ITSPmagazine Audio News
 

Can you believe that the radio is on the Internet? Who would have guessed? It seems like just yesterday that we had to play with a knob to tune in to our favorite station to hear our favorite shows. It was an intimate and personal relationship with the media; with the DJ or the talk show hosts. It was news, entertainment, and companionship. The radio was a good friend. 

Well, technology has really gone a long way, hasn't it? The radio is still a good friend, in many cases, it just looks a little different than what it used to. Still, we want and need that human feeling, that material touch, that personal connection with 'things'—even with digital ones; even in this cyber society we now live in. And that is why the radio is still around, why books are still on the shelf, and why vinyl has made a comeback.

As you have probably noticed, at ITSPmagazine we have a soft spot for mass media—they way things used to be. And yet, while we still cover the information security industry in written form, we recently realized that we love to talk about cybersecurity and society as much as we love to write about it.

We hope you enjoy what you hear.

Thank you for listening.

ITSPmagazine's Podcast series

Audio News From Black Hat USA 2017

 

 

Episode 437 - Genetic Intelligence

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is legislation that provides data privacy and security provisions for safeguarding your medical information but the act only within the U.S. This means that there's nothing to stop a U.S. genetic testing company from passing that data on to non-U.S. companies. Rusty Sailors, chairman and CEO of LP3-SecurIT, explains what's going on.


Niloo Howe of RSA Talks to Diverse IT About Why We Should Embrace Being Uncomfortable

Selena Templeton, host of Diverse IT, caught up with Niloo Howe, Chief Strategy Officer of RSA, at Black Hat USA 2017 to discuss why a diversity of perspectives is required for innovation. Tune in to hear how different perspectives and experiences drive better top- and bottom-line outcomes, why we should embrace being uncomfortable rather than making the safe choice, why the hell no one knows that Hedy Lamarr wrote the base patent for CDMA technology for secure communications, and steps you can take to bring more diversity to your company.


Debra Farber chats with Chad Holmes from EY about cybersecurity, privacy, and safety

From the halls of Black Hat USA 2017, Debra Farber, host of The Privacy Pact on ITSPmagazine, talks with Chad Holmes, Partner/Principal and Cyber Chief Technology, Strategy and Innovation Officer from EY about filling the cybersecurity talent gap. They also discuss trends in privacy and security that EY sees in the industry and Chad also describes innovation around cyber safety in society.


Paul Myer talks w/Sean Martin during Black Hat 2017, discussing securing OT, Operational Technology

As an industry, we often focus on information technology and information security. And, while the media as a whole covers stories of denial of service attacks and power grid shut-downs, as a general rule, the industry seems to be obsessed with protecting information - protecting the traditional IT systems that manage that data - IP, customer data, and the like. However, based on a conversation I (Sean Martin) had with Paul Myer, CEO of Veracity Industrial Networks, that needs to change - we need more attention paid to the operation technology - or “OT” space.

Listen in as I catch up with Paul during Black Hat USA 2017 - I suspect you’ll look at cybersecurity in a different way after hearing what he has to say.

 


Do companies have a responsibility to protect their employees? Byron Rashed suggests they do

In this podcast, Sean Martin, co-founder and editor-in-chief at ITSPmagazine, spent some time with Byron Rashed, VP of advanced threat intelligence at InfoArmor during Black Hat USA 2017.

One of the most intriguing parts of the conversation was the focus on moving beyond protecting the business information and customer information, but also protecting the privacy and security of the employees within a business. Organizations have a responsibility to their employees to make sure they are safe - and they also have risk associated with an employee being compromised. This is where threat intelligence comes into play - but not at the expense of human intelligence, warns Rashed.

Listen in to hear how Byron recommends CISOs approach this challenge.


Yuji Ukai & Pablo Garcia, from Tokyo-based endpoint security company, FFRI, from Black Hat USA 2017

Years after working with them at eEye Digital Security, Sean Martin connected with Yuji Ukai and Pablo Garcia, now working for Tokyo-based endpoint security company, FFRI. Yuji is the founder and CEO and Pablo is heading up all of the North American operations for FFRI. During their conversation. they discuss some of the challenges small and medium sized businesses face, with the pair offering some suggestions and tips for this massive group of organizations to consider.


Joseph Carson, from Thycotic, presents the results of the 2017 State of Cybersecurity Metrics Report

Marco Ciappelli met with Joseph Carson, Chief Security Scientist at Thycotic, to discuss the results of the company’s first annual 2017 State of Cybersecurity Metrics Report, 

The report analyzes key findings from a Security Measurement Index (SMI) benchmark Survey of more than 400 global business and security executives around the world.

According to the report, most companies worldwide are failing to measure cybersecurity effectiveness and performance.

More than half of the 400 respondents in the survey, 58 percent, scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

While this sounds bad for big companies it gets even worst when we look at small business. For example: In 60% of the cases they cannot recover from a serious cyber attack.

Listen to this story recorded on the Expo Floor at Black Hat USA 2017 - pardon the background noise.


Alex Horan [Onapsis] discusses the challenges with auditing and GDPR as it relates to ERP systems

Why is it important to audit and meet compliance for your ERP systems? Alex Horan chats with ITSPmagazine's Sean Martin - during Black Hat USA 2017 - as he describes some of the requirements for meeting compliance, using the Global Data Protection Regulation as a model for purposes of discussion. What data do you have, and whose data is it? What are the requirements to protect it from unauthorized access AND what are the requirements for removal of the data when the owner of the data requests.


Angela Messer Discusses the Importance of Putting Measureable Diversity Programs in Place

Following her live panel during Black Hat USA 2017, Booz Allen Hamilton EVP (plus talent champion and innovation officer!) Angela Messer, sat down with ITSPmagazine’s Selena Templeton, host of Diverse IT, to chat about how her company is tackling diversity and inclusion. Tune in to hear her thoughts and experience on being the “SheEO” speaker at a STEM high school, how their CEO walks the talk by being one of 200 members of CEO Action for Diversity & Inclusion, why diversity is about so much more than just building a diverse workforce, and the importance of putting concrete programs, with goals, metrics and outcomes, in place


Tim Jarrett from CA Veracode talks about application security during Black Hat USA 2017

Tim Jarrett, CA Veracode, talks about application security with Sean Martin during Black Hat USA 2017. What are the drivers behind organizations choosing to invest in application security and who should lead the application security program? How do companies get on top of the problem of insecure components being used in applications? Tim shares his thoughts with us, tying it all together with the Internet of Things and the impact connected devices have on society - due to the vulnerabilities introduced at the application layer.


Other Audio News

Leo Maduzia SVP at San Diego County Credit Union on risk, compliance and member privacy

At the 15th annual Credit Union InfoSec Conference in San Diego, California, Leo Maduzia, Senior Vice President, Chief IT Compliance and Risk Officer at San Diego County Credit Union chats with Sean Martin about risk and compliance management in the financial industry.


Jim Manico and Sean Martin discuss the value of OWASP and challenges maintaining the OWASP Top 10

Jim Manico from Manicode Security talks with ITSPmagazine's Sean Martin about the OWASP foundation and the collection of projects it maintains.

Some of the discussion points include:
- Introduction, history, and release candidate details of the OWASP Top 10
- Does the latest set of data lead to controversy over the items that made the top 10 list in the most recent release candidate?
- Jim provides some tips for making the most out of all that OWASP provides for developers, standards bodies, and OWASP leaders
- Jim lists some additional resources for different groups to use to help them drive secure app dev throughout their organization - from engineers to CISOs
- Jim's excited to share that he sees the InfoSec industry is being heard; now's the time to continue the good fight for security he says
- There are challenges associated with devops and Jim believes there is an over-reliance on tools for application security automation
- Jim provides some final, closing tips for getting started with an application security program - his "Monday list"


The play book: how network defenders outsmart their adversary

We have often heard that it's a good idea to approach and counter cyber threats by having an understanding for how the adversary thinks. Rick Howard, CSO for Palo Alto Networks, takes this concept to the next level with what he describes as the "adversary playbook" a concept he applies to his own information security program. During his chat with ITSPmagazine's Sean Martin, Rick categorizes the various types of cybercrime and the 6 steps criminals take to commit the crimes. Rick also shares a personal view into how he entered the field of information security, citing the Morris Worm and a book called the Cuckoo's Egg as two key drivers behind his decision to help fight cybercrime.


Rouman Ebrahim describes some cybercrime trends he sees as deputy district attorney for LA County

As deputy district attorney in the Los Angeles County District Attorney's Office - Cyber Crime Division, Rouman Ebrahim sees a lot of cybercrime. In this interview with ITSPmagazine's Sean Martin, Ebrahim describes some of the trends he sees. Here are a few examples he covers during the interview:

- Former street gang members are moving into cybercrime - it appears to be a very lucrative business.

- The DA's office is seeing a lot of "credit line bust out” cases and combination cases involving identity theft and fuel theft; delays in regulatory compliance at fuel stations coupled with advancements in technology makes these crimes easier for criminals to commit.

- When is the only time you should use your debit card? Ebrahim shares his advice plus offers some other tips to help protect your identity, credit line, and your ability to access your cash.


Eward Driehuis Poses the Question: Did the WannaCry Cybercriminals Bite Off More Than They Can Chew?

Eward Driehuis, Chief Research Officer at SecureLink and IT veteran of over 20 years, chats with ITSPmagazine's Sean Martin to provide a European perspective into the WannaCry ransomware outbreak. Did the cybercriminals bite off more than they can chew? Have they created a larger mess than they'd like, attracting law enforcement from all over the world? In any case, there's no denying the impact is huge - so what can your company do to protect itself? Find out more in this riveting interview.


Yuri Frayman, CEO, Zenedge, talks with ITSPmagazine about the latest NHS ransomware attack

Yuri Frayman CEO, Zenedge, talks with ITSPmagazine's editor-in-chief, Sean Martin about the latest NHS ransomware attack. Has cybercrime caught the corporate world asleep at the wheel? Yuri describes the method of attack and how the bad actors turned the table from attacking the weakest link to get the big fish to exploiting an unacceptable weak link at the big fish to compromise an entire supply chain.


Kevin Haley, Director Symantec Security Response, Discusses Google Docs Phishing with ITSPmagazine

Kevin Haley, Director Symantec Security Response, chats with ITSPmagazine's editor-in-chief, Sean Martin, about the latest findings captured in Symantec's Internet Security Threat Report (ISTR). Some of the topics include:

- Targeted attacks trying to affect companies even with limited or non-existent economic gain to be had

- Small and medium businesses at a prime target, a sweet spot for the hacker industry, if you will

- The number and frequency of attacks against the IoT is surprising - consumers and businesses alike are connecting devices to their own networks and to the Internet

- The latest ransomware stats are in. Are we paying the ransoms? Are the ransom values up… how much are they now?


Jeremiah Grossman chats with ITSPmagazine's Sean Martin about security software guarantees

Jeremiah Grossman, Chief of Security Strategy at SentinelOne, chats with ITSPmagazine’s editor-in-chief, Sean Martin, about security software guarantees and the need to shift the minds, culture and expectations on both sides of the table during the security software purchasing process. How can companies connect the dots (and conversations) between the Chief Risk Officer, Chief Information Officer, Chief Security Officer, and Chief Financial Officer such that the company's security product purchases can have a direct impact on the types and levels of coverage required for their cyberinsurance policy? Listen in and hear how Jeremiah’s crusade to make security product guarantees part of every risk management and security management program will help businesses understand and mitigate their risk much more effectively and accurately.

To view the list mentioned in this podcast, please visit: blog.jeremiahgrossman.com/2017/02/info…rantees.html