DrZeroTrust

Why are security leaders going "scorched earth" when they leave employers?  How can an organization better be prepared to deliver on their promises?  Does ethics apply in technology (it sure should)?  What's the right and wrong way to go about blowing the whistle when the need is there?  Does money paid out call into question the motives for speaking out?  Is it better to go out with a bang or just fade away?  Some hard hitting questions on this one!

What a wake up call this week when working with SMB's on their cyber security strategy and the reality of the space.  Do SMB's use outsourced security, and is that smart?  Does that hurt their overall awareness?  Why aren't things getting patched the way they should even when we have been notified by CISA and others of "critical vulnerabilities"?  Does the upcoming legislation around semi-conductors and silicon pointed at China have any impact on our national security and cyber future?  Those questions and a few more on this one.

Is the news media collaborating to manipulate our collective consciousness?  How would that happen?  Is local news "more true" than national news?  What about OPSEC for the war in Ukraine?  Could an organization cause a kinetic attack based on pictures that came from soldiers sharing via social media?  How does politics play into the space around cyber and disinformation?  Some hard hitting questions in this one to ponder.

How can you secure no code or low code applications?  Is devsecops a real thing?  Does anyone actually do this?  How should organizations look at the risks from these types of "factory made" apps?  Why is the 8200 unit such a big thing in the Israeli cyber scene?  What types of pricing make sense for security applications that you might not own?  How should the market approach the future of application security in an all cloud world?  Those questions and more on this one.

An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware attacks.  Surely that means they have their stuff on lock and have no misconfigured assets, right?  Google has an AI and privacy program that seem to be intersecting and could impact all of us, and Apple is dealing with those issues as well.  How do we handle this problem?  According to new research from Tessian "apathy" is the biggest vulnerability for an organization, but don't we train our folks enough to mitigate that risk?  Those questions and more on this episode.

Do enterprises really buy Zero Trust?  How should they think about a strategic approach to a problem.  What about rip and replace?  Are there no-go's when it comes to working to help an enterprise adopt ZT?  Where do they budget for these endeavors?  Is this only a big business problem?  Those questions and more on this episode.

Okta's Zero Trust study.  What does it say about the market and the growth of ZT?  More cyber insurance shenanigans, why does this keep coming up?  Should we really use this "service"?  Water treatment plant is hacked in the UK, but is it really a clear case of compromise?  What happens if you try and send someone shit in a box (literally) and the service is hacked?  Is that a PII violation, or HIPPA or what?  How many devices are out there that are possibly exploitable right now (hint, it's a lot!).  Those questions and more on this episode.

Truths about selling into the channel market with a real expert.  How should your organization go about selling to a channel?  Is the market different?  How can you use those partners smarter?  Do you have to sell twice?  What shouldn't you do to leverage that channel?  How can you optimize your channel approach and force multiply your sales efforts?  Those points and more on this episode!

How hard is it to find "internal use only" files with a simple crafted search?  How about spreadsheets with passwords and admin logins?  What should we think about this whole Trello thing?  What happened when I got phished (yup, they got me).  Was it even a problem?  Is the national emergency alert system really vulnerable?  How big does the Zero Trust market get in the next 9 years?  Those points and more on this episode!

Are there potential ways to attack a nuclear site via online misconfigurations?  What about water as a vital national resource, can you attack a water supply system?  Or a dam?  Are containers inherently secure, and does that matter when they are part of a cluster?  PE firms keep buying up the security market players, is there an anti-trust issue there?  Is your threat intelligence service pulling in IOC's from US Cyber Command?  Was the Pelosi visit part of a cyber attack?  Does that matter and is it cyberwarfare?  Weak security in the system used to track organ transplant systems, that's ok right?  And some points on how to stay motivated (lol) and my thoughts on dealing with trolls online.  My cool new swag from Lumu and more on this episode.  Check it out!