DrZeroTrust

30% of dark web operators are women, according to TrendMicro.  That means more women are operating in the criminal side of cyber than on the defender side, wow.  The TSA is pushing new requirements for airports and airlines, but how secure are they and the FAA?  Layoffs are showing up in cyber, even though companies are doubling or even tripling their profits in the only market that has negative unemployment.  Why?  What does that tell us about those companies and their strategic execution?  Some tips on what to do if you are a business user of Lastpass.  And more on this episode!

US SOCOM had emails exposed to the internet for weeks thanks to a cloud misconfiguration.  Surely it's not still messed up?  Is the US Treasury as secure as it should be in regards to cyber?  What about using ChatGPT to send emails to students when a mass casualty event occurs?  Good or bad idea?  Does the Supreme Court understand the technology they are enforcing and drafting laws about?  What about section 230 and the big tech providers?  50% of CISO's say they are burnt out and it's only February, how can we help one another?  Those questions, my dog goes bonkers, and more on this episode!

Should we worry about the spy balloon?  Why not?  Gartner published some "research" on Zero Trust and how they don't see the strategy as a silver bullet.  Awesome.  Let's analyze that game changing paper.  Venturebeat also published a report on how to get wins from your Zero Trust endeavors this year, what should we pay attention to there?  Why wasn't cyber a topic during the State of the Union?  PWC published a good report on the executive sponsorship for security in large organizations, what can we learn there?  Those topics and more on this episode!

Can we have a national and international strategy that addresses ransomware?  How would that work?  Is it better to address the "how" of those attacks or the "why"?  What should we do to remove the incentive for these attacks?  Would a US first approach make us a bigger target?  What about kinetic attacks on those hacker groups?  Those questions and more on this super episode!

What happens when marketing attacks and goes "bold" without really understanding their position?  Is it smart to also not pay attention to your social profiles (lol)?  Why is the DoD Red Teaming their ZT providers?  Should you do the same as part of your strategy?  Why not?  Organizations aren't taking cyber warfare seriously according to Armis research, but why?  Is that wise?  Blackberry says malware is basically published at a rate of about one new sample per minute, wow!  And Akamai has published some research on the Windows CryptoAPI, what does that mean?  Those points and more on this episode!

What the h*ll is quantum really?  Why should we care?  Does cracking an algorithm with quantum change the balance of power globally?  Is quantum potentially a WMD?  How can this technology be used by our government and others?  What about the banking system and quantum applications and risks?  Those questions and more on this very nerdy episode!

Checkpoint released a report on the wrap up from 2022, what can we learn from that analysis?  It's a super cool report by the way, ping me for the link!  How secure or insecure are the education systems in the US?  Can I find some glaring issues?  China wants to "work with" the UN on addressing disinformation, ok.  Lol, sure.  What do they mean?  A major shipping system is hit with ransomware, uh oh!  Orange published some research on the criminal mindset and motivations for ransomware operators.  Wow that is very interesting, but what should we take away from that research?  Norton got problems y'all, what can we learn from the problems they face?  Those points and more on this episode!

Is TikTok really a threat to national security?  Why should we be concerned about this app?  Should your kids be on this thing?  What are the implications for national security and those folks who have clearances?  Where does this all go in the next year?  What about social media and the justice system?  Are you still able to get a fair trial in today's news cycle focused world?  How does that affect our future?  Those questions and more on this one with an expert who served in the FBI!

Welcome to 2023 y'all.  Let's get into the new year by looking at some news you need to know.  A major FAA system went down and caused an outage for all of Florida.  How secure is the FAA, and what about other airport safety systems?  Surely, no misconfigurations there.  Right?  Links to study guides for OSCP cert via Reddit, pretty cool huh?  A hospital was hit with ransomware then the bad guys gave the key away for free.  What does that reveal about the business model for those threat actors?  The best example of how "useful" GDPR is, via a hack.  Lol.  Those points and more on this one!

Okta has an issue with their source code and a Github breach.  Does that matter, and if so why?  Is the FDA asking for more funding a real issue, and are they secure enough to be mandating legislation?  1password published an interesting analysis on the state of access for 2022, what can we learn from that?  What about this ChatGPT thing, how can it be useful and is it a threat?  And the most egregious example of combining marketing, social media, TikTok, and a lie that have influenced millions is discussed.  Those points and more on this episode!