Joining us this week are Richard Grabowski, Acting Program Manager for CISA's CDM Program, and Jonathan McBride, Chief of Adversary Pursuit for CISA's Threat Hunting Subdivision. We dive into the hot topics of threat hunting, adversary pursuit, the evolution of CISA over the years including the growth and maturity of the organization, the power of public/private partnerships, and the drive for innovation. They also share perspective on the recent Cyber Executive Order as well as how the CDM prog...
Oct 11, 2022•55 min•Ep. 202
Joining us this week is Christian Folini (@chrfolini), co-lead of the OWASP Core Rule Set project, co-author of the second edition ModSecurity Handbook and one of the few teachers on this subject. And he brings a first to the podcast – a discussion on ModSecurity and the OWASP project! For those that are new to these topics, Christian shares many insights on the OWASP volunteer organization mission and how it serves as the first line of defense against web application attacks. Many may not know ...
Oct 04, 2022•50 min•Ep. 201
Closing out Insider Threat Awareness Month with us is Maria Bada, Ph.D, a Lecturer in Cyberpsychology at Queen Mary University in London and a RISCS Fellow in cybercrime. Maria shares insights on the insider threat challenge through a human-centric lens and the criticality of educational awareness, transparency and training (note: check out AwareGo!) to better mitigate the threat. When 98% of organizations are vulnerable to insider threat, and the "accidental" insider is the one most often repor...
Sep 27, 2022•50 min•Ep. 200
Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence, joins the podcast this week to take a deep dive view into insider threat as September is Insider Threat Awareness Month. He shares insights from his many years on the counterintelligence and security front lines on what defines insider threat (Note: harm to self or others), the opportunities and challenges in available too...
Sep 20, 2022•51 min•Ep. 199
Joining the podcast this week is Ellen Nakashima, National Security Reporter for The Washington Times, and shares insights into the ongoing conflict between China and Taiwan. Ellen provides perspective on the much publicized Pelosi trip to Taiwan and why the timing of that trip raised concerns in China as well as the complicated relationships the two countries have with international governments around the world, complex supply chain interdependencies (particularly in semiconductors), cyberattac...
Sep 13, 2022•43 min•Ep. 198
Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometim...
Sep 06, 2022•1 hr 2 min•Ep. 197
Joining the podcast this week is Stefan Soesanto, Senior Researcher in the Cyberdefense Project with the Risk and Resilience Team at the Center for Security Studies (CSS) at ETH Zurich. He recently authored the excellent research report "IT Army of Ukraine" that examined in detail how it was stood up out of necessity for what many have called the 'first cyberwar'. Yet for an IT army that is neither truly military or civilian and largely operating in the grey, how do you manage a globally dispers...
Aug 30, 2022•48 min•Ep. 196
Joining us this week is Brian Knappenberger, a producer and director renowned for such documentaries as Web of Make Believe: Death, Lies and the Internet, The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11, to name a few. He shares insights from his recent documentary series Web of Make Believe (currently available on Netflix!) and the trajectory of misinformation, which has been around for centuries, through a lens from the 20...
Aug 23, 2022•55 min
We go deep into the dark web and ransomware with this week's guest Tom Hofmann, SVP, Intelligence at Flashpoint. He tracks ransomware from its beginnings in 1989 through to present day ransomware gang shenanigans including Maze double extortion tactics that attackers have enthusiastically embraced. He also gets real on what's happening on the dark web – and the things that you can't unsee. But it's not all doom and gloom, Tom shares insights on the many available resources today to help organiza...
Aug 16, 2022•50 min
John Shier, Senior Security Advisor at Sophos, joins the podcast this week for a deep dive into today's ransomware threat landscape and insights uncovered in the recent Sophos research reports, including the "2022 State of Ransomware Report" and "Active Adversary Playbook". We explore future state themes of ransomware such as the geopolitics of ransomware, simultaneous attack and dwell time trends, will we ever get to a ransomware 'flat fee', increasing the resilience requirement for companies s...
Aug 09, 2022•41 min
This week Rob McDonald, SVP of Platform at Virtru joins the podcast to double-click into the privacy and data discussion. We explore subsidizing the pain of giving personal data in exchange for 'free' services, informed consent, regulation alone isn't a silver bullet, and what outcomes we could we drive when we combine user decisions with regulation. And he shares insights on behaviors that come with innovation, data as common denominator, regulations such as GDPR and CCPA as progress markers (a...
Aug 02, 2022•44 min
We have two guests joining the podcast this week to talk about election security - Marci Andino, Senior Director of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) at the Center for Internet Security, and Trevor Timmons, chairperson of the Executive Committee of the EI-ISAC and CIO for the Colorado Secretary of State. We cover everything from the history of election security through to present day, including the creation of the EI-ISAC in 2017, physical versus cyber...
Jul 26, 2022•47 min
We're back with part-two of our discussion with Jill Aitoro, SVP for Content Strategy at CyberRisk Alliance where we pick the conversation up on privacy today and efforts by big tech and government to protect sensitive information. We also dive into the slippery slope of consumer apps and health information used for convenience and, for some, entertainment and the realization of how that information could be shared and used by third parties in the coming decades. (And the check boxes you might m...
Jul 19, 2022•27 min
Jill Aitoro, SVP for Content Strategy at CyberRisk Alliance joins the podcast this week for a hot topics discussion across recent developments in the ongoing cyber war involving Ukraine, Russia and a supporting cast of many public and private entities including NATO, Microsoft, Lithuania and others. We also dive into recent exploits by China with social media microtargeting campaigns against rare earth mining companies and where their 'playing the long game' implications could lead. Jill Aitoro,...
Jul 12, 2022•29 min
This week Gerald Caron, CIO for the Office of Inspector General at the U.S. Department of Health and Human Services (HHS) joins the podcast to share real world impact in bringing communications and accessibility to an organization. He also breaks down a football analogy of IT as an enabler and the criticality of the fans (users) to the equation. And provides perspective on Zero Trust and IT modernization, including recent ATARC Zero Trust demo labs, as well as his path into IT through a keen int...
Jul 05, 2022•46 min
This week Rachael and Eric discuss the recently published "Defending Ukraine: Early Lessons from the Cyber War" report from Microsoft and the accompanying blog post by Microsoft President and Vice Chair Brad Smith. They share insights and raise lingering questions on the report's findings and the five conclusions Microsoft framed from the war's first four months. They also briefly share insights from the June 2022 cyberdefense research report "The IT Army of Ukraine" from Stefan Soesanto of the ...
Jun 28, 2022•50 min
Joining the podcast this week is John DiLullo, Chief Revenue Officer for Forcepoint and former CEO at LastLine Security, acquired by VMWare in 2020. He's spent decades in the security world. Speaking of world, as it has opened back up John has traveled the globe this year visiting every continent but Antarctica and shares insights from his many meetings with customers, partners, and security companies around the world. He also shares perspective on this year's RSA conference, the future of secur...
Jun 21, 2022•39 min•Ep. 186
Joining the podcast this week is Mikko Hypponen, Chief Research Officer at WithSecure. He breaks down the rise and fall of cybercrime unicorns, the effectiveness of unicorn hunting season and bounties, the impact of nations fighting back in today's cyber war, Ukraine's preparedness for Russian cyber war, cryptocurrencies future and how he came up with Hypponen's Law. And be sure to keep an eye out for his upcoming book from Wiley later this summer, "If It's Smart, It's Vulnerable"! Mikko Hyppone...
Jun 14, 2022•33 min•Ep. 185
Joining us this week is Jarod Koopman, Acting Executive Director of Cyber and Forensic Services for the Internal Revenue Service (IRS) – Criminal Investigation division. He takes us inside the exciting world of cyber crimes and digital forensics – truly the investigations carried out by this team would make for an endless franchise of action thriller films or book series. So what did we talk about with Jared who has the most fascinating job at the IRS – the Bank Secrecy Act, all things cryptocur...
Jun 07, 2022•48 min•Ep. 184
This week co-hosts Eric and Rachael are coming to you live from Cabo San Lucas! They cover hot topics including CyberWire's new CISA Cybersecurity alerts, the impact of ransomware on a 157 year-old university in Illinois, Colonial Pipeline's nearly $1M proposed fine by the Department of Transportation Pipeline and Hazardous Materials Safety Administration and the recent surge in tractor hacking! Rachael Lyon Rachael Lyon brings her journalistic curiosity and more than 20 years in technology work...
May 31, 2022•29 min•Ep. 183
This week Rob Flanders, Head of Threat and Incident Response at BAE Systems, joins the podcast to share an international perspective on cybersecurity today. We delve into hot topics including supply chain security, security trends for 5-50 person organizations and impact on the large enterprises they work with, growing regulation around reporting requirements, and the impact of security on business innovation. And, Rob shares his path to cybersecurity and the non-traditional master's degree he p...
May 24, 2022•50 min•Ep. 182
Joining the podcast this week is Bash Kazi, CEO of Cyber Range Solutions. He shares perspective on the importance of experiential and continuous training across red team, blue team and threat hunting and creating real world environments to learn based on existing and emerging threats. He also shares some stories from the field such as a voter hacking simulation won by a 15-year-old student as well as available resources and organizations that provide veterans a place to learn cyber skills for lo...
May 17, 2022•36 min•Ep. 181
This week we catch up with Dr. Siwei Lyu, a SUNY Empire Innovation Professor and founding Co-Director of Center for Information Integrity (CII) at the University at Buffalo, State University of New York. Siwei breaks down the deepfake experience, both the good and the misleading aspects of the technology. He shares insights on techniques researchers are developing to detect deepfakes, including GAN (Generative Adversarial Network) detected artifacts that produce tell-tale deepfake signs – if you...
May 10, 2022•43 min•Ep. 180
Joining the podcast this week is Stacy Janes, Head of Cybersecurity at Waymo. Stacy shares an awesome story of how he found his way to security and the automotive industry – and we'll bet it isn't at all the journey you thought it would be! He also shares perspective on the difference between connected and autonomous vehicles, security by design and 360-degree situational awareness with autonomous vehicles, Zero Trust models, as well as insights on safety and privacy. And he provides the gem of ...
May 03, 2022•56 min•Ep. 179
This week on the podcast Bobby Chesney, James Baker Chair at the University of Texas School of Law, and co-founder of the awesome Lawfare.com blog and co-host of the National Security Law podcast, joins us for a discussion on all things cyber legal policy and regulations - and it is fun! We chat about the recent Viasat satellite hack that served dual-purposes for military application and disruption of industries (for example, impacting wind turbines!). He also shares perspective on cyber versus ...
Apr 26, 2022•47 min•Ep. 178
Michael Daniel, President and CEO of Cyber Threat Alliance joins the podcast this week and dives right into the latest developing cyber implications resulting from the Ukraine conflict, as well as longer term considerations on Russian cyber companies impacted by sanctions. He also shares perspective on the differing views of cyber as a nuisance vs public/safety problem, the opportunity to combat cyber collectively, CISA's Shields Up program and organizations sustaining a high level of vigilance,...
Apr 19, 2022•47 min•Ep. 177
This week we are joined by Herb Lin, Senior Research Scholar, CISAC and Hank J. Holland Fellow, Hoover Institution at Stanford University – and author of the book Cyber Threats and Nuclear Weapons. Herb shares his deep expertise in cyber policy and security to shed light on key questions that should be on everyone's mind, such as "Why are innovation and cybersecurity opposites" and "Why are we always behind in cybersecurity?". He also breaks down why complexity is the enemy of security, cyber wa...
Apr 12, 2022•49 min•Ep. 176
This week's podcast guest Rich Itri, Chief Innovation Officer at ECI, did the heavy work of reading the SEC's 250-page proposal on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure and shares perspective on what may be ahead for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. As it goes into comment period through May 9, 2022, many are on standby for the outcome of the proposed cyber incident reporting timeline of...
Apr 05, 2022•52 min•Ep. 175
Matt Bianco, President at Fedway Consulting, joins the podcast this week to deep dive into the electric vehicle world, how it's evolving, challenges being address (such as charging stations!) and government plans to help advance electric vehicles within the government fleet and with consumers across the U.S. One of the big questions with electric vehicles are the cyber vulnerabilities as charging stations connect to the internet to process charging time and transactions. With many asking, just h...
Mar 29, 2022•52 min•Ep. 174
Joining us this week is Avi Bashan, CTO of Kovrr sharing perspective on quantifying the elusive risk elements of business today. Great insights he shares on new methodologies and tools security teams, Risk Officers and others can leverage today to start putting risk into an understandable and quantifiable business perspective. And no conversation on risk is complete without discussion on cyber insurance - and we take a quick trip from the insurance industry's beginnings through to present day cy...
Mar 22, 2022•40 min•Ep. 173
