Rick recommends podcasts and books that he found valuable in 2021, and makes the case for why reading books and listening to podcasts makes security professionals better students of the cybersecurity game. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
In this “Rick the Toolman” episode, Rick interviews Jon Oltsik, from the Enterprise Strategy Group, on the current state and future of XDR. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
In this “Rick the Toolman” episode, Rick breaks down XDR in terms that busy security executives can understand and apply to their first principle security strategy. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
In this episode of CSO Perspectives, Rick Howard examines the MITRE ATT&CK® framework for the security executive. Rick explains how your infosec team can use it to support your intrusion kill chain strategy. More importantly, Rick describes the framework in terms that busy security executives can understand. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
The 2016 DNC hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the DNC hack on the cyber sand table to see what might have been done differently with host Rick Howard, the CyberWire’s CSO and Chief Analyst. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn mor...
Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” On the Hash Table...
Security compliance is a cybersecurity first principle strategy. Can security compliance add value to your organization as a first principle strategy? Or is it a distraction? In this session, we learn about the value of technology compliance and compliance technologies. Rick digs into the fundamentals of compliance and reviews case studies that reveal the potential material impact to your organization due to a compliance incident. As Rick says, “Compliance is a ticket to ride.” Cybersecurity pro...
Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. With the world of cyber defense and threat intelligence upside down, Rick and the Hash Table discuss the history of shifting the offense/defense balance, the three components of a proactive ...
Adversary playbooks as a cybersecurity first principle strategy. They told us the adversary has an asymmetric advantage; that cyber defense has to be right every time while the offense only has to get it right once. Rick proves that proactive defense and adversary playbooks can flip that dynamic on its head. Cybersecurity professional development and continued education. You will learn about: adversary playbooks and proactive defense, flipping the offense/defense balance, the 3 components of a p...
Orchestrating the security stack is a cybersecurity first principle strategy. Our security stack has grown unwieldy. The complexity breeds vulnerability. Orchestration may be our only hope. Rick reviews SOAR/SIEM platforms, SASE, and DevSecOps strategies from the perspective of orchestrating the security stack. He discovers key methods to build zero trust, intrusion kill chain prevention, resiliency, and risk forecasting within these tools. The Hash Table identifies data governance and policy st...
Orchestrating the security stack is a cybersecurity first principle strategy. Our security stack has grown unwieldy. The complexity breeds vulnerability. Orchestration may be our only hope. Rick reviews SOAR/SIEM platforms, SASE, and DevSecOps strategies from the perspective of orchestrating the security stack. He discovers key methods to build zero trust, intrusion kill chain prevention, resiliency, and risk forecasting within these tools. Cybersecurity professional development and continued ed...
Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. The Hash Table provides tangible enterprise backup strategies that encompass centralized, decentralized, and DevSecOps techniques, business continuity and disaster recovery plans, and engaging the Executive team in crisis scena...
Enterprise backups as a cybersecurity first principle strategy. This session covers the riveting topic of enterprise backup schemes to improve resilience. Rick discusses the value of data backups, workflow models, recent ransomware trends, and platforms for each use case. In data backups, nothing is easy, but Rick breaks it down to first principles and makes it understandable. Cybersecurity professional development and continued education. You will learn about: backup tools and platforms, workfl...
Enterprise encryption is a cybersecurity first principle strategy. Encryption is like mortar to our first principle wall. It holds together resilience and zero trust for material data. Rick explains the history of famous cryptographic techniques, dives into SolarWinds as an example of zero trust and encryption failure, and identifies some strategies to help implement encryption for data at rest and data in motion. The Hash Table reveals a risk-based approach to deploying encryption and makes a s...
Enterprise encryption is a cybersecurity first principle strategy. Encryption is like mortar to our first principle wall. It holds together resilience and zero trust for material data. Rick explains the history of famous cryptographic techniques, dives into SolarWinds as an example of zero trust and encryption failure, and identifies some strategies to help implement encryption for data at rest and data in motion. Cybersecurity professional development and continued education. You will learn abo...
Rick Howard, the CyberWire’s CSO and Chief Analyst, is joined by Hash Table members Gary McAlum, former USAA CSO, and Dawn Cappelli, the Rockwell Automation CISO, to discuss CxO professional development. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Helen Patton, CISO for Duo Security’s Advisory, and Nikk Gilbert, CISO for the Cherokee Nation Businesses, to discuss how to buy security products. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Ann Johnson, Microsoft’s Corporate VP on Security, Compliance, & Identity, and Ted Wagner, the SAP National Security Services CISO, t0 discuss supply chain as a new CISO responsibility. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Jerry Archer, Sallie Mae's CSO, and Greg Notch, the National Hockey League's CISO, to discuss identity as a new CISO responsibility. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Bob Turner, University of Wisconsin at Madison CISO, and Tom Quinn, T. Rowe Price CISO, to discuss IoT as new CISO responsibilities. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Helen Patton, Duo Security at Cisco Advisory CISO, Steve Winterfeld, Akamai Advisory CISO, and Marc Sachs, Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security's Deputy Director for Research, to discuss cybersecurity strategies and tactics in the energy sector. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Denise Anderson, Health-ISAC President and CEO, Errol Weiss, Health-ISAC CSO, and Rick Doten, Carolina Complete Health CISO, to discuss cybersecurity strategies and tactics in healthcare. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Gary McAlum, USAA’s former CSO, Jerry Archer, Sallie Mae’s CSO, and Steve Winterfeld, Akamai’s Advisory CISO, to discuss cybersecurity strategies in finance and antifraud. Learn more about your ad choices. Visit megaphone.fm/adchoices
Third party cloud platforms as a cybersecurity first principle strategy. As we learned from the deep dive into Azure, AWS, and GCP, none of the primary cloud providers check the box for every security first principle. To do so, Rick looks at third party cloud security providers. In this session, Rick and the Hash Table discuss big security platforms like Fortinet, Cisco, Check Point, and Palo Alto Networks. We discover that comprehensive security orchestration across all data islands is the key,...
Third party cloud platforms as a cybersecurity first principle strategy. As we learned from the deep dive into Azure, AWS, and GCP, none of the primary cloud providers check the box for every security first principle. To do so, Rick looks at third party cloud security providers. In this session, Rick discusses big security platforms like Fortinet, Cisco, Check Point, and Palo Alto Networks. We discover that comprehensive security orchestration across all data islands is the key, so much so that ...
Google Cloud Platform (GCP) adoption with cybersecurity first principle strategies. In this session looking at cloud platforms through the lens of first principle thinking, Rick and the Hash Table review the Google Cloud Platform (GCP). They identify some fundamental architectural differences between GCP and the other cloud providers that make GCP more effective at zero trust. The Hash Table gives their detailed technical advice about data management and risk assessments through GCP, strategies ...
Google Cloud Platform (GCP) adoption with cybersecurity first principle strategies. In this session looking at cloud platforms through the lens of first principle thinking, Rick Howard reviews the Google Cloud Platform (GCP). He identifies some fundamental architectural differences between GCP and the other cloud providers that make GCP more effective at zero trust. Cybersecurity professional development and continued education. You will learn about: GCP networking, GCP security strategy and dat...
Amazon AWS adoption with cybersecurity first principle strategies. In this second session reviewing cloud platforms through the lens of first principle thinking, Rick and the Hash Table review Amazon Web Services (AWS). They discuss how AWS supports, or doesn’t support, strategies of resilience, zero trust, intrusion kill chains, and risk assessments. The Hash Table gives their detailed technical experiences and strategies using AWS to support cybersecurity. Jerry Archer, Merritt Baer, and Mark ...
Amazon AWS adoption with cybersecurity first principle strategies. In this second session reviewing cloud platforms through the lens of first principle thinking, Rick Howard reviews Amazon Web Services (AWS). He discusses how AWS supports, or doesn’t support, strategies of resilience, zero trust, intrusion kill chains, and risk assessments. Cybersecurity professional development and continued education. You will learn about: AWS networking and API techniques, DevSecOps in a cloud environment, AW...
