Let's SOC About It

It’s back to basics this week because you can’t successfully automate without the right foundation and an effective automation strategy. Mandy Neely, a Senior Security Engineer at a Healthcare Organization, joins us on the podcast to talk about S.E.C.U.R.E. automation.In this episode, you’ll learn about Mandy’s S.E.C.U.R.E. approach to automation:S – Start with an existing processE – Error handling and alertingC – Continuous process optimizationU – Unified team understandingR – Risk awarenessE – Effective data managementRelevant links:Follow Mandy Neely on LinkedIn: https://www.linkedin.com/in/mandy-neely/Learn about IPO: https://idpro.org/Follow D3 Security on LinkedIn for Let’s SOC About It updates: https://www.linkedin.com/company/d3-security-management-systems/

AI and deepfake technology is getting more and more advanced. We often associate "getting deepfaked" with celebrities and well... anyone but people in our own networks.But CEOs and C-suite executives are amongst the most at risk to deepfake attacks, and they've got a lot to lose. On this episode of Let's SOC About It, Benny Epand – Business Director of iZooLogic – talks about how hackers are using deepfake technology to impersonate CEOs and infiltrate networks, get wire transfers, and more.On this episode, you'll learn:😱 How hackers are infiltrating networks with targeted deepfake attacks👩‍💻 How to protect yourself against deepfake attacks in your environment🙏 What to do if you've fallen victim to a deepfake attackRelevant Links:Follow D3 Security on LinkedIn for regular podcast updates: https://www.linkedin.com/company/d3-security-management-systemsFollow iZooLogic on LinkedIn: https://www.linkedin.com/company/izoologic/

Like it or not, whether you’re dealing with a product launch or a security breach, media has a big influence on cybersecurity. Jessica Davis, former Editorial Director at CyberRisk Alliance and current Principal Analyst at Canalys, shares her tips on how to MSSPs can effectively use media as a tool in business. From communicating with journalists to reaching the right audience, we explore what it really takes for MSSPs to influence public perception.In this episode, you'll learn:📰 How should MSSPs use media as a tool to reach the right people?🤔 How should MSSPs effectively communicate with journalists?🤝 How should MSSPs pick which media outlets to reach out to?🤖 How many times should I reach out to a journalist before giving up on my story?🔗 Relevant Links:Check out the MSSP Alert Top 250 List: https://www.msspalert.com/top-250Follow Jessica Davis on LinkedIn: https://www.linkedin.com/in/jessicadavis/Follow D3 Security on LinkedIn for podcast updates: https://ca.linkedin.com/company/d3-security-management-systems Jessica C. Davis is currently the Principal Analyst at Canalys. At the time of recording, she was overseeing the strategic direction of editorial content at MSSP Alert. Her work at MSSP Alert included overseeing the Top 250 MSSPs list, tracking cybersecurity market challenges and opportunities for managed security service providers, and identifying market forces and trends that impact MSSPs. Jessica also previously served as the top editor at Channel Insider and MSP Mentor. She’s served in senior editorial leadership roles at other technology publications including InformationWeek and InfoWorld. She has spent a career covering the intersection of business and technology.

The AI-Augmented SOC is here, and with the current wide-spread range on AI adoption in the SOC, Francis Odum joins the Let's SOC About It podcast to discuss the future of AI SOC.In this episode: What does AI-augmented SOC look like today? Are companies replacing analysts with AI SOC platforms? What's in store for the future of AI SOC?Relevant links: Introducing D3's new Morpheus AI: https://d3security.com/morpheus/ Software Analyst Cyber Research: https://softwareanalyst.substack.com/Francis Odum is a cybersecurity researcher and independent analyst read by over 60,000+ security and technology professionals. He specializes in Identity, Cloud & App Security, Network Security and the SOC.

Biometrics data hacking is evolving– and, if you’re not careful and aware of the risks, it could potentially be used in an attack against your organization. In this episode, we’ll hear from Rishabh Goswami, a Compliance Manager at Amazon Web Services (AWS), as he shares real-world examples of how biometrics data is used by both malicious actors and businesses alike. In this episode, you'll learn: How could biometric data breaches impact your organization’s security and operational integrity? What are the risks of personal biometric data being misused in ways that threaten both employees and the company? What measures can security teams take to protect sensitive biometric data from breaches or misuse? How can organizations navigate the current gaps in biometric data regulations to ensure robust protection? Relevant links: Follow Rish on LinkedIn: https://www.linkedin.com/in/rishabh-goswami/ Learn more about how D3 optimizes your workflows to help you respond to emerging threats: https://d3security.com/capabilities/soc-management/

It’s a new year, and with that brings an opportunity for MSSPs to re-evaluate their growth strategies to reach new customers and diversify their offerings. This week, Amy chats with Tony UcedaVelez, CEO & Founder of VerSprite, about offering Threat Modelling as a Service. Tony explains his 7-step threat modelling methodology, PASTA, and how he incorporates his methodology into security services for VerSprite’s customers. In this episode: 😎 How can threat modelling help MSSPs identify and prioritize security risks for clients? 🖼️ What are the key threat modelling methodologies or frameworks MSSPs can use? 🔐 How does threat modelling enhance an MSSP’s overall security services and reduce client risk  exposure? Relevant links: Learn more about how to scale your MSSP with D3’s automation: https://d3security.com/capabilities/software-to-scale-your-mssp/ Learn how VerSprite delivers a more profitable MSSP offering with D3: https://www.youtube.com/watch?v=ivC5Nfk0YdY  Follow Tony on LinkedIn: https://www.linkedin.com/in/tonyuv/ Follow Tony on X: https://x.com/t0nyuvCheck out the PASTA GitHb Fork Community: https://github.com/VerSprite/fork-community

Identity and access management (IAM) is stepping up and adopting AI & automation to tackle the ever-growing “Phishing Problem”. Amy chats with Natee Pretikul, the Principal PM Manager at Microsoft Security, about how MFA, passkeys, and AI-driven tools like Microsoft Copilot are transforming security strategies. In this episode, you will learn: 🐟 How does enabling multi-factor authentication (MFA) reduce the risk of phishing attacks by 99%? 🔑 What are passkeys, and why are they seen as a key step toward a passwordless future? 🧑‍💻 How are hackers using AI to make phishing emails more convincing and harder to detect? 🧑‍✈️ What role does Microsoft’s Copilot play in helping security teams respond faster to incidents and prioritize risks? Relevant links: Learn how D3 helps prevent phishing attacks: https://d3security.com/solutions/by-use-case/phishing-attack/ Follow Natee on LinkedIn: https://www.linkedin.com/in/nateenew/

We’re joined this week by Ketan Nilangekar, the Co-Founder and CEO of ThreatWorx, to answer the question– how can we approach third-party risk management today, especially in the newly AI-driven world? In this episode: 🚧How do we deal with the challenges of third-party risk management? 🤖What role does AI play in the risk management space? 🔐Does the market need a new push towards stronger security measures for software vendors? 🤝How can we work with vendors effectively to ensure we are compliant and secure? Relevant links: Learn more about the D3 + ThreatWorx integration: https://d3security.com/blog/automate-vulnerability-threat-management-threatworx/ Learn more about ThreatWorx at threatworx.io Learn about D3’s cyber threat hunting playbooks: https://d3security.com/capabilities/threat-hunting/

Enter the world of AI in cybersecurity with Anthony Green, President of the ISACA Vancouver Chapter. From managing data protection to setting up the right guardrails, Anthony shares practical insights into getting the most out of AI while maintaining your security posture. In this episode, you’ll find out: 🤔 How can businesses ensure AI models align with security policies and privacy standards? 🪜What steps should companies take to manage AI risks while remaining compliant with regulations? 🧑‍💻 Who is responsible for setting up and enforcing AI governance within an organization? 👷 What are the key security guardrails needed to use AI safely and prevent unauthorized data access? Relevant Links: Leverage D3’s Ace AI to speed up playbook development: https://d3security.com/platform/ace-ai/  Connect with Anthony on LinkedIn: https://www.linkedin.com/in/anthonygreen00/

They say that innovation isn’t just about adopting the right technology, it's about adopting a change mindset that allows you to adapt to the evolving environment in cybersecurity… Ok, well maybe no one actually says that, but it’s still true. In this episode of Let’s SOC About It, Amy Tom chats with Evgeniy Kharam about how SOAR and SIEM tools have adapted to changes in the tech landscape. In this episode, you’ll learn: ☁️ How did the introduction of cloud technology change the development and functionality of SOAR tools? 🤝 How did APIs play a role in security automation? 🥴 Why was the traditional VPN and tunnel creation workflow inefficient and insecure? ⚙️ How are automation and AI transforming roles within security teams to improve efficiency in incident response today? Relevant links: Learn how reduce alert noise with D3’s Smart SOAR https://d3security.com/ Connect with Evgeniy Kharam on LinkedIn https://www.linkedin.com/in/ekharam/ Get your copy of “Architecting Success: The Art of Soft Skills in Technical Sales” https://www.amazon.ca/Architecting-Success-Skills-Technical-Connect/dp/1998503003