Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!In this episode...Is this seriously the FBI suggestion to companies hit with ransomware?http://thehackernews.com/2015/10/fbi-ransomware-malware.htmlSets an awful precedent ... or does it?What other options are there?Would you take this advice?Microsoft is opening a data center in the UK ...why?http://thehill.com/policy/cybersecurity/259656-microsoft-opens-uk-only-data-center-following-eu-rulingHave the US spying revelations finally hit home?What about EU Safe Harbor?What do you think, if you're a multi-national Internet company?Is healthcare really that far behind enterprise security?http://www.cnbc.com/2015/11/11/us-health-care-way-behind-on-data-security-says-forrester.htmlForrester calling out the healthcare sector for being far behind on securityIs there more pressure, less attention, or more legacy? (or all?)How do you fix this situation?Disheartening (but predictable) state of human weaknesshttp://www.scmagazineuk.com/many-uk-workers-willing-to-sell-their-companys-ip-study/article/452428/Are your employees willing to sell your company's intellectual property?What can you do about it?YikYak not so anonymous, can reveal user data to copshttp://bigstory.ap.org/article/8535dd899f554fb3b5dd1c9498d610b5/yik-yak-social-media-service-can-reveal-user-data-policeIs there any anonymous social media, really?Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episodeRob & Liam discuss the practical applications of threat intelligence for today's enterpriseWe discuss what enterprise threat intelligence really is (and also what it isn't)We discuss the place of feeds, tools, processes and people in the mechanics of the programWe discuss the need to conduct a program-based intelligence approach for the enterpriseGuestsLiam Randall ( @hectaman ) - With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained over 1000 students on advanced incident response with a focus on leveraging the open source Bro Platform. https://www.linkedin.com/in/hectamanRobert M. Lee ( @RobertMLee ) - Robert M. Lee is the founder and CEO at Dragos Security LLC where he helped design and build CyberLens - a cyber situational awareness software tool for critical infrastructure networks. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year.https://www.linkedin.com/in/robert-m-lee-b2096532Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Turn any old car into a "smart car" for $200 with this new miracle device"BACKED BY FROGVENTURES, VOYOMOTIVE IS TACKLING THE BURGEONING CONNECTED-CAR SPACE"Could be a fantastic ideaCould be an awful ideaHas anyone considered the security ramifications?What about privacy?http://www.fastcodesign.com/3052012/this-device-will-turn-your-clunker-into-a-smart-car-for-200?utm_source#4OMB preps cyber sprint follow-upMichael's take on "gap focus": http://www.csoonline.com/article/2992553/security-leadership/stop-focusing-on-gaps-to-gain-influence-as-a-security-leader.htmlHoping for 75% authentication for 2FA - not exactly greatLots of challenges here, but is this the right thing to do?TalkTalk breached, 3 teenagers arrested, CEO goes tone deafCEO says they "were not legally required to encrypt client information"Teenagers arrested in breachThe poster child for having a breach preparedness plan, before the cameras start rolling and media starts callinghttps://hacked.com/british-police-arrest-15-year-old-telecom-hack-ransom-demanded-bitcoin/http://www.theregister.co.uk/2015/02/27/talktalk_admits_massive_data_breach/Lots of talk on security - but is anyone talking to each other?http://www.eenews.net/stories/1060026736http://cjonline.com/news/2015-10-25/bbb-small-business-cybersecurity-hackers-are-not-just-trick-or-treatersSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.Howard & Raf talk through challenges of cyber security in the board roomHoward gives us some of the challenges that government faces, from his experienceDon't miss this episode! GuestHoward A. Schmidt ( @HowardAS ) - Former Supervisory Special Agent,Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corp. Former Chairman of White House Critical Infrastructure Protection Board, VP, CISO eBay Inc. Special Agent, US Army CID (Reserves). Law Enforcement Officer Chandler Police Department, AZSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Standard & Poor's Adding Cybersecurity to RatingsThe headlineIn a report issued this week, the rating agency says it could issue a downgrade before a cyberattack if a bank looked ill-prepared, or following a breach that causes significant damage to a bank's reputation or which leads to substantial monetary losses or legal damages.Behind the curve? Stop.Michael wrote about it this week - stop calling it gaps… 16 questions… good start?How long has it typically taken to detect a cyberattack?What containment procedures are in place if the bank is breached?How many times was the business the target of a high-level attack during the past year, and how far did it reach in the system?What's the internal phishing success rate?What kind of expertise about cyberattacks exists on the board of directors?How much does the bank spend on cybersecurity, what resources does it devote, and what is the total tech budget this year versus last?Including security in the ratings - and we’re crying? Claim this leads to more insurance… how about that… http://www.bankinfosecurity.com/sps-cybersecurity-warning-late-to-game-a-8556Crisis Services Top Insurers’ Cyber Claims Payouts; Average Claim at $674KThis is interesting; and it’s a good data point, too -- in contrast to the “costs” we hear about in briefings all the time. Saw other stories that suggested the insurance is going to get jacked… of course they are. More insurance, more insight, more claims, more data…. this is all goodSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Raf asks why we talking about global supply chain, 3rd party risk againJosh discusses what little things we are not thinking about today, that we shouldJosh discusses what happens as companies move critical data to the cloudWe discuss regional IT in a global data worldRaf opens up the “tiny company 3rd party” can of wormsWe discuss the cyber crime survey and CISO board reporting results; link:http://www.csoonline.com/article/2978020/security-leadership/do-boards-of-directors-actually-care-about-cybersecurity.htmlWhat about supply-chain issues with electronic components, software?Guest:Josh Douglas - CTO for Raytheon Cyber Products – has nearly two decades of experience in helping global enterprises and government agencies secure their most prized business/mission assets. During his past 9 years at Raytheon, he has overseen Raytheon’s Cyber Security Intelligence Operations, Malware Concepts, Security Infrastructure Operations and Research Technologies tasked to produce effective forward-looking cyber software solutions to contain and control advanced threats. These solutions are used to help commercial and government entities protect their enterprises and the global cyber supply chain from ever-changing advanced persistent threats and malware.Prior to joining Raytheon, Joshua has a successful track record in network security operations and engineering management positions, securing enterprise environments while promoting contextual response. Prior employers include Enterasys Networks, Kronos, Genuity, MIT Lincoln Laboratory and other prominent enterprises. Joshua earned a Bachelor of Science Degree in Computer Science from Appalachian State University and currently holds a number of technical computer and network security certifications. LinkedIn: https://www.linkedin.com/in/jdouglasSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Patreon got hacked, but it's OKThis is a lesson in how to do security in a reasonable mannerGreat response, good securityhttps://www.patreon.com/posts/important-notice-3457485The double-edged blade of the DMCA could have helped VW cheat emissionsReverse-engineering illegalDefinitions of 'researcher' and further 'independent researcher' are interestingly defined - lots of room for discussionhttp://www.itworld.com/article/2986856/enterprise-software/how-the-dmca-may-have-let-carmakers-cheat-clean-air-standards.htmlCFOs are getting involved in security whether they want to or notGood to-do checklist for CFOshttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Lawsuits preventing disclosure of vulnerabilities in the newsWe're "chilling security research" againGood points made, on top of bad points and half-truthsStems from the Fireeye vs ERNW fighthttp://ww2.cfo.com/accounting-tax/2015/09/deals-demand-prior-cfo-involvement-data-security/Verizon reports on the state of network transformationsecurity still an issue, and top priorityhuman talent is still a problemlots of leadership opportunities herehttp://www.enterprisenetworkingplanet.com/netsysm/verizon-reports-on-the-state-of-digital-network-transformation.htmlSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Kirby tells us what OSINT isWe discuss how much we are giving away on digital channels?We discuss if there is such a thing as anonymity anymoreLocation sharing in apps — the bad, the ugly, the scaryKirby and Michael discuss “checking up on your executives”Raf talks about “logo pages” — why do these still exist?!Kirby gives us some thoughts on OPSECKirby leaves us with a dose of reality about privacy in today’s world GuestKirby Plessas ( @kirbstr ) - Kirby is the CEO of Plessas Experts Network, Inc. She did some things before this too, but we can't tell you about them or we'd have to black-bag you and send you to Gitmo. You can get her LinkedIn bio here: https://www.linkedin.com/in/kirbyp.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!On this episode of the NewsCastIntel forms new Automotive Security Research Board (ASRB) to focus on security of their automotive platformhttp://newsroom.intel.com/community/intel_newsroom/blog/2015/09/13/intel-commits-to-mitigating-automotive-cybersecurity-risksGood security as a competitive advantage?Interesting development in the effort to secure cars as a technology platformAppeals court forces the issue of 'fair use' in DMCA casehttp://www.engadget.com/2015/09/14/appeals-court-copyright-holders-must-consider-fair-use-before/Interesting development in the case against Universal Music Group's malicious prosecution and nonsense take-down ordersBitpay sues their insurance company after giving away $1.8Mhttp://www.coindesk.com/bitpay-sues-insurer-after-losing-1-8-million-in-phishing-attack/Interesting argument in court - indirect lossCompany exec got phished for credentialsExecs fall for "transfer large quantity of money" scamFollow this case!China making demands of US tech companieshttp://www.engadget.com/2015/09/17/china-us-tech-companies-security-policies/This has happened before...US companies found ways around this onceEssentially it appears as though China is asking for 'backdoors' and secret access to source code, etc in order to do business in ChinaTalk about anti-competitive!The Kardashian train wreck exposes fans' information due to web flawhttp://techcrunch.com/2015/09/16/kardashian-website-security-issue-exposes-names-emails-of-over-half-a-million-subscribers-payment-info-safe/#.gofm76:EZbSSome 'developer' wanted to see how the site worked, poked around and found an interesting flaw and posed it to owners~500,000 subscribers info exposedSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In this episode...Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. Brandon gives us some of his back-stories and anecdotes to illustrate his points on leadership along the way.I promise you'll love this episode, and I highly encourage you to go donate what you're able to, to Red Circle Foundation (http://redcirclefoundation.org).GuestBrandon Webb ( @BrandonTWebb ) - Brandon is a former Navy SEAL, bestselling author and CEO of Force12 Media. He founded Red Circle Foundation as a way to give back to the families of the Special Ops community in a meaningful way.LinksRed Circle Foundation - http://redcirclefoundation.org/  SOFREP - http://sofrep.comBrandon's website - http://brandontylerwebb.com/Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast