ITSPmagazine Audio News

Our Audio News and Podcasts Series are available on iTunes | Stitcher | Soundcloud | TuneIn


Can you believe that the radio is on the Internet? Who would have guessed? It seems like just yesterday that we had to play with a knob to tune in to our favorite station to hear our favorite shows. It was an intimate and personal relationship with the media; with the DJ or the talk show hosts. It was news, entertainment, and companionship. The radio was a good friend. 

Well, technology has really gone a long way, hasn't it? The radio is still a good friend, in many cases, it just looks a little different than what it used to. Still, we want and need that human feeling, that material touch, that personal connection with 'things'—even with digital ones; even in this cyber society we now live in. And that is why the radio is still around, why books are still on the shelf, and why vinyl has made a comeback.

As you have probably noticed, at ITSPmagazine we have a soft spot for mass media—they way things used to be. And yet, while we still cover the information security industry in written form, we recently realized that we love to talk about cybersecurity and society as much as we love to write about it.

We hope you enjoy what you hear.

Thank you for listening.

Audio News

 

 

Privacy, Big Data, And The Right To Be Forgotten | The Moral Compass

Privacy, Big Data, And The Right To Be Forgotten

Don't I need to be remembered before I can be forgotten? 

'The right to be forgotten'.

Unfortunately, I need to be remembered before I can be forgotten. So, is there a preamble called 'the right to be remembered'?

How do organizations seek permission from consumers about our 'right to be remembered'? How, and with whom, does one ask 'to be forgotten'? Do you know how this works?

Even if you do, are we — as a society — even aware of the extent of digital exhaust we leave behind and who the benefactors are of this exhaust? Do we need to touch each one of them for exercising 'this right'. Of course, this assumes that these benefactors are actually playing by the rules.

While this may sound like doom and gloom, there is an opportunity for a forward-leaning organization to break the mold. Wouldn't it be nice if we could show, in an easy to comprehend fashion, what data is collected, put a price on it and make us dumb consumers aware of what we are giving up and what it costs.

Dennis Zimmer from Opvizor, and Ashwin Krishnan, guest host for ITSPmagazine's The Moral Compass, part of The Cyber Society, delve into this discussion in full force. We hope you enjoy it!


Suzanne Hall of PWC Discusses the Challenges of Engaging and Retaining a Diverse Workforce

Technology and Cybersecurity Leader at Price Waterhouse Cooper Suzanne Hall sat down with ITSPmagazine’s Selena Templeton [DIVERSEIT] during the last Black Hat Conference to chat about how PWC is tackling the issue of diversity and inclusion.

Tune in to hear PWC’s in-house diversity programs and best practices, the challenges of engaging and retaining a diverse workforce, and one or two concrete steps that any organization can take to create a diverse team and company culture.



Arleena Faith shares her story, telling Sean Martin how she joined the ranks in cybersecurity

In this special episode of An InfoSec Life, Sean Martin has the pleasure of speaking with Arleena Faith, a software security professional, an application security advocate, and active member of the ISSA and OWASP communities. 

During their chat, Arleena tells us about her journey into cybersecurity, touching on some of the key milestones she reached, the challenges she faced, the associations and individuals that gave her hope and support along the way, and a view into her current role. A truly gifted and inspirational individual whose goal is to raise awareness for cybersecurity, 

Arleena is on a mission to raise the bar when it comes to software security, helping organizations recognize the importance and value of a secure software development lifecycle. We hope you enjoy listening to her story as much as Sean enjoyed capturing it.


Joe Horowitz of Icon Ventures, a successful Silicon Valley venture firm, chats with Chenxi Wang

In this episode, Chenxi chats with Joe Horowitz, Managing General Partner of Icon Ventures, a successful silicon valley venture firm. Icon is famed for its security investments, which included FireEye, Palo Alto Networks, and Proofpoint.

Joe discussed their investment philosophy, why Icon invested in some of the companies, what they look for in a business venture, why investing in cybersecurity is an interesting bet today, and which trends they will be looking for in the near future.


Rick McElroy and Ashwin Krishnan speak w/ Sean Martin about focusing on the high value infosec items

During the Structure Security conference in San Fransisco, CA, Sean Martin, ITSPmagazine's editor-in-chief, catches up with Rick McElroy, security analyst for Carbon Black, and Ashwin Krishnan, SVP product management, strategy, and technical marketing at HyTrust.

Together they explore the idea that information security teams need to stop doing the low value tasks and focus on the high value activities that will make a difference. So, what does this mean, exactly? What do infosec teams stop doing? What do they start doing? How does automation and orchestration fit in?

Listen in to find out.


Robert Feeney from Edgescan shares tips w/ Sean Martin to help researchers stand out

In this new episode of An InfoSec Life, Robert Feeney, a senior security consultant at Edgescan, speaks to fellow security researchers and security consultants about what they can do to differentiate themselves from the pack; how can they excel in the industry. In addition to speaking to his peers, Robert shares a lot of solid information that should help the managers of these individuals working in the industry as well.

Of the topics presented, events and organizations were a key part of the conversation, especially given that this chat took place during OWASP AppSec USA 2017. Robert highlights that it is important to join groups like ISACA, ISC2, and OWASP and to also attend their events: national, regional and local events. Robert also suggests that it’s important to move beyond basic event and conference attendance and to consider speaking at these events as well.


On the Internet, nobody knows you're a dog! Also, nobody could know for sure that you’re NOT a dog.

In this episode, we are going to talk about dogs on the Internet and how difficult it is to distinguish them from humans. We are talking about dogs pretending to be humans, and being so good at it that no one can tell.

This is a serious problem, and we all need to be aware of it.

On the Internet, nobody knows you're a dog!

But, you see, the problem is that when “nobody knows you’re a dog,” it also means that nobody could know for sure that you’re NOT a dog.

My guest for this podcast is Manu Fontaine. He is the founder of a PUBLIC BENEFIT COMPANY called HushMesh, and he is going to tell us the story and the philosophy behind his ideas.

The company mission is to fix a few problems: identity, authentication, trust, and privacy. These are societal issues, and their solution must be people-centric and people-driven. Also, spoiler alert, it has to bring back some physical solution to a set of digital problems.

I believe this conversation will help everyone to understand some of our Internet problems a bit better, and the cyber society, we are already living in, to become a bit less mysterious and a bit less scary. It will empower us to be less vulnerable and a bit more paranoid. That is until the cybersecurity professionals find a way to make it a lot easier for everyone. No pressure.

Let’s listen….


Sponsored Content


FunCaptcha's CEO chats with Sean Martin | Humans vs. Bots Online Battle - Most Of The Time We Lose

Consumers and business all over the world find themselves in an online struggle - one might even say they are in an ongoing, online battle; a battle that seems to be intensifying beyond our wildest dreams.

In today’s episode, we won’t be dreaming. Rather, we are going to be looking at some real-world examples where bots are playing the online game against humans and businesses - and are winning far more often than we would like.

To tell these stories, ITSPmagazine's editor-in-chief, Sean Martin, is joined by CEO and founder of Australian-based company, FunCaptcha, Kevin Gosschalk. Kevin's company is dedicated to solving the hardest of the hardest problems in identifying humans and bots.

During our chat, which took place during the OWASP AppSec USA 2017 in Orlando Florida, Kevin shares some real cases where the bots are winning. Legacy technologies are leaving companies open to bad bot activity, oftentimes ruining their business and certainly sticking the consumers with the financial pain and frustration when trying to transact online. As you’ll hear from Kevin, some of the largest companies around the world are tackling this problem head-on. Once you hear his stories, you’ll know why.

Listen in and enjoy.


Fmr VP Manbassador at Haas School of Business Patrick Ford chats w/ ITSPmagazine’s Selena Templeton

Former VP Manbassador at Haas School of Business Patrick Ford chats with ITSPmagazine’s Selena Templeton for her Diverse IT podcast about his role in creating male education programs around gender equity at the school. Tune in to hear what exactly a Manbassador does, how they help educate men on gender equity with “Guy Talk” sessions, the reactions he gets when handing out the Gender Equity Guide, and some easy ways that schools or companies can educate men on gender equality.


Neil Barnett, Microsoft and Marian Merritt, NICE Shatter the Myths around Cybersecurity and Autism

Neil Barnett, Director of Inclusive Hiring at Microsoft, and Marian Merritt, Lead for Industry Engagement at the National Initiative for Cybersecurity Education, chat with ITSPmagazine’s Selena Templeton for the Diverse IT podcast about cybersecurity and autism. Tune in to hear about Microsoft’s Autism Hiring Program and their inclusive, non-traditional interview process for autistic job candidates, which skills make autistic people ideal for certain jobs in IT or cybersecurity, and what to expect in the October 18th NICE webinar on cybersecurity and autism.


CyberSN’s Deidre Diamond On Why She Kept the “Babe” in Her Non-Profit Organization #BrainBabe

Founder of CyberSN Deidre Diamond sat down with ITSPmagazine’s Selena Templeton at Black Hat to discuss how her staffing company is transforming the job search for cyber professionals. Tune in to hear why communication and social skills are critical to creating a productive and profitable environment, how she started and funded her own company, and how she aims to change tech conferences with her non-profit Brainbabe.org.


CA Technologies' Mordecai Rosen talks digital transformation and the trust framework with Sean Martin

In today’s episode of At the Edge with Sean Martin, Sean has the pleasure of speaking with Mordecai (Mo) Rosen, Senior Vice President and General Manager of Cybersecurity at CA Technologies. During their chat, Mo tells us of his early days as a Unix kernel hacker at Bell Labs, later moving on to Sun Microsystems, and ultimately having his privileged access management company be acquired by CA technologies. 

An identity expert through and through, Mo reminds us that, as an industry, we need to do our best to remove the friction from security, a goal he holds to the highest level as he and his team at CA work to build a trust framework designed to enable the digital economy. Mo has already done a ton to support some of the largest companies achieve their own digital transformation, but it’s clear from my chat with him that he has a ton more on his cybersecurity bucket list. 

Have a listen, enjoy the chat, and you might just get inspired.


Now is not the time to point fingers, says Prevoty's Kunal Anand in response to the Equifax breach

On the heals of the announcement alerting roughly half of the American population to the fact that their personal information was exposed in a breach at Equifax, Kunal Anand, CTO and co-founder of application security solution provider, Prevoty, chats with ITSPmagazine's Sean Martin to explore how this might have happened and what the scope and scale of the situation looks like.

While we know very little at this point, given the source of the breach being attributed to an application vulnerability, what can we glean from the Equifax breach? First, there are a couple significant questions that need to be answered. Such as, how can so much data be exposed in plain text? What was the trigger behind the detection? We may not know the answers to these questions for quite some time, but we should all be asking ourselves, how come application security doesn’t get the attention it deserves within an organization, especially when applications are likely the most critical asset a company has (second to the data the apps connect to)?

Regardless of the answers to these questions (and more), Kunal’s advice for both the industry and the organizations that are facing this threat themselves is to not point fingers at Equifax and to recognize that this could happen to any of us. This is not the time to dog pile on another breach story; rather it is a time to reflect and learn.


Amanda Rousseau from Endgame - Malware Unicorn: A Fashionista Malware Researcher

In this episode, Chenxi sits down with Amanda Rousseau, malware researcher from Endgame.

Amanda is a well-known researcher, who provided some of the best analysis of the WannaCrypt and Petya ransomware. She is also a graphic designer, which explains why some of her analysis is accompanied by compelling visual illustrations.

The New Factor chats with Amanda on the intersection between fashion and malware research, as well as what's like being a kickass woman security professional in the industry


Alex Horan from Onapsis describes the risks small and medium business face using cloud-based systems

Many small and medium business leverage the cloud to enable their business - and a good number of those companies are using cloud-based ERP systems to operate their business. Moving the cloud, however, doesn’t mean the risk of a cyberattack is eliminated. Organizations need to recognize that regardless of where the systems are located and how they are being used, they need to be configured properly, updated regularly, and monitored for misuse, abuse, and compromise. Why is this important? Because small and medium businesses face a lot of risk when it comes to security, and are oftentimes paralyzed due to a lack of knowledge… assuming they are even aware of the risk in the first place. During this interview with Alex Horan, Director of Product Management for Onapsis, we discuss the fact that small and medium sized business are a target as a category…the risk is real and the results of a successful cyberattack could be catastrophic to their business. Companies may not realize what types of data are sitting in the cloud services they are using, nor what the risks are to that data. Join us for this special SMB series of podcasts, where, in this episode specifically, Horan shares a few tips to help get small businesses off and running.


Small and medium business need to view infosec as more than a point-in-time event says Harry Wan

What are some of the areas where small- and medium-sized businesses think they are doing OK with their cybersecurity program but really aren’t up to snuff? Listen to this podcast with Harry Wan, CTO and Co-Founder of DatumSec, now a Prevalent company and ITSPmagazine's editor-in-chief, Sean Martin. The two explore where or not these smaller companies are they ready for a ransomware attack. And, what about the possibility of these less-protected companies not only harming their own business, but also putting their business partners at risk? What can they do to raise the bar on their security posture? Harry provides some minimal security best practices that every company should explore, including the option to leverage a manage security services provider (MSSP).


William Dixon [Kroll] and Charly Bun [Rapid7] discuss Managed Security Service Providers [MSSPs]

William Dixon, from Kroll, and Charly Bun, from Rapid 7, share some of their own horror stories about managed security service providers. What mistakes are made? What things are missed? What should the RFP look like? What are some of the common misconceptions? And… more importantly, how can these learnings be applied to making a better, more informed, decision when it comes to outsourcing security management for your organization?

Michael Schell, the Innovate Pasadena event organizer eloquently moderates the discussion (as he always does), drawing out interesting questions from the audience and key points from the 2 experts. While originally geared toward the SMBs, this conversation is spot on for companies of all sizes: small, medium, large, and enterprise.


Leo Maduzia SVP at San Diego County Credit Union on risk, compliance and member privacy

At the 15th annual Credit Union InfoSec Conference in San Diego, California, Leo Maduzia, Senior Vice President, Chief IT Compliance and Risk Officer at San Diego County Credit Union chats with Sean Martin about risk and compliance management in the financial industry.


Jim Manico and Sean Martin discuss the value of OWASP and challenges maintaining the OWASP Top 10

Jim Manico from Manicode Security talks with ITSPmagazine's Sean Martin about the OWASP foundation and the collection of projects it maintains.

Some of the discussion points include:
- Introduction, history, and release candidate details of the OWASP Top 10
- Does the latest set of data lead to controversy over the items that made the top 10 list in the most recent release candidate?
- Jim provides some tips for making the most out of all that OWASP provides for developers, standards bodies, and OWASP leaders
- Jim lists some additional resources for different groups to use to help them drive secure app dev throughout their organization - from engineers to CISOs
- Jim's excited to share that he sees the InfoSec industry is being heard; now's the time to continue the good fight for security he says
- There are challenges associated with devops and Jim believes there is an over-reliance on tools for application security automation
- Jim provides some final, closing tips for getting started with an application security program - his "Monday list"


The play book: how network defenders outsmart their adversary

We have often heard that it's a good idea to approach and counter cyber threats by having an understanding for how the adversary thinks. Rick Howard, CSO for Palo Alto Networks, takes this concept to the next level with what he describes as the "adversary playbook" a concept he applies to his own information security program. During his chat with ITSPmagazine's Sean Martin, Rick categorizes the various types of cybercrime and the 6 steps criminals take to commit the crimes. Rick also shares a personal view into how he entered the field of information security, citing the Morris Worm and a book called the Cuckoo's Egg as two key drivers behind his decision to help fight cybercrime.


Rouman Ebrahim describes some cybercrime trends he sees as deputy district attorney for LA County

As deputy district attorney in the Los Angeles County District Attorney's Office - Cyber Crime Division, Rouman Ebrahim sees a lot of cybercrime. In this interview with ITSPmagazine's Sean Martin, Ebrahim describes some of the trends he sees. Here are a few examples he covers during the interview:

- Former street gang members are moving into cybercrime - it appears to be a very lucrative business.

- The DA's office is seeing a lot of "credit line bust out” cases and combination cases involving identity theft and fuel theft; delays in regulatory compliance at fuel stations coupled with advancements in technology makes these crimes easier for criminals to commit.

- When is the only time you should use your debit card? Ebrahim shares his advice plus offers some other tips to help protect your identity, credit line, and your ability to access your cash.


Eward Driehuis Poses the Question: Did the WannaCry Cybercriminals Bite Off More Than They Can Chew?

Eward Driehuis, Chief Research Officer at SecureLink and IT veteran of over 20 years, chats with ITSPmagazine's Sean Martin to provide a European perspective into the WannaCry ransomware outbreak. Did the cybercriminals bite off more than they can chew? Have they created a larger mess than they'd like, attracting law enforcement from all over the world? In any case, there's no denying the impact is huge - so what can your company do to protect itself? Find out more in this riveting interview.


Yuri Frayman, CEO, Zenedge, talks with ITSPmagazine about the latest NHS ransomware attack

Yuri Frayman CEO, Zenedge, talks with ITSPmagazine's editor-in-chief, Sean Martin about the latest NHS ransomware attack. Has cybercrime caught the corporate world asleep at the wheel? Yuri describes the method of attack and how the bad actors turned the table from attacking the weakest link to get the big fish to exploiting an unacceptable weak link at the big fish to compromise an entire supply chain.


Kevin Haley, Director Symantec Security Response, Discusses Google Docs Phishing with ITSPmagazine

Kevin Haley, Director Symantec Security Response, chats with ITSPmagazine's editor-in-chief, Sean Martin, about the latest findings captured in Symantec's Internet Security Threat Report (ISTR). Some of the topics include:

- Targeted attacks trying to affect companies even with limited or non-existent economic gain to be had

- Small and medium businesses at a prime target, a sweet spot for the hacker industry, if you will

- The number and frequency of attacks against the IoT is surprising - consumers and businesses alike are connecting devices to their own networks and to the Internet

- The latest ransomware stats are in. Are we paying the ransoms? Are the ransom values up… how much are they now?


Jeremiah Grossman chats with ITSPmagazine's Sean Martin about security software guarantees

Jeremiah Grossman, Chief of Security Strategy at SentinelOne, chats with ITSPmagazine’s editor-in-chief, Sean Martin, about security software guarantees and the need to shift the minds, culture and expectations on both sides of the table during the security software purchasing process. How can companies connect the dots (and conversations) between the Chief Risk Officer, Chief Information Officer, Chief Security Officer, and Chief Financial Officer such that the company's security product purchases can have a direct impact on the types and levels of coverage required for their cyberinsurance policy? Listen in and hear how Jeremiah’s crusade to make security product guarantees part of every risk management and security management program will help businesses understand and mitigate their risk much more effectively and accurately.

To view the list mentioned in this podcast, please visit: blog.jeremiahgrossman.com/2017/02/info…rantees.html

CYBERSECURITY ADVICE FOR SMBs.jpg

Cybersecurity advice for SMBs

Podcasts | Webinars | Articles | Videos

 

Audio News From Black Hat USA 2017

 

 

Brian Knopf from Neustar discusses security and privacy with the Internet of Things with Sean Martin

In this new episode of audio news coming to you from Black Hat USA 2017, Sean Martin connects with Brian Knopf, Senior Director of Security Research & IoT Architect at Neustar. Brian has been involved with the Internet of Things for quite some time and therefore has a ton of insight into how security and privacy are impacted - especially given the numbers and types of connected devices hitting the market each and every day.

Leading off of his work at I am the Cavalry, Brian remains a proponent for a security and privacy rating system, a system that would give consumers and businesses alike an easier means to understand the trade-offs they are making when using these devices. In short, Brian suggests that when we got security, we essentially lost privacy in certain ways… but both are equally important.

We catch a glimpse into Brian’s genius in this short podcast - I hope you enjoy it.

 


Shehzad Merchant from Gigamon says it's time for the defenders to take back their advantage

Bad actors are leveraging scalable frameworks and automation to attack their targets. On the other side, companies are still using human-based, manual processes to combat these attacks. The silos within the organization make this even more challenging for them, leaving them to fall behind and face the inevitable. Because of this, it seems the attackers hold the advantage against their targets. However, according to Shehzad Merchant, CTO for Gigamon, we have a chance to reverse the advantage back to the defender. The trick is to leverage the right technologies - such as machine learning + artificial intelligence + automation and orchestration. In order for this to work, however, we need to move from a prevention mindset to one of protection. Think his advice is to have your battles from the inside out using primarily human-driven means? If so, you might want to listen to Shehzad's interview during Black Hat USA 2017 with ITSPmagazine's editor-in-chief, Sean Martin. What he has to say here is short and sweet, but powerful. Enjoy!


Debra discusses privacy with the upcoming GDPR regulation, and Diversity, with RSA's CMO Holly Rollo


Travis Smith, Principle Security Researcher at Tripwire, continues his work on My Bro the Elk

Travis Smith, Principle Security Researcher at TripWire, continues his work on My Bro the Elk - working on it in the context of the small and medium sized businesses. Sean Martin, ITSPmagazine's editor-in-chief, originally covered this topic with Travis presenting a session during Black Hat 2015. This ended up being ITSPmagazine’s first on-publication article.

Travis is now focusing on the SMB market as they are a targeted entity and are often underfunded and understaffed. Travis' work with the new My Bro the Elk combines technologies to create insights, and combines them as part of what he calls the "Sweet Security" offering, which monitors network traffic while providing protection as well.

During our conversation, during Black Hat 2017 in Las Vegas, Smith also offers some core best practices, including network segmentation, which is handles virtually with the Sweet Security device. Goodness all around from Travis, for sure.

Interested parties can find the application stack here - is absolutely free - github.com/travisfsmith/sweetsecurity

Those interested in the first article on ITSPmagazine covering this topic can find it here.

 


Craig Young from TripWire talks with Debra Farber about Android TV device security and privacy

A lot of the security and privacy settings we’ve come to know and expect on our Android phones doesn’t seem to be carrying over to Android TV devices available to buy today. In most cases, the device you buy online may never see an official update from its vendor. This doesn’t mean it won’t get updated - the team at TripWire found that these devices are vulnerable to compromise such that they could be maliciously updated with new firmware, turning on the camera and the microphone - essentially for surveillance purposes.

That cause you to pause a bit? It should. Listen to this conversation between The Privacy Pact's Debra Farber, during Black Hat 2017 in Las Vegas, as Craig Yound from TripWire's Vulnerability Research Team looks at these IoT security privacy challenges we face as a society.


Sponsored Content

ITSPmagazine readers are invited to receive $95 admission to all remaining 2017 summits. 

Use the these ITSPmagazine Promo Codes when you register:
New York City code: ITSPMAGNY | Boston code: ITSPMAGMA | Los Angeles code: ITSPMAGLA


What if you could analyze data while they are encrypted?

Debra Farber, host of The Privacy Pact, met with Ellison Anne Williams, CEO and Founder at Enveil during Black Hat 2017 in Las Vegas. Enveil focuses on securing data while it is being used within business process and not on the data at rest.

Analyzing data without decrypting it is a technology developed for NSA, and it is called Homomorphic encryption; amongst the other things, how does this technology play with the upcoming GDPR?

Listen and find out.


Jeff Bohren describes the challenges with managing identity in today’s hyper-connected world

What are the challenges with managing identity in today’s hyper-connected world? What is the role of federated identity management? How does the General Data Protection Regulation (GDPR) impact how identities are managed? Jeff Bohren, senior software architect for Optimal IDM, spends some time with ITSPmagazine's editor-in-chief, Sean Martin at Black Hat 2017 in Las Vegas. The two explore these topics and more. Listen to find out how companies can leverage federated identities to reduce their exposure to non-compliance with GDPR and how 2FA and MFA needs to be considered as well, but in the context of each business scenario at hand.


Mounir Hahad from Cyphort Labs reminds us: the end goal is to protect our customers and users

Mounir Hahad, Sr. Director at Cyphort Labs connected with ITSPmagazine’s Sean Martin at Black Hat 2017 in Las Vegas

During their conversation, Hahad reminds us all that the end goal for the industry is to protect our customers and provide a safe environment for the end users to conduct their business. With this in mind, Hahad also puts a call out to the industry at large to work together, suggesting that business and technical partnerships should not be limited to the behemoths that want to control the market nor the startups that are looking for a creative, partnership-driven means to enter the market. In other words, it’s going to require all of us to work together if we are to successfully tackle the problem of cybercrime.

As Mounir described the threat landscape for me, he noted that, while accessing malicious content via the web is still a prevalent threat, email seems to be the most common vector for delivery of malicious code - such as that found in some of the recent ransomware attacks. As organizations look to address the threat of ransomware, Mounir offered some fundamental recommendations to help them prepare for a pending ransomware attack: 1) back up your data safely offline, 2) employ a defense in depth model while not relying on a single technology for protection, and 3) patch, patch, patch.


Will the GDPR be a forcing factor for how companies operate their websites? Chris Olson explains.

Aside from the scary penalties and the costs associated with achieving compliance, GDPR has a lot of positives.

GDPR will become a forcing factor for organizations to pay closer attention to how their data is collected, traded, and managed. During Black Hat USA 2017Debra Farber, host of The Privacy Pact, talks with Chris Olson, CEO of The Media Trust. He suggests that ultimately, GDPR will drive consumer trust in the right direction. Companies can take better control over their data ecosystem, where up to 75% of their web environment is driven by 3rd party code and services.


What makes a business more susceptible to attack? Neill Feather from SiteLock explains.

Websites run the business - and you want yours to be available for good visitors, but how can you tell the good from the bad? To make matters worse, there are a variety of attacks and compromise to consider: it’s not just malware or a denial of service attack that could make or break the business. In fact, based on recent survey data from SiteLock, two-thirds of customers won’t go back to a company whose website had been breached. Feather also suggests that dealing with an attack against a website is very different - and requires very different tools - than an attack resulting in an endpoint compromise. What makes a business more susceptible to attack you ask? You’ll want to listen to this interview with Neill to find out. He shared his insights on these topics, and more, during his chat with ITSPmagazine's Sean Martin during Black Hat 2017 in Las Vegas.


Selena Templeton, discusses DIVERSE IT with Rami Essaid - Co-founder & CEO - Distil Networks

Co-founder and CEO of Distil Networks Rami Essaid sat down with Selena Templeton, host of Diverse IT, at Black Hat 2017 in Las Vegas. to discuss how it takes a village to tackle diversity.

Tune in to hear about Distil Network’s new Women Forward in Technology Scholarship Program, how the U.S. travel ban has impacted Rami personally, his company and the cyber industry, the importance of three white male leaders constantly challenging each other to create a diverse and inclusive organization, and how to tackle an unconscious bias that you aren’t aware of – in humans and AI.


Episode 437 - Genetic Intelligence

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is legislation that provides data privacy and security provisions for safeguarding your medical information but the act only within the U.S. This means that there's nothing to stop a U.S. genetic testing company from passing that data on to non-U.S. companies. Rusty Sailors, chairman and CEO of LP3-SecurIT, explains what's going on.


Power To The People - Knowledge Is Power.
A podcast with Chris Roberts and Dr. Christopher Pierson.

This podcast is a post live panel conversation, following "Power To The People - Knowledge Is Power," during Black Hat 2017 in Las Vegas.

Sean Martin and Marco Ciappelli invited Chris Roberts - Chief Security Architect at Acalvio Technologies - and Dr. Christopher Pierson - Chief Security Officer and General Counsel at Viewpost - to hang out with us and have a chat. 

It is an interesting conversation. We invite you to listen to it.

We started discussing the status of Artificial Intelligence and Machine Learning in today's cybersecurity solutions. What is possible, what is not, and what is “marketing” making appear today's reality? I took the bullet for that. You are welcome, marketers! 

We also spoke about what is happening with all this big data collection executed by different kind of IoT devices, and what it takes to TRULY turn this into a positive thing for the final users. Privacy and security are concepts that cannot just be built in the products; they have to be built in the companies. It is TRUST. 

There is much more than just convenience in technology nowadays; there are inconveniences too and the only way for the users to be safe - for the time being - is to stay informed and empower themselves. At least enough to understand the basics.

Get ready; this is just the beginning of the Cyber Society. 
The best - or worst - has yet to come.


Niloo Howe of RSA Talks to Diverse IT About Why We Should Embrace Being Uncomfortable

Selena Templeton, host of Diverse IT, caught up with Niloo Howe, Chief Strategy Officer of RSA, at Black Hat USA 2017 to discuss why a diversity of perspectives is required for innovation. Tune in to hear how different perspectives and experiences drive better top- and bottom-line outcomes, why we should embrace being uncomfortable rather than making the safe choice, why the hell no one knows that Hedy Lamarr wrote the base patent for CDMA technology for secure communications, and steps you can take to bring more diversity to your company.


Debra Farber chats with Chad Holmes from EY about cybersecurity, privacy, and safety

From the halls of Black Hat USA 2017, Debra Farber, host of The Privacy Pact on ITSPmagazine, talks with Chad Holmes, Partner/Principal and Cyber Chief Technology, Strategy and Innovation Officer from EY about filling the cybersecurity talent gap. They also discuss trends in privacy and security that EY sees in the industry and Chad also describes innovation around cyber safety in society.


Paul Myer talks w/Sean Martin during Black Hat 2017, discussing securing OT, Operational Technology

As an industry, we often focus on information technology and information security. And, while the media as a whole covers stories of denial of service attacks and power grid shut-downs, as a general rule, the industry seems to be obsessed with protecting information - protecting the traditional IT systems that manage that data - IP, customer data, and the like. However, based on a conversation I (Sean Martin) had with Paul Myer, CEO of Veracity Industrial Networks, that needs to change - we need more attention paid to the operation technology - or “OT” space.

Listen in as I catch up with Paul during Black Hat USA 2017 - I suspect you’ll look at cybersecurity in a different way after hearing what he has to say.

 


Do companies have a responsibility to protect their employees? Byron Rashed suggests they do

In this podcast, Sean Martin, co-founder and editor-in-chief at ITSPmagazine, spent some time with Byron Rashed, VP of advanced threat intelligence at InfoArmor during Black Hat USA 2017.

One of the most intriguing parts of the conversation was the focus on moving beyond protecting the business information and customer information, but also protecting the privacy and security of the employees within a business. Organizations have a responsibility to their employees to make sure they are safe - and they also have risk associated with an employee being compromised. This is where threat intelligence comes into play - but not at the expense of human intelligence, warns Rashed.

Listen in to hear how Byron recommends CISOs approach this challenge.


Yuji Ukai & Pablo Garcia, from Tokyo-based endpoint security company, FFRI, from Black Hat USA 2017

Years after working with them at eEye Digital Security, Sean Martin connected with Yuji Ukai and Pablo Garcia, now working for Tokyo-based endpoint security company, FFRI. Yuji is the founder and CEO and Pablo is heading up all of the North American operations for FFRI. During their conversation. they discuss some of the challenges small and medium sized businesses face, with the pair offering some suggestions and tips for this massive group of organizations to consider.


Joseph Carson, from Thycotic, presents the results of the 2017 State of Cybersecurity Metrics Report

Marco Ciappelli met with Joseph Carson, Chief Security Scientist at Thycotic, to discuss the results of the company’s first annual 2017 State of Cybersecurity Metrics Report, 

The report analyzes key findings from a Security Measurement Index (SMI) benchmark Survey of more than 400 global business and security executives around the world.

According to the report, most companies worldwide are failing to measure cybersecurity effectiveness and performance.

More than half of the 400 respondents in the survey, 58 percent, scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

While this sounds bad for big companies it gets even worst when we look at small business. For example: In 60% of the cases they cannot recover from a serious cyber attack.

Listen to this story recorded on the Expo Floor at Black Hat USA 2017 - pardon the background noise.


Alex Horan [Onapsis] discusses the challenges with auditing and GDPR as it relates to ERP systems

Why is it important to audit and meet compliance for your ERP systems? Alex Horan chats with ITSPmagazine's Sean Martin - during Black Hat USA 2017 - as he describes some of the requirements for meeting compliance, using the Global Data Protection Regulation as a model for purposes of discussion. What data do you have, and whose data is it? What are the requirements to protect it from unauthorized access AND what are the requirements for removal of the data when the owner of the data requests.


Angela Messer Discusses the Importance of Putting Measureable Diversity Programs in Place

Following her live panel during Black Hat USA 2017, Booz Allen Hamilton EVP (plus talent champion and innovation officer!) Angela Messer, sat down with ITSPmagazine’s Selena Templeton, host of Diverse IT, to chat about how her company is tackling diversity and inclusion. Tune in to hear her thoughts and experience on being the “SheEO” speaker at a STEM high school, how their CEO walks the talk by being one of 200 members of CEO Action for Diversity & Inclusion, why diversity is about so much more than just building a diverse workforce, and the importance of putting concrete programs, with goals, metrics and outcomes, in place


Tim Jarrett from CA Veracode talks about application security during Black Hat USA 2017

Tim Jarrett, CA Veracode, talks about application security with Sean Martin during Black Hat USA 2017. What are the drivers behind organizations choosing to invest in application security and who should lead the application security program? How do companies get on top of the problem of insecure components being used in applications? Tim shares his thoughts with us, tying it all together with the Internet of Things and the impact connected devices have on society - due to the vulnerabilities introduced at the application layer.


ITSPmagazine's Columns/Podcast series