CISO Perspectives (public)

One way to reduce the risk of software supply chains is with a concept called a Software Bill of Materials (SBOMs). Standards bodies have been slowly working in the background for the past decade to move this concept into reality. On this episode Rick Howard discusses the current state of SBOMs, and throws some Rick the Toolman in as well. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.” Learn more about your ad choices. Visit megaphone.fm/adchoices

In order to understand the current state of the cybersecurity landscape, you must understand the history of how we got here. Rick summarizes the history along several threads: Firsts, adversary playbook names, government-commercial-academic entities, important papers and books, people, law, technologies, tools, and strategy-tactics. Learn more about your ad choices. Visit megaphone.fm/adchoices

We’ve been wrestling with the idea of software development methodologies (Waterfall, Agile), infrastructure-as-code (cloud deployments, DevOps, DevSecOps) and coding best practices (OWASP, BSIMMS, SAMM) going on for two decades now. These are not independent systems. They overlap and interact. Up to this point, at least for the security side, they have been manual tasks, toil, that are prone to mistakes. We all know that automation can reduce the impact, at least be consistent with mistakes we make, and can offer a uniform fix across the enterprise once we have decided what to do. Automation is the key first principle strategy to get this done and DevOps/DevSecOps is the tactic we will all use to get there.Rick Howard takes us through the topic.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

Big thinkers from Lockheed Martin (kill chain), the Department of Defense (Diamond Model), and Mitre (ATT&CK Framework) gave us the blueprints of how to do intrusion kill chain prevention over a decade ago. It’s taken us that long for the rest of us mere cybersecurity mortals to get our heads around the key concepts. Rick Howard takes us through the models.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this “Rick the Toolman” episode, Rick rethinks vulnerability management as a first principle zero trust tactic.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

The 2014 OPM hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the OPM hack on the cyber sand table to see what might have been done differently.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.To access CyberWIre Pro only bonus material for CSO Perspectives, listen here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, the CyberWire’s CSO and Chief Analyst, is joined by Hash Table member Amanda Fennell, the Relativity CIO and CSO, to discuss strategies and tactics to reduce digital supply chain risk.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick explains the history of digital supply chains and the potential future of securing them.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, the CyberWire’s CSO and Chief Analyst, chats with Steve Winterfeld, the Akamai Advisory CISO, and Errol Weiss, the Health-ISAC CSO, about recommended sources of infosec content that they found valuable in 2021.Links to content mentioned in the show:Documentaries“Kill Chain: The Cyber War on America’s Elections,” by Harri Hursti, Published by HBO, 26 March 2020. “The Perfect Weapon.” by David Sanger, Published by HBO, 16 October 2020.Podcasts“Darknet Diaries – True Stories from the Dark Side of the Internet,” by Darknetdiaries.com, 25 January 2022.“The Lazarus Heist,” BBC, 2021.Books“Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019.“This Is How They Tell Me the World Ends the Cyberweapons Arms Race,” by Nicole Perlroth, Published by Bloomsbury Publishing 9 February 2021. Author Interviews“A Conversation with Nicole Perlroth, Author of ‘This Is How They Tell Me the World Ends,’” American Writers Museum, YouTube, 2 March 2021.“Andy Greenberg - Sandworm: Lessons from the Cyberwar,” by CS3STHLM, YouTube, 25 October 2021. “Bonus: Cybersecurity Canon Hall of Fame Interview with Andy Greenberg,” By Rick Howard, The CyberWire, 12 July 12 2021.‌“‘Sandworm’ Author Andy Greenberg,” by David Bittner, The CyberWire, 11 November 2019. ‌Video Content“LockPickingLawyer.” YouTube, 2022.“RSA Conference.” YouTube, 2022.Twitter Subject Matter ExpertsPhil Venables (@philvenables)Bonus - Gate 15 / Andy Jabbour (@Gate_15_Analyst)Errol Weiss (@errolw65)Rick Howard (@raceBannon99)News and Topic Summaries“Daily Briefing.” The CyberWire, 2022.“SmartBrief.” SmartBrief, 2018.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices