CISO Perspectives (public)

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the meaning of cybersecurity materiality.References:Amy Howe, 2024. Supreme Court strikes down Chevron, curtailing power of federal agencies [Blog] Cydney Posner, 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Explainer]. The Harvard Law School Forum on Corporate Governance.Cynthia Brumfield, 2022. 5 years after NotPetya: Lessons learned Analysis]. CSO Online.Eleanor Dallaway, 2023. Closed for Business: The Organisations That Suffered Fatal Cyber Attacks that Shut Their Doors For Good [News]. Assured.Gary Cohen, 2021. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist [Explainer]. Industrial Cybersecurity Pulse.James Pearson, 2022. Russia downed satellite internet in Ukraine [News]. Reuters.Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance.Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Cybersecurity Canon Hall of Fame Book]. Goodreads.Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission.MATTHEW DALY, 2024. Supreme Court Chevron decision: What it means for federal regulations [WWW Document]. AP News.Rick Howard. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book Review]. Cybersecurity Canon Project.Rick Howard, 2021. Using cyber sand tables to study the DNC hack of 2016. [Podcast]. The CyberWire.Rick Howard, 2022. Cyber sand table series: OPM. [Podcast and Essay]. The CyberWire.Staff, 2020. Qasem Soleimani: US strike on Iran general was unlawful, UN expert says [Explainer]. BBC News.Staff, 2023. Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure [Government Guidance]. U.S. Securities and Exchange Commission.Staff, 2024. Number of Public Companies v. Private: U.S. [Website]. Advisorpedia. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the idea that Cybersecurity is radically asymmetrically distributed. It means that cybersecurity risk is not the same for all verticals and knowing that may impact the first principle strategies you choose to protect your enterprise.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.References:André Munro, 2024. Liberal democracy [Explainer]. Encyclopedia Britannica.David Weedmark, 2017. Why do some states require emissions testing? [Explainer]. Autoblog.Kara Rogers, 2020. What Is a Superspreader Event? [Explainer]. Encyclopedia Britannica.Lara Salahi, 2021. 1 Year Later: The ‘Superspreader’ Conference That Sparked Boston’s COVID Outbreak [News]. NBC10 Boston.Malcolm Gladwell, 2002. The Tipping Point: How Little Things Can Make a Big Difference [Book]. Goodreads.Malcolm Gladwell, 2005. Blink: The Power of Thinking Without Thinking [Book]. Goodreads.Malcolm Gladwell, 2008. Outliers: The Story of Success [Book]. Goodreads.Malcolm Gladwell, 2019. Talking to Strangers: What We Should Know About the People We Don’t Know [Book]. Goodreads.Malcolm Gladwell, 2021. The Bomber Mafia: A Dream, a Temptation, and the Longest Night of the Second World War [Book]. Goodreads. Malcom Gladwell, 2024. Medal of Honor: Stories of Courage [Podcast]. Pushkin Industries.Malcolm Gladwell. Revisionist History [Podcast]. Pushkin Industries.Michael Lewis, 2003. Moneyball: The Art of Winning an Unfair Game [Book]. Goodreads.Michael Lewis. Against the Rules [Podcast]. Pushkin Industries.Nassim Nicholas Taleb, 2007. The Black Swan: The Impact of the Highly Improbable [Book]. Goodreads.Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Diagram]. N2K CyberWire.Rick Howard, 2023. Cybersecurity moneyball: First principles applied to the workforce gap. [Podcast]. The CyberWire.Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.Robert Soucy, 2024. Fascism [Explainer]. Encyclopedia Britannica.Staff, 2022. Information Risk Insights Study: A Clearer Vision for Assessing the Risk of Cyber Incidents [Report]. Cyentia Institute.Staff. Congressional Medal of Honor Recipients [Website]. Congressional Medal of Honor Society.Staff. North American Industry Classification System (NAICS) [Website]. U.S. Census Bureau. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the current state of zero trust with CyberWire Hash Table guest John Kindervag, the originator of the zero trust idea.References:Jonathan Jones, 2011. “Six Honest Serving Men” by Rudyard Kipling [Video]. YouTube.Dave Bittner, Rick Howard, John Kindervag, Kapil Raina, 2021. Zeroing in on zero trust. [Podcast]. CyberWire-X Podcast - N2K Cyberwire.Dawn Cappelli, Andrew Moore, Randall Trzeciak, 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) [Book]. SEI Series in Software Engineering). Goodreads. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst.References:Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate.Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire.Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant.Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber’s Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene’s VP of Information Security.References:Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium.Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE.Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation.Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading.Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire.Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire.Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire.Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube.SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle.Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper]Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta.References:John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks.Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag.Lance Whitney, 2023. No More Passwords: How to Set Up Apple’s Passkeys for Easy Sign-ins [Explainer]. PCMag.Rick Howard, 2022. Two-factor authentication: A Rick the Toolman episode [Podcast]. CSO Perspectives Podcast - The CyberWire.Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Rick Howard, 2023. Cybersecurity First Principles Appendix [Book Page]. N2K CyberWire.Rick Howard, 2023. passkey (noun) [Podcast]. Word Notes Podcast - The CyberWire.Staff, 2023. 2023 Gartner® Magic QuadrantTM for Access Management [Report]. Okta. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene’s VP of Security, and Milad Aslaner, Sentinel One’s XDR Product Manager.References:Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber.Daniel Suarez, 2006. Daemon [Book]. Goodreads.Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet.Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation.Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services.Nir Zuk, 2018. Palo Alto Networks Ignite USA ’18 Keynote [Presentation]. YouTube.Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube.Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat.Rick Howard, 2020. Daemon [Podcast]. Word Notes.Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire.Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub.Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike.Staff, 2020. Log Formats – a (Mostly) Complete Guide [Explainer]. Graylog.Stephen Watts, 2023. Common Event Format (CEF): An Introduction [Explainer]. Splunk.Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy D’Hoinne, 2023. Market Guide for Extended Detection and Response [Essay]. Gartner. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO.References:Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption.Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes.Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb.Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica.David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance.Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360.Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn.Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post.Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book]. Goodreads.Kim Zetter, 2023. SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY.Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED. Rick Howard, 2022. Cyber sand table series: OPM [Podcast]. The CyberWire - CSO Perspectives Podcast.Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Pam Baker, 2021. The SolarWinds hack timeline: Who knew what, and when? [Timeline]. CSO Online.Staff, 2009. Generally Accepted Accounting Principles (Topic 105) [Standard]. PWC.Staff. 30 October 2023. SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures [Website]. The U.S. Securities and Exchange Commision.Staff, 31 October 2023. Securities and Exchange Commission v. SolarWinds Corporation and Timothy G. Brown, No. 23-civ-9518 (SDNY) [Case]. The Securities and Exchange Commission.Staff, 29 March 2024. Cooley, Cybersecurity Leaders File Brief Opposing SEC’s SolarWinds Cyberattack Case [Press Release]. Cooley.Stephanie Pell, Jennifer Lee , Shoba Pillay, Jen Patja Howell, 2024. The SEC SolarWinds Enforcement Action [Podcast]. The Lawfare Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day.References:Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online.Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY.Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History.Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY.General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube.JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College.John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music.John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe.Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times. Paul Robeson, 2021. John Brown’s Body [Song]. YouTube.Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb.Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College.Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust.Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives. Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.”References:Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads.Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University.Rick Howard Cybersecurity Canon ConciergeCybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.RSA Conference BookstoreJC Vega: May 6, 2024 | 02:00 PM PDTRick Howard: May 7, 2024 | 02:00 PM PDTHelen Patton: May 8, 2024 | 02:00 PM PDTRick Howard RSA Birds of a Feather Session: I'm hosting a small group discussion called “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion.If you want to engage in a lively discussion about the infosec profession, this is the event for you. May. 7, 2024 | 9:40 AM - 10:30 AM PTRick Howard RSA Book SigningI published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you.RSA Conference BookstoreMay 8, 2024 | 02:00 PM PDTRick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.Rick Howard Cyware Panel: The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103May 8, 2024 | 8:30am-11am PSTSimone Petrella and Rick Howard RSA Presentation: Location: Moscone South Esplanade levelMay. 9, 2024 | 9:40 AM - 10:30 AM PTSimone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices