Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Rick Howard, 2024. Tracers in the Dark: The Global Hunt...
May 06, 2024•17 min•Season 10Ep. 5569
In this bonus episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adop...
Jan 15, 2024•32 min•Season 1Ep. 48
The CyberWire honors U.S. veterans on the national holiday. Learn more about your ad choices. Visit megaphone.fm/adchoices
Nov 12, 2023•19 min
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai’s Advisory CISO. Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies...
Aug 26, 2023•18 min•Season 9Ep. 88
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of cybersecurity risk forecasting with guests Fred Kneip, CyberGRX’s founder and President of ProcessUnity, and Kevin Richards, Cyber Risk Solutions President. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083 . Howard, R., 2023. Bonus Episode: 2023 Cybersecurity C...
Aug 21, 2023•20 min•Season 9Ep. 87
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Distributed Denial of Service (DDOS) prevention with CyberWire Hash Table guests Steve Winterfeld, Akamai’s Field CSO, and Jim Gilbert, Akamai’s Director Product Management, and Rick Doten, the CISO for Healthcare Enterprises and Centene. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Stra...
Aug 14, 2023•18 min•Season 9Ep. 86
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the meaning of quantum computing through a cybersecurity perspective with CyberWire Hash Table guests Dr. Georgiana Shea, Chief Technologist at the Foundation for Defense of Democracies, and Jonathan France, the Chief Information Security Officer at ISC2. Research contributors include Bob Turner, Fortinet’s Field CISO – Education, Don Welch, New York University CIO, Rick Doten, CISO at Healthcare Enterprises and Cente...
Aug 05, 2023•18 min•Season 9Ep. 85
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses cybersecurity first principle strategies with CJ Moses, CISO of AWS. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083 . Staff, 2022. AWS Security Profile: CJ Moses, CISO of AWS [Bio]. Amazon Web Services. URL https://aws.amazon.com/blogs/security/aws_security_profile_cj_moses_ciso_...
Jul 31, 2023•18 min•Season 9Ep. 84
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, formerly the CyberWire, discusses how to use the cybersecurity first principle strategy of zero trust with commercial applications and in-house software development. Chris Niggel, Okta Field CSO, joins him for the discussion. Howard, R., Bittner, D., 2023. What is data centric security and why should anyone care? [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cyberwire-x/46/notes . Howard, R., 2020. Your securi...
Jun 03, 2023•12 min•Season 9Ep. 83
Rick Howard, The CyberWire’s Chief Analyst, CSO, and Senior Fellow, and the cast of the entire CyberWire team, honor our U.S. veterans on this Memorial day. Learn more about your ad choices. Visit megaphone.fm/adchoices
May 29, 2023•19 min•Season 9Ep. 5568
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles. Learn more about your ad choices. Visit megaphone.fm/adchoices
May 22, 2023•40 min•Season 9Ep. 82
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Dan Gardner about this 2023 Cybersecurity Canon Hall of Fame book: “Superforecasting: The Art and Science of Prediction.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Apr 26, 2023•19 min•Season 9Ep. 5567
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Nicole Perlroth about her 2023 Cybersecurity Canon Hall of Fame book: “This Is How They Tell Me the World Ends.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Apr 25, 2023•15 min•Season 9Ep. 5566
Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, and Andy Hall, Cybersecurity Canon Committee Member, discuss the 2023 Cybersecurity Canon Hall of Fame book inductee: “The Hacker and the State” by Ben Buchanan. Learn more about your ad choices. Visit megaphone.fm/adchoices
Apr 24, 2023•17 min•Season 9Ep. 5565
Chaos Engineering started in the mid 2000s. It was made famous by the Netflix engineering team under an internal app they developed, called Chaos Monkey, that randomly destroyed pieces of their customer-facing infrastructure, on purpose, so that their network architects could understand resilience engineering down deep in their core. But the concept is much more than simply destroying production systems to see what will happen. This elevates the idea of regression testing to the level of the sci...
Mar 13, 2023•24 min•Season 9Ep. 81
The 2021 Colonial Pipeline ransomware attack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. This show puts the Colonial Pipeline hack on the cyber sand table to see what might have been done differently. Learn more about your ad choices. Visit megaphone.fm/adchoices
Mar 06, 2023•28 min•Season 9Ep. 80
Since the early 2000s, most infosec practitioners have agreed that a public/private partnership to share threat intelligence is a cybersecurity first principle tactic. Since the first CERT in the late 1980s to the CISA Shields Up program this year (2022), the community has come a long way but it's safe to say that there is much room for improvement. In this Rick the Toolman episode, we discuss the history and current state of information sharing and where it needs to go in the future. Learn more...
Feb 27, 2023•38 min•Season 9Ep. 79
Zero trust is a cybersecurity first principle strategy. Key to deploying a robust program is the Identity and Access Management tactic (IAM). The old perimeter defense model, designed in the 1990s, where network architects allowed good guys (and bad guys) through the perimeter to validate IAM policy seems ridiculous in hindsight. The new model, Software Defined Perimeter (SDP), is not as well known but is probably a better design. In this episode, Rick Howard discusses the history and current st...
Feb 13, 2023•16 min•Season 9Ep. 78
In 1995, AT&T patented the idea of two-factor authentication (2FA). They said that to identify an authorized user, a system needed to check at least two of three factors: something they have, something they are, or something they know. But the early systems were clunky, hard to manage, and only used in environments that needed the most security. Today, the industry has come a long way and there are several different choices for 2FA with some more secure than others: SMS, Email, Authenticator...
Feb 06, 2023•31 min•Season 9Ep. 77
Single Sign-On (SSO) in the real world is complicated and messy and how we got there is a byzantine maze of innovation and standards that has taken years. But, if zero trust is the first principle strategy we are all trying to pursue, getting Identity and Access Management (IAM) right is the most important tactic. And, SSO is a piece of the entire Identity and Access Management puzzle. Rick summarizes the history and current state of Single Sign-On with some Rick the Toolman thrown in. Learn mor...
Jan 30, 2023•16 min•Season 9Ep. 76
One way to reduce the risk of software supply chains is with a concept called a Software Bill of Materials (SBOMs). Standards bodies have been slowly working in the background for the past decade to move this concept into reality. On this episode Rick Howard discusses the current state of SBOMs, and throws some Rick the Toolman in as well. Learn more about your ad choices. Visit megaphone.fm/adchoices
Jan 23, 2023•18 min•Season 9Ep. 75
Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Jan 16, 2023•38 min•Season 11Ep. 95
In order to understand the current state of the cybersecurity landscape, you must understand the history of how we got here. Rick summarizes the history along several threads: Firsts, adversary playbook names, government-commercial-academic entities, important papers and books, people, law, technologies, tools, and strategy-tactics. Learn more about your ad choices. Visit megaphone.fm/adchoices
Jan 09, 2023•59 min•Season 9Ep. 74
We’ve been wrestling with the idea of software development methodologies (Waterfall, Agile), infrastructure-as-code (cloud deployments, DevOps, DevSecOps) and coding best practices (OWASP, BSIMMS, SAMM) going on for two decades now. These are not independent systems. They overlap and interact. Up to this point, at least for the security side, they have been manual tasks, toil, that are prone to mistakes. We all know that automation can reduce the impact, at least be consistent with mistakes we m...
Dec 19, 2022•28 min•Season 8Ep. 73
Big thinkers from Lockheed Martin (kill chain), the Department of Defense (Diamond Model), and Mitre (ATT&CK Framework) gave us the blueprints of how to do intrusion kill chain prevention over a decade ago. It’s taken us that long for the rest of us mere cybersecurity mortals to get our heads around the key concepts. Rick Howard takes us through the models. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choic...
Dec 12, 2022•27 min•Season 8Ep. 72
In this “Rick the Toolman” episode, Rick rethinks vulnerability management as a first principle zero trust tactic. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Dec 05, 2022•24 min•Season 8Ep. 71
The 2014 OPM hack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. The show puts the OPM hack on the cyber sand table to see what might have been done differently. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. To access CyberWIre Pro only bonus material for CSO Perspectives, list...
Nov 28, 2022•49 min•Season 8Ep. 70
Rick Howard, the CyberWire’s CSO and Chief Analyst, is joined by Hash Table member Amanda Fennell, the Relativity CIO and CSO, to discuss strategies and tactics to reduce digital supply chain risk. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Nov 21, 2022•23 min•Season 8Ep. 69
Rick explains the history of digital supply chains and the potential future of securing them. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices...
Nov 14, 2022•21 min•Season 8Ep. 68
Rick Howard, the CyberWire’s CSO and Chief Analyst, chats with Steve Winterfeld, the Akamai Advisory CISO, and Errol Weiss, the Health-ISAC CSO, about recommended sources of infosec content that they found valuable in 2021. Links to content mentioned in the show:Documentaries “ Kill Chain: The Cyber War on America’s Elections ,” by Harri Hursti, Published by HBO, 26 March 2020. “ The Perfect Weapon .” by David Sanger, Published by HBO, 16 October 2020. Podcasts “ Darknet Diaries – True Stories f...
Nov 07, 2022•37 min•Season 8Ep. 67
