Can we find vulnerable ICS and SCADA controls on the internet? What about the physical doors that are in those facilities? Have we really learned anything a year after the pipeline hack? Microsoft has put out it's advise for ransomware defense, is it any good? What about F5 and it's big new vulnerability, should you be worried? Why shouldn't we talk about gangs "going down" in cyber, and does that hurt or help as we deal with those threats? Those points and more on this episode!
May 12, 2022•31 min•Season 2Ep. 18
Finding vulnerable passwords with Google dorks, it's super easy (don't do this). How many VPN's can I find that are possibly misconfigured? Why does it take a 600 million dollar hack for a company to adjust it's approach to cyber? New banking legislation and rules on a 36 hour reporting mandate, good or bad? Those points and more on this episode.
May 05, 2022•33 min•Season 2Ep. 17
What do SMB's care about in cyber? Where do they need help? How do they budget for this issue? Is there value to training or is it better to have a technical control? What is "security theater for businesses, and what fixes problems? Those questions and more on this episode!
Apr 28, 2022•25 min•Season 2Ep. 17
Why is the government looking at legislation on "quantum security"? Can I find vulnerable systems for ICS and SCADA that have no authentication on a livestream? Does a cyber attack have the ability to stop a university from operating and put it out of business for good? What about T-Mobile's "unstoppable" phish? Should we be scared? Those questions and more on this episode.
Apr 21, 2022•32 min•Season 2Ep. 17
The dog barks, like always. What is the Zero Trust market map? How about Microsoft's new CVE issue, is that something that we should have fixed years ago (the answer is hell yes). Can I find vulnerable assets with no authentication in real time? Forrester research published some great data on enterprise breach activity globally, what does it mean and how should we think about it? What about cyber and nuclear threats, do those relate? Those questions and more on this episode.
Apr 14, 2022•28 min•Season 2Ep. 16
Is cyber insurance worth it? Do insurers actually know what they are doing, and why are policies not being honored? Is a strategy useful for better security and helping lower a premium? What data is being used to validate a policy, or is that even a thing? Is this a big deal for small business, or is cyber insurance better suited for enterprises? And am I wrong by saying it's a "rip off"? Those questions and more on this very cool episode.
Apr 11, 2022•32 min•Season 2Ep. 16
Working with big enterprise ZT, how does one engage the leadership effectively? Is this about more tech? Who holds the keys to the kingdom on budget? Where does it make sense to start with a big time roll out? How hard is it to get ZT in place? How long is the journey? Where does one go after they solve their first problem? And why is Sean Connery on the line for this call?
Apr 05, 2022•29 min•Season 2Ep. 15
"The Devil Never Sleeps" is one of the best books out there that can help us better understand how to deal with today's never ending threats. Juliette Kayyem has done a great job of helping break down a variety of past historical issues and applied realistic and insightful ways to help her readers think more intelligently about accepting the threats and dealing with them, rather than being fearful of them. Her book is a must read, go get your copy now!
Mar 28, 2022•22 min•Season 2Ep. 14
Is #zerotrust happening in Australia? What problems do the folks doing the work run into? How does he deal with the business side of the issues he face? Where did he start? How should one go about discussing security strategy with folks that aren't in our space? And what is a no no for getting things done when collaborating with business leaders?
Mar 25, 2022•23 min•Season 2Ep. 13
What should we take from the Okta situation? More legislation to mandate training for government cyber security, really? Too many agencies are getting involved in cyber, right? What about the White House's "guidance" on the Russian threats? Deepfakes and disinformation can influence actual combat, say what? More bad hiring practices in cyber and some real issues with state and local cyber practices. Check it out!
Mar 24, 2022•34 min•Season 2Ep. 12
Why isn't cyber getting any better nationally with all this legislation? How should we view CISA's new rules? What about the Committees that congress and the Senate sit on? Analysis on a deepfake that has some very interesting implications. Where can we do better?
Mar 17, 2022•24 min•Season 2Ep. 11
Where can you go to learn how to "do" a deepfake, I'll tell you, but be careful. My thoughts on "getting involved in the conflict" in Ukraine from a cyber perspective. The Conti group had a leak and some great reporting was published on it, wow! Analysis on wiper malware, and the "most advanced malware ever", lol. Also, some finer points on what Zero Trust means and how to enable this strategy from a variety of vendors, and a new report on 9 steps to ZT, most of them are business related! Say wh...
Mar 02, 2022•31 min•Season 2Ep. 11
Zero Trust world was a blast, well done Threatlocker! Microsoft has done some great work in helping people to understand Zero Trust. Misinformation for critical infrastructure and corporate security is hard to do without a solid technology in place, especially at scale. Reference architectures for Zero Trust are available. Is the IRS the agency that can finally help with the ransomware problem and crypto crime? The Justice Department's three year plan to move to Zero Trust and how they are appro...
Feb 23, 2022•26 min•Season 2Ep. 10
#cyberwarfare and first strike capabilities in the Ukraine conflict? Finding vulnerable SCADA and electric systems in @shodan isn't hard, how much is out there? How did the #fbi get back stolen #crypto? Should we be "afraid" of hacking and cyber threats (weird things are happening everywhere lately, are you worried)? Some tips on how to read through congressional documents that are available on the hill. Also, some pork that is being tossed into the new protecting America act that has been passe...
Feb 16, 2022•25 min•Season 2Ep. 9
More ways cyber insurers are getting out of paying. Two students hack a school system and ask for a job, awesome. Microsoft talks about the lack of good IAM for Azure. Google breaks down cryptojacking in it's cloud. The insanity around threat intelligence and naming a threat actor group, and more on this episode.
Feb 08, 2022•34 min•Season 2Ep. 8
Interesting points on a Zero Trust report by Illumio. How to stop the majority of ransomware, it's not that hard. How did we allow the US DoD to buy drone technology that was financed by China? And what about some Shodan results that we should be aware of (like a submarine)?
Feb 02, 2022•26 min
What is threat intelligence, and what is the value in data? Does brand defense make a difference? Do his customers worry about deepfakes? What is attack surface management and how is that market changing? And more on this episode.
Jan 24, 2022•38 min•Season 2Ep. 5
The new memorandum on cyber security for the federal government and Zero Trust. Drones are used to attack an airport in the Middle East. Lawyers and cyber insurance team up as they address the issues we face in cyber, and more on this episode.
Jan 19, 2022•28 min•Season 2Ep. 3
Predictions from vendors for 2022. Are the leaders on Capitol Hill actually doing anything on the cyber front? The first log4j malware attacks are showing up, what can we do? What about insider trading using hacked systems to gain a financial advantage? Those questions and more on this episode!
Jan 12, 2022•27 min•Season 2Ep. 2
A look back at 2021 and the major hacks we endured. How did they happen? What should we learn? Where did it all go wrong? Can we defend ourselves from these threats in the future? Does Zero Trust really make sense?
Jan 07, 2022•21 min•Season 2Ep. 1
Is disinformation actually affecting people? What is narrative intelligence? Should corporate organizations defend their brand from trolls and narrative attacks? Will this be more important in the near future?
Dec 27, 2021•35 min•Season 1Ep. 37
Do the crazy valuations of companies help them or hurt them? Does big money in cyber security investing fix the problem? Why do some people continue to build businesses even after they cash out?
Dec 22, 2021•30 min•Season 1Ep. 36
What can we learn from the game of golf and security strategy? What telemetry matters most? Do you practice right in cyber or in your golf game? What's your favorite course? And many more great golf analogies!
Dec 15, 2021•29 min•Season 1Ep. 36
Is cyber insurance a rip off? What do insurance providers do to get out of paying their policy holders? Does cyberwar affect small businesses? Is everything of value to defend? Are humans really the biggest threat vector? Should you pay attention to a CISA advisory?
Dec 06, 2021•30 min•Season 1Ep. 35
What is multi spectrum warfare? Is the US the global superpower anymore? How do state and local governments look at cyber versus federal? Will China maneuver in the next 2 years to prepare for a future war?
Dec 01, 2021•37 min•Season 1Ep. 34
What does empathy really mean? How do you deal with the "brilliant jerk"? Where is the line on terminating an employee who endangers your business with bad cyber practices? Is the industry really more fair? What about sexism and privilege?
Nov 22, 2021•41 min•Season 1Ep. 32
What do consumers really think about passwords? Can technology solve the problem of unsafe passwords? Where does the market go for better user access? Does cloud make a difference? And more on this episode.
Nov 16, 2021•30 min•Season 1Ep. 32
Can I download and configure an SSI app during a live recording? Is SSI useful for the average consumer use case? How should we look at the combination of SSI and biometrics? Does this ultimately help kill the password?
Nov 08, 2021•29 min•Season 1Ep. 31
Disinformation with lobsters? What about the Missouri Governor and "hacking" that website? Does the new ransomware plan make much difference? New threats in email from Microsoft and how do humans detect them?
Oct 27, 2021•29 min•Season 1Ep. 31
How does he advise companies to select technology? What does he think about strategy? What is a non starter for him? How do board members look at cyber risk and technology expenses?
Oct 25, 2021•25 min•Season 1Ep. 30
