Buying security products Purchasing cybersecurity solutions and services can be challenging. Not only is the industry rapidly evolving, but there is rarely a case where solutions can be compared "apples to apples." In this episode, we explore the procurement of cybersecurity solutions. Robby is joined by Thor Milde, SVP - Head of IT Access Management at DNB, sharing his experiences from one of the largest banks in the Nordics, and Øyvind Nordvik, BID Manager in mnemonic, with more than 10 years ...
Nov 15, 2021•32 min
How is it possible for the insurance industry to adapt to a cyber threat landscape that is continuously changing? To try to answer that, and explain the evolution the cyber insurance field has gone through the last few years, Robby is joined by Jens Zakarias and Paul Jæger from Riskpoint, a global insurance underwriter agency. They dive into how cyber insurance differs from more traditional insurance, and the five things every organisation needs to have in place for an insurance company to even ...
Sep 20, 2021•31 min
Can threat intelligence be automated? If so, what can be automated, and what should still be left in the hands of human analysts? With us today, we have PhD. Martin Eian, Head of R&D in mnemonic. He sits down with Robby to speak about his team’s part in building a security platform to prevent cyber-threats together with nine other European organisations. The research project bringing these organisations together is called SOCCRATES, and is part of the European Union's Horizon 2020 Research a...
Aug 30, 2021•35 min
Luck favours the prepared. For this non-technical episode, Robby welcomes someone with a lot of experience working with a particular consequence of security incidents: crisis communication expert Lasse Sandaker-Nielsen. Lasse is a Senior Advisor at First House, one of Norway's largest communications and public affairs agencies, and joins Robby for a discussion on crisis communication best practices from the cybersecurity space, and the most effective ways to respond when you're in crisis mode. L...
Aug 09, 2021•28 min
Try to prevent what you can, detect what you can’t prevent and hunt for what you can’t detect. For this episode about threat hunting, Robby is joined by Andreas Bråthen, Team Lead for threat hunting at mnemonic. Andreas has worked on mnemonic’s threat hunting program for the past three years and shares some of his insights into why the threat hunting domain is so difficult to navigate, and how he defines this somewhat abstract term. He also goes into detail about the process behind the way mnemo...
Jul 12, 2021•30 min
Why should a CFO care about security? Is the Chief Financial Officer (CFO) role inherently occupied with saving money, or is it clear for someone in that role that there’s value in spending the extra dime on something like security? Or is the answer somewhere in between? To help him find the answer to this, Robby welcomes Øyvind Sten Bjerkseth, the new CFO at mnemonic, both to the company and the podcast. Prior to joining mnemonic, Øyvind served 5+ years in CFO roles and brings 15 years of exper...
Jun 21, 2021•26 min
Stress and security How do you manage your stress level when the very nature of your work is to be on high alert? In this episode we step away from the technology to focus on the stress of working in security, how it impacts our health and personal lives, and methods for keeping stress in check. Stress is something we’re all familiar with, especially in our field of work. Diving into this topic, Robby is joined by Edwin Doyle, Global Cyber Security Strategist at Check Point, and Emiliya Zhivotov...
May 31, 2021•43 min
Internet of Things | Privacy miniseries Previously in this miniseries, we’ve discussed the challenges of online privacy with experts in that field. In many ways, what can be known about us through our online behaviour pales in comparison to what someone can find out about us by monitoring measurements of the real world, through ours and others’ Internet of Things (IoT) devices. This is what we’ll be talking about today, as we’re joined by Tim Panagos, Co-Founder and CTO of Microshare, a company ...
May 10, 2021•47 min
In this episode, you’ll learn about the digital canaries; honeypots. Honeypots are passive monitoring systems that appear to be legitimate parts of an organisation’s core infrastructure, designed to alert you about someone trying to illegitimately enter your infrastructure, and help you get insight on the attacker’s tactics, techniques, and procedures. Someone with a lot of experience using honeypots is IT & OT Industrial specialist Mikael Vingaard. Mikael has experience working with OT secu...
Apr 26, 2021•29 min
The World of Open Source How do you know that the open source you are using is secure? This episode, Robby is joined by Daniel Wisenhoff to talk about open source management. Daniel is the CEO & Co-Founder of Debricked, a Swedish company aiming to help organisations use open source securely in their own software development. During their conversation, they discuss how most organisations work with open source, and how we can become better at using it. As well as what potential security risks ...
Apr 12, 2021•34 min
The future of privacy | Privacy miniseries Is privacy a myth for anyone with a smart phone? Can we actually control what our devices are sharing about us? We’re continuing our miniseries about privacy with Edwin Doyle, Delegate & Constituent for the World Economic Forum Taskforce on Data Intermediaries, and Global Security Strategist at Check Point. Eddie chats with Robby about what the Taskforce on Data Intermediaries is working on, and how it might change how we share information in the fu...
Mar 29, 2021•35 min
What's the worst that can happen with your email? For this episode, Robby has invited Korstiaan Stam, Digital Forensics & Incident Response Manager in PwC Netherlands, to pick his brain about Business Email Compromise (BEC). Korstiaan has a lot of experience working with email fraud, and throughout their conversation he shares many of his war stories. He explains the many different ways adversaries are exploiting organisations through this attack vector, and what they can actually do once th...
Mar 15, 2021•39 min
We’re continuing our new miniseries about privacy with cyber security researcher Hanna Linderstål. Hanna is the Founder and CEO of Earhart Business Protection Agency, a company providing research for governments and organisations on disinformation and online threats. Robby has invited Hanna to discuss modern cyber espionage and lawful intercept; the practice of enabling agencies with legal authorisation to do electronic surveillance of individuals. They also chat about how cyber espionage has ch...
Mar 01, 2021•41 min
Your phone is spying on you | Privacy miniseries Do you know what your favourite apps are doing with your data? And who exactly are these entities that are capitalising on selling this kind of information? We’re kicking off our new miniseries about privacy with investigative journalist Martin Gundersen. Martin works at NRK, the Norwegian public broadcaster, where he writes about IT security, privacy and social media. He’s here to tell Robby about what he’s found after working on a news story abo...
Feb 15, 2021•38 min
What are you doing to make the internet a safer and more private place? This episode, Robby welcomes John Todd, Executive Director of the non-profit organisation Quad9. Quad9 is a free, recursive DNS solution that partners with threat intelligence providers from all over the world to block websites that try to harm our computers (through things like malware, spyware, botnets, phishing sites, etc.). John chats with Robby about their DNS system, how they’re different from most paid services, and t...
Feb 02, 2021•23 min
Nuclear cyber security | OT miniseries We’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time, Robby is joined by Nicholas Burnet and Guido Villacis from EDF Energy, Europe’s largest nuclear provider. EDF owns and operates eight (soon nine) nuclear power stations in the UK, and Nicholas and Guido work at EDF’s unit for New Nuclear Build, as CISO and Instrumentation & Control (I&C) Cyber Security Lead respectively....
Jan 18, 2021•32 min
We're kicking off 2021 with a timely conversation about software security, this time with two individuals that are more than qualified for the job - Dr. Daniela S. Cruzes and Espen Johansen. Dr. Cruzes is a Professor at the Norwegian University of Science and Technology (NTNU) and Senior Research Scientist at SINTEF, and has been working with Espen Johansen (Product Security Director at Visma) on strategies to incorporate security into development processes. As you will tell from their conversat...
Jan 04, 2021•42 min
Technology isn't the problem | OT miniseries For our last episode in 2020, we’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This episode, Robby is joined by Mitchell Impey, ICS Security Analyst at the Danish Energy and Telecommunications company Norlys. Mitchell explains how he does threat hunting in their OT environment, affecting their more than 1,5 million customers. He also dives into what you need to have in place to do ...
Dec 21, 2020•36 min
SIEM is DEAD? Ready to time travel through the last 20 years of security monitoring? To guide us we have Dr. Anton Chuvakin, recognized security expert and the man behind the term EDR! Anton shares from his long experience in the field, among other as VP of Research and Distinguished Analyst at Gartner and working with security solution strategy at Google Cloud. Anton chats with Robby about the evolution of Security Information Event Management (SIEM) technology, its mission and reputation. As y...
Dec 07, 2020•36 min
Are we secure enough? Are we exposed? What are our key cyber risks? Our podcast guest this week is a veteran in the IT space in the financial sector, and has extensive experience communicating security posture to stakeholders. Erik Blomberg, CISO in the Swedish Handelsbanken, chats with Robby about what management really is wondering about, and how to communicate the value your security team is delivering to the organization. He also shares how he’s worked to translate tech terms into actual bus...
Nov 23, 2020•28 min
Morten and Robby recorded this session as part of their virtual presentation at the CERT-IS conference in Iceland last month. The episode is also available in video: https://youtu.be/Izfb7-wA_0I For this episode, Robby welcomes Morten Weea from mnemonic’s Threat Intelligence team. Morten is a PhD candidate researching decision-making in incident response and an experienced Incident Handler that often works with advanced persistent threats (APTs). Robby picks his brain about what actually goes do...
Nov 16, 2020•35 min
For this episode, we’re happy to have Sebastian Takle from the DNB Financial Cyber Crime Center (FC3) with us to share how one of the largest banks in the Nordics works with Threat Intelligence. Sebastian is Subject Lead for Threat Intelligence at FC3, and in his conversation with Robby he explains their threat actor centric approach to TI. We also get to hear what threat actors they are observing and are most concerned about, and the importance of identifying who . Technical level: 1/5 Host: Ro...
Nov 09, 2020•45 min
Why is it so difficult for security people to speak to developers? And the other way around… For this episode, Robby has invited a veteran to the software security game, Nick Murison, Security Practice Lead at Miles. Nick started off as a penetration tester, and has been passionate about software security and training developers to think about security upfront for close to two decades. They speak about software security within the development lifecycle, and bridging the gap between developers an...
Oct 26, 2020•42 min
Forensic Readiness | OT miniseries We’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time around, Robby’s invited a fellow security podcaster and former head of forensics at Volvo, Rikard Bodforss. Rikard has been working with security in the Industrial Control Systems (ICS) and OT space for a long time, both from the private sector and as IT and Security Manager in the City of Gothenburg’s water and waste department. In ...
Oct 12, 2020•35 min
How do we go from data to information, and from information to intelligence in the cyber world? Who better to try to explain this than the former Director of the national communications and security agency in the Netherlands, Job Kuijpers, and his colleague and trusted advisor for Threat Intelligence, Piet Kerkhofs. After more than 15 years in the Dutch government's cyber program the two of them founded the cyber security company EYE, and in their conversation with Robby they share from their va...
Oct 05, 2020•34 min
This time, Robby has invited his most recent online friendship and the uncrowned king of open source, Simon Simonsen, to the podcast. Simon also happens to have a lot of experience developing and utilising security architecture defense strategies, or as he calls it; utilising your home court advantage. Simon has over a decade of experience in security and is working as a Senior Information Security Officer at the Danish energy trading house Danske Commodities (DC). In his discussion with Robby, ...
Sep 21, 2020•37 min
How can we prove cybersecurity effectiveness? With USD 124 billion being spent worldwide on IT security last year alone, it's no wonder this is a question many would like the answer to. However, finding a quantitative metric to evaluate security investments, outside of positive effects like diminishing risks and reducing the amount of bad things happening, is not straight forward. To help us navigate this question, Robby is joined by someone with a lot of experience making security investments e...
Sep 07, 2020•39 min
For this Norwegian episode of the mnemonic security podcast, Robby and co-host for the day Manager of Governance, Risk & Compliance at mnemonic, Gjermund Vidhammer, are joined by two major actors in the Norwegian cyber landscape: Robin Bakke, Specialist Director for Cyber Security at the Ministry of Justice & Public Security, and Bente Hoff, Director National Cyber Security Center (NCSC) at the Norwegian National Security Authority (NSM). They discuss the importance, and the many differe...
Aug 31, 2020•36 min
How can we best apply data science techniques to gain security visibility? What data you collect obviously affects your detection capabilities, but as many have painfully experienced; there can be too much of a good thing! In this episode, Robby is joined by Jeff Barto. He is the Chief Security Officer at a large hedge fund in the US, has worked in security for over 20 years and has a lot of experience asking himself the question “how much data is enough?”. Jeff takes us through what types of da...
Aug 17, 2020•34 min
How effective is the use of Key Performance Indicators (KPIs) in security? Are they even relevant, and if so, do KPIs work differently for security teams than others? In this episode, Robby chats with someone that’s had a lot to do with KPIs, both in his position as the former Head of the government CERT in Denmark (GovCERT), as well as a SOC Analyst for more than 10 years. Marc Andersen shares his experiences chasing KPIs, and discusses whether self-governance is a better alternative for securi...
Aug 03, 2020•24 min
