I discussed various topics related to #cybersecurity , including CISA's new international cyber security plan, the appointment of a new CISO at UnitedHealthcare , the progress of federal agencies in implementing #zerotrust , and the evolving landscape of hacking influenced by #AI . The discussion also touches on a serious hacking incident involving The Walt Disney Company and food safety, insights into hacker motivations, and the vulnerabilities present in critical infrastructure. I really empha...
Nov 01, 2024•31 min•Season 4Ep. 46
In this conversation, I discuss the ineffectiveness of compliance violations and fines in changing corporate behavior regarding cybersecurity. I present data showing that fines are often negligible compared to company revenues, making them merely a cost of doing business. I argue for a reevaluation of negligence in cybersecurity and emphasizes the need for accountability, suggesting that without significant consequences, organizations will continue to prioritize profit over security. Takeaways C...
Oct 25, 2024•23 min•Season 4Ep. 43
In this conversation, I discuss various cybersecurity incidents and trends affecting organizations, including CrowdStrike's stock performance, foreign influence in U.S. elections, cybersecurity failures at Sellafield, and the impact of cyber incidents on critical infrastructure. The conversation also covers recent breaches at ADT and American Waterworks, challenges in healthcare cybersecurity, and T-Mobile's compliance issues. Throughout, I emphasizes the importance of robust cybersecurity measu...
Oct 11, 2024•27 min•Season 4Ep. 43
In this conversation, I discuss various cybersecurity topics, including investment strategies in cybersecurity stocks, vulnerabilities in vehicle security, the implications of AI vulnerabilities, the rise of cyber threats related to social media scandals, workforce development initiatives in cybersecurity, the risks posed by North Korean cyber actors, the disconnect between leadership and security teams regarding ransomware, political cybersecurity breaches, the critical state of cybersecurity i...
Sep 26, 2024•30 min•Season 4Ep. 43
Den Jones talks about why he is launching 909 Cyber for smb's and other businesses. He and I chat about how to address critical strategic shortfalls for organizations and he runs us through how he put Zero Trust in place while at Adobe! Don't miss this one!
Sep 24, 2024•29 min•Season 4Ep. 42
The conversation delves into various pressing cybersecurity issues, including a recent attack on Hezbollah involving explosive pagers, the implications of cyber warfare, election interference by Iranian hackers, the severe impact of ransomware on healthcare, and the ongoing challenges of data privacy. The discussion also critiques the effectiveness of cybersecurity reports and the need for more substantial recommendations in the industry. takeaways The Hezbollah attack demonstrates the potential...
Sep 19, 2024•28 min•Season 4Ep. 41
In this conversation, Myself and Aaron Shah from Cybermaxx discuss the complexities of cybersecurity, emphasizing the importance of understanding both offensive and defensive strategies. We explore the dichotomy in cyber operations, the adversarial mindset, and the common misconceptions clients have about their risk levels. The discussion also covers the role of Managed Detection and Response (MDR) services, the challenges faced by small and mid-sized businesses, and best practices for effective...
Sep 13, 2024•28 min•Season 4Ep. 40
In this conversation, I discuss various topics including music licensing, the recent school shooting in Georgia, the impact of cyber security breaches on corporate reputation, the glitch in Chase Bank ATMs, the warning from Warren Buffett about cyber insurance losses, Chinese hackers exploiting software bugs, the launch of a cyber incident reporting portal by CISA, a bipartisan bill to strengthen healthcare cybersecurity, and a judge granting a request to suppress a cyber expert's efforts to war...
Sep 06, 2024•27 min•Season 4Ep. 38
In this podcast episode, DrZeroTrust discusses various cybersecurity topics, including a partnership between G2 and security vendors, a cryptocurrency scam that led to the collapse of a Kansas bank, weaknesses in the FBI's cybersecurity practices, a breach at National Public Data, the state of phishing training, the use of AI chatbots by police officers, new cybersecurity rules proposed by the FAA, a lawsuit against Georgia Tech over cybersecurity failures, and allegations that the Biden adminis...
Aug 30, 2024•25 min•Season 4Ep. 36
In this conversation, I discuss various topics including the US Army's failed $11 million marketing deal with the UFL and Dwayne 'The Rock' Johnson, the state of ransomware in state and local government organizations, the Mimecast Global Threat Intelligence Report, the reliance on a few tech companies for critical aspects of the economy, the need for campaigns to report cyber breaches, the vulnerabilities in open source software, and the findings from the IBM Cost of a Data Breach Report....
Aug 23, 2024•30 min•Season 4Ep. 36
Evgeniy, the author of a book on soft skills in technology sales, discusses the importance of soft skills in the tech industry. He emphasizes the need for curiosity, the ability to overcome fear, and the importance of practicing soft skills outside of work. Evgeniy also talks about the flaws in the way conferences are organized and suggests a more networking-focused approach. He advises against making assumptions and encourages asking questions to better understand others' needs. The conversatio...
Aug 20, 2024•29 min•Season 4Ep. 34
What should we know about the "possible" DDoS hit on the Trump X broadcast? What does another breach of billions of records mean? Even if it's got criminal record and background information? Uh oh. And more on this one!
Aug 13, 2024•32 min•Season 4Ep. 33
In this conversation, I interview Gentry Lane, CEO and founder of Nemesis Global, about cybersecurity and the challenges faced in the industry. They discuss the lack of leadership and strategy in national cybersecurity, the need for a global, interoperable system platform for early detection and threat recognition, and the ineffectiveness of current cybersecurity measures. Gentry emphasizes the importance of taking action and implementing radical changes to address the persistent aggression on c...
Aug 07, 2024•32 min•Season 4Ep. 31
Was my full body scan MRI worth it? IBM's data breach report is out, what should we pay attention to. Did Crowdstrike's issue reveal more about how fragile our connected world is? And are Deepfakes protected speech? Lot's to discuss on this one!
Aug 02, 2024•28 min•Season 4Ep. 30
What are Non-Human Identities, and why should we care? What does a 4 time CISO have to say about this issue? Does Zero Trust stand up to his scrutiny? Don't miss this one!
Jul 31, 2024•28 min•Season 4Ep. 29
DDoS hosts get arrested, but is it really a legit punishment? Cisco has an issue with remote access and a level 10 vuln, uh oh! Deepfakes are up over 1000% in countries with elections in 2024! And Snowflake adds MFA, after their issue, hurray! Buckle up!
Jul 20, 2024•33 min•Season 4Ep. 28
In this conversation I discuss the Confucius Institute, cybersecurity search engines, ransomware defense evasion tactics, the GOP platform on protecting critical infrastructure, the OpenAI breach, cybersecurity concerns in the automotive industry, the White House's push for increased cyber funds, and the healthcare industry's pushback against cybersecurity reporting rules. Takeaways Augusta, Georgia is not an exciting place to visit The Confucius Institute raises concerns about its funding and c...
Jul 12, 2024•28 min•Season 4Ep. 27
New "listening" sites in Cuba, uh oh. Is Temu a threat, it is from China. OpenSSH has some serious issues. Will the Supreme Court affect our cyber security posture? TeamViewer gets hit as well. Buckle up!
Jul 08, 2024•29 min•Season 4Ep. 26
Did Microsoft's leadership really say they don't have to play by China's rules? Did they potentially lie in front of Congress? Have you ever read the book that is guiding Chinese cyber warfare strategy? I'll tell you where it is. Those important points and WHOLE lot more on this one.
Jun 28, 2024•29 min•Season 4Ep. 26
US government contracts pay big fine for doing "no no's" on cyber, why isn't that happening more often? A crime related database was hacked and leaked, not good for those who filed complaints. Microsoft's CEO took a beating on Capitol Hill for the companies issues with security, ouch. And more on this one!
Jun 24, 2024•29 min•Season 4Ep. 24
What does it mean to be Breach Ready? A CISO tells me all about his views on this. How should we think about micro-segmentation? Is it really that hard to do right? Where should controls be applied to help limit lateral movement? Can software really help you be ready for an 8K filing with the SEC?
Jun 05, 2024•28 min•Season 4Ep. 25
What does it take to really get hit hard for a "cyber" crime? Deepfake the President and find out. Why is it a risk to have a single vendor running all government IT systems? And how does that seem like "fair" competition as required by law? What is skill based hiring for cyber and is that a good thing? Check this episode out!
May 31, 2024•21 min•Season 4Ep. 23
What should we know about micro-segmentation? How important is a policy engine to Zero Trust enterprises? Where does the focus for network controls need to be? And more on this one!
May 21, 2024•12 min•Season 4Ep. 22
Was that Nigerian prince who wanted to share his money with you real? The US DoJ files paperwork on a Russian Lockbit "mastermind", so what? How much is it going to take before we see real action based on the aggression we see from our adversaries? Those and more on this one! Don't miss it!
May 17, 2024•31 min•Season 4Ep. 21
What is cyber GRC? Why do we need to concern ourselves with it? Can any business do this? How can a business achieve smart compliance? Does AI introduce risk to the process or benefit it? Lots of great stuff here with Cypago.
May 08, 2024•21 min•Season 4Ep. 20
Meerkats are dangerous, I guess. Especially in DNS. Yeah, that Meerkat. Why should we know about this type of attack? How does China play in here? Where is the risk? Does this type of attack merit increased concern?
May 08, 2024•28 min•Season 4Ep. 19
Is the VPN a security technology? Should businesses still use that risky technology? How can an organization move off that old tech? Where do VPN's fit into Zero Trust? Xage Co-Founder gives some great insights here.
May 07, 2024•23 min•Season 4Ep. 17
What is RAG and why does it apply to LLM's? Why should it be confidential? How does that work? Where can we do this? And what is the way forward for customers? SafeliShare's CEO shares some insights here. Check them out at RSA this week!
May 06, 2024•18 min•Season 4Ep. 18
A coach used a deepfake to frame one of his coworkers, signs of things to come? GPS is being messed with, should we worry and is it safe to fly? The White House released more requirements for the same stuff we already have requirements for? And does the United CEO's testimony hold water? Listen up!
May 03, 2024•30 min•Season 4Ep. 17
Mandiant says attacker dwell time is "going down" but how is that measured? Is that accurate? TIkTok finally get's the treatment it "deserves" with a proposed sale or ban, but is that going to make a difference? Another agency is created for cyber diplomacy, yeah (your tax dollars at work). And a known Russian cyber group attacks a town's water supply and floods nearby areas, doesn't that constitute some reciprocity?
Apr 26, 2024•33 min•Season 4Ep. 17
