The Cyber Ranch Podcast

This week, Allan is joined by some serious heavy hitters in cyber. Richard Struse (Director for the Center for Threat-Informed Defense at MITRE Engenuity), Jonathan Baker (Director of Research & Development, Center for Threat-Informed Defense at MITRE Enginuity), and Jonathan Reiber (Sr. Director for Cybersecurity Strategy and Policy @ AttackIQ). The four are here to have a conversation about CISA's new BOD that outlines 290 key vulnerabilities that require focus, the coincidental mapping of the CVE database to MITRE ATT&ACK, and the implications for all of us.  Of special note is the fact that ATT&CK is already mapped to NIST SP 800-53, meaning that we now have an opportunity to move bi-directionally from a threat-informed defense or to start with a framework and back into vulnerabilities. The implications for our industry are huge. They also discuss briefly an overview of the bi-partisan work in both the Executive and Legislative branches to further cybersecurity interests and the release of CMMC v 2.0. This show is packed.   Key Takeaways: 01:58 Backgrounds 04:02 CISA – BOD 22-01, highlighting the key 290 known vulnerabilities 07:45 Helping organizations prioritize vulnerabilities 11:31 Starting with either framework or threats: Which is better? 14:18 Seeing through the politics - What is actually happening behind the scenes? 19:07 Developing the mapping 23:54 Since the invention of CVE 26:14 CMMC v 2.0 29:37 How do we change the game? 31:09 Getting a large organization to agree with vulnerability prioritization   Links: Follow Richard Struse on LinkedIn Keep up with Jon Baker on LinkedIn Follow Jonathan Reiber on LinkedIn & his website Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Attack IQ

Mustapha Kebbeh, CISO at Brinks and heavy-hitter in the Dallas/Fort Worth Cyber community, joins Allan again this week as they cover a topic Mustapha noted was absent so far in the series…  Namely, “What is a day in the life of a CISO?” Mustapha and Allan get into details of what they do and don’t do, what their teams do and don’t do, what bits are boring, what bits are surprising, and what bits are the most fun. Join them as they talk about real situations and practical solutions while describing the very best and worst parts of the job. Key Takeaways: 01:41                     Bio 03:00                     A day in the life of a CISO - examples from the last 3 weeks 07:30                     Being a CISO in a company that knows its risk appetite 11:49                     Product Security 13:53                     The most surprising part about being a CISO 15:33                     The most boring part 22:30                     The most fun part 26:08                     What do you wish you could do as a CISO? 29:42                     Mustapha shares what surprises him the most in cyber security   Links: Learn more about Mustapha on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Omar Khawaja is an experienced CISO with a strong technical background, who managed to find some very creative ways to manage his security program that go against his engineering instincts. Join Allan and Omar as they discuss why trust-based security is the more suitable option to have a fundamentally better security program and team.  Hear why Omar and Allan believe that investing in people will pay far more dividends than the latest tech tool.  And more importantly, gain some very practical and concrete tips for managing and measuring your security program.   Key Takeaways: 01:19                     Bio 03:26                     What is wrong with tech-centric security? 06:00                     Using tech tools as nothing more, and using them appropriately 12:22                     Trust, then risk, then control 14:30                     Customer first, always 19:02                     Helping foster a trust-centric culture 28:40                     Culture = mindset = best measurable quality 29:33                     What surprises Omar in cyber security? 32:50                     The “change agent network”   Links: Learn more about Omar on Twitter and LInkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Allan is joined this week by Emilio Escobar, CISO at Data Dog and former VP of Information Security at Hulu. He is also a long-term developer of Ettercap, a comprehensive suite for man-in-the-middle attacks. Like many of us, Emilio started his journey in infosec as a hacker kid, exploring the world through modems and BBSs. Emilio is not a security vendor CISO, but is a CISO for a company that is in the supply chain for many other companies. He has to balance internal and external duties as a result. Come listen as Allan and Emilio discuss the B2B CISO life, the skills required, business alignment, facing customers, and how all of these skills just might define "the modern CISO". And, yes, they even tackle the age-old question, "How technical should a CISO be?"   Key Takeaways: 01:27 Bio 03:10 Security questionnaires and interactions 05:49 Is there a fix to solving vendor risk? 07:17 Utilizing machines for questionnaires 09:33 Leveraging skills 12:50 How technical should a CISO be? 18:01 Understanding other roles in the business 23:48 Balancing internal and external customers 28:17 What surprises you the most in cybersecurity?   Links: Learn more about Emilio on LinkedIn, and Twitter, and learn about Ettercap Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Allan is joined by Sounil Yu, one of cybersecurity's most well-known contributors. Sounil has a long history in cybersecurity, and is also the inventor of The Cyber Defense Matrix and the DIE Triad. Sounil and Allan discuss cyber resilience and contrast it with "antifragility", a notion introduced by Nassim Nicholas Taleb. Sounil argues that in cybersecurity, antifragility should be the goal, and not resilience. Antifragility allows for stronger data protection, as it does not just survive stresses and attacks, but actually encourages them. Sounil explains how antifragility also neatly dovetails with his DIE (Distributed, Immutable, Ephermeral) Triad of data protection, which he contrasts with the CIA (Confidentiality, Intregrity, Avaiability) Triad in the context of the "pets vs. cattle" model. Join Allan as he learns a great deal in a short amount of time from Sounil...   Key Takeaways: 01:23 Bio 02:20 Cyber Defense Matrix 03:10 Is cyber resilience the wrong idea? 04:17 Backups do not equal resilience 05:58 What is antifragility? 09:31 The DIE Triad 14:32 Pets vs. Cattle 18:12 Practical implementation? 20:40 Focusing on recovery 24:28 The Barbell Strategy 27:58 What surprises you in cyber security? Links: Learn more about Sounil on LinkedIn, and Twitter, and learn about the Cyber Defense Matrix Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Allan's guest this week is Erik Bloch. Erik Bloch is a cyber security leader, influencer, and pioneer. He currently sits as Senior Director of Detection and Response at Sprinklr, but has held many rolls in cybersecurity, including being a product manager for SIEM products more than once. This last point is relevant, because it makes it even more surprising that Erik is convinced that the SOC's utility has passed... Join Allan and Erik as they dive deep into why he thinks SOC is failing, the alternatives, what it takes to make an impactful change in incident response, and who to aim it towards. This conversation began when Allan read Erik's article on LinkedIn, “RIP SOC. Hello D-IR". Key Takeaways: 01:16 Bio 02:18 Erik’s article: why is SOC failing? 05:01 What is the alternative? 07:29 Implementing fundamentals where it counts 10:15 Cloud Integration 17:45 Cloud agnostic tooling solution 23:27 The inevitability of a one-stop solution 27:20 Targeting the right audience 28:17 What surprises Erik in cyber security? 30:24 Letting go is not easy Links: Learn more about Erik on LinkedIn, and Twitter, and read his LinkedIn article Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Allan's guest is Samara Williams, Manager of Threat Operations at Cardinal Health, speaker, advocate and passionate member of the threat intelligence community. Samara broke into cyber via a rotational program, sampling many cyber jobs at many cyber companies in a short order - a fantastic start in cyber that turbocharged her maturity and experience. She quickly developed a passion for threat intelligence, and has worked in that space ever since. Join Samara and Allan for a deep dive into threat intel, its pros and cons, its value, and its potential... Key Takeaways: 01:28 Bio 02:56 The love/hate relationship with threat intel: yay or nay? 06:07 The steps to threat intel – breaking it dow 15:14 How threat intel can help bridge tactical & operational Practices 19:57 Having a successful SOC program 22:18 Managing the unknown and practicing the fundamentals 26:17 Making a case for prioritizing threat intel 27:55 What surprises Samara in cyber security? Links: Learn more about Samara on LinkedIn, and check out her TedX talk Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

This week, Allan is joined by Bryan Hurd. Bryan is a multi-talented cyber security professional who has founded and operated programs dating back to the early nineties. Currently Chief of Office for Stroz Friedberg (AON Cyber), he started his career in NCIS, founding the Navy’s first ever cyber counterintelligence program in 1993. Join Bryan and Allan for a masterclass on ransomware, incident response, and preparedness. Having both consulted on ransomware situations many times, they offer a wealth of practical tips, do’s, don’ts, and gotchas. You can also hear their perspectives on the roles and processes in taking appropriate action when crisis hits. This is a longer than usual episode, but that is because it is filled with practical advice based on a great deal of experience. Key Takeaways: 01:20Bio 02:58Is ransomware still the #1 threat to an organization? 07:30Having your incident response team ready and prepared 12:16The roles, processes, and fundamentals of incident response 22:57Modern ransomware extortion components 25:01Encryption & decryption – dealing both strategically 27:10Using software provided by attackers 30:18Response as an executive – being transparent 35:02Public communications 38:41What surprises Bryan in cyber security? Links: Learn more about Bryan on LinkedIn and on Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

In this episode Allan interviews his friend Sameer Sait, former CISO at Amazon, Forcepoint and Arrow Electronics, who joins Allan for a discussion about WHY we measure risk. It is about more than just asking for money. (And who are you actually asking money from? Hint: It is not the Board). How does risk measurement change in the beginning of the CISO’s journey vs. later when the program is more mature? What is the goal of good risk metrics? What is the role of cyber insurance in all this? What about business traction and cooperation with other department’s goals and objectives? And finally, how does measuring risk affect disposition or risk? Key Takeaways: 01:20 Sammer's bio 02:30 Asking for money - it's not from the Board 05:58 Measuring risk: inside-out vs. outside-in 11:20 Approaching management with an objective, not a story 12:38 Working with your team, as a team 14:12 The effects of measuring risk 18:36Analyzing the priorities and their consequences 24:36 Good governance vs. good management 26:22 Transference, remediation, and acceptance 30:57 What surprise Sameer in cybersecurity? Links: Learn more about Sameer on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs

Host Allan Alford interviews his friend Helen Patton, advisory CISO at Cisco, and former CISO at Ohio State University. Helen and Allan discuss the career path of the CISO – specifically what comes after the CISO role has been fulfilled - and how there is not a clear path defined for the post-CISO career. Allan and Helen discuss several models for post-CISO life that they themselves have explored, and that other CISO friends have as well, such as: shifting back and forth from CISO to vendor, shifting back and forth between CISO and advisory CISO roles at VC’s and other entities, becoming CIOs or CTOs, etc. Helen explains how there is no clearly defined path for a post-CISO life, how no mentors are available to aid with that transition, but also how CISOs can decide to simply change their roles as a CISO. She explains a little bit more about her advisory CISO life and the internal and emotional differences between it and a conventional practitioner CISO role. Key Takeaways: 0:26 – Intro 1:12 – Helen briefly explains about her background in cyber and about her day job. 2:55 – Helen explains what is the post-CISO life? 5:54 – What are Helen’s thoughts on the different roles of CISOS? 9:21 – How many people are changing from CISO to a consultancy role? 11:04 – Has Helen seen anyone making such transitions and being successful over time? 12:48 – Hypothetically what would happen if there was a major technology shift, but a CISO wasn’t there to supervise it due to being in a non-practitioner role at the time. Would she be missing out on it on critical CISO skills? 15:12 – Helen explains a little bit more about her advisory CISO life. 18:07 – What happens when Helen gets approached by startups who want feedback? Does she see them as competition? Are they up for having conversations with her? 20:47 – Can a CISO become a CEO? 22:37 – Who should the CISO be reporting to and why? 25:34 – What other post-CISO activities are there for CISOS that may not be a fulltime role, such as boards, teaching, writing, speaking? 28:32 – What surprises Helen the most in cyber security? Links: Learn more about Helen on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs