Redefining CyberSecurity

For our next Chats On The Road to RSA Conference 2022, we talk about voices, biometrics, metadata, privacy, neurology, deep fakes, and so much more. Join us for a chat to hear how your voice may be doing things for — and against — you in all aspects of life and work.About the RSAC 2022 Session, Can You Hear Me Now? Security Implications of Voice as the New Keyboard"Use of voice as a biometric identifier or as a virtual keyboard is growing. While AI/ML have vastly improved capabilities, there are challenges to relying on voice. Get it right and remove user friction and accelerate input. Get it wrong and introduce new vulnerabilities. As uses for vocal and silent speech recognition emerge and expand, security teams need to consider the potential security risks."with:Rébecca Kleinberger, Voice Researcher at MIT Media Lab [@MIT @medialab] and Disruptive Research Strategist at HARMAN International [@Harman]Jeremy Grant, Managing Director, Technology Business Strategy, Venable LLP [@jgrantindc]Lisa Lee, Chief Security Advisor/Lead for Vertical Industries and Engagement, Microsoft [@Microsoft]Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRébecca KleinbergerVoice Researcher at MIT Media Lab and Disruptive Research Strategist at HARMAN InternationalOn LinkedIn | https://www.linkedin.com/in/rebklein/Website | https://rebeccakleinberger.com/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Can You Hear Me Now? Security Implications of Voice as the New Keyboard: https://www.rsaconference.com/USA/agenda/session/Can%20You%20Hear%20Me%20Now%20Security%20Implications%20of%20Voice%20as%20the%20New%20KeyboardTEDTalk | Why you don't like the sound of your own voice: https://www.ted.com/talks/rebecca_kleinberger_why_you_don_t_like_the_sound_of_your_own_voice____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

For our next Chats On The Road to RSA Conference 2022, we talk about the need to advance our tools, techniques, and our environment to better handle the risks and threats facing our organization. No surprise, say hello to the cloud.About the RSAC 2022 Session with Phillip Wylie | Building a Cloud-Based Pentesting Platform“Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a cloud-based pentesting environment useful to pentesters, red teamers, and bug bounty hunters.”Join us for this conversation, meet Phillip in San Francisco, and start poking at the cloud to make it rain vulnerabilities!____________________________GuestPhillip WylieOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Building a Cloud-Based Pentesting Platform: https://www.rsaconference.com/USA/agenda/session/Building%20a%20Cloud-Based%20Pentesting%20PlatformRecommended Reading Available in the RSAC Bookstore:The Pentester BluePrint: Starting a Career as an Ethical Hacker (ISBN: 978-1-119-68430-5) by Phillip Wylie____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more podcast stories from The Hacker Factory with Phillip Wylie, visit: https://www.itspmagazine.com/the-hacker-factory-podcastTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

Organizations have made little progress in addressing cyber risk. This is in large part because they have viewed the issue with an excessively narrow focus as just a technical/operational issue. This needs to change.To compete in the modern economy, enterprises must engage in digital transformation, which can generate a substantial increase in growth and profitability but can also vastly increase risk. Sure, foundational technical security measures are necessary, but they, alone, are not sufficient to address cyber threats. Cybersecurity must be an enterprise-wide risk management issue built on appropriate understanding, structure, investment, and risk-management methods.Listen in to learn more about why, and how, we need to fundamentally rethink our approach to cybersecurity.____________________________GuestLarry ClintonPresident and CEO of the Internet Security Alliance (ISA) [@isalliance]On LinkedIn | https://www.linkedin.com/in/larry-clinton-20237b4/On YouTube | https://www.youtube.com/channel/UCbeFbrVg-aNu-mMSzsCiYnw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about ISA: https://www.isalliance.orgOn LinkedIn: https://www.linkedin.com/company/internet-security-allianceOn Twitter: https://twitter.com/isallianceOn Facebook: https://www.facebook.com/ISAllianceISA Publications:https://isalliance.org/isa-publications/cyber-risk-oversight-handbook/https://isalliance.org/isa-publications/international-cyber-risk-management-handbooks/Book | Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue: https://www.amazon.com/Cybersecurity-Business-Organization-Wide-Strategies-Ensure-dp-1398606146/dp/1398606146/ref=mt_other?_encoding=UTF8&me=&qid=1648037695____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

For our next Chats On The Road to RSA Conference 2022, we talk about transformation. Which, of course, can't be accomplished without talking about change. Which is constant.About the RSAC 2022 Keynote with Rohit Ghai, Chief Executive Officer of RSA:“Emerging technologies, expanding connections, hidden vulnerabilities: our sector understands that the only constant is change. As the world adapts once again, our industry’s experience shaping transformational shifts will determine the next normal. So let’s review how we’ve evolved, examine our missteps, predict where we’re headed, and start planning our next transformation.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRohit GhaiChief Executive Officer of RSA [@RSAsecurity]On LinkedIn | https://www.linkedin.com/in/rohitghai/On Twitter | https://twitter.com/rohit_ghai____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Keynote Session | The Only Constant: https://www.rsaconference.com/USA/agenda/session/The%20Only%20Constant____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?Maybe a smart question: Is there an opportunity to be smarter?While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.Listen in to learn more about the RFI  and the role you can have in shaping its outcome.Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.Note: This story contains promotional content. Learn more.____________________________GuestsJohn HoustonVice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/Michael Parisi, VP of Adoption, @HITRUST____________________________Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfiBe sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.____________________________ResourcesNews Release: https://www.hhs.gov/about/news/2022/04/06/hhs-ocr-seeks-public-comment-on-recognized-security-practices-sharing-civil-money-penalties-monetary-settlements-under-hitech-act.htmlIndividuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity____________________________Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

What if we could create the Internet architecture from scratch? You might think that this is a crazy endeavor, but that's exactly what a research team in Zurich, Switzerland, is doing. And for good reason.In today's episode, we are joined by Nicola Rustignoli, a research assistant at the Network Security Group at ETH Zürich, to take a look at the history of the Internet, its purpose, the challenges it has introduced, and the path forward to an Internet that allows for its intent to be met while maintaining scalability, control, and resiliency. Nicola works on making the Internet more secure and reliable with the SCION Architecture and by helping to start the SCION Foundation.SCION was born as a research project 11 years ago, from the research question: how secure can an Internet be? There's a lot to learn from this project.About the SCION ArchitectureSCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.Why a clean-slate design? Why can't we adopt existing solutions? Is it easy to "replace" the Internet?Listen in to learn more about this exciting program.____________________________GuestNicola RustignoliResearch Assistant at ETH Zürich and Founding Engineer at the SCION Association. On LinkedIn | https://www.linkedin.com/in/nicola-rustignoli-830b7512/On Twitter | https://twitter.com/NicorustiOn YouTube | https://www.youtube.com/channel/UCATqViXMlA0cCroLuoJVAGw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about SCION: https://scion-architecture.net/On LinkedIn: https://www.linkedin.com/company/78769571On Twitter: https://twitter.com/SCIONassociatioOn Facebook: https://www.facebook.com/SCIONinternetSCION Day 2022 videos: https://scion-architecture.net/pages/scion_day_2022/“The Complete Guide to SCION” is coming out with Springer Verlag in June 2022. An old version is open access and available on scion-architecture.netThe White House & 50 more countries recently released a Declaration for the Future of Internet: https://www.whitehouse.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet_Launch-Event-Signing-Version_FINAL.pdfThe FCC recently launched an inquiry about routing security: https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Dr Chris Pierson has held many roles and has been a regular speaker at RSA Conference over the years. What's he up to this year as the event goes back to in-person engagements?As the CEO of BlackCloak, Chris Pierson is looking forward to connecting with peers, partners, customers, and prospects as the world of executive cybersecurity heats up. In addition to seeing friends old and new, Dr Pierson has two sessions in which he will be participating. He shares some insights into both of these sessions. Here's a snippet for each:Collateral Damage: Prepping Your Organization for a Supply Chain AttackSupply chain risks can allow a backdoor into a company. This learning lab will focus on a fast moving scenario that examines risks to a company from hardware and software and will focus on the (1) risk assessment, (2) governance, and (3) response and isolation phases. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate. A Learning Lab with James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLPHacking Back – To Be or Not to Be?Are there options to hack back for ransomware attacks? Without deterrence for ransomware attacks it is unlikely there will be changes to the risk equation that hackers think through. We’ll discuss legal, ethical, operational, and security issues surrounding hacking back and give some insight into potential pitfalls for getting attribution incorrect or causing collateral damage. A law track session with Giorgi Gurgenidze, Founder, GSI Partners and James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP.Chris has some other things up his sleeve as well. Can you say MySpace? 🤔Note: This story contains promotional content. Learn more.GuestChris PiersonOn Linkedin 👉 https://www.linkedin.com/in/drchristopherpierson/On Twitter 👉 https://twitter.com/drchrispierson____________________________Learn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak at RSA Conference: https://itspm.ag/94949aWatch the video here: https://youtu.be/rqu47E8ryXYFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22spAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

For our second Chats On The Road to RSA Conference 2022, we talk about a critical cybersecurity initiative led by the World Economic Forum and the Cyber Threat Alliance. It is about mapping the cybercrime ecosystem and its corresponding panel during this year's conference.Sean and Marco are honored to introduce and tease this important upcoming session on their traditional "Chats On The Road to RSA Conference 2022" with guests: Michael Daniel & Tal Goldstein.About the session:“Although cybercrime is now a national security threat, our understanding of the cybercriminal ecosystem remains limited. The industry needs a holistic map to conduct effective disruption, allocate resources efficiently, and impose meaningful costs on criminal actors. The WEF has initiated a project to develop this map. This panel will discuss the mapping project’s results to date and where it is going.”RSAC 2022 Panel WithMichael DanielModerator | President and Chief Executive Officer, Cyber Threat AllianceTal GoldsteinPanelist | Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre for CybersecurityAmy Hogan-BurneyPanelist | Associate Counsel and General Manager, Digital Crimes Unit, MicrosoftDerek MankyPanelist | Chief of Security Insights & Global Threat Alliances, FortinetTune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsMichael DanielPresident and Chief Executive Officer, Cyber Threat Alliance [@CyberAlliance]On LinkedIn | https://www.linkedin.com/in/j-michael-daniel-7b71a95/On Twitter | https://twitter.com/CyAlliancePrezTal GoldsteinHead of Strategy, Centre for Cybersecurity, World Economic Forum Centre [@wef] for Cybersecurity [@WEFCybersec]On LinkedIn | https://www.linkedin.com/in/tal-goldstein-a7191296/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Mapping the Cybercriminal Ecosystem: https://www.rsaconference.com/USA/agenda/session/Mapping%20the%20Cybercriminal%20Ecosystem____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

GRC is comprised of the ethical management of an organization combined with the organization’s ability to identify, quantify, and manage risk, along with the ability to demonstrate compliance for these things in connection with internal, industry, and regulatory standards, frameworks, and requirements. If defined, implemented, and managed correctly, the organization should be in a strong position to withstand operational challenges and threats they face driven by forces such as market dynamics, competitive landscape, employee behavior, breaks in the supply chain, and exposure to cyberattacks.Join us for this conversation where we will discuss:◾️ What is the current definition of GRC◾️ What are the objectives of GRC plan◾️ What components make up a GRC plan◾️ Who owns the plan, who are the key stakeholders◾️ How does a GRC plan get defined and implemented◾️ What outcomes can a company expect to achieve◾️ How does an organization define and measure success with their GRC plan____________________________GuestKouadjo BiniInformation Security Officer of American State Bank and Trust and Founder Infosec TattleOn LinkedIn | https://www.linkedin.com/in/kentia-bini/On LinkedIn | https://www.linkedin.com/company/infosectattleOn Twitter | https://twitter.com/infosec_tattle____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesAssessing cyber risk in M&A: https://www.ibm.com/downloads/cas/RJX5MXJDNIST risk management framework: https://csrc.nist.gov/projects/risk-management/about-rmf____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/governance-risk-and-compliance-protecting-the-business-with-policies-controls-and-audits-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

How can an industry have so much data and information yet still lack the knowledge necessary to make quick, meaningful, impactful decisions? There could be many reasons, but one is no longer a missing intelligence-sharing platform.In this second chapter of our conversation with CrowdSec CEO, Philippe Humeau, we invite The Hacker Maker, Phillip Wylie, to bring his penetration testing experience and insights. Together we explore the value of investing in the cybersecurity community information sharing platform as a way to do way more than protect your organization. By doing so, we can help secure other businesses and whole communities in the neighbors around you, such as a local hospital that could experience an attack that you've already seen on your network.The value of investing in the security knowledge sharing economy directly impacts IT operations, security operations, businesses, society, and, therefore, humanity.Join us for a philosophical yet fun, thought-provoking conversation that will likely prompt you to not only share this podcast with your friends, colleagues, and peers but also start sharing your cybersecurity insights with your digital neighbors through the power of the CrowdSec platform.Note: This story contains promotional content. Learn more.GuestsPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeauPhillip WylieOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/investing-in-the-crowd-means-investing-in-society-and-humanity-a-crowdsec-story-with-philippe-humeau-and-phillip-wylieAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story