Cyber Security Dispatch

Today on the show we welcome with Christian Folini of ModSecurity. Christian is the author of The Modsecurity Handbook (2nd edition) and Co-Lead of the OWASP ModSecurity Core Rule Set project. He is also the program chair of the Swiss Cyber Storm conference, Vice-President of Swiss Cyber Experts and a partner and consultant at netnea.com. In this episode, we discuss Christian’s interesting path from PhD in Medieval History to becoming an expert in computer science. He also shares his fascinating work with the Swiss voting system and how E-voting is alive and happening in that country today. Will a system like this ever be possible in the US? We get into that too. We also get into some interesting discussions drawing parallels between Medieval social history and the what is happening with the internet today, in terms of open source technology. He also explains (in a way your grandparents will even understand) how a firewall works, whitelisting, blacklisting, IP addresses and malicious and non-malicious traffic. We also hear more about his strategies for reverse proxy and stopping D-DOS. A background in humanities has really served Christian well in the art of explanation, making this episode full of great imagery, good humor and information that even the dog next door might appreciate.

Welcome back to the Cyber Security Dispatch, in this episode we welcome Stephanie Crabb, the founder of Immersive. Stephanie is here discuss the role of her company in cyber security and data protection in the healthcare sector. Healthcare provides an unique and striking example of the cyber security concerns of the contemporary world with the intersection of the government, business interests and individual rights creating a very particular dynamic. We chat about Stephanie’s career arc up until now and then move on to situating the cyber security debate within the medical profession. We also discuss GDPR and HIPAA as well as the NIST Cybersecurity Framework. Stephanie’s knowledge and expertise in these areas is extensive and she generously shares much of her wisdom and perspective on these pertinent issues. For all this and much more be sure to tune in!

On today’s episode of the Cyber Security Dispatch we welcome the CEO of The Bit Bazaar, Erfan Ibrahim to talk about his groundbreaking ideas in the fields of security and resilience. Erfan’s expertise extends beyond the common cyber domains into the world of mechanical infrastructure and hardware and we hear all about the challenges that this dimension adds to the work. Erfan tells us about how he came up in the field and landed in his current position before deep diving on the topic of hardened and layered defenses, something that he sees as paramount to resilience. We then go on to chat about institutional architecture, mental models, confidentiality, ‘hyper-quiet’ networks, existent and legacy hardware and much more. So be sure to tune in for one of the most visionary and thoughtful conversations we have had the pleasure of hosting on this podcast.

In this episode of the Cyber Security Dispatch we welcome Michael Marriot of Digital Shadows, a company specializing in security from dark web threats. Although we often see to hear about the dark web and the dangers of these hidden portals of the internet, its very nature means it is often spoken about in the vaguest of terms. Michael gives us a quick dive into an understanding of what the dark web provides and why it is not always the bad place it is supposed to be. We look at the market places that are housed within the dark web and thus talk about the types of cyber crimes that typically occur in these spaces. Our guest does a great job of explaining just how his company can protect customers from these types of threats and we also discuss how more widespread proactive user behavior could lead to decreases in these threats. Michael offers a lot of insightful information on rippers, security strategies and criminal personas, so this is an episode you are not going to want to miss.

Today on the show we speak with Scott Laliberte, the former Information Security Systems Officer for the US Coastguard and Managing Director and Global Leader of the Cyber Security and Privacy Practice at the global consulting firm, Protiviti. In this episode, we discuss the necessary mindset shift that CISOs need to make and why we need to be using new technological toys, like AI and machine learning, to solve legacy issues. Scott shares his findings on how CISOs need to and are starting to talk the business language and how the changing narrative of what security does for business can lead to a more cohesive enterprise. We find out why acknowledging weaknesses, foregrounding transparency and “talking the talk” can lead to a CISO’s longevity and success. In addition, we discuss the tech skills shortage and how the industry is working to create a balance between the experienced workforce and the new kids on the block.

Today on the show, we speak with Giovanni Vigna – CTO and co-founder of Lastline, a cyber security startup, and Director of UC’s Santa Barbara Center for Cyber Security, where he also serves as a computer science professor. In this episode Giovanni shares his unique perspective as both a security technologist and an academic on educating and diversifying the next generation of software programmers and data scientists. Giovanni also shares his insight on technical superiority, buzz word trends, and how triage is the most overlooked and probably the most impactful aspect of security operations today. If done right, triage could be a powerful ally. If done poorly it can suck up time, investment, and leave you exposed. Lastly, we head to the soccer field and find out why CISO’s are just like goal keepers – all guts no glory. Can we really get credit for the attacks that didn’t happen? Find out in this episode.

On today’s episode of the Cyber Security we welcome Marton Illes who is the Director of Privileged Access Management at Balabit. Martin is here to talk to us about his work and role in the company and also to shed some light on this area of cyber security. Most of us are familiar with the ideas of privileges in varying forms but Martin is here to explain exactly how they can work to certain organizations’ benefit and the serviced that Balabit provide. Our guest gives us his background in security and then proceeds to lay out the ways in which privileges can work in company systems as well as some of the pitfalls to avoid. We go on to discuss the idea of monitoring and how to monitor those in higher positions or so-called super-users. Martin details certain pain points within this area and openly describes some of the shortcomings of the technology. From there we go onto discuss current security affairs such as GDPR and the impact of the cloud on his work.

Today on the show we welcome Joe Gray. Joe joined the U.S. Navy directly out of High School and served for seven years as a Submarine Navigation Electronics Technician. Today, Joe is a Senior Security Architect and lead blogger and podcaster at Advanced Persistence Security. He is also the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading, among others. In this episode, we learn all about phishing for awareness. Joe shares how you can mitigate the damage that can be caused by phishing and how white box pen testing relates to phishing overall. We also discuss the current cyber security landscape from a national and international perspective and the importance of companies setting up phishing engagements against their employees. Joe also shares some useful tips on how to limit the damage in securities within IOT devices, as well as how to use disinformation to protect your personal accounts. In an industry that focuses a lot on protecting business, Joe believes that we need to take a step back and look at how we protect people. By the end of this episode, you’ll have a more human perspective on phishing and cyber security and want to share this mindset with your colleagues, family and friends.

On today’s episode we are joined by Pam Dixon, Executive Director or World Privacy Forum. As privacy seems to be one of the most current issues at the moment, even outside of the cyber security industry, we are very excited to have Pam with us to discuss her work in the field. We chat about what the privacy landscape looks like at present, which of course leads into the topic of GDPR, which our guest unpacks for us a bit. Pam views privacy as an issue that falls under the banner of more general human rights and she explains that absolute privacy for its own sake should not be the goal. We then go on to talk about the role of companies and organizations in determining the development of the policies that will shall see, both created and then implemented. Our guest argues that we should all be approaching the issue of privacy in a affirmative and constructive manner in order to build the future we really desire.

On today’s episode of the Cyber Security Dispatch we are joined by Stephen Cobb and Tony Anscombe of ESET. With decades of experience in the field our guests have a wealth of knowledge and expertise to share and they will be talking about their work that centers on IOT and securing home devices. We start off the conversation looking at their backgrounds in the industry and their connection to the RSA conference before looking more specifically at ESET and what the company does. We cover the familiar questions around the cloud and then move on the main course of the interview where we discuss IOT. Our guests give us great insight into possible threats, the evolution of the hacker and what sorts of security frameworks work in which instances. Towards the end of the conversation we touch on GDPR and the future of IOT, which our guest are still somehow optimistic about despite their profession! So for all that and more, tune in and hear what they have to say.

On today’s episode we welcome Ratinder Ahuja, the CEO and co-founder of ShieldX. With many years in the cyber security profession, notably working at McAfee before starting his current company, Ratinder has great experience and perspective on the field. In our discussion he explains the beginnings of ShieldX and the reasons that founding the company was necessary. Our guest gives us a great explanation of the terms ‘horizontal’ and ‘east-west’ security and the central role of these ideas in his business. We chat about the migration of on- premise systems to cloud services as well as the compatibility that ShieldX shares with the major web services. We also cover common usages of the company’s security and hear from Ratinder about why the new ways in which ShieldX operates surpasses old, agent based approaches. We finish of the conversation by recapping the three-dimensional approach to security that Ratinder and the company employ and how this might evolve in the near future. Tune in to hear it all!

Today on the show, we welcome Jaya Baloo, the Chief Information Security Officer of KPN in the Netherlands. Jaya has held this position since 2012 and has been in the information security arena for the past 18 years prior. Today Jaya works with an amazing information security team of highly driven specialists at KPN. She is also a frequent speaker at security conferences around the globe on subjects around lawful interception, mass surveillance and cryptography and in 2015 she won the Cyber Security Executive of the Year Award. In this episode, Jaya shares her experience, knowledge, insights and good humor around the topic of cyber security. Jaya shares what she means by the term “Riding the Security Rollercoaster” and why security companies need to work to end this cycle in order to sustainably manage vulnerabilities and incidents. KPN’s mission is to keep KPN reliable, secure and trusted for customers, partners and society and in this episode, we hear with refreshing honesty, how they are doing just that.

On today’s episode of Cyber Security Dispatch we welcome Gary Berman, the CEO of CyberMan Security and the creator of cyber security comic book, The Cyber Heroes Adventures. Gary’s journey in the cyber security field is an unusual one and his professional story is one we are sure you will enjoy listening to. 15 years ago, after building a successful company with his wife, it was hacked from the inside by some of Gary’s employees, eventually leading to its the company’s demise. Gary bounced back from this and moved onto new ventures but was, after years disconnected from that organization, still plagued by cyber threats that seemed related. Gary chose to respond to this situation by learning about cyber security and effectively turning this process into a comic book for others to utilize. Thus, the Cyber Heroes were born! The series will chronicle, super heroes of cyber crime for educational and helpful outcomes. Gary tells us all about his back story and then the genesis of the comic as well as his thoughts on the industry from his unique perspective. So for an extra special episode, be sure to tune in and get it all!

Today on the show we welcome, Lisa Wiswell. Lisa is an leader in the security space with nearly a decade of programmatic and cyberwarfare experience. Lisa helped start the Hack the Pentagon program during her time working at the Department of Defence. Hack the Pentagon was initially a three-week long bug bounty where the department allowed 1,187 people, completely unaffiliated with the U.S. government, to hack them. Now an ongoing program, Hack the Pentagon, continues to create great cultural shifts in cyber security practices. In this episode, we discuss the challenges of overcoming institutional resistance to having outsiders hack your systems and the surprising success and praise the program received. We also touch on current issues about vulnerability and disclosure and how to create a system where vulnerabilities can be disclosed in a responsible way. Today, Lisa works as a Principal at Grimm and and an advisor at HackerOne, and in this episode, she reminds us why you cannot tell the world you are secure if you aren’t!

On today’s episode of the Cyber Security Dispatch we welcome John Cassidy of King & Union to discuss their new product called Avalon. With some notable experience and success in the field of cyber security, this new project marks a leap forward for John and his team and we were eager to hear all about it. John explains what sort of market this product is aimed at and how it fits into the crowded field of security. He goes on to quickly show what sets Avalon apart from the rest of the products that offer a similar sort of service and how it could be integrated into already established systems and industries. Our guest also helpfully explains the mechanics behind Avalon and its situation in the cloud. We close out this punchy episode with a little information on John’s company, King & Union, with John sharing some insight into the process of running a start-up, creating a strong team and what they aim to achieve with their office space.

Today on the show we welcome David Smith who is the CISO of Nuix. David is here to talk to us about the landmark Black Report that he and his organization produced. The document is a groundbreaking collection of findings on the world of security which profiles current threats with an emphasis on the social and psychological aspects of the hacker. In our discussion, David gives us great insight into the thrust of the report and shares many perspectives on topics such as the role of human motivations is attacks, current hacker trends or the lack thereof, hacker communities and of course ways to safeguard against threats. We also cover testing and drill protocols, David’s background in the secret service and the evolution of software. David’s expertise and methodical approach to cyber fortifications make this a must hear episode for anyone interested in the field, so join us for this vital conversation.

In this episode, we welcome Mike Price, CTO and Co-founder of ZeroFox. ZeroFox is a social media and digital protection platform built for enterprises. In this episode, we explore the new risk of brand impersonation used to hijack revenue and customers and how enterprises are finally starting to see why this is so important. We discuss why security never appears to be top of mind when it comes to social and how ZeroFOX works to protect companies who are being harmed by the behavior of others on social. We round off the conversation with an interesting discussion on crypto money and debate whether the home is becoming a new target for hackers with the rise in home-based technologies, such as the Alexa virtual assistant.

On today’s episode we are joined by Simon Gibson, CISO of Gigamon. We chat to Simon at the RSA conference about his background in cyber security and his experiences in the different realms of the security world. As a former employee of Bloomberg and AOL, Simon has built skills in varying positions in contrasting companies, something he believes is vital to the flexibility of a good CISO. Our discussion covers his accumulated knowledge through these years of work, the rising importance of data in the security sector, cost considerations and the ethical concerns and responsibilities of companies in regards to their clients. We also chat about company hygiene and best practices for the prevention of risk accumulation. The conversation ends off on the position of cloud services and how this may alter the job of a CISO, before Simon looks back at some highlights and lowlights from the RSA Conferences of the past.

On today’s show we welcome Arthur House Chief Risk Officer for The State of Connecticut. With the growing risk of cyber crime, it is not just businesses and privately owned enterprises that are in danger. National security and state infrastructure also runs the risk of attack in this world of cloak and daggers. Arthur House who heads up the state led defense against cyber crime is here to tell us all about the groundbreaking working he and his team have conducted in the past couple of years. The Connecticut model, as it has become known after its success, really took national cyber defenses a step forward and Arthur is here to give us his insight into this process as well as to look forward to what some may see as an uncertain future. During our conversation, Arthur stresses the importance of collaboration and communication between all parties involved in the battle against cyber attacks, and a key takeaway from the episode is the idea of resilience to instances of danger rather than some false idea of prevention. All this and more, so tune in!

On today’s episode we welcome Dr. Ron Ross, who heads up the computer security division at NIST. Dr. Ross has something of a rockstar reputation in the cyber security world at present after his work at NIST and the resiliency framework they created has pushed things forward notably. In our conversation we look at Dr. Ross’ role at NIST and how this relates to the current particulars of the cyber crime world. We also cover the increasingly popular topic of ‘resiliency’, which is now seeming to trump the idea of ‘security’ in common parlance. Dr. Ross details just how this concept plays out in the systems he is helping to create, and how resiliency can strengthen all cyber fortifications. Dr. Ross then comments on the the three prongs of diversity, deception and dynamism and the configuration of these against threats. We finish off by looking at virtualization and spreading information on cyber resiliency. The work Dr. Ross has been spearheading has made leaps for the field and will lead the practices of many for years to come even as tactics evolve and change, so for a direct link to a leading expert, make sure to listen in to this episode.

In this episode, the nightmare of IOT vulnerabilities, we talk with Stefano Zanero and Roberto Clapis of Secure Network. Stefano and Roberto walk us through the nightmare that is security, more telling perhaps the lack of security in the IOT devices we’re making these days.

In this episode, Air Gaps Are Like Unicorns, we talk with Galina Antova. One of the co-founders of Claroty, a fast growing security startup in the world of industrial control systems. She shares her experience working to protect these critical systems and the journey that led her to found Claroty.

Today on the show we have Justin Berman of Zenefits as our guest. Justin is currently the Chief Information Security Officer at the company and we chat to him about what this role looks like in the contemporary climate. For Justin, cyber security is a communal undertaking and this community extends beyond your own company. The better the communication within departments, companies, industries and even globally, the higher the wall of safety can be built. We chat to Justin about how he got into the field, his approach to risk, his advice for the practice at large and get some insight into his hopes for the future. Justin also breaks down his take on the different roles of CISOs and how they fit into a staff as well as the centrality of this position. All this and more, so tune in!

Today on the show we welcome Andrea Little Limbago. Andrea is the Chief Social Scientist at Endgame, directing and contributing to the company’s technical content. She has a background in quantitative social science and direct operational support and writes extensively on the geopolitics of the cyber domain, policy, and data science – making her the perfect guest for today’s topic. It’s often easy to forget that behind every computer is a human being and that cyber security is as much a human problem as it is a technical problem. In this episode, we talk with Andrea about the challenge of securing the internet humanely and what the future of the internet looks like as it splinters from an open, borderless system to one that increasingly gets controlled by state and sovereign nations. We touch on the challenges faced by the cyber security workforce today, US elections, China’s new social credit system, crypto-currency, the new developments in GDPR and how they all have the potential to impact democracies and the control over your own data.

In this episode, we welcome Joe Slowik. Joe is the threat and adversary hunter at Dragos and has extensive network security and computer network operations experience spanning the military, intelligence, and nuclear communities. In this episode, Joe takes us beyond the often sensational headlines and misconceptions to walk us through the real challenges and current state of protecting industrial systems and critical infrastructure in our world today. We learn more about what we should aspire to when it comes to industrial control systems and why we need to develop a more analytical approach to threat behavior. Joe shares with us why the Dragos company motto is "safeguarding civilization," as well as their methodology to detect threats and provide the context, tools, and knowledge to respond to attacks with speed and confidence. Could we be safer than we think? Take a listen to find out more.

In this interview, we talk with Steve Orrin, CTO of Intel Federal and take a deep dive into how government agencies are speeding up and changing their process for adopting new technology.

Paul's perspective having been leading some of the efforts that shaped how the modern internet works today. We talked about how such complex and multi partied ecosystem is always going to create problems and issues we couldn't imagine and how we as a global community are still struggling to solve them.