or build? Cari Kuhlman, and the team at Vectra Bank, can help! Offering traditional mortgages, home equity loans, refinance options, and construction loans of all sizes – Vectra is ready to help you with your next project. Check them out at https://www.vectrabank.com/ (https://www.vectrabank.com/).  ----- Thanks for listening to this episode of Selling The Mountains. You'll never miss an episode if you follow the show on Apple Podcasts, Spotify, or your listening platform of choice. Please leave a short review and share it with a friend if you like what you heard. Sign up for the free Selling The Mountains newsletter to get exclusive content, episode recaps, exclusive sponsor offers, and more — visithttps://www.sellingthemountains.com/ ( https://www.sellingthemountains.com/).  Follow the show on Instagram or Facebook @SellingTheMountains. Follow the host on Twitter @Christianknapp, LinkedIn @ChristianKnapp, or Clubhouse @christian_knapp. This show was produced in collaboration with Dustin H. James at Podboarder.  Selling The Mountains is a production of Moment of Truth, LLC - all rights reserved.

Dan Dockray has been sharing Telluride with his clients for almost 20 years and finds no greater pleasure than helping others immerse themselves in both the local culture, and community. In addition to being a broker associate for LIV Sotheby's International Realty, Dan has been an active member of Search and Rescue since 2002. That level of commitment demonstrates his extraordinary level of service and ability to deliver for each and every client. Combined with his unparalleled knowledge of the area, countless connections and long-lasting relationships, he is the ideal broker to introduce Telluride to the Selling The Mountains audience.  In our conversation we discussed Dan's philosophy of bringing the entire community behind him for support and how tremendously important your reputation is in a small town like Telluride. We also talked about the pace of high-net-worth people moving to town and how it's accelerating the housing problem for locals. Lastly, we talked about listing Tom Cruise's ranch and the property itself — one of the most unique and beautiful in all of Colorado, and maybe the United States. ----- This episode is brought to you by Aspen Snowmass Sotheby's International Realty, the premier brokerage in Aspen and the Roaring Fork Valley. They are a powerhouse firm with international reach and over 180 hand-picked brokers who are local experts, deeply vested in the community and their clients. They set the bar in market knowledge, sales volume and satisfied clients and are convinced there's no better place to live than right here, right now. Learn more by visiting https://www.aspensnowmasssir.com/. ----- This episode is brought to you by Land Title Guarantee Company — Colorado's largest locally owned and operated title agency. Since 1967, Land Title customers can rely on thorough record searches and secure handling of money and information along with accurate and on-time processing of every transaction. Put your trust in the best and say your heard about Land Title on Selling The Mountains, call (970) 728-1023 or visit https://www.ltgc.com/ (https://www.ltgc.com/). ----- This episode is brought to you by Vectra Bank Colorado. Are you looking to buy a new home? Or, perhaps you are planning to refinance, renovate, or build? Cari Kuhlman, and the team at Vectra Bank, can help! Offering traditional mortgages, home equity loans, refinance options, and construction loans of all sizes – Vectra is ready to help you with your next project. Check them out at https://www.vectrabank.com/ (https://www.vectrabank.com/).  ----- This episode is brought to you by Obermeyer Wood Investment Counsel — an independent investment advisory and financial planning firm based in Aspen and Denver with roots dating back to 1982. Their team of experienced investors, thoughtful financial advisors, and focused problem-solvers would like to offer all listeners a complimentary, no-pressure investment portfolio review. To schedule an appointment and learn more about their services, visithttps://obermeyerwood.com/ ( https://obermeyerwood.com/). ----- Thanks for listening to this episode of Selling The Mountains. You'll never miss an episode if you follow the show on Apple Podcasts, Spotify, or your listening platform of choice. Please leave a short review and share it with a friend if you like what you heard. Sign up for the free Selling The Mountains newsletter to get exclusive content, episode recaps, exclusive sponsor offers, and more — visithttps://www.sellingthemountains.com/ ( https://www.sellingthemountains.com/).  You can follow the show on Instagram or Facebook @SellingTheMountains. You can follow the host on Twitter @Christianknapp, LinkedIn @ChristianKnapp, or Clubhouse @christian_knapp. This show was produced in collaboration with Dustin H. James at Podboarder.  Selling The Mountains is a production of Moment of Truth, LLC - all rights reserved.  

This episode flips the script with Andrew Travers, editor of the Aspen Times Weekly, in a conversation about lessons learned from the first three months of the podcast. We discuss current trends impacting the brokerage community, revisit the pandemic-fueled mountain real estate boom, and look ahead to the busy summer selling season. Ep. 15 is a companion piece to a feature story in the May 6 issue of the Aspen Times Weekly written by the host Christian Knapp. ----- This episode is brought to you by Bowden Homes. Legendary Aspen developer Bob Bowden and his team have been designing, building, and remodeling homes since 1984 under his flagship namesake. Their design-first approach has made them one of the most successful residential developers in Aspen. A Bowden Home creates a legacy cherished for generations to come. Learn more by calling (970) 948-7000 or visit https://bowdenhomes.com/ (https://bowdenhomes.com/).  ----- This episode is brought to you by Vectra Bank Colorado. Are you looking to buy a new home? Or, perhaps you are planning to refinance, renovate, or build? Cari Kuhlman, and the team at Vectra Bank, can help! Offering traditional mortgages, home equity loans, refinance options, and construction loans of all sizes – Vectra is ready to help you with your next project. Check them out at https://www.vectrabank.com/ (https://www.vectrabank.com/).  ----- Thanks for listening to this episode of Selling The Mountains. You'll never miss an episode if you follow the show on Apple Podcasts, Spotify, or your listening platform of choice. Please leave a short review and share it with a friend if you like what you heard. Sign up for the free Selling The Mountains newsletter to get exclusive content, episode recaps, exclusive sponsor offers, and more — visithttps://www.sellingthemountains.com/ ( https://www.sellingthemountains.com/).  You can follow the show on Instagram or Facebook @SellingTheMountains. You can follow the host on Twitter @Christianknapp, LinkedIn @ChristianKnapp, or Clubhouse @christian_knapp. This show was produced in collaboration with Dustin H. James at Podboarder.  Selling The Mountains is a production of Moment of Truth, LLC - all rights reserved.

We've been working from home for months and there is more of it to come. Just to cheer us up even more Chris Morales, head of security analytics for Vectra, says a load of our commonly-used apps may be insecure. He offers tips on what to do about this and they're not difficult.  If you like what you hear in this episode, why not leave a review on your favoured podcast platform?

OK, look, it's not the Near Futurist Guy Clapperton who ends up referencing Skynet and the Terminator in this episode - it's Oliver Tavakoli, a serial executive who is currently CTO of Vectra. In this far-ranging interview he outlines the basics of artificial intelligence, robotic process automation, machine learning and deep learning - and also looks at where it's all going. We're not asking all the right questions about this - OK, we talk about eliminating boring jobs but what if one of those happens to be your livelihood? Half an hour of thought-provoking dialogue with me, Guy Clapperton, and Oliver Tavakoli. If you enjoy it please do leave a review wherever you download from - and if you're one of the people who've rated the podcast on iTunes and contributed towards its 4.8/5 rating, thank you!