The ITSPmagazine Experts Corner is where great minds share their expert opinion on information security news and trends.
Our contributors represent the brightest minds in the information security industry; information security vendor executives, cybersecurity researchers, analysts, practitioners, engineers, and more.
Looking for a particular story or topic? Find it here:
Leo Maduzia SVP at San Diego County Credit Union on risk, compliance and member privacy
At the 15th annual Credit Union InfoSec Conference in San Diego, California, Leo Maduzia, Senior Vice President, Chief IT Compliance and Risk Officer at San Diego County Credit Union chats with Sean Martin about risk and compliance management in the financial industry.
The societal impact of GDPR
Pravin Kothari, CEO and President of CipherCloud, and Vamshi Sriperumbudur, VP of Marketing from CipherCloud, chat with ITSPmagazine's Sean Martin, providing a great overview for the pending General Data Protection Regulation (GDPR) coming out of the European Union (EU). The discussion includes the positive impact this regulation will have on the EU citizens, essentially giving them back control over their own privacy -- as well as the impact it will have on business all around the world as they have to enable those controls in the applications and services and related data collection points through which they serve the EU citizens.
Jim Manico and Sean Martin discuss the value of OWASP and challenges maintaining the OWASP Top 10
Some of the discussion points include:
- Introduction, history, and release candidate details of the OWASP Top 10
- Does the latest set of data lead to controversy over the items that made the top 10 list in the most recent release candidate?
- Jim provides some tips for making the most out of all that OWASP provides for developers, standards bodies, and OWASP leaders
- Jim lists some additional resources for different groups to use to help them drive secure app dev throughout their organization - from engineers to CISOs
- Jim's excited to share that he sees the InfoSec industry is being heard; now’s the time to continue the good fight for security he says
- There are challenges associated with devops and Jim believes there is an over-reliance on tools for application security automation
- Jim provides some final, closing tips for getting started with an application security program - his "Monday list"
The play book: how network defenders outsmart their adversary
We’ve often heard that it’s a good idea to approach and counter cyber threats by having an understanding for how the adversary thinks. Rick Howard, CSO for Palo Alto Networks, takes this concept to the next level with what he describes as the "adversary playbook;” a concept he applies to his own information security program. During his chat with ITSPmagazine’s Sean Martin, Rick categorizes the various types of cybercrime and the 6 steps criminals take to commit the crimes. Rick also shares a personal view into how he entered the field of information security, citing the Morris Worm and a book called the Cuckoo’s Egg as two key drivers behind his decision to help fight cybercrime.
Rouman Ebrahim describes some cybercrime trends he sees as deputy district attorney for LA County
As deputy district attorney in the Los Angeles County District Attorney's Office - Cyber Crime Division, Rouman Ebrahim sees a lot of cybercrime. In this interview with ITSPmagazine's Sean Martin, Ebrahim describes some of the trends he sees. Here are a few examples he covers during the interview:
- Former street gang members are moving into cybercrime - it appears to be a very lucrative business.
- The DA's office is seeing a lot of "credit line bust out” cases and combination cases involving identity theft and fuel theft; delays in regulatory compliance at fuel stations coupled with advancements in technology makes these crimes easier for criminals to commit.
- When is the only time you should use your debit card? Ebrahim shares his advice plus offers some other tips to help protect your identity, credit line, and your ability to access your cash.
Eward Driehuis Poses the Question: Did the WannaCry Cybercriminals Bite Off More Than They Can Chew?
Eward Driehuis, Chief Research Officer at SecureLink and IT veteran of over 20 years, chats with ITSPmagazine's Sean Martin to provide a European perspective into the WannaCry ransomware outbreak. Did the cybercriminals bite off more than they can chew? Have they created a larger mess than they'd like, attracting law enforcement from all over the world? In any case, there's no denying the impact is huge - so what can your company do to protect itself? Find out more in this riveting interview.
Yuri Frayman, CEO, Zenedge, talks with ITSPmagazine about the latest NHS ransomware attack
Yuri Frayman CEO, Zenedge, talks with ITSPmagazine's editor-in-chief, Sean Martin about the latest NHS ransomware attack. Has cybercrime caught the corporate world asleep at the wheel? Yuri describes the method of attack and how the bad actors turned the table from attacking the weakest link to get the big fish to exploiting an unacceptable weak link at the big fish to compromise an entire supply chain.
Kevin Haley, Director Symantec Security Response, Discusses Google Docs Phishing with ITSPmagazine
Kevin Haley, Director Symantec Security Response, chats with ITSPmagazine’s editor-in-chief, Sean Martin, about the latest findings captured in Symantec’s Internet Security Threat Report (ISTR). Some of the topics include:
- Targeted attacks trying to affect companies even with limited or non-existent economic gain to be had
- Small and medium businesses at a prime target, a sweet spot for the hacker industry, if you will
- The number and frequency of attacks against the IoT is surprising - consumers and businesses alike are connecting devices to their own networks and to the Internet
- The latest ransomware stats are in. Are we paying the ransoms? Are the ransom values up… how much are they now?
Jeremiah Grossman chats with ITSPmagazine’s Sean Martin about security software guarantees
Jeremiah Grossman, Chief of Security Strategy at SentinelOne, chats with ITSPmagazine’s editor-in-chief, Sean Martin, about security software guarantees and the need to shift the minds, culture and expectations on both sides of the table during the security software purchasing process. How can companies connect the dots (and conversations) between the Chief Risk Officer, Chief Information Officer, Chief Security Officer, and Chief Financial Officer such that the company's security product purchases can have a direct impact on the types and levels of coverage required for their cyberinsurance policy? Listen in and hear how Jeremiah’s crusade to make security product guarantees part of every risk management and security management program will help businesses understand and mitigate their risk much more effectively and accurately.
To view the list mentioned in this podcast, please visit: blog.jeremiahgrossman.com/2017/02/info…rantees.html
In The Academy, we feature stories by cutting-edge IT educators, leading industry experts, and students who will offer insights to those seeking to navigate the mercurial field of cybersecurity.