Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!In this episodeI interview Mike Daugherty - author of The Devil Inside the Beltway [Amazon.com link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me (twice, thanks to a tech failure) and tell his absolutely surreal story of what happened to him, his company at the hands of what can only be described as an insane situation.If you own a business, or manage a business, or work in enterprise -- you need to hear Mike's story. If it wasn't documented and video recorded, you'd never believe it's true.Truth be told, I've been a supporter of the FTC as an advocate for the victims of breaches - the person who's information is stolen. After hearing Mike's story... I have had my mind completely changed.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episodeWe start a constructive discussion addressing the problem of the ‘talent shortage’The panel discusses the general lack of understanding of the big picture challenge from both sides: business and securityThe panel discusses basic security issues in an expanding ecosystem of Internet connected thingsThe panel discusses some real potential solutions to our talent issue GuestsBryce Austin ( @BryceA )Holly Miller ( @OPSEC_Girl )Jeff Man ( @MrJeffMan )Mike Kearn ( @MichaelKearn )Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Is this seriously the FBI suggestion to companies hit with ransomware?http://thehackernews.com/2015/10/fbi-ransomware-malware.htmlSets an awful precedent ... or does it?What other options are there?Would you take this advice?Microsoft is opening a data center in the UK ...why?http://thehill.com/policy/cybersecurity/259656-microsoft-opens-uk-only-data-center-following-eu-rulingHave the US spying revelations finally hit home?What about EU Safe Harbor?What do you think, if you're a multi-national Internet company?Is healthcare really that far behind enterprise security?http://www.cnbc.com/2015/11/11/us-health-care-way-behind-on-data-security-says-forrester.htmlForrester calling out the healthcare sector for being far behind on securityIs there more pressure, less attention, or more legacy? (or all?)How do you fix this situation?Disheartening (but predictable) state of human weaknesshttp://www.scmagazineuk.com/many-uk-workers-willing-to-sell-their-companys-ip-study/article/452428/Are your employees willing to sell your company's intellectual property?What can you do about it?YikYak not so anonymous, can reveal user data to copshttp://bigstory.ap.org/article/8535dd899f554fb3b5dd1c9498d610b5/yik-yak-social-media-service-can-reveal-user-data-policeIs there any anonymous social media, really?Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episodeRob & Liam discuss the practical applications of threat intelligence for today's enterpriseWe discuss what enterprise threat intelligence really is (and also what it isn't)We discuss the place of feeds, tools, processes and people in the mechanics of the programWe discuss the need to conduct a program-based intelligence approach for the enterpriseGuestsLiam Randall ( @hectaman ) - With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained over 1000 students on advanced incident response with a focus on leveraging the open source Bro Platform. https://www.linkedin.com/in/hectamanRobert M. Lee ( @RobertMLee ) - Robert M. Lee is the founder and CEO at Dragos Security LLC where he helped design and build CyberLens - a cyber situational awareness software tool for critical infrastructure networks. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year.https://www.linkedin.com/in/robert-m-lee-b2096532Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Turn any old car into a "smart car" for $200 with this new miracle device"BACKED BY FROGVENTURES, VOYOMOTIVE IS TACKLING THE BURGEONING CONNECTED-CAR SPACE"Could be a fantastic ideaCould be an awful ideaHas anyone considered the security ramifications?What about privacy?http://www.fastcodesign.com/3052012/this-device-will-turn-your-clunker-into-a-smart-car-for-200?utm_source#4OMB preps cyber sprint follow-upMichael's take on "gap focus": http://www.csoonline.com/article/2992553/security-leadership/stop-focusing-on-gaps-to-gain-influence-as-a-security-leader.htmlHoping for 75% authentication for 2FA - not exactly greatLots of challenges here, but is this the right thing to do?TalkTalk breached, 3 teenagers arrested, CEO goes tone deafCEO says they "were not legally required to encrypt client information"Teenagers arrested in breachThe poster child for having a breach preparedness plan, before the cameras start rolling and media starts callinghttps://hacked.com/british-police-arrest-15-year-old-telecom-hack-ransom-demanded-bitcoin/http://www.theregister.co.uk/2015/02/27/talktalk_admits_massive_data_breach/Lots of talk on security - but is anyone talking to each other?http://www.eenews.net/stories/1060026736http://cjonline.com/news/2015-10-25/bbb-small-business-cybersecurity-hackers-are-not-just-trick-or-treatersSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.Howard & Raf talk through challenges of cyber security in the board roomHoward gives us some of the challenges that government faces, from his experienceDon't miss this episode! GuestHoward A. Schmidt ( @HowardAS ) - Former Supervisory Special Agent,Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corp. Former Chairman of White House Critical Infrastructure Protection Board, VP, CISO eBay Inc. Special Agent, US Army CID (Reserves). Law Enforcement Officer Chandler Police Department, AZSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Standard & Poor's Adding Cybersecurity to RatingsThe headlineIn a report issued this week, the rating agency says it could issue a downgrade before a cyberattack if a bank looked ill-prepared, or following a breach that causes significant damage to a bank's reputation or which leads to substantial monetary losses or legal damages.Behind the curve? Stop.Michael wrote about it this week - stop calling it gaps… 16 questions… good start?How long has it typically taken to detect a cyberattack?What containment procedures are in place if the bank is breached?How many times was the business the target of a high-level attack during the past year, and how far did it reach in the system?What's the internal phishing success rate?What kind of expertise about cyberattacks exists on the board of directors?How much does the bank spend on cybersecurity, what resources does it devote, and what is the total tech budget this year versus last?Including security in the ratings - and we’re crying? Claim this leads to more insurance… how about that… http://www.bankinfosecurity.com/sps-cybersecurity-warning-late-to-game-a-8556Crisis Services Top Insurers’ Cyber Claims Payouts; Average Claim at $674KThis is interesting; and it’s a good data point, too -- in contrast to the “costs” we hear about in briefings all the time. Saw other stories that suggested the insurance is going to get jacked… of course they are. More insurance, more insight, more claims, more data…. this is all goodSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Raf asks why we talking about global supply chain, 3rd party risk againJosh discusses what little things we are not thinking about today, that we shouldJosh discusses what happens as companies move critical data to the cloudWe discuss regional IT in a global data worldRaf opens up the “tiny company 3rd party” can of wormsWe discuss the cyber crime survey and CISO board reporting results; link:http://www.csoonline.com/article/2978020/security-leadership/do-boards-of-directors-actually-care-about-cybersecurity.htmlWhat about supply-chain issues with electronic components, software?Guest:Josh Douglas - CTO for Raytheon Cyber Products – has nearly two decades of experience in helping global enterprises and government agencies secure their most prized business/mission assets. During his past 9 years at Raytheon, he has overseen Raytheon’s Cyber Security Intelligence Operations, Malware Concepts, Security Infrastructure Operations and Research Technologies tasked to produce effective forward-looking cyber software solutions to contain and control advanced threats. These solutions are used to help commercial and government entities protect their enterprises and the global cyber supply chain from ever-changing advanced persistent threats and malware.Prior to joining Raytheon, Joshua has a successful track record in network security operations and engineering management positions, securing enterprise environments while promoting contextual response. Prior employers include Enterasys Networks, Kronos, Genuity, MIT Lincoln Laboratory and other prominent enterprises. Joshua earned a Bachelor of Science Degree in Computer Science from Appalachian State University and currently holds a number of technical computer and network security certifications. LinkedIn: https://www.linkedin.com/in/jdouglasSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Patreon got hacked, but it's OKThis is a lesson in how to do security in a reasonable mannerGreat response, good securityhttps://www.patreon.com/posts/important-notice-3457485The double-edged blade of the DMCA could have helped VW cheat emissionsReverse-engineering illegalDefinitions of 'researcher' and further 'independent researcher' are interestingly defined - lots of room for discussionhttp://www.itworld.com/article/2986856/enterprise-software/how-the-dmca-may-have-let-carmakers-cheat-clean-air-standards.htmlCFOs are getting involved in security whether they want to or notGood to-do checklist for CFOshttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Lawsuits preventing disclosure of vulnerabilities in the newsWe're "chilling security research" againGood points made, on top of bad points and half-truthsStems from the Fireeye vs ERNW fighthttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Verizon reports on the state of network transformationsecurity still an issue, and top priorityhuman talent is still a problemlots of leadership opportunities herehttp://www.enterprisenetworkingplanet.com/netsysm/verizon-reports-on-the-state-of-digital-network-transformation.htmlSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Kirby tells us what OSINT isWe discuss how much we are giving away on digital channels?We discuss if there is such a thing as anonymity anymoreLocation sharing in apps — the bad, the ugly, the scaryKirby and Michael discuss “checking up on your executives”Raf talks about “logo pages” — why do these still exist?!Kirby gives us some thoughts on OPSECKirby leaves us with a dose of reality about privacy in today’s world GuestKirby Plessas ( @kirbstr ) - Kirby is the CEO of Plessas Experts Network, Inc. She did some things before this too, but we can't tell you about them or we'd have to black-bag you and send you to Gitmo. You can get her LinkedIn bio here: https://www.linkedin.com/in/kirbyp.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast