DrZeroTrust

Is the news media collaborating to manipulate our collective consciousness?  How would that happen?  Is local news "more true" than national news?  What about OPSEC for the war in Ukraine?  Could an organization cause a kinetic attack based on pictures that came from soldiers sharing via social media?  How does politics play into the space around cyber and disinformation?  Some hard hitting questions in this one to ponder.

How can you secure no code or low code applications?  Is devsecops a real thing?  Does anyone actually do this?  How should organizations look at the risks from these types of "factory made" apps?  Why is the 8200 unit such a big thing in the Israeli cyber scene?  What types of pricing make sense for security applications that you might not own?  How should the market approach the future of application security in an all cloud world?  Those questions and more on this one.

An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware attacks.  Surely that means they have their stuff on lock and have no misconfigured assets, right?  Google has an AI and privacy program that seem to be intersecting and could impact all of us, and Apple is dealing with those issues as well.  How do we handle this problem?  According to new research from Tessian "apathy" is the biggest vulnerability for an organization, but don't we train our folks enough to mitigate that risk?  Those questions and more on this episode.

Do enterprises really buy Zero Trust?  How should they think about a strategic approach to a problem.  What about rip and replace?  Are there no-go's when it comes to working to help an enterprise adopt ZT?  Where do they budget for these endeavors?  Is this only a big business problem?  Those questions and more on this episode.

Okta's Zero Trust study.  What does it say about the market and the growth of ZT?  More cyber insurance shenanigans, why does this keep coming up?  Should we really use this "service"?  Water treatment plant is hacked in the UK, but is it really a clear case of compromise?  What happens if you try and send someone shit in a box (literally) and the service is hacked?  Is that a PII violation, or HIPPA or what?  How many devices are out there that are possibly exploitable right now (hint, it's a lot!).  Those questions and more on this episode.

Truths about selling into the channel market with a real expert.  How should your organization go about selling to a channel?  Is the market different?  How can you use those partners smarter?  Do you have to sell twice?  What shouldn't you do to leverage that channel?  How can you optimize your channel approach and force multiply your sales efforts?  Those points and more on this episode!

How hard is it to find "internal use only" files with a simple crafted search?  How about spreadsheets with passwords and admin logins?  What should we think about this whole Trello thing?  What happened when I got phished (yup, they got me).  Was it even a problem?  Is the national emergency alert system really vulnerable?  How big does the Zero Trust market get in the next 9 years?  Those points and more on this episode!

Are there potential ways to attack a nuclear site via online misconfigurations?  What about water as a vital national resource, can you attack a water supply system?  Or a dam?  Are containers inherently secure, and does that matter when they are part of a cluster?  PE firms keep buying up the security market players, is there an anti-trust issue there?  Is your threat intelligence service pulling in IOC's from US Cyber Command?  Was the Pelosi visit part of a cyber attack?  Does that matter and is it cyberwarfare?  Weak security in the system used to track organ transplant systems, that's ok right?  And some points on how to stay motivated (lol) and my thoughts on dealing with trolls online.  My cool new swag from Lumu and more on this episode.  Check it out!

Can I find privacy violations with Shodan?  What companies are using hackable unpatched scada systems that are misconfigured?  Can we find osint on a company that has government contracts but is not secure?  Why is phishing training still a multi-billion dollar business when a variety of reports indicate that the numbers for that "defense" don't justify that expense?  Is the government really as secure as we think they are?  What about finding illegal violations of compliance mandates in ics systems?  Isn't breaking the law a bad thing?  Those questions and more on this podcast!  

More ideas and thoughts around applying Zero Trust to cloud workloads and kubernetes.   How should we think about the inherent vulnerabilities in these application development environments?  How can you secure something that only exists for minutes at a time?  Can you use open source solutions to approach the problems in this space?  Do developers really need to be security engineers, and should security people know how to build apps to make things more secure?  Check this one out and look for a video demo on Tigera.io and their open source Calico solution soon!