Reimagining Cyber – real world perspectives on cybersecurity

In this episode of Reimagining Cyber, host Rob Aragao is joined by Tyler Moffitt, Senior Security Analyst at OpenText, to dive into key findings from the 2024 Threat Hunters Perspective report. Tyler, a veteran in malware analysis, shares insights on the latest adversary tactics, cybercrime trends, and the methodology behind their research. They discuss the complex interplay of nation-state actors like Russia and China, who are leveraging cybercrime gangs to bolster their offensive campaigns, and explore the alarming regularity of DDoS attacks on critical infrastructure in response to geopolitical events.

The conversation also covers intriguing case studies, including real-time attacks on Western railway networks after public support for Ukraine, coordinated cyber disruptions during election cycles, and incidents where threat actors demonstrated insider intelligence on military shipments. Tyler offers predictions for the future, warning of an intensifying cyber arms race and the growing impact of generative AI on social engineering, deepfakes, and misinformation.

The episode wraps up with practical advice for improving cybersecurity hygiene, emphasizing the importance of patch management, multi-factor authentication, and understanding supply chain vulnerabilities. A compelling listen for anyone interested in staying informed and prepared in the evolving cybersecurity landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob Aragao sits down with cybersecurity expert and former FBI operative, Eric O'Neill, to discuss the looming cyber threats to critical infrastructure. Eric delves into the vulnerabilities of the U.S. power grid, water systems, and communications networks, emphasizing how these vital sectors are targeted by hostile actors like Russia, China, North Korea, and Iran. He shares eye-opening examples of past attacks, probes, and the intricate nature of these digital threats, from the infamous Ukraine blackout to ongoing reconnaissance efforts.

As geopolitical tensions rise, Eric warns of the potential for catastrophic attacks on critical infrastructure and the growing risk of combined cyber-kinetic strikes. They explore how adversaries infiltrate SCADA networks, the importance of evolving cybersecurity measures, and the necessity of shifting from perimeter defense to active threat hunting.

Eric also gives a sneak peek into his forthcoming book, Invisible Threat, which teaches readers how to think like a spy and defend against modern cybercrime. Packed with real-world insights and practical advice, this episode is a must-listen for anyone concerned with the future of cybersecurity and national security.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber, Rob Aragao sits down with Eric O'Neill, former undercover FBI operative, national security attorney, and bestselling author. Eric shares his gripping experience as the key operative in bringing down Robert Hanssen, the most damaging spy in U.S. history. Hanssen’s betrayal spanned over two decades, during which he sold highly classified information to the Soviet Union and Russia, affecting national security on an unprecedented scale.

Eric recounts how his undercover mission within FBI headquarters helped uncover Hanssen's espionage, an operation that also highlighted the emergence of cyber espionage. Hanssen was a pioneer in cyber spying, meticulously stealing sensitive data through compromised systems, and his actions ultimately set the stage for modern cybersecurity challenges.

The discussion evolves to focus on today’s cyber threats, particularly the intersection of espionage and cybercrime. Eric details how tactics used in traditional espionage have now infiltrated the digital world, with cybercriminals and state-sponsored espionage groups employing sophisticated techniques, including spear phishing and ransomware. The conversation also delves into notable cyberattacks like the SolarWinds and Kaseya incidents, highlighting the shared strategies between espionage and organized cybercrime.

With his extensive background in counterintelligence and cybersecurity, Eric offers a unique perspective on the current landscape of cyber threats, stressing the critical importance of understanding the attackers' mindset to effectively safeguard digital infrastructures.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

“We took what we know about nation-state actors... and we found that it was a really effective program. The program has about 1,000 companies enrolled in it to date, and it’s blocked 7 billion malicious domains since we started it.”
This episode features Kristina Walter, a key figure behind the NSA's Cybersecurity Collaboration Center (CCC), as she discusses the initiative's origins, mission, and future vision. Kristina shares insights into the challenges of protecting critical infrastructure, particularly the defense industrial base, and explains how the CCC bridges the gap between the public and private sectors to combat nation-state cyber threats. She highlights the success of cybersecurity services like DNS protection, attack surface management, and threat intelligence collaboration, as well as key partnerships, including a notable case with Viasat during the Ukraine conflict. Kristina also reflects on her role in the NSA's Future Ready Workforce Initiative and how it aims to evolve the agency’s talent pipeline in the face of modern challenges. Tune in for a deep dive into how collaboration, innovation, and partnerships are crucial to advancing national cybersecurity efforts.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, we are joined by Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance (NCA),  to discuss the NCA’s mission, current initiatives, and the importance of cybersecurity education. They highlight key programs, their collaboration with CISA on cybersecurity campaigns, and their efforts to simplify cybersecurity for the public and businesses. The conversation touches on challenges in public awareness, the role of AI in cybersecurity, and special initiatives for small businesses and historically Black colleges and universities (HBCUs). Tune in to learn how cybersecurity affects everyone from teens to seniors, and what you can do to stay safe online.

Key Takeaways:

• The NCA’s Mission: The NCA focuses on educating people of all ages, especially those entering or leaving the workforce, on simple yet impactful cybersecurity practices.
  • “Our mission is really around public education… those not yet in the workforce—maybe in their teens or 20s—and folks no longer in the workforce.”
• Collaboration with CISA: The NCA values its partnership with CISA, which has amplified cybersecurity messaging through larger campaigns and public service announcements (PSAs).
  • “They’ve put more budget behind things like PSAs and developing the campaign.”
• Simplifying Cybersecurity for the Public: The NCA's focus is on encouraging a few basic, effective security behaviors, such as enabling multi-factor authentication (MFA).
  • “If we could get large portions of the public to make a couple of simple changes, what would make the biggest dent in global cybercrime?”
• Cybersecurity and Small Businesses: The NCA’s Cyber Secure My Business program helps small business owners treat cybersecurity as a business risk and improve conversations with their IT service providers.
  •  “Teaching them how to manage security as a business risk and have a quality conversation with their MSP or IT provider.”
• Educating First-Generation College Students at HBCUs: NCA has launched programs to help first-gen students at HBCUs discover cybersecurity career opportunities.
  • “We focus on all the different cybersecurity roles to help them find something they’ll be happy doing.”
• AI and Cybersecurity Concerns: The podcast explores public trust in AI and generational differences in perception, with older individuals being more skeptical of AI technologies.
  • “[Unsurprisingly] it turns out older folks don’t trust it as much as younger folks!”
• Supporting Aging Adults Against Cybercrime: Lisa and Rob talk about the challenges older adults face with cybercrime and how the NCA is working to educate seniors and their caregivers.
  •  “The data on cybercrime losses with aging adults is just gutting…”
• The Kubicle campaign: A humorous yet educational series showing how hackers work like regular employees, aimed at making cybersecurity relatable to a broader audience.
  •  “The campaign had over 8 million views… showing people that hackers are sitting in cubicles like the rest of us.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber, host Rob Aragao is joined by Tiffany Snyder, the Deputy Chief of Cybersecurity Mission Integration at NASA. Tiffany delves into her journey from the Air National Guard to leading cybersecurity efforts at NASA, where she oversees the protection of one of the most technologically advanced organizations in the world. She highlights the unique cybersecurity challenges NASA faces, including safeguarding mission-critical systems that power space exploration and scientific discovery. Tiffany discusses the importance of collaboration across government agencies, international partners, and industry experts to strengthen NASA's cybersecurity posture.

The episode covers key areas such as supply chain security, ensuring the integrity of systems that support both space and ground operations, and how NASA handles massive amounts of data securely. Tiffany also touches on the role of emerging technologies, including artificial intelligence and machine learning, in enhancing NASA’s cybersecurity framework. Tune in to hear how NASA is navigating the complex landscape of cybersecurity in space and beyond.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob Aragao talks about a recent joint cybersecurity advisory highlighting People's Republic of China-linked actors compromising routers and IoT devices for botnet operations. The advisory points to over 260,000 IoT devices, impacted by a botnet called Raptor Train.

It’s being alleged that Integrity Technology Group (Integrity Tech) are behind the incident. The report says 

“[Integrity Technology Group is a] company based in the PRC with links to the PRC government. Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory. In addition to managing the botnet, these same China Unicom Beijing Province Network IP addresses were used to access other operational infrastructure employed in computer intrusion activities against U.S. victims. FBI has engaged with multiple U.S. victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”

Detected by Lumen’s Black Lotus Labs, the advisory was issued by the FBI, NSA, and Cyber National Mission Force.

Rob explains that the botnet leverages code from the notorious Mirai malware, designed to exploit IoT devices running Linux-based systems, which has been in circulation for nearly a decade. He breaks down the architecture of the botnet, including its three-tier structure, and the role of compromised IoT devices, command-and-control servers, and management layers.

Additionally, the discussion explores China's growing focus on cybersecurity talent recruitment, including the Matrix Cup, a hacking competition co-sponsored by Integrity Technology Group. The episode also offers recommendations for mitigating IoT device vulnerabilities, such as strong password management, patch updates, and network segmentation.

Don't forget to rate, review, and subscribe to stay updated on future episodes!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In the latest episode of Reimagining Cyber, Rob interviews Bindu Sundaresan, Director of Cybersecurity Solutions at Level Blue, about the evolution and significance of cyber resilience. Bindu, with over 20 years in cybersecurity, discusses how the field has shifted from a focus solely on prevention to a broader approach that includes resilience and recovery.

Key points from the conversation:

1.    Historical Focus: Traditionally, cybersecurity strategies concentrated on preventing attacks. However, the current threat landscape necessitates a shift towards resilience, acknowledging that breaches are inevitable.

2.    Modern Approach: Organizations are now integrating business continuity planning and disaster recovery with cybersecurity efforts. This holistic approach ensures that operations can continue and recover swiftly after an attack.

3.    Business Alignment: Bindu emphasizes that cybersecurity should be seen not just as a technical issue but as a business problem affecting overall operations. This shift in perspective helps align cybersecurity efforts with business outcomes and improves the strategic value of cybersecurity roles.

4.    CISO's Role: For Chief Information Security Officers (CISOs), successfully integrating resilience into their programs involves understanding and prioritizing risks based on business impact. This requires effective communication with other business units and aligning cybersecurity investments with broader business goals.

5.    Evolution of Cybersecurity: The conversation highlights the shift from compliance-driven approaches to risk-driven and resilience-focused strategies. This evolution is crucial for achieving digital resilience and 

6.    Identifying Sensitive Data: Organizations must first identify what constitutes sensitive data for their specific context, considering regulatory requirements, business use, and industry standards. Without this understanding, investments in data protection might be misallocated.

7.    Data Classification and Flow: It is crucial to classify sensitive data and map how it flows within and outside the organization. This helps in applying appropriate security controls and prevents unnecessary complexity and expense.

8.    Continuous Review: Data classification and protection are not one-time tasks. Organizations need to regularly update their data inventory and classification as their data environment evolves

9.    Incident Response and Resilience: Organizations should develop tiered recovery plans that prioritize critical business functions during incidents. Regularly updated tabletop exercises should simulate realistic and current scenarios to test response plans effectively.

10.Cross-Functional Involvement: Effective incident response involves cross-functional teams, including IT, legal, PR, and executive leadership. Establishing what constitutes minimum viable operations helps prioritize recovery efforts and resource allocation during an incident.

11.Evolving Practices: The goal is to continuously refine incident response and recovery practices to improve resilience over time. Embracing a lifecycle approach to security and resilience can turn digital resilience into a competitive advantage.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of "Reimagining Cyber," host Rob Aragao continues his insightful conversation with Craig Jones, former Director of Interpol’s Global Cybercrime Directorate. They delve into the countries most targeted by cybercrime and the regions where these crimes often originate. Craig highlights the challenges of combating cyber threats in areas with limited law enforcement capabilities and underscores the critical need for international cooperation. The discussion explores successful regional collaborations, the development of international cybercrime conventions, and the importance of resilient infrastructures, especially for SMEs. Craig also emphasizes the need for security by design in technology, regular preparedness drills within organizations, and ongoing global efforts to enhance cybersecurity through awareness campaigns and private sector partnerships. Despite the challenges Interpol faces, the episode underscores the importance of operational relevance, capacity building, and community engagement in the fight against cybercrime.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of "Reimagining Cyber," host Rob Aragao interviews Craig Jones, the former Director of the Global Cyber Crimes Directorate at Interpol. Jones provides a comprehensive overview of Interpol's role in combating cybercrime, emphasizing its unique position as a non-executive body that facilitates international law enforcement collaboration among 196 member countries.

Jones discusses the structure and function of Interpol, noting how it connects various national police forces to coordinate cybercrime operations, despite being unable to directly run investigations. He explains how Interpol's cybercrime efforts are organized around prevention, detection, investigation, and disruption, aiming to reduce the global impact of cybercrime and protect communities worldwide.

The conversation also delves into the challenges of dealing with borderless cybercrime, such as ransomware, business email compromise, and data theft. Jones highlights the complexities of international cooperation, especially when cybercriminals operate across different jurisdictions. He also touches on the recruitment process for Interpol's cybercrime division, stressing the importance of diverse backgrounds and expertise.

Finally, the discussion explores the evolving landscape of cybercrime, the rise of the cybercrime economy, and the critical role of cyber resilience in protecting organizations. Jones and Aragao underscore the importance of involving board-level executives in cybersecurity decisions and the need for a comprehensive approach to cyber resilience, emphasizing the long-term benefits of such strategies in the face of ongoing cyber threats.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Roland Clouthier, former CSO of TikTok and cybersecurity expert,  explores the role of AI in cybersecurity, the evolving landscape of cloud security, and the critical importance of identity management. Roland shares insights on how to effectively allocate security budgets, the importance of understanding risk tolerance, and the need for transparency in AI governance. Tune in to gain valuable tips on future-proofing your organization’s cybersecurity strategy in the face of emerging challenges.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of "Reimagining Cyber," Rob Aragao hosts a conversation with Tammy Klotz, a best-selling author and current CISO at Trinseo. Tammy discusses her career trajectory, which includes leadership roles at Covanta Energy and Versum Materials, and shares insights from her recent book, Leading with Empathy and Grace: Secrets to Developing High-Performing Teams. 

 Additionally, she addresses the challenges women face in cybersecurity, offering advice on building confidence, taking risks, and overcoming barriers in a male-dominated field. The episode provides valuable takeaways for aspiring leaders and women looking to enter or advance in the cybersecurity industry.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber, hosts Rob Aragao dives into the intersection of sports and cybersecurity, inspired by a cyber attack at the recent Paris Olympics.

The conversation takes a deep dive into the cyber threats that have historically plagued the Olympics, from the 2016 Rio Games to the 2018 Winter Olympics in Pyeongchang. They discuss the frequent denial of service attacks, ransomware, and phishing campaigns that target such high-profile events. The Tokyo 2020 Olympics saw an astounding 450 million cyber events, setting the stage for heightened vigilance at the Paris Games, where over 3 billion cyber threats were anticipated.

Rob and Ben explore the potential motivations behind these attacks, ranging from geopolitical tensions to the desire for disruption or financial gain. They emphasize the importance of rigorous preparation, including ethical hacking and advanced security measures, to protect such significant global events.

Tune in to hear how the world’s largest sporting event has become a prime target for cybercriminals and what it takes to defend against these sophisticated threats.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, we dive deep into the world of cybersecurity with Jon Brickey, Senior Vice President at Mastercard. With extensive experience across military, government, and corporate sectors, Jon offers unique insights into the evolving landscape of cyber threats and defenses.

Jon shares how Mastercard is at the forefront of fostering a culture of collaboration and partnership in cybersecurity. He highlights the company's commitment to collective defense, emphasizing the need for global consistency and innovation in building a future-ready cyber workforce. Learn about Mastercard’s pivotal role in organizing the tri-sector cyber defense exercise, which unites the energy, telecom, and finance sectors with government agencies. This initiative aims to enhance cyber resilience through strategic collaboration and shared best practices.

Throughout the conversation, Jon underscores the importance of agile industry responses to cyber threats and the critical synergy between government and industry in addressing these challenges. He delves into the ways Mastercard  is preparing for future cyber threats, from developing cutting-edge technologies to implementing robust training programs for their teams.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this riveting episode of "Reimagining Cyber," host Rob Aragao continues his deep dive into the shadowy world of cyber threats with Ashley Jess, Senior Intelligence Analyst at Intel 471. As a follow-up to their previous discussion, Ashley delves into the alarming rise of deepfakes and disinformation.

Ashley sheds light on the evolving tactics of cybercriminals, from sophisticated "Know Your Customer" (KYC) bypass methods to the increasing use of AI in creating convincing deepfake videos and misinformation campaigns. She discusses the implications of these threats for both private and governmental organizations, emphasizing the importance of vigilance and proactive defense measures.

Listeners will learn about the significant risks posed by AI-generated content, the psychological impact of pervasive deepfakes, and the crucial role of basic cybersecurity hygiene in countering these advanced threats. Ashley also offers a glimpse into the future of cyber threats and the ongoing battle between cybercriminals and defenders.

Don't miss this insightful episode, and be sure to catch the first part of this conversation for a comprehensive understanding of the current cyber threat landscape.

Key Topics:

• Deepfakes and their impact on the Summer Olympics
• Evolution of AI-enabled KYC bypass methods
• Disinformation campaigns targeting elections globally
• The psychological and practical challenges of detecting AI-generated content
• Effective cybersecurity practices to defend against emerging threats

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber, host Rob Aragao interviews Ashley Jess, a senior intelligence analyst at Intel 471. Ashley discusses her transition from the FBI to her current role, highlighting her expertise in malware trends and AI abuse. The conversation explores the rise of info stealers, the decline of drainer malware, and the increasing use of AI by cybercriminals for social engineering and fraud. Ashley also delves into specific cases like Worm GPT, illustrating the evolving tactics of threat actors.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

The latest episode of Reimagining Cyber  dives into the recent major data breaches that have rocked the telecom sector, focusing on the latest AT&T incident. 

It begins by reflecting on the historical context of cyberattacks in telecom, noting T-Mobile’s previous breach involving 85 million records and a hefty $500 million settlement.

Host of the show Rob Aragoa details the chronology of AT&T's breaches, starting with a lesser-known incident from 2021, where the hacker “ShinyHunters” initially infiltrated AT&T's systems. 

Despite early warnings, AT&T dismissed the threat, leading to a subsequent data dump on the dark web in early 2023, exposing over 73 million records. Fast forward to the latest breach disclosed last week, impacting a staggering 110 million customers, with call and text message records from May to October 2022 being compromised.

Rob explains the intricate balance between national security concerns and public transparency, highlighting the role of the Department of Justice in delaying the breach announcement.

The discussion then shifts to the broader implications and accountability within the telecom industry. Rob references the FCC's recent update to their data breach notification rules, which were 16 years old, underscoring the urgent need for regulatory improvements.

Rob concludes by examining the steps AT&T and its cloud data provider, Snowflake, are taking to prevent future breaches, such as implementing mandatory multi-factor authentication. They stress the importance of basic cybersecurity hygiene and the necessity for ongoing vigilance in protecting sensitive customer data.

This episode offers a comprehensive look at the complexities and challenges in securing the telecom sector, leaving listeners with critical insights into how these breaches occur and the measures needed to prevent them. Tune in for an engaging and informative discussion on one of the most pressing issues in cybersecurity today.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, we delve into the recent cyber attack on CDK Global, a leading technology provider for the automotive industry. This incident, which disrupted operations for thousands of car dealerships across the United States, serves as a stark reminder of the vulnerabilities in our interconnected digital landscape.

Join us as we explore the immediate and long-term impacts of the attack, including significant operational disruptions and financial consequences that are expected to linger for months, if not years. We discuss the crucial lessons learned from this incident, highlighting the importance of robust cybersecurity measures, proactive threat detection, and the continuous evolution of security best practices.

We also examine the broader implications for operational continuity and resilience. Discover why it's essential for businesses to prepare for potential threats, implement redundancy and alternative strategies, and demand better security assessments and visibility from their service providers.

Furthermore, we address sector-specific challenges faced by automotive dealerships, such as the variability in resources and support structures, and the role of manufacturers in providing alternative software solutions.

Finally, we touch on the regulatory and legal landscape, including SEC breach disclosure requirements and related lawsuits, underscoring the necessity of compliance and transparency in cybersecurity.

Tune in to gain valuable insights into the critical importance of cybersecurity in today's digital age and learn how organizations can stay vigilant and proactive in protecting their operations and data.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Stan Wisseman and Rob Aragao welcome Justin Young to explore the transformative role of Software Bill of Materials (SBOMs) in enhancing software supply chain security. Justin shares his extensive experience and insights into how SBOMs contribute to the maturation of the software industry, drawing parallels with the auto and food industries' approaches to defect and ingredient tracking.

The discussion delves into the regulatory landscape, highlighting the FDA's SBOM requirements for medical devices, the U.S. National Cybersecurity Strategy, and various compliance mandates from CISA, DORA, PCI, and the EU CRA. Justin explains the importance of shifting liability to software vendors and away from end users and open-source developers, emphasizing the need for actively maintained and secure software components.

Listeners will gain an understanding of the different SBOM formats, Cyclone DX and SPDX, and their respective advantages. Justin also addresses the challenges organizations face in managing SBOMs, including procurement, validation, and the necessity of a dedicated SBOM program manager.

Finally, the episode explores the practicalities of SBOM implementation, from storage and cataloging to enrichment and vulnerability management, offering a comprehensive guide for organizations aiming to bolster their software security practices.

Tune in to learn how SBOMs are reshaping the software industry, driving transparency, and enhancing security across software supply chains.

Relevant Links:
Episode 88: Open-Source Software: Unlocking efficiency and innovation

Episode 41: Do a little dance, Time for some SLSA

Episode 26: Log4j Vulnerabilities: All you need to know and how to protect yourself

Episode 4: SolarWinds: Bringing down the building… Software Supply-Chain Pressure Points

Whitepaper: The need for a Software Bill of Materials

Software Supply Chain Hub page

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this podcast episode, hosts Rob Aragao and Stan Wisseman are joined by Arun DeSouza, a renowned expert in connected vehicle security and former CISO at leading automotive companies. Arun begins by highlighting the critical challenges facing connected vehicles, emphasizing the importance of security by design throughout the development lifecycle. He stresses the need for rigorous vulnerability assessments and penetration testing to prevent vulnerabilities that could lead to remote hacking or data breaches.

Arun discusses the vital role of infrastructure connectivity and encryption in securing data transmission between vehicles and the cloud. He emphasizes the necessity of secure over-the-air software updates to patch vulnerabilities promptly. Addressing the risks associated with peripheral devices connected to vehicles, Arun advocates for robust system interface protections and micro-segmentation strategies to isolate critical systems from non-critical ones.

Privacy and data security emerge as central concerns, with Arun emphasizing the importance of adhering to privacy-by-design principles. He discusses the implications of GDPR-like standards for protecting sensitive data collected by connected vehicles and underscores the need for user consent frameworks in data handling practices.

The conversation extends to the complex automotive supply chain ecosystem, where Arun stresses the importance of implementing robust security measures across third-party suppliers. He highlights the role of continuous security assessments and collaborative efforts within the supply chain to mitigate cybersecurity risks effectively.

Concluding the episode, Arun offers practical advice for consumers considering connected vehicles, suggesting they seek transparency from manufacturers regarding cybersecurity features. He encourages leveraging industry networks and expert advice to make informed decisions about vehicle purchases in 2024.

Join us for an insightful exploration of the evolving landscape of connected vehicle security.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob Aragao and Stan Wisseman look at the intriguing transition from Chief Information Security Officer (CISO) to Chief Technology Officer (CTO). Drawing from a recent sidebar conversation among CISOs and an insightful article from Dark Reading, they examine why this trend is becoming more prominent. With examples from organizations like Bank of America, Fifth Third Bank, and Equifax, Rob and Stan discuss the key attributes that make this career move logical and beneficial.

The conversation highlights the importance of collaboration, strategic thinking, and the deep understanding of both technology and business impact that CISOs bring to the table.  They delve into how the roles of CISO and CTO overlap, particularly in driving innovation, increasing revenue, and embedding security by design into business solutions.

Rob and Stan also consider the broader influence a CTO has on an organization's technology strategy, the operational experience both roles share, and the potential motivations behind CISOs seeking to transition—whether to escape the increasing personal liability associated with security breaches or to pursue new professional growth opportunities.

Additionally, the episode touches on the challenges CISOs might face in this transition, such as the need for expertise in product development and the software lifecycle.

As discussed in this episode:
https://www.darkreading.com/cybersecurity-careers/ciso-as-a-cto-when-and-why-it-makes-sense

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber Rob and Stan look at the staggering costs and ongoing epidemic of data breaches and ransomware attacks. Did you know that the average cost of a mega breach involving 50 to 60 million records is a jaw-dropping $332 million? Ransomware, though less expensive, still costs businesses an average of $4.5 million per attack. It's clear that organizations must be better prepared to face these threats.

To shed light on effective strategies and insights Rob and Stan are joined by Shamoun Siddiqui, VP and Global CISO of the Upbound Group. He helps answer the burning question: Can businesses ever be truly breach-proof, even with unlimited funds? Shamoun emphasizes that while complete security is unattainable, companies can operate with risk management strategies, acknowledging limitations in funding, talent, and technology.

Shamoun shares real-world examples of vulnerabilities exploited during modernization efforts and stresses the importance of maintaining robust cybersecurity programs. He offers invaluable advice on building business justifications for cybersecurity investments, communicating effectively with boards of directors, and focusing on core security controls like multi-factor authentication and privileged access management.

He also delves into the critical role of external relationships with law enforcement and forensic companies during a breach, and how these interactions can impact the outcome. Shamoun highlights the importance of having a pre-established plan, managing internal and external communications, and the necessity of resilience and recovery strategies.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Cyber posture –what is its role in today’s digital landscape?  What are the essential components that make up a robust cyber posture?  What practical advice is there for organizations looking to bolster their defenses against ever-evolving cyber threats?

In this episode, Rob and Stan delve into the complex landscape of cybersecurity posture management. They dissect  posture management solutions in the market, highlighting the need to cut through marketing hype to focus on tangible outcomes. Emphasizing the importance of continuous monitoring, they explore the evolution of posture management from a static assessment to an ongoing process. Drawing on examples like cloud security posture management and data governance, they stress the need for comprehensive visibility across diverse environments. Rob and Stan discuss the challenges faced by organizations of varying sizes in achieving effective posture management, considering resource constraints and the role of automation. They also touch on the intersection between posture management and regulatory compliance, advocating for a risk-based approach over checkbox compliance. Throughout the discussion, they underscore the significance of people, processes, and technology in shaping an organization's cyber resilience. Looking ahead, they contemplate the potential role of AI-driven interfaces in facilitating efficient posture management and adaptation to evolving threats.

The Webinar recording Rob and Stan reference in the podcast is available on here

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of "Reimagining Cyber," join hosts Stan Wisseman and Rob Aragao as they explore the cutting edge of cybersecurity. They delve into the world of smart contracts and decentralized finance, examining both the revolutionary potential and the inherent risks. The conversation shifts to cybersecurity roadshows, where they highlight key insights from recent fireside chats with industry leaders about navigating the complexities of cybersecurity programs, gaining executive buy-in, and harnessing AI while maintaining data security.

Links relevant to this episode:
Unlocking Security in Smart Contracts with Fortify SCA
Cybersecurity in a Web 3.0 World
Cyber Risk Posture Management Webinar registration

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode Stan and Rob delve into the critical issue of protecting seniors from cyber threats. Guest Michael Echols, author of "The Shield: Protecting Seniors From Hackers," sheds light on the alarming vulnerability of seniors in the digital age.

Drawing from personal experiences, Stan highlights how elderly family members are frequently besieged by scams, including fraudulent calls and phishing attempts. Michael unpacks the various tactics employed by cybercriminals, from romance scams to Medicare fraud, emphasizing the emotional manipulation used to exploit seniors' trust.

Michael also stresses the importance of proactive measures, such as credit freezes, to bolster cybersecurity defenses. He advocates for open dialogue and collaborative efforts within families and communities to combat cyber threats effectively.

Furthermore, the role of AI in both perpetrating and mitigating cyber risks is explored. While AI-driven attacks pose new challenges, innovative solutions like AI-powered call screening offer promising avenues for safeguarding seniors.

The episode concludes with a call to action: to recognize the gravity of the cybersecurity threat facing seniors and to take proactive steps to mitigate risks. By fostering awareness, implementing security measures, and fostering open communication, we can collectively shield seniors from the perils of cybercrime.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

What is an insider threat? How do you mitigate the impact of an insider theat? From malicious insiders driven by profit or spite to negligent insiders prone to carelessness, and compromised insiders unwittingly manipulated by external forces, Rob Aragao and Stan Wisseman try to unravel the layers of this critical cybersecurity concern.

Drawing from recent incidents like the Sisense breach and the XZ exploit, light is shed on the evolving tactics employed by malicious actors, highlighting the pressing need for robust detection and response mechanisms. 

Links to points raised in this episode:

• What is an insider threat?
• Insider Threats in 2024: 30 Eye-Opening Statistics
• Insider Threat Statistics for 2024: Reports, Facts, Actors, and Costs
• Ponemon Institute's 2023 Cost of Insider Risks study
• MITRE ATT&CK framework
• MITRE’s Insider Threat TTP Knowledge Base project
• XZ exploit
• Yakima Valley Memorial Hospital breach
• Sisense breach
• Yahoo IP theft
• Tesla insider threat incident

Blog by Stan - 

• Insider Threats Demystified: Enhancing Security with ITDR and MITRE ATT&CK Frameworks

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

"For nation states today their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security." 

Stan Wisseman and Rob Aragao delve into the critical realm of election security with Dr. Ben Adida, the co-founder and executive director of VotingWorks, renowned for his expertise in safeguarding our voting processes. Dr. Adida shares insights from his two-decade journey at the forefront of election security, offering a deep dive into the complexities of ensuring the integrity of our democratic process.

From the challenges of balancing ballot secrecy with verifiability to the evolving landscape of election security concerns, the conversation navigates through the intricate web of issues surrounding voting systems. 

Dr. Adida sheds light on the pivotal role of voter-verifiable paper ballots and post-election audits in bolstering trust and transparency, emphasizing the need for modernizing voting technology to align with current security standards.

As the discussion unfolds, topics ranging from external influences on elections to the role of federal guidelines versus state autonomy are explored, providing a comprehensive overview of the multifaceted efforts to fortify election integrity. Dr. Adida's vision for the perfect voting system, grounded in openness, transparency, and layered defense mechanisms, offers a compelling roadmap for safeguarding democracy in the digital age.

https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode  Stan Wisseman and Rob Aragao delve into the critical yet often overlooked realm of API security. APIs, the linchpin of today's digital landscape, facilitate seamless communication between diverse software components, but they also present enticing targets for cyber threats. Through real-world examples and insightful analysis, Stan and Rob explore the escalating risks associated with APIs and offer strategies for fortifying your organization's defenses. From understanding your API inventory to implementing robust security measures, this episode equips listeners with essential knowledge to navigate the complex terrain of API security and safeguard their digital assets effectively.

Helpful links relevant to this episode:

• Growing Concern Over API Security
• Fastly API Security 2024 study
• OWASP Top 10 API Security Risks—2023
• Developer Guide to the 2023 OWASP Top 10 for API Security
• Fortify API Security
• NetIQ Secure API Manager

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

“It’s only going to get worse if we don't pump the brakes and go, nope, we need to make sure we're doing this the right way.”

In this episode, Tim Fowler, an accomplished offensive security analyst and penetration tester from Black Hills Information Security, joins the podcast to discuss the intersection of cybersecurity and space systems. 

Tim sheds light on:

• The unique challenges posed by the space environment,
• How the design of space systems differs from terrestrial systems 
• The importance of threat modeling in shaping cybersecurity protocols for space systems. 
• The biggest threats to cybersecurity in space both now and in the future. 

 Drawing from real-world examples like the ViaSat hack, Tim underscores the need for proactive cybersecurity measures, especially in the face of evolving threats and the increasing democratization of space technology.

The conversation also touches upon international collaboration and regulatory efforts in space cybersecurity, with Tim mentioning standards set by bodies like the Consultative Committee for Space Data Systems (CCSDS). However, challenges persist, including the cultural shift required to prioritize cybersecurity early in the space system lifecycle and address emerging threats effectively.

For details on Tim's Introduction to Cybersecurity and Space Systems class go to:
 https://www.antisyphontraining.com/

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Join hosts Stan Wisseman and Rob Aragao as they explore the evolution of payment card security standards. With insights on PCI DSS 4.0, they dive into key changes and technology considerations. From data protection to application security, this episode offers crucial insights for organizations navigating compliance in an ever-evolving landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, the Rob and Stan delve into a recent cyber attack targeting Change Healthcare, a key player in the healthcare sector. They highlight the unprecedented nature of the breach, its implications, and the collaborative efforts undertaken to mitigate its impact.

Change Healthcare, based in Nashville, Tennessee, disclosed the cyber attack on February 21st, causing significant disruptions across the healthcare ecosystem. The breach impacted various services, including claims processing and clinical decision support, affecting hospitals, pharmacies, and patients alike.

The attackers, identified as the ransomware group BlackCat, operated on a ransomware-as-a-service model. The hosts discuss the complex web of ransomware operations and affiliate relationships, shedding light on the intricate nature of cyber threats facing the healthcare industry.

The breach triggered a swift response from government agencies, with the Medical Group Management Association requesting assistance from the Department of Health and Human Services (HHS). HHS issued statements and provided alternative electronic data interchange options to minimize disruptions in patient care.

Rob and Stan look at the critical need for cybersecurity resiliency in the healthcare sector. They discuss proposed measures, including the adoption of HHS cybersecurity performance goals and the streamlining of funding opportunities to bolster cybersecurity defenses.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

What is the impact of open-source software (OSS) on modern software development? 

This episode delves into the findings of a recent study commissioned by Open Text and conducted by Forrester called "Unlock Resources With Automated Open-Source Discovery And Intake". Stan and Rob unpack the evolving role of OSS, shedding light on both its opportunities and challenges.

With 70% of organizations reporting that over half of their coding efforts involve OSS, it's evident that OSS plays a pivotal role in accelerating innovation and reducing costs in software development. However, as the hosts discuss, this rapid adoption isn't without its hurdles.

From ensuring security and compliance to navigating through the complexities of OSS licensing, organizations face a myriad of challenges. Stan and Rob examine the ramifications of overlooking security vulnerabilities, compliance standards, and licensing terms, drawing from real-world examples to underscore the importance of diligent management practices.

But amidst the challenges lies a beacon of hope: automation. The hosts explore how automation is revolutionizing the discovery and integration of OSS components, paving the way for more secure and compliant software development processes. From streamlining discovery to prioritizing security early in the development cycle, automation holds the key to enhancing productivity and mitigating risks.

Looking ahead, Stan and Rob speculate on future directions in OSS management, emphasizing the need for collaboration, early detection of security issues, and continued innovation in the space. Whether you're a developer, a legal expert, or a cybersecurity enthusiast, this episode offers valuable insights into the ever-evolving landscape of open source software.

Tune in to gain a deeper understanding of the opportunities and challenges presented by open source software, and discover how organizations can navigate the open source seas with confidence and agility.

Report:
https://www.microfocus.com/en-us/assets/cyberres/automating-open-source-compliance

Debricked Open Source Select - a search engine where you can find, filter for and evaluate open source packages and repositories.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of Reimagining Cyber, hosts Rob Aragao and Stan Wisseman are joined by Dorota Wrobel, Chief R&D Officer for G2A, the world's largest digital marketplace for video games and software. Dorata discusses G2A's evolution from a regular online store to a two-sided marketplace for digital products, emphasizing the need for robust cybersecurity measures in the digital environment.

Dorota highlights the vulnerability of digital products to outside attacks and explains G2A's partnerships with top security companies to enhance security. She discusses G2A's strict seller verification processes and proof of purchase requirements to ensure trustworthiness and prevent fraud.

The conversation delves into G2A's regulatory compliance efforts, including adherence to security standards required by Payment Service Providers and membership in organizations like the Merchant Risk Council. Dorata explains how AI technology is utilized for fraud detection and response, augmented by human interaction and step-up authentication processes.

Looking to the future, Dorota discusses G2A's plans for further investment in monitoring systems and tokenizing payment options

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

 In this conversation about threat hunting, Stan and Rob dive into why it's become such a crucial part of cybersecurity. They talk about how threat hunting isn't just about reacting to problems anymore, but it's become this proactive, creative way of spotting and tackling security issues before they become big headaches.

They reflect on how the role of a threat hunter has changed over the years. It used to be all about reacting to alerts, but now it's more about actively seeking out threats and analyzing them. And with the threat landscape changing so quickly, threat hunters have had to evolve their methods to keep up.

Stan and Rob also discuss the day-to-day workflow of a threat hunter. It's not just about sitting in front of a computer all day. It involves reviewing alerts, prioritizing threats, and collaborating with the team to share insights and strategies.

But it's not all smooth sailing. They talk about the challenges threat hunters face, like dealing with huge amounts of data and making sure their tools all work together seamlessly. Plus, there's the added pressure of compliance and legal considerations.

On the bright side, there's a whole arsenal of tools available to threat hunters, from fancy analysis platforms to simple note-taking apps. And with emerging tech like blockchain and quantum computing on the horizon, there's a lot of excitement about the future of threat hunting.

They also touch on the importance of team dynamics and management in threat hunting. It's not just about having the right tools—it's about having the right mindset and culture within the team. And diversity and inclusion play a big role in that, bringing different perspectives to the table and making the team stronger.

Overall, it's clear that threat hunting is more than just a job—it's a passion. And as long as there are cyber threats out there, there will always be a need for skilled threat hunters to track them down and neutralize them.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Stan and Rob sit down with Felix Asare, a seasoned cybersecurity leader with extensive experience in the financial sector, including roles at Allianz and Putnam Investments. They delve into the cybersecurity landscape within the financial industry, exploring why it's a prime target for cybercriminals.

Felix breaks down the appeal of targeting the financial sector,
emphasizing the shift from physical to digital methods of theft due to the
lucrative nature of financial data. He highlights the importance of regulations
in setting security standards and explains how compliance, while necessary,
isn't sufficient for robust cybersecurity.

The conversation extends to the risks posed by the software
supply chain, particularly third-party vendors, and the challenges of
maintaining oversight in a complex ecosystem. Felix shares insights into
mitigating risks associated with open-source software and the need for rigorous
approval processes.

They also discuss the emergence of smart contracts and the
security implications of blockchain technology. Felix underscores the
importance of auditing smart contracts and maintaining vigilance in the face of
evolving threats like deepfake technology.

Lastly, the discussion turns to the role of AI in cybersecurity
defense, with Felix emphasizing its potential to enhance response times and
analyze data. However, he also cautions against overreliance on AI and the need
for human validation to combat emerging threats effectively.

Overall, the episode provides valuable insights into the
evolving cybersecurity landscape within the financial sector and the strategies
employed to mitigate risks and enhance security posture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, hosts Rob and Stan explore the EU's Digital Operational Resiliency Act (DORA) with Dominic Brown, a cybersecurity expert. DORA addresses cyber threats to EU financial systems, emphasizing risk management, incident response, and third-party oversight. Dominic compares DORA to US regulations and advises organizations to build risk management teams and enhance cyber resilience before the 2025 deadline.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode of "Reimagining Cyber," Rob Aragao and Stan Wisseman welcome Adeel Saeed, discussing the importance of data protection in the evolving cybersecurity landscape. Adeel emphasizes the need to understand data sovereignty, navigate regulatory challenges like DORA, and implement a comprehensive data lifecycle strategy. The conversation delves into the nuances of technical debt related to data, the significance of cyber resilience, and the imperative for organizations to embrace a proactive approach in safeguarding their data assets.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber  attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year.

1.    Mother of All Breaches (MOAB):

·       Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide.

·       Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors.

·       Organization: The breach was meticulously organized, posing a significant threat to data security and privacy.

2.    Midnight Blizzard Attack:

·       Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces 

·       Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments.

·       Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications.

·       Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities.

3.    State-Sponsored Cyber Warfare (Russia vs. Ukraine):

·       Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks.

·       Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking.

·       AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats.

The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, hosts Rob and Stan explore the World Economic Forum's Global Cybersecurity Outlook 2024, a favorite annual report providing valuable insights into the cybersecurity landscape. Released early in the new year, the episode looks at the key themes, findings, and implications outlined in the report.

Main Themes:

1.    Geopolitical and Technological Environment:

·       Report highlights dynamic changes and advancements in geopolitics and technology.

·       Emphasis on impacts of geopolitical tensions, economic uncertainties, and technological advancements, especially in AI.

2.    Cyber Skill Shortage:

·       Discussion on persistent challenges related to the shortage of cybersecurity skills.

·       Acknowledgment of the critical role of cybersecurity in business, operations, and executive decision-making.

3.    Cyber Resilience:

·       Exploration of the growing importance of cyber resilience.

·       Positive indicators of increased confidence among leaders in the resilience of cybersecurity programs.

4.    Cyber Inequity:

·       Examination of the disparity in cyber capabilities between larger and smaller organizations.

·       Insights into challenges faced by smaller organizations, including resource constraints, skill shortages, and technology requirements.

5.    Cyber Ecosystem:

·       Discussion on the interconnected nature of cyber ecosystems.

·       Emphasis on collaboration, threat intelligence sharing, and third-party assessments.

·       Highlighting the significant impact of cyber attacks originating from third-party relationships.

Key Findings and Insights:

1.    Generative AI Concerns:

·       Grave concerns among executives about advances in adversarial capabilities due to generative AI.

·       Less than 10% believe generative AI will give an advantage to defenders over attackers.

2.    Cyber Insurance and Risk Mitigation:

·       Observations on the changing landscape of cyber insurance, with a 24% drop in organizations obtaining cyber insurance.

·       Recognition of cyber and privacy regulations as effective for risk reduction, though harmonization is needed.

3.    CEO Involvement and Alignment:

·       Increased involvement of CEOs and business leaders in prioritizing cybersecurity.

·       93% trust CEOs to speak externally about cyber risk, indicating growing alignment between cybersecurity and business strategy.

4.    Impact on the Business:

·       Insights into executive concerns about operational disruption, financial impact, and brand reputation from cyber attacks.

·       Balanced consideration of regulatory scrutiny, focusing on operational aspects and financial loss.

Conclusion: Rob and Stan encourage listeners to explore the detailed report for a deeper understanding of the evolving cybersecurity landscape. They emphasize the need for collaboration, proactive cybersecurity measures, and efforts to bridge the gap between larger and smaller organizations in building cyber resilience.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Welcome to another episode of "Reimagining Cyber." In this session, Rob and Stan dive into the critical role of IT auditors, a perspective rarely explored on the show. Their guest, Veronica Rose, brings extensive experience in shaping risk-based information security audit programs. She emphasizes the evolving nature of the IT audit environment and urges IT auditors to prioritize upskilling as technology and controls advance.

Veronica highlights the significance of professional communities, recommending affiliation with bodies like NACD and ISACA. Engaging in these communities not only provides access to valuable resources but also fosters global connections with like-minded professionals.

The discussion shifts to well-being, a crucial aspect often overlooked in the demanding field of IT audit. Veronica stresses the importance of mental health, exercise, and unplugging to maintain a clear mindset.

The conversation wraps up by addressing the career paths of IT auditors. Veronica encourages a mindset shift for those considering a transition, emphasizing the value of certifications and continuous upskilling.

Tune in to gain insights into the evolving world of IT audit, professional development, and holistic well-being.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob Aragao and Stan Wisseman unravel the dynamic world of cybersecurity regulations, providing a sneak peek into the changes expected in 2024. From the upcoming PCI DSS 4.0 release strengthening cybersecurity postures to the FTC's push for timely breach notifications, and the SEC's implementation of breach disclosure rules, they navigate through the intricacies of compliance.

They shed light on the NIS2 directive, emphasizing the continuous evolution of cybersecurity practices, and delve into the EU Cyber Resiliency Act, encouraging security by design principles for products and services sold within the EU. The duo also examines the state-level privacy laws emerging across the United States, emphasizing the complexities organizations face in navigating this patchwork of regulations.

Tune in for insights on how these regulations impact businesses, the penalties associated with non-compliance, and the importance of a proactive, risk-based approach. Stay informed and ready for the evolving cybersecurity landscape in 2024!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, hosts Stan Wisseman and Rob Aragao reflect on the cybersecurity landscape of 2023 and discuss its potential impacts on the upcoming year, 2024. They delve into the alarming increase in incidents and breaches, noting a 30% rise. The conversation covers major breaches, such as the MOVEit and Okta incidents, emphasizing the growing threat of ransomware across various sectors.

The hosts highlight the interconnectedness of organizations, raising concerns about dependency on common platforms and the resulting ripple effect during security breaches. They stress the importance of reevaluating security controls and adopting a layered approach to mitigate vulnerabilities.

The episode also explores the escalating cyber warfare between nation-states, citing the ongoing conflict between Ukraine and Russia. Stan and Rob anticipate an increase in nation-state cyber threats, emphasizing the need for enhanced threat intelligence and proactive cyber defense measures.

Regulations, including the SEC cyber rule and the EU Act, are discussed as significant factors shaping the cybersecurity landscape. The hosts predict a continued evolution of regulations, emphasizing the need for organizations to adapt to changing compliance requirements.

The conversation touches on the emergence of generative AI and its impact on various industries, especially in cybersecurity. Stan and Rob acknowledge the dual nature of AI as both a tool for efficiency and a potential threat in the hands of malicious actors. They predict ongoing discussions about the regulation of AI and its implications.

Other topics include cyber insurance, where the hosts anticipate increased scrutiny and tighter requirements, and the importance of leveraging insurance requirements to drive cybersecurity improvements within organizations.

As the hosts look ahead to 2024, they emphasize the race between cybersecurity defenders and threat actors, acknowledging the potential for increased efficiency on the defenders' side but recognizing the challenges posed by the evolving threat landscape.

Other episodes mentioned in this edition:
Time to Take Them More Seriously - What's Iran Doing in Cyber?  - EP 11
https://www.buzzsprout.com/2004238/episodes/10791018

Progress Over Perfection - Implementing the Executive Order - EP18
https://www.buzzsprout.com/2004238/episodes/10791011

SEC Cyber Rules Just Got Real - EP 69
https://www.buzzsprout.com/2004238/episodes/13875180

SEC Cyber Rules Forcing Boards to Pivot - EP 57
https://www.buzzsprout.com/2004238/episodes/12344694

US National Cybersecurity Strategy and EU Cyber Resilience Act - EP 61
https://www.buzzsprout.com/2004238/episodes/12532348

NIS2 Directive: Cyber Insights - EP 76
https://www.buzzsprout.com/2004238/14173706

AI and ChatGPT - Security, Privacy and Ethical Ramifications - EP 62

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, join hosts Rob Aragao and Stan Wisseman as they delve into the world of cybersecurity and data privacy with their esteemed guest, Shawn Tuma. Shawn, a seasoned cybersecurity and data privacy attorney, and partner at Spencer Fane, brings over two decades of experience to the table. As the co-chair of the firm's Cybersecurity and Data Privacy Practice Group, Shawn discusses his journey in the field, from the Y2K era to the present day.

The conversation covers key elements of cybersecurity, emphasizing the importance of a continuous, strategic approach to evaluating and managing risks. Shawn shares insights into prevalent issues such as RDP access, backup strategies, and the critical role of multifactor authentication, especially for users of Microsoft Office 365 and Google web-based email.

Reflecting on the evolution of cybersecurity, Shawn  highlights the pivotal moment in 2013 with major data breaches at Target, Home Depot, and Neiman Marcus. He emphasizes the need for a proactive risk management framework and the significance of cybersecurity insurance in today's landscape.

The hosts and Shawn  discuss the changing role of Chief Information Security Officers (CISOs) and the growing recognition of their strategic importance within organizations. Sean stresses the value of building relationships with law enforcement, particularly federal agencies like the FBI and Secret Service, to enhance incident response capabilities.

Throughout the episode, Shawn Tuma's passion for cybersecurity and practical, actionable advice shines through, making this conversation a must-listen for anyone navigating the complexities of cybersecurity in the modern business landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Welcome to another episode of "Reimagining Cyber," where Stan and Rob explore the transformative landscape of cybersecurity regulations. In this insightful episode, they delve into the intricacies of the upcoming NIS2 directive from the EU, set to take effect in October 2024. Joining them is Bjørn Watne, Senior Vice President and Chief Security Officer at Telenor Group and an advisor to Europol, offering over 20 years of expertise in information security and cyber risk management.

The discussion revolves around the key changes introduced by NIS2, emphasizing a baseline cybersecurity approach across essential entities in diverse sectors. Bjorn sheds light on the directive's requirements for systematic security risk management, crisis management, and heightened resilience. The episode also navigates through the complexities of supply chain control, collaboration, and reporting vulnerabilities.

Drawing from Telenor Group's experience as a telecom operator, the hosts and guest unravel the distinct threat landscape faced by telecom companies, especially in dealing with advanced persistent threats and the significance of call detail records. Beyond traditional sectors, the conversation touches upon the implications of NIS2 on organizations, highlighting Telenor Group's compliance efforts.

Exploring the penalties associated with NIS2 noncompliance, the episode draws parallels with GDPR, underscoring the importance of these regulations in fortifying a secure digital infrastructure. As organizations prepare for NIS2, Bjorn shares practical advice, urging a proactive approach with asset inventory, business impact analysis, and comprehensive risk assessments.

Don't miss this episode packed with valuable insights into the NIS2 directive and actionable steps for organizations to elevate their cybersecurity readiness. Stay tuned and reimagine cybersecurity with Stan, Rob, and Bjorn on this informative podcast.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Welcome to another episode of Reimagining Cyber with Rob and Stan. In this episode, we dive deep into the crucial topic of data security. Stan shares insights from a recent cybersecurity event in Texas, emphasizing the growing threat of ransomware and the need for a dynamic approach to protect sensitive data.

Key Points:

1.    Ransomware Challenges: Stan highlights the evolving landscape of ransomware attacks, where bad actors not only encrypt data but also extract and blackmail organizations. The importance of a robust backup strategy, including tiered storage with offline or air-gapped options, is emphasized.

2.    Classification and Categorization of Data: Rob and Stan discuss the significance of understanding the types of sensitive data within an organization. They draw parallels to the Defense Department's classification system and stress the need for businesses to categorize their data to implement effective security measures.

3.    SEC Cyber Ruling: The upcoming SEC ruling becomes a focal point, driving organizations to reassess their data security strategies. Rob explains how privacy regulations and regulatory actions, like the SEC ruling, act as catalysts for organizations to enhance their data security.

4.    Discovering Hidden Risks: The hosts underscore the importance of comprehensive data discovery, revealing hidden risks and outdated systems. Stan likens undiscovered data to "toxic data" and emphasizes the need for continuous clean-up efforts to reduce both risk and costs.

5.    AI and Bias in Data: The conversation shifts to the integration of AI in cybersecurity and the challenges of preventing bias in AI models. Stan discusses the importance of cleansing sensitive data before ingestion into AI models and the broader issue of unintentional biases in AI.

Conclusion: Rob and Stan wrap up the episode by reflecting on the evolution of cybersecurity terminology, from computer security to information assurance and now cyber security. They stress the multi-faceted nature of protecting information and the continuous effort required in today's dynamic threat environment.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Welcome to Reimagining Cyber, where we explore the evolving role of the Chief Information Security Officer (CISO). In this special episode, Stan and Rob present a compilation of insightful clips from previous episodes.

First up, Parham Eftekhari, Executive Vice President of the Cyber Risk Alliance, discusses the transformation of the CISO role into that of a business leader. He emphasizes the importance of understanding the business side of the organization and acting as a liaison between security priorities and business leaders.

Next, Tim Rohrbaugh, former CISO of JetBlue, shares his perspective on the budgeting process for information security organizations. He emphasizes the need for the CISO to have face time with the audit committee and stakeholders, suggesting that the budget should be tied to IT metrics.

Moving to the federal sector, Nick Ward, former CISO for the Department of Justice, discusses the executive order focused on enhancing cybersecurity. He delves into supply chain risk management and the tools provided by the executive order to prioritize and secure critical software.

Roland Cloutier, former TikTok CISO, explores the challenges of securing artificial intelligence implementations. He emphasizes the importance of understanding AI infrastructure, data stores, and API connections while highlighting the need for effective network protection.

Jeff Brown, CISO of the state of Connecticut, contrasts the role of a CISO in state government with that in the private sector. He emphasizes the benefits of information sharing and collaboration among state CISOs.

Taylor Hersom explores the concept of virtual CISOs, discussing the value of leveraging external expertise, especially for startups and scale-ups. He suggests that smaller companies can benefit from third-party resources before considering a full-time CISO.

In a special segment featuring female leaders in information security, Phyllis Woodruff, Tammy Schuring, and Lori Sussman share their experiences and insights. They highlight the importance of women owning their skills, embracing their unique attributes, and creating new pictures of leadership.

This episode provides a comprehensive overview of the evolving CISO role, covering topics such as business alignment, budgeting, federal cybersecurity initiatives, AI security, virtual CISOs, and the contributions of female leaders in the field. Join us as we continue to reimagine cyber in the ever-changing landscape of information security.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this insightful episode of "Reimagining Cyber," hosts Rob Aragao and Stan Wisseman underscore the criticality of deploying diverse testing methods, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), for a comprehensive assessment and effective mitigation of vulnerabilities in the cyber landscape.

The hosts meticulously explore the nuances differentiating SAST and DAST, highlighting that SAST involves meticulous inside-out analysis through source code examination, while DAST employs a strategic outside-in analysis by rigorously testing running applications. Delving into the intricacies, they address challenges related to false positives in static analysis and illuminate coverage issues within dynamic testing methodologies.

The conversation seamlessly extends to emphasize the paramount importance of seamlessly integrating security testing into the development workflow, thereby minimizing friction for developers. The hosts delve into the evolving role of developers in the realm of security testing, showcasing a notable shift towards early integration of dynamic tests within the software development lifecycle.

Introducing the pivotal concept of Software Composition Analysis (SCA), the hosts accentuate its indispensable role in the identification and management of vulnerabilities stemming from open-source components. They underscore the significance of comprehensive awareness about the components utilized in applications, enabling swift responses to zero-day vulnerabilities and adeptly addressing licensing concerns.

Conclusively, the discussion advocates for a holistic approach to application security, encompassing SAST, DAST, and SCA methodologies. The hosts ardently stress the necessity of striking an optimal balance between development velocity and rigorous testing to proactively avert the potential high costs and repercussions associated with security breaches. Stay tuned for actionable insights that empower your cybersecurity strategy!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Welcome to another compelling episode of the Reimagining Cyber podcast, where your knowledgeable hosts, Rob and Stan, explore the intricate landscape of Black Friday and Cyber Monday and the associated cybersecurity challenges that intensify during this festive shopping season.

Stan sheds light on the colossal scale of holiday spending, revealing that last year's Black Friday soared to an impressive 9 billion, while Cyber Monday skyrocketed to nearly 11 billion. With an astounding 197 million U.S. shoppers in the mix, the stakes are undeniably high, and the threats are alarmingly real.

The hosts pivot to the consumer side of the equation, drawing attention to the escalating sophistication of phishing emails. They caution listeners against succumbing to alluring offers that appear too good to be true and stress the paramount importance of verifying the authenticity of retail websites before divulging sensitive information.

Rob offers valuable insights into potential pitfalls for businesses, citing the recent Adobe update that addressed nine security vulnerabilities. The conversation delves into the multifaceted risks of payment fraud, ransomware attacks, and distributed denial of service (DDoS) attacks capable of disrupting e-commerce operations during this pivotal sales period.

Practical tips emerge as the hosts advocate for the crucial use of multi-factor authentication for online shopping accounts. They underscore the necessity of secure transactions facilitated by HTTPS protocols. Furthermore, Rob and Stan caution against using debit cards for online purchases and highlight the heightened risks associated with public Wi-Fi.

In summary, this episode provides not only a comprehensive understanding of the cybersecurity challenges during the holiday season but also actionable advice to navigate these threats successfully. Tune in for expert insights and safeguard your online experience during this bustling shopping period.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Former TikTok CISO Roland Clouthier emphasizes the imperative role of AI in staying competitive in the evolving business landscape: 
"If my business is going to compete and succeed, and everyone else is using AI to reduce their OpEx and drive new technology to make us better than the next guy, I better be doing it too." 
In this enlightening podcast episode, Clouthier explores crucial aspects of cybersecurity budgets in 2024, including cloud security, data protection, and personnel considerations. Uncover valuable insights as he shares his 'five key takeaways' for effective cyber budgets, stressing the significance of data protection: "A third of our job is going to be around how we protect data. You'll be able to engage and deliver things like AI if you can control your data." 
Gain strategic guidance on addressing the evolving skills landscape with Clouthier's advice: 
"Just look at your people. These are all new skills. These are all new areas. Make sure you're making the appropriate adjustments to your job families. You're migrating their skills through training, and then you're looking where you're getting your people from in the future." 
Stay ahead in cybersecurity by delving into this insightful discussion on the latest industry trends.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Explore the fast-paced realm of cybersecurity with this Reimagining Cyber episode featuring insights from Tim Rohrbaugh, former global CISO of JetBlue. The conversation delves into the challenges of security control degradation and the risks associated with rapid changes. Rohrbaugh emphasizes the importance of strategic planning over relying on hope, stating, "Hope is not a strategy." The discussion also ventures into the delicate balance of cybersecurity budgets, where overspending can inadvertently support criminal activities.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Dive into the latest episode of "Reimagining Cyber" with Stan Wisseman and Rob Aragao as they discuss the imminent implementation of SEC cyber rules in December. Join the conversation as they revisit the key aspects, including the four-day disclosure period for cyber incidents deemed material, the evolving role of cybersecurity experts on boards, and insights from the Clorox cyberattack—a potential test case for the SEC cyber ruling.

Explore the financial implications and operational impacts of cyber incidents, with a focus on companies like Clorox, MGM, and Caesars, who have already navigated the disclosure process. Gain valuable perspectives on the potential reach of SEC regulations beyond public companies and the significance of the "How Material Is That Hack" website, which provides estimates of financial losses based on cybersecurity incidents.

Join Stan and Rob as they unravel the complexities of the SEC cyber rules and share their insights on the shifting cybersecurity landscape. Tune in for a comprehensive discussion on the latest developments and considerations for businesses in this evolving regulatory environment.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

23andMe promise that  "protecting your privacy has been our number one priority." But how does that claim stack up in the light of their recent data breach?
That's the question posed by Rob and Stan in the latest episode of Reimagining Cyber.
23andMe provide DNA kits allowing users to obtain  "the most comprehensive ancestry breakdown and 30+ trait reports." and the hackers targeted the individual accounts of hundreds of users. 

So what does this cybersecurity failure mean for the victims?
What are the wider repurcussions?
Here are just a few of their views on the hack:

"What if a nation state leverages that type of information? They already have plenty of details on individuals through other breaches. This is a much heavier set of data they can take advantage of. They can potentially be much more targeted in some of their blackmailing"

"You said that this wasn't 23andMe's fault but at the same time, they could have done more. They could have by default had two factor authentication. They could also have had privacy checkups that many other social platforms have available."

"They're mapping the data together to make categorized sets of information available at a cost. So very targeted and can be used for many different extortion capabilities. Who knows what else is going to come of it."

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Live from Las Vegas*,  Reimagining Cyber is back.

In this episode Rob and Stan find out how CISOs can battle the cybersecurity challenges in sustainability and transformation projects.

Their guest is Edward  Amoroso one of the world’s first ever CISOs. Ed spent over 30 years at AT&T and since retiring in 2016 he has founded TAG Cyber LLC.  TAG concentrates on global cybersecurity, artificial intelligence and sustainability, making him the ideal guest for this episode:

 “[TAG] pick topics that we think are consequential to the world, things that have existential consequence if we get it wrong.  In cyber we spend out whole life worrying about the implications of attacks on critical infrastructure and so on. We've all seen the beginnings of that. AI right now is certainly existential, I hope in a good way.  I hope we we find ways to make use of AI to improve our world. There's certainly every reason to believe that we can but there's also a dark side to any innovation. Then on the sustainability front the sort of the clarity that's emerged in the last five years around how important it is to rethink manufacturing, rethink the way we do transportation and more than anything rethink energy. So all of those things come together in topics that are prone to misinformation, topics that businesses are seeing as really important.”

Some other key quotes from the episode:
"We’ve been doing cyber for 30 years, we've learned that if you're doing something consequential or potentially vulnerable, you probably ought to have one or two board members who help to set up the culture and mood and priorities."

"One of the reasons we focus on artificial intelligence is because I think the prospects are spectacular for artificial intelligence as a base for having a really amazing defense, cyber defense that scales."

"We’re dealing with a generation of young people that were raised to think very creatively. We in cyber just haven't learned these lessons and it's urgent."

"Being critical is an act of respect. It’s showing non-respect when we just say, “thank you for doing what you do” without taking a moment and saying, “let’s make this better.”"

"I don't know too many people that are as vocal as me. I get away with it because I'm old. I just say what I'm saying because I want to make it better." 

"I'm not a big fan of the big analyst firms, I think most of them just rehash a lot of… I would use a curse word here that describes manure .It's not even data science. "

*Rob and Stan recorded the episode whilst at OpenText World 2023 in Las Vegas.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

How safe is payment security? What are the payment system cyber security solutions? 
This week's guest is Dan Fritsche, CISO at RSI Security. He has security and compliance expertise that spans over 20 years. His experience is across multiple industries, but in this episode Rob and Stan explore his experience in the payment security area.

Glossary of terms used in this episode:
PCI SSC – Security Standards Council

PCI DSS - Payment Card Industry Data Security Standard

PA-DSS – Payment Application Data Security Standard

PCI SSF and SSS - Software Security Framework/Secure Software Standard

PCI Secure SLC - Software Life Cycle

PAN – Primary Account Number

SAD – Sensitive Authentication Data

SPoC - Software based PIN entry on COTS

CPoC - Contactless Payments on COTS

CDE - Cardholder Data Environment

Voltage SecureData Payments

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

How do you stop cybersecurity issues in the critical infrastructure sectors?

 It has been inspired by a series of blog posts  that focus on
Cyber security threats in healthcare and public health
Risks and Cybersecurity in the energy sector
Cyber security in financial services
Cybersecuirty in critical manufacturing

"Some of the threats are common among the different sectors. Certainly these  large scale kind of ransomware attacks is impacting healthcare. Bu it's also impacting the manufacturing sector. You know, 13% of all ransomware attacks last year were attributed to those in the manufacturing sector. Because if your production line’s down you're motivated to pay. And ransomware attackers know that."

" I think the reality is we can no longer assume that we have a landscape where people will play nice.  For example what's going on between Ukraine and Russia, where cyber is being used as one of the elements of war. And if we are in a conflict in the future, our adversary is most likely going to be leveraging cyber and will look for weaknesses in our infrastructure.  We've got to change the priority and the voluntary approach doesn't seem to work. So whether it be through carrot or stick we need to  motivate each of these operators to raise their game. Because time's running out."

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

What is Application Security Posture Management (ASPM)? Surely you already know, or you wouldn't be listening to Reimagining Cyber! But you could always do with finding out a bit more, right? 

In this episode we hear from Dennis Hurst, the Founder and President of Saltworks Security.

He’s been an application security leader since the earliest days of the industry. With over 30 years of experience across the entire software development lifecycle, he has helped launch startups and traveled the globe to aide multinational enterprises in successfully implementing their application security programs. Dennis is a recognized and trusted advisor for Fortune 500 companies that span multiple industries and concerns.

Dennis is a founding member of the Cloud Security Alliance where he co-authored the first two versions of its Application Security guidelines. He is also a contributor and advocate for the Open Web Application Security Project.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Rob and Stan dissect the results of a couple of recent surveys to see if they really reflect the feelings of those at the coal face of cybersecurity.

Rob talks about a round table he led that discussed a survey report OpenTech Cybersecurity have produced in conjunction with the Osterman Research group.

The survey spoke to almost 300 CISOs and CIO across the globe to find out what their top cybersecurity investments are for this year. 

Listen to find out what they are.

Stan talks about a recent report called the 2023 State of Cloud Security.  The survey specifically interviewed AppSec professionals, to discover the main factors influencing tool adoption, as well as key implementation challenges..

Stan points out that some of the key findings concerned DevSecOps, and  there was also concern about API security. 

Links to the reports/surveys:
CISO Investment Priorities 2023

State of Code Security 2023

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

This episode features “the expert in ChatGPT”, Stephan Jou. He is CTO of Security Analytics at OpenText Cybersecurity. 

“The techniques that we are developing are becoming so sophisticated and scalable that it's really become the only viable method to detect increasingly sophisticated and subtle attacks when the data volumes and velocity are so huge. So think about nation state attacks where you have very advanced adversaries that are using uncommon tools that won't be on any sort of blacklist.”

“In the past five years or so, I've become increasingly interested in the ethical and responsible application of AI. Pure AI is kind of like pure math. It's neutral. It doesn't have an angle to it, but applied AI is a different story. So all of a sudden you have to think about the implications of your AI product, the data that you're using, and whether your AI product can be weaponized or misled.” 

“You call me the expert in ChatGPT. I sort of both love it and hate it. I love it because people like me are starting to get so much attention and I hate it because it's sort of highlighted some areas of potential risk associated with AI that people are only start now starting to realize.”

“I'm very much looking forward to using technologies that can understand code and code patterns and how code gets assembled together and built into a product in a human-like way to be able to sort of detect software vulnerabilities. That's a fascinating area of development and research that's going on right now in our labs.”

“[on AI poisoning] The good news is, this is very difficult to do in practice. A lot of the papers that we see on AI poisoning, they're much more theoretical than they are practical.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob and Stan look at a couple of drives to impose law and order on cybersecurity.

First the new US National Cybersecurity Strategy for the US.

“I actually see this as being a pretty sharp break from the past. If it's fully implemented, I think the potential to change the US cybersecurity posture will significantly be improved for the better.”

“The strategy does put an emphasis on holding software vendors more directly responsible for the security of their technologies. And it recognizes that if left to its own devices, the software market many times rewards vendors that under invest in security and get things out to market faster. It’s been proven time and time again that market pressures are not necessarily going to result in more secure products.”

“This is going to take time. They're talking about a 10 year window here for the cybersecurity act….so the implementation of this through various administrations who may have different priorities is going to be interesting.”

Rob and Stan also reflect on how the US strategy compares to the the EU Cyber Resilience Act, revealed in September 2022.

“They actually are very focused on personal data and ensuring that there's the protection and confidentiality and integrity of the data of the individuals. There are vulnerability disclosures that are required from the manufacturers.”

"If you are to improve compliance, you're not doing business in the EU. That's the one that really resonates, right? That's what's going to make people say  “Well, I have to if I want to be able to generate the type of business I require from the entire EU marketplace.”"

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Did you think the Oscar ceremony was over? Not quite. In this episode of Reimagining Cyber Extra! Stan & Rob are handing out the awards to the best cybersecurity movies ever made.  What are they? You'll have to listen to find out, but here are a few clues:

 - "The first movie  I recall that was really  focused on cybersecurity & hacking."

- "They sort of come upon this capability of decrypting anything and flash forward to our era or maybe 10 years from now when we're potentially able to use quantum computing to be able to crack any of the existing crypto algorithms, maybe it's not that far fetched."

- "He hacked into the school computer system. He changes his grades, his attendance records. He's figured out the little loophole on how he can actually have a day for himself"

-  "There's a sequence of knocking down different parts of the critical infrastructures in the US, and the Feds are  running around having no clue as to how to stop or fix this. They're always behind the curve. Which could be realistic unfortunately."

- They're embezzling the money back out of the system. So they're  “Hey, we're gonna slide under the radar. We're gonna take a little bit of the cash, pull it across and then we're out" But the worm goes out and spreads further,  so much money that they now have a bigger issue to deal with."

- "The NSA gets involved and there's all these thugs that steal a laptop, et cetera, et cetera. She comes across as somebody who's very resourceful, whether it be on a computer or physically and again there's lots of great action"

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

The guest this week is Dr Ron Ross,  Fellow at the National Institute of Standards and Technology.  He currently leads the NIST System Security Engineering Project (SSE) The jumping off point for this episode are two of his special publications-

- SP 810-160 Volume 1 (updated Nov 22) , ‘Engineering Trustworthy Systems’ which describes a basis for establishing principles, concepts, activities & tasks for engineering trustworthy secure systems.

-  SP 810-160 Volume 2 – ‘Developing Cyber-Resilient Systems: A Systems Security Engineering Approach’ which focuses on cyber resiliency engineering

Key quotes:

"We live and die by information technology, whether that's a classic I.T. system, whether it's an operational technology like a power plant, SCADA system, part of the power grid, whether it's an I.O.T. device. The common denominator on all of these systems is that they're driven by software and firmware, and a lot of that code is not as trustworthy as it needs to be. So given that that's the deck that we've been dealt, how do we deal with that on a day-to-day basis? And that was really the driving force behind the two volumes of 800-160."

"The more information you have about the susceptibility of your system to these specific threats or vulnerabilities, and you can take those off the table, then that's always a good thing to do. Things like cyber-hygiene, I call it the basic blocking and tackling. And you know, if you can take 80% of the attacks off the table, you don't ever stop the attacks but that then still leaves the other 20%, and that's where cyber resiliency has to step up. But definitely with AI and machine learning our ability to understand threats and what they can do and how we can stop them is going to increase by orders of magnitude. But in complex systems, even that order of magnitude improvement is never going to be enough. And that leads us to the rest of our discussion today."

 "We've kind of come to the conclusion that sophisticated adversaries -  I'm not talking about the ones that we can stop with cyber hygiene, the 80%, but I'm talking about the 10-20% on the upper end -  what happens when they get through your initial lines of defences, which are characterized by penetration resistance? Well now the bad guys are inside the house. Well, what if they came in the front door and then every room in your house there was a vault or a safe? That would be analogous to a security domain for each room in your house. And if you have the ability to add whatever safeguards and countermeasures you think are needed for that particular domain, assuming some of your valuables are more important than others, then you can tailor those controls and those safeguards to the specific criticality of the data or the valuables that you would like to and we're seeing those kinds of approaches now."

 "It's not just about one aspect or one safeguard or one strategy. This is a multi-dimensional strategy with lots of different moving parts that are discussed in our cyber resiliency guideline, and are actually executed in a good engineering process that gives consumers a lot better hope of being able to operate those systems under attack and having a system that they have a confidence that they can recover and restore that system, even if it's in a degraded, debilitated state, they can get back to some sense of normal operations and not have the entire business or mission go under. "

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

The 2022 Security and Exchange Commission's cyber security proposals are expected to kick in the next few weeks. However, are the boardrooms ready?  Worryingly, some  reports suggest that the majority should be having last minute panic attacks. 
In this edition of  Reimagining Cyber Extra, Rob Aragao and Stan will be addressing discussing what corporate boards and CISOs need to be doing

Some key quotes:
"There's this  vernacular that gets thrown around from a technology perspective that doesn't always jive to what the business or a board member for that matter is understanding"

"The rule is designed to compel boards that haven't been taking cybersecurity seriously to do so. But I do think it's also created some trepidation or some concern between the board of directors and those that are in the front lines, the CISOs or the directors of information security. I think it puts some tension on those relationships. And some uncertainties as far as who's going to actually do that reporting effectively"

"The role of the CISO is going to change even further than what we've seen. As an example, the CISO reports to the CIO in some cases, and in other cases it reports to other parts of the business. This is going to push it really, I would think, for most organizations to completely rethink where the CISO reporting structure is."

 "I hope [it brings] a  greater understanding on the stresses and the pressures on the CISO and the information security organization and what they have to deal with every day.  Hopefully the board will give them the resources they need. I'm not saying that they aren't funding security. Many times they are, but they need to take the actions to help build in that resilience into the organization. And hopefully they get enough awareness of the topic area and the understanding of the vocabulary to be able to have true conversations about where to best fill in those gaps."

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

‘We have to counterbalance that cliche view that working in cyber means you are in your hoodie in the basement”

There’s something about being in demand that makes you feel warm inside. So, if you are in cybersecurity, you should have something of a spring in your step. As anyone in the industry knows, the cybersecurity talent gap in the US is growing. For example, the latest data available on the CyberSeek website shows that in the public sector alone there were over 45,000 online job listings for cybersecurity-related positions between January and December 2022

So, what is to be done? In this episode of Reimagining Cyber Rob and Stan look at one of the ways the U.S. government is dealing with the issue. The National Science Foundation's CyberCorps Scholarship for Service Program is “unique program designed to recruit and train the next generation of information technology professionals, industrial control system security professionals, and security managers to meet the needs of the cybersecurity mission for Federal, State, local, and tribal governments.”

Rob and Stan talk to Dr Victor Piotrowski, the lead programme director about the ins and outs of the program, its growing success, and the hurdles the program has overcome and still faces.

Links:
CyberCorps Scholarship for Service
sfs.opm.gov/
CyberSeek data:
www.cyberseek.org/heatmap.html
2021 SFS Biennial Report:
2021 SFS Biennial Report (nsf.gov)
How to get the federal government to pay for your cybersecurity degree:
How to get the federal government to pay for your cybersecurity degree | Fortune

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

It’s been a mixed few weeks if you are in the ransomware game. (If you listen to this podcast we presume you are not a cybercriminal, but do get in touch if you are and leave us your full contact details).
In this episode Rob and Stan look at the hacks that have made the headlines and suggest what can be done to stop it happening to you.
First up for discussion is ransomware-as-a-service malware LockBit hitting ION Trading UK:
“It left scores of brokers unable to process derivative trades and they had to resort to manual methods. Imagine them going back to using spreadsheets to figure out what's going on as far as their trades”
LockBit threatened to publish stolen data unless a ransom was paid and ION Trading did as they were told. Rob and Stan talk about the incident and the potential repercussions.

The episode also looks at a ransomware campaign targeting VMware ESXi technology:
“It's a previously known vulnerability. It's been out there for two years. But the reality is that organizations have been slow in patching it. There was a general warning put out by Italy's National Cybersecurity Agency, warning about a large-scale campaign now exploiting this vulnerability. Thousands of computer servers across Europe and North America could potentially be impacted. And this context is, well if you're not going to patch, we'll take a advantage of that”

But there's also been bad news for the threat actors.
Rob and Stan give their take on the sabotaging of the Hive ransomware group by the FBI and other law enforcement agencies.
“This take down shows that international enforcement against ransomware threat actors is increasing. I think this is a good sign. It may make it more difficult for some of these entities to target organizations in the future, but, they're still ongoing and so it's going to be difficult to truly mitigate this threat if you can't reach those that are behind it.”

There are call backs to other relevant episodes of the Reimagining Cyber podcast:

Episode 12, Brett Thorson, Colonial Pipeline fuels the fire: not the first, not the last, and how to protect for the future
www.buzzsprout.com/2004238/10791017

Episode 2, Jim Routh, Unconventional approaches to improve enterprise resilience
www.buzzsprout.com/2004238/10791027

Episode 27, Shawn Tuma Cyber insurance in the wake of Log4j
www.buzzsprout.com/2004238/10791001

Episode 15, Shawn Tuma – So you’ve been hacked, now what?
www.buzzsprout.com/2004238/10791014

Plus the Galaxy threat actors report
https://publications.cyberres.com/view/679673707/

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Valentine’s Day is (almost) upon us, and Stan and Rob are marking this celebration of love by looking at online dating scams. Romantic, yes?!
Their guest is Dan Winchester, co-founder of Scamalytics. Scamalytics has a focus on helping dating sites automatically remove scammers from their sites in real-time.

Talking points:

- How scammers affect a dating sites business model
   “Most dating services are trying to move as many of their users as possible over to a subscription. You’re not going to pay a subscription when the product you're subscribing to looks like it's just full of junk and scammers”

- On collecting data to prevent fraud
  “There's a tension between privacy and safety. Users want to feel safe, but they also want to make sure that their privacy is respected. So you need to really be figuring out what's the minimum amount of data you can use in order to prevent the maximum amount of fraud.”

- Relationships with service providers
  “We often have quite a tricky relationship with the service providers themselves because they may not be taking as much action as we would like when fraud happens on their networks. And you know, some of these companies are obviously massive and it's quite hard to get them to really deal with these issues.”

- On AI/machine learning
  “We do a lot of machine learning stuff within Scamalytics, but I would always add a cautionary note that we find that the domain knowledge is way, way more useful than machine learning because when you're dealing with fraud, you've really got to be attuned to false positives and it's so easy for machine learning systems to get into false positive feedback loops and things like that.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this week's episode of the Reimagining Cyber podcast, we are after your help....

That's because hosts Rob and Stan taking a week off. They are busy recording episodes with some more great guests and of course exploring the cybersecurity world with their eyes wide open and their ears to the ground.

For example, next weeks episode is going to be a Valentines Day special, looking at dating app scams.

So, there are couple of things we'd like you to do whilst you have a moment.

If you listen  via Apple Podcasts app, go to the Reimagining Cyber show page, scroll down, and you will see you have the option to write a review and rate the show.

It's great to get your feedback and it helps other cybersecurity fans find the show.

And finally,  Reimagining Cyber has now built up quite a library of episodes, so why not  go back and take a listen to them? There's about 50 episodes for you to binge on.  Invite your friends over, have a Reimagining Cyber listening party and let us know how it went.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode Rob talks about a recent event discussing the State of Cyber into 2023 Hosted by Dave DeWalt (founder & MD of NightDragon, one of the most successful business leaders in the cybersecurity industry) the event promised to take "a unique look at what products are really being adopted by cybersecurity buyers, what financial analysts are watching around skyrocketing valuations and what investors are watching for the next frontier of innovation. We’ll also look at the state of the cyber talent gap, public-private partnership efforts and how CISOs are responding to the latest threats."
Rob reacts to the thoughts of organisations such as EY, Kyndryl, Citi, Piper Sandler, AllegisCyber Capital, Team8, ForgePoint.

"What I took away as an extreme positive is the consistency of the CISOs on the panel, talking about how the shift in their approach and model is very much centered around how they're actually aligning with what the business needs from the cyber organization"

[Regarding the Wall Street perspective] "2023 could be the biggest opportunity for investing in the cyber market because of what those returns are going to look like going forward, because the reality of the business delivering on what they market has to come to fruition."

"The event and the timing of the event was very effective. The format of the event and the audience and the different segments and perspectives, I thought was a really nice balance."

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

“I think with any metric, the FedRAMP program has been viewed as...."
Listen to this edition of Reimagining Cyber EXTRA and find out what Rob and Stan think about FedRAMP.
Firstly, what is it?!
“[FedRAMP’s] whole purpose is to provide a standardized government-wide approach to security assessment, authorization, and continuing monitoring of cloud products and services used by the federal government agencies.”
Plus:
- FedRAMPs codification into law via the National Defense Authorization Act (NDAA)
- Action to making the process easier for vendors and agencies.
- Establishment of the Federal Secure Cloud Advisory Committee – what is it, what’s it for?
- Why does the NDAA not make vendors provide a SBOM? Will this change?

“The crystal ball is if you are a software supplier to the government, you have to be prepared in the future to be able to provide this kind of inventory of components that make up your software build. It's important to be able to react quickly to zero-days, to be able to understand what your software consists of to be able to mitigate open source security issues and risks”

- Microsoft share how they manage supply chain risks with the Secure Supply Chain Consumption Framework (S2C2F). What does the OpenSSF think of it?

“Everything that we're talking about in cyber always somehow turns itself back around to the software. The software supply chain is the common theme that we heard through last year. It's not going to slow down this year.”

- The rise of APIs (application programming interface) as an attack surface

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Reimagining Cyber is celebrating its Golden Jubilee.  A half century of episodes has been published since the beginning of the podcast, and in this edition Rob and Stan reflect on some of the key themes that have been discussed.

 You will hear from:
Josh Corman
Recently the Chief Strategist for CISA supporting COVID-19 and public health initiatives talks about the pandemic and its impact on cybersecurity.

 Bill Hagestad 
Cyber Warfare advisor, US Military looks at Iranian cyber strategy and its impact on the cyber space.

 Raveed Laeb
Vice President of Product for KELA a cyber intelligence technology company,
gives a behind-the-curtain view of the world of cybercriminals

Parham Eftekhari  
Executive Vice President, CISO Community, CyberRisk Alliance reveals the changes he’s seen in the CISO role and how the modern CISO can gain support from business line leaders to executives alike.

Jim Routh
A leader in the Cyber Security space for over two decades, Jim explores unconventional approaches to improve enterprise

Ty Sbano
CISO for Vercel, shares his unique perspective on running the security business in the start-up space

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As usual, Stan's been rubbing shoulders with the top names in cyber security...
In this episode we hear about his participation in the Government Innovation Show - 'Transforming Government Through Technology-Driven Initiatives'
Rob and Stan react to talks given by:
- James Burd, Chief Privacy Officer for the Cybersecurity and Infrastructure Security Agency
- Dr Diana Janosek, Deputy Director of Compliance at the National Security Agency
PLUS:
- Recession, what recession? With cybersecurity budgets expected to rise in 2023, Rob and Stan give their thoughts on why.
- Have you heard of Youtube? Apparently it's quite popular. Reimagining Cyber is the latest convert, and the show can be found here:
www.youtube.com/@CyberRes
www.youtube.com/watch?v=PoVifXTIM…Ndcdjin-l2qxkAIwZ

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

"The major issue that we typically have is on The Hill. For years, we've seen bills coming out, which specified a direction of left or right or up the middle, and nothing happens. That leads a lot of us sceptics to believe that people on The Hill who are being funded by the largest tech companies don't move because it's not financially viable for their future campaigns. Our cyber life cannot be attached to the whims of politics. "

Rob and Stan are taking a well earned festive break, they'll be back in the new year.
So we've decided to do some Christmas re-gifting and dust down a terrific episode from a couple of years ago.
It features Michael Echols, CEO of MAX Cybersecurity, LLC and author of 'Secure Cyber Life: The Government Is Not Coming To Save You'
As you will hear, Michael is passionate about his subject  and has conclusions that you could find rather disturbing.
In other words, perfect for a podcast episode.
Do share the reimagining cyber podcast with those who you think will find it useful, and if you use apple leave us a review. It really helps spread the word.
We'll be back in 2023 with more great guests.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

“The medical field is rife for threat actors trying to take advantage of things, much like when it's tax time and you hear the latest IRS scam. That goes on a lot within the medical field.  There are threat actors that impersonate DEA agents and try to gain access to everything from DEA numbers to prescription pads.  Visiting the FBI website, they have a page dedicated to different scams out there and there's a couple that live persistently in healthcare that we make that we make sure our clinician side is aware of.”

In this episode, Rob and Stan talk to Louis Lerman, VP and CISO of Pediatrix Medical Group.  Lewis has an extensive information security background. In addition to healthcare, Louis has supported government, defence, education, software development , financial sectors. In fact, prior to Pediatrix Medical Group, he served as the CISO of the Deloitte Consulting Group and also as Information Security Officer at the International Monetary Fund. 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this EXTRA! episode Rob and Stan talk about:
- Secret Service reports of Chinese hackers stealing tens of millions of dollars worth of U.S. COVID relief benefits since 2020.
- Microsoft's help for Ukraine
- What the latest data breach means for LastPass' business.
- Data breach at WhatsApp

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

On this week’s episode of Reimagining Cyber about launching the OWASP Verification Standard (OVS), Stan Wisseman and Rob Aragao talk with Tom Brennan, CIO for Mandelbaum Barrett law firm and North America Executive Director for CREST. The three of them talk about the history of CREST, the new OWASP Verification Standard (OVS), and its connection with the OWASP Application Security Verification Standard (ASVS).

CREST was established in 2006 as an international non-profit organization that represents the global cyber security industry. The organization’s goal is to help create a secure digital world for all by quality assuring its members and delivering professional certifications to the cyber security industry through a rigorous quality assurance process so others can have confidence in the cyber security services they consume. CREST Americas offers programs across six cyber security communities, which include: government, regulators, buying community, service suppliers, training and academia, and professional bodies.

Recently, CREST collaborated with the Open Web Application Security Project, better known as OWASP, to launch the OWASP Verification Standard (OVS). OVS is a new quality assurance standard for the global AppSec industry. It is designed to provide mobile and web app developers with superior security assurance and accredited organizations with improved access to the expanding application development industry. Brennan gave an overview of OVS’s ability to execute and deliver assessments related to the different levels of the OWASP Application Security Verification Standard (ASVS). ASVS provides a source for testing web application technical controls and provide developers a list of secure development requirements. Its aim is to normalize the variety of coverage and level of rigor accessible in the market to verify web application security by using a commercially workable open standard. By including ASVS, CREST was able to support the open-source community to build and support global standards.

Brennan believes that OVS is useful to many organizations, as long as they meet the qualifications needed. It gives you the opportunity to conduct assessments against existing codebases and determine where issues may exist before the buyer gets involved in code quality issues or licensing problems. Brennan also goes to say that “OVS allows not only the Americas, but for organizations around the world [to] demonstrate taking something that is a global, acceptable best practice by the OWASP individuals and experts… [so it] can be utilized in a commercial way very easily and quite honestly very accepted.” OVS is providing a global standard of expectations for consumers of software.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Over the past couple of years Reimagining Cyber has featured guests with lots of interesting perspectives and opinions, but it seems that our info hungry audience wants even more.
Hosts Rob Aragao and Stan Wisseman have been asked to share news of their own interactions and experiences, and who are they to say no?
So, in the first ever ‘Reimagining Cyber Extra!’  Rob and Stan bow to listener demand and address the following:

- The war in Ukraine and a link to a decrease in cyber attacks
- A brush with “one of the ‘the biggest minds in cyber and cryptology” (Hint: it’s not Rob or Stan)
- “Who are all of these weirdos?” Stan reminisces about his early days at the NSA
- Cyber Informed Engineering
- Can President Biden’s zero trust strategy apply to the OT environment?

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

During this latest Reimagining Cyber podcast episode, Stan Wisseman and Rob Aragao talk to Terence Spies, CTO of CyberRes Voltage, about the future of quantum computers. Spies has had countless years of experience when it comes to working with cryptography engineering, encryption, and quantum computers. Spies actually architected the original Microsoft CryptoAPI and Certificate Server!
Spies started by providing a background about quantum computers and what we should expect to see in the years to come. Spies states, “the world is changing, and one of those changes that people are anticipating is that there’s going to be this fundamentally new kind of computer that’s going to alter the way that we have to think about cryptography in terms of throwing away whole classes of algorithms we use now.” These new developments will help us encrypt our data to new levels while helping prevent cyber-attacks and keep our data private.

Though these new quantum computers will be our future, that does not mean that attacks will disappear. There will still be quantum attacks. Spies goes into detail about how quantum attacks will fall into two categories, the good news and bad news kind of attacks. The good news is that a generalized search algorithm is being used and is highly counterintuitive. This allows you to search a list within the square root of the list’s length time. Spies says it is “a little mind-blowing because what it means is that (you) can search a list of any size without looking at all and things without having to take N steps to do it.” The bad news is the other algorithm that is being used, Shor’s algorithm. Sadly, this means we can’t make the key size big enough to make the attackers’ job hard anymore. Don’t get discouraged yet, though; the National Institute for Standards and Technology (NIST) has been spending the past six years working with cryptographers around the world to create a sort of quantum computers superhero league to find the algorithms that are not vulnerable to these attacks and will help solve this problem!

You may be alarmed by this, but Spies wants to assure you that he is not an alarmist. Spies points out that the current threats might be taken care of before quantum computers are even released to the public. NIST is showing much progress, and Spies advises organizations to “make sure that you’re not wielding in dependence on particular algorithms and have that sense of agility.” This episode just reaffirms that those in the cybersecurity space need to adapt to anything and everything happening now and in the future. 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

On this week’s episode of Reimagining Cyber, hosts Stan Wisseman and Rob Aragao had special guests, Jim Routh and Damon Carter, to discuss the approaches that need to be taken to break the mold on how to recruit and develop cybersecurity professionals. Routh has had an impressive career leading cybersecurity programs for some of the largest organizations in the world, such as Aetna, CVS, and American Express. On the other hand, Carter has had a spectacular career leading HR organizations at companies like Aetna and GE Express Scripts. These two leaders have the knowledge and experience to help shape how the cybersecurity industry finds new talent.

It is no secret that the community currently has a cyber talent gap. To meet the growing demand for cyber professionals, companies need to be hiring at lightyear speed. Jim Routh and Damon Carter have an unconventional approach to solving this problem. They believe employers must be more in tune with the employees’ side of finding and keeping talent in their companies. So rather than trying just to retain employees, they should be spending time and energy on new opportunities for employees to learn and develop new skills. This may mean finding professionals from other fields. Jim Routh shared an example of this saying, “I ended up hiring a journalism major who graduated, and I think had one or two jobs before and kind of struggled, and is now flourishing in cybersecurity, and going into other technical areas in cybersecurity, kind of gaining that, that knowledge and skill.” When you invest in these opportunities, employees will feel satisfied and be willing to stay with the company longer. To be successful at this, employers need to partner with their HR professionals to collaborate with them to adopt these management practices.

The only way to get through this gap and not be scathed is by leading and supporting your employees through listening and providing them with the resources they need to grow and learn. And like Routh says, leaders don’t “have to be the motivator…the leader just has to get out of the way and be a support like a coach.” Carter backs this up by also pointing out that when you do this you provide “a much more engaging and comfortable dialogue between the leader and the employee on a regular basis.” Instead of having a conversation about traditional performance management and asking, “what did you do right?” and “what did you do wrong?” you should be asking, “how can I help you?” This is the primary tool you should be using when recruiting. While you are making your employees more marketable, you are also creating a desire for them not to want to leave. You must make them consider whether they will get the same kind of support at another company, and the answer must be no.

You must take on a new role of supporter rather than just leader. You must be flexible when defining your employees’ positions. You may have to change an employee’s role to include what they want to learn. By doing all of this, you are hiring talent when you find it and helping them blossom into the professionals you will need. The market is scarce right now, so why not spend the time and resources to help create the best candidate for a role from current employees and fresh new talent that may not have the experience you are looking for? I

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

On this week’s episode of Reimagining Cyber, hosts Stan Wisseman and Rob Aragao welcomed guest Dan Lorenc, founder and CEO of Chainguard Inc., to talk about SLSA, software supply chain security risks, and his opinions on Software Bill of Materials (SBOMs).

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Raveed Laeb, Vice President of Product for KELA, a cyber intelligence technology company, gives us a behind-the-curtain view of the world of cybercriminals in the latest Reimagining Cyber episode, “Inside cybercrime with Raveed Laeb.” 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

What is cyber insurance? How does cyber insurance work? Dan Bowden, CISO at Marsh, gives us an under-the-hood view of how insurance companies mitigate cyber risk, thinks they look for, and how they support their clients, in this week’s Reimagining Cyber episode, “Under the hood of cyber insurance"

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Taylor Hersom, CEO, and co-founder of Eden Data, an organization that provides startups and next-gen organizations with virtual CISO support and other services, shares his insights over the past two years in the start-up space. 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Ty Sbano, CISO for Vercel, shares his unique perspective on running the security business in the start-up space, from how to approach the interview process, how to gain trust early, and how to remain focused on the right priorities. 

Rob and Stan ask Ty:
- how he engages and makes  plan and prioritises
- the approaches he's  taken
- setting expectations
- metrics he works to
- how much time  is spent is on the organisational side versus what you're providing, as a service or product?
- instilling a positive culture
- how can we evolve what we've been doing for four decades on cybersecurity to address today and tomorrow's new threats.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

John Keane, Software Angel of Death, discusses securing the supply chain, the important of contract language, and shares his unique perspective on the cyber space on the latest episode of Reimagining Cyber, “A discussion with the Software Angel of Death, John Keane.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Chris Abramson, Senior Director of Cloud Security Engineering at Walgreens, and 20-year IT industry veteran shares what he learned from shifting from on-prem to Microsoft’s Azure Cloud on this week’s Reimagining Cyber episode, “Journey to securing the Cloud.”

Abramson recommends adapting your strategy to your new environment. In on-prem, it’s all about firewalls and technology that’s wrapped around an environment, but in the Cloud, it’s how things communicate with each other, he cautions. 

By changing your thought process about how to work in this new environment, you’ll be able to better secure it. When changing IT infrastructures, security can get lost in the shuffle. To mitigate this, Abramson worked in lockstep with his Cloud Center of Excellence (COE), building security directly into the deployment model.

Security issues aren’t being discovered after the fact. Teams hit them as they come upon them, enabling them to make changes on the fly and deploy the appropriate fixes with the least amount of security risk in the environment.By checking out industry forums and CVE data on vulnerabilities in the Cloud that have been made public, learning from peers that have already been through it is key. This enables companies to bake the correct actions into the new Cloud environment.

Abramson recommends working in lockstep with other teams, for example, deployment teams and security, to prevent any issues and enable reacting quickly when something happens.

As the Cloud space evolves, so will the software development, deployment, and security space to adapt to the ever-changing Cloud environment. Many companies purchase software from a third party, embed it into their software, which gets embedded into yet another software. Enter the Russian Doll Syndrome.
“[You’ve] got to think about software that you're buying from a third party. That now also embedded software from another third party, that likely embeds software from another third party. That's the Russian Doll Syndrome.” 

Abramson recommends considering how you’re connecting and the level of software integration to determine the level of risk. He also recommends implementing a strong vendor management program.

Encrypting data offers its own challenges and isn’t always possible, but where it can be done, Abramson wholeheartedly recommends doing it.
“Wrapping environments in a model that doesn't allow access to, or very limited access to, it's kind of, I'll call it the vaulted environment, you know, the no ability to touch, change, maneuver through or ingress or egress without somebody watching you do it. That stuff, it's expensive, and it's highly operational because there's a lot of eyeballs having to do that.”

Encryption is the quickest and easiest way to protect your data, Abramson says. Abramson recommends partnering closely with the business and IT sides of the house to determine the best way to protect sensitive workloads shifting to the cloud and mitigating data exposure and privacy compliance risks. Sometimes, encryption just isn’t an option. In these cases, Abramson recommends bringing your own encryption keys and avoid reliance on key services provided by Cloud Service Providers (CSPs).

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Jim Reavis, co-founder and CEO of the Cloud Security Alliance (CSA) and a noted leader within the cloud computing community, sheds light on how to solve for cloud security complexities in this week’s Reimagining Cyber episode, “Solving the cloud security puzzle.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Bob Almond is the Chief Operating Officer of Full Armor Corporation, a software development firm he co-founded. Bob has watched the industry evolve from single machines to internal networks, to the present, where people work from anywhere, whenever they want to work and needing to have access to the resources, they need to get their jobs done. Bob has had a focus on helping IT Admins rein in the complexities of AD group policies and enable admins to really focus on security and protecting their organization from the inside out. This is more important than ever as IT Admins deal with policies in Linux and Unix devices, Apple Mac, MDM for mobile devices, and Windows devices that are in the wild and aren’t joined to the AD domain

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Kristen Bell, Senior Manager of Application Security Engineering at GuidePoint Security, is back, sharing her insights into “Building better AppSec teams: Communication, collaboration, and culture.” Two weeks ago, Bell joined the Reimagining Cyber team, Rob Aragao and Stan Wisseman, to share her perspective on “Governing a better AppSec program by empowering dev teams.” Collaboration is KeyTo build a better AppSec team, Bell explains the importance of collaboration. Many developers have a bad taste in their mouths when it comes to automation. Developing a multi-phased approach where you can share each step and mitigate any barriers to adoption (for example, many developers don’t like a lot of “noise” or false positives), can be helpful. When it comes to the actual scanning itself, Bell recommends doing a lot of work on the front end to make it run as smoothly as possible, ensuring the highest-quality results for ease of use. Additionally, she recommends integrating a ticketing system like JIRA to provide a continuous feedback loop. This way, you can pull metrics to show return on investment. Lastly, Bell recommends getting buy-in from application developers and owners. With skin in the game and a seat at the table, they’ll have influence and investment in the security program’s direction. Communicate, communicate, communicateCreating a streamlined and organized communications approach when building out your AppSec team is crucial. It is critical to have one centralized location to house all information for your security team, whether it’s standards or blueprints. “It's super important that if you're building a portal, or a Wiki, or this one-stop-shop, for the developers, to have these self-service options, they need to know it exists,” Bell says. Reiterating it in multiple ways (an All Hands call, a newsletter, an e-mail) is critical. You have to remind people 13 times before they’ll remember something.Get out into the communityThere's OWASP, ISACA, (ISC)2, ISSA and lots of different kinds of AppSec and cybersecurity related organizationsthat team members can go and be active in in their local communities. I would also encourage people on the security team, if you go to a conference, invited the good AppSec-related speakers in to speak to the team or the developers. They usually are looking for opportunities to engage and are open to do it.AppSec in the CloudBuilding a Cloud-centric AppSec team has its challenges. Bell recommends: •Separation of duties: Developers don’t typically have access to production and don’t make changes in production. However, when it comes to the Cloud, that all changes. By creating different profiles and having people commit to certain tasks allows teams to divide and conquer. •Threat modeling: Bell recommends running threat models, testing different scenarios and looking at data flows and trust boundaries to help document repeatable processes and confirming adherence to compliance requirements (like geolocation of data).•Testing automation: DAST services allow you to now test GUI-less technologies to understand Have you tried any of these tips when building out your AppSec team? Do you have any to add to Bell’s suggestions? Let us know in the comments.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Josh Corman, co-founder of the rugged software, and “I am the Cavalry” movements, and most recently Chief Strategist for CISA supporting COVID-19 and public health initiatives explains and shares the importance of movements like rugged software and “I am The Cavalry" in the cybersecurity space.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

While organizations need to gain visibility into application security risks, it can be challenging to build and mature an effective application security program. In this episode of Reimagining Cyber, Kristen Bell, a Senior Manager of Application Security Engineering at GuidePoint Security, shares some the best practices that she’s used to help organizations overcome common obstacles to success. Bell uses a collaborative approach between AppSec team and developers that can create a positive security-aware development culture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Jeff Brown, CISO for the State of Connecticut, discusses how the State of Connecticut is flipping the script and driving digital transformation at the state-level through communications in the latest Reimagining Cyber episode, “Digital Government - How the State of Connecticut has driven digital.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Data privacy isn’t just about keeping sensitive information private. It’s about understanding what data you have (whether it’s structured or unstructured), where it is, and any risk associated with it. How do you decide what to keep? Or what’s important? It’s complicated, and the process of figuring it out can be daunting. In this episode of Reimagining Cyber Greg Anderson, Vice President and Chief Privacy Officer for E.W. Scripps Company, tackles this conundrum and also sheds light on the shift of data privacy from data governance to driving business outcomes.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Shawn Tuma, Cybersecurity and Data Privacy Attorney at Spencer Fane, LLP, shares his unique insights into the cyber insurance space on this week’s Reimagining Cyber podcast episode, “Cyber insurance in the wake of Log4j.” Tuma reflects on the recent industry changes he has witnessed firsthand and shares his insights into best practices for organizations looking for cyber insurance.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Sara Anstey, Data Analytics Manager at Novacoast, knows a thing or two about data and how it can drive business decisions and optimize business results. She’s spent years honing her craft, helping organizations understand risk by leveraging data and dashboards. In this week’s Reimagining Cyber episode, “Data Analytics in Cyber: Work Smarter, Not Harder,” Anstey shares her analytics expertise and how it can help shape an organization’s business and cyber model.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Gary Phillips, Vice President of Customer Identity Access Management (CIAM) with E-trade, now part of Morgan Stanley, shares his expertise in the IAM and CIAM space, how it has evolved, and why it matters, in the latest Reimagining Cyber Episode, “IAM, CIAM, and ZTA: The trifecta of access management.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Brett Harris, Product and Solution Security Officer with Siemens Healthineers, brings a different perspective to cyber, from his career path to how he has changed the culture within Siemens. “New perspectives in cyber” dives into how Harris has leveraged his unique skill set to build out the Siemens Healthineers team and changed the culture to put product security first.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

The Internet of Things (IoT) refers to the physical devices around the world, collecting and sharing data, via the internet. For example, things like cell phones, a lightbulb that’s turned on via a cell phone app, or even a Nest thermostat in your home. What was once isolated is now exponentially bigger and better connected. This has also greatly increased the attack surface which correlates to ransomware becoming a $6 trillion industry. This week’s Reimagining Cyber podcast episode, “IoT, not just alphabet soup,” with guest Kate Scarcella, Chief Security Architect with CyberRes, goes into a deep-dive into IoT, the ramifications of the field’s exponential growth, why securing it is critical, and how OT is different.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Lisa Plaggemier, the Interim Executive Director at the National Cyber Security Alliance, joins co-hosts Rob Aragao and Stan Wisseman, in this week’s “Reimagining Cyber” podcast episode, “Cyber – how to get people to care.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Marian Merritt, Deputy Director for the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST), addresses the talent shortage gap, explores the root causes, and suggests how to close the gap in this week’s episode of Reimagining Cyber “Closing the cyber workforce gap.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Arvind Seshadri, Senior Director of Security at Cognizant, shares the latest on how our ‘new normal’ post-pandemic life translates into work from home and the security industry in the recent “Reimagining Cyber” episode, “The New Normal in a Post-Pandemic World.” Seshadri’s 20+ years of experience of work with global organizations to drive security strategy, and particularly, his current role at Cognizant where he leads the service strategy offerings and partnerships give him a unique perspective on the subject.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Nick Ward, CISO for the Department of Justice with the U.S. Government and recent Cybersecurity Leader of the Year award winner, shares his views on the Executive Order and the key ways to make the changes outlined in the EO.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Parham Eftekhari discusses the changes he’s seen in the CISO role and how the modern CISO can gain support from business line leaders to executives alike.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Establishing a cybersecurity program is hard, and Bryan Galloway, Director of Information Security with Enphase Energy, has taken on the challenge twice from two different perspectives. The green sector is wrestling with a fast-moving market while determining how to best secure IoT devices and interface with the grid. Listen for more about how Bryan is taking on these challenges.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Shawn Tuma, Cybersecurity and Data Privacy Attorney and Partner at Spencer Fane, LLP, shares his experiences and best practices about what to do once you’ve been breached. Tuma’s decades-long career has focused on the litigation of cyber and privacy issues, proactive risk management, and incident response.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Ikjot Saini, Assistant Professor at the University of Windsor in Windsor, Ontario and connected and autonomous vehicle cybersecurity expert joins Rob Aragao and Stan Wisseman in this week’s Reimagining Cyber episode, “Connected Vehicles and the Cyber Equivalent of Seatbelts and Airbags“ to speak about the cybersecurity intricacies of autonomous cars, the importance of standards and regulations, working as a team, and thinking outside the box when it comes to automotive security.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Michael Echols, CEO of MAX Cybersecurity, LLC and author of "Secure Cyber Life: The Government Is Not Coming To Save You," does a deep dive into the importance of industry standards, cyber threat information sharing (ISO), and as we move to a more digitized society, how critical it is to educate the masses.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Brett Thorson, Principal at Platinion, the cybersecurity arm of Boston Consulting Group (BCG) goes into a deep dive of the recent Colonial Pipeline hack and how to prepare for future attacks.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Internationally recognized expert on nation state cyber threat actors, and author of “Chinese Cyber Crime: China’s Hacking Underworld,” “21st Century Chinese Cyber Warfare,” and “Red Dragon Rising,” Bill Hagestad, speaks about Iranian cyber strategy and its impact on the cyber space.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Marco Pineda, former Head of Cyber Technology and Innovation at the World Economic Forum discusses how to think creatively to drive innovation in an ever-changing cybersecurity landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Lori Sussman, Assistant Professor in the Department of Technology at the University of Southern Maine, Phyllis Woodruff, Vice President, IT Risk and Compliance at Global Payments, Inc., and Tammy Schuring, Vice President and Global Leader, Voltage Data Privacy and Protection, at Micro Focus, discusses the challenges women in tech face, how to overcome them, and how to own your superpowers.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Jeremy Epstein, Lead Program Officer with the National Science Foundation (NSF), shares the importance of sociotechnics and sociotechnical research and how it can be used to improve one’s cybersecurity landscape.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this week’s Reimagining Cyber podcast, we hear from Bob Guay, CISO at Momenta Pharmaceuticals, who discusses the importance of being cyber-savvy, having skin in the game, and getting buy-in from non-technical people in your organization.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this week’s Reimagining Cyber podcast, we hear from BCG Platinion Managing Director, Nadya Bartol, who shares some wise tips on measurement best practices and how to keep your cybersecurity game strong.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this week’s Reimagining Cyber podcast, Ron Ross, Computer Scientist and a fellow of NIST is back! In this episode, he expands on his previous discussion about strengthening cybersecurity

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

With guest John Pescatore, Director of Emerging Technology at SANS in Washington, D.C.. Pescatore speaks with Rob Aragao and Stan Wisseman about the recent SolarWinds security breach, how to mitigate against attacks, and three key tenants of a cybersecurity program: people, process and technology.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

With guest Ron Ross, Computer Scientist and Fellow at the National Institute of Standards and Technology (NIST). Ron, Stan and Rob discuss the four goals of a strong cyber strategy.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Join us for episode #2 of Reimagining Cyber, where we hear from Jim Routh, Head of Enterprise Cybersecurity at MassMutual. As a leader in the Cyber Security space for over two decades, Jim has experienced it all, from facing the Office of the Comptroller of the Currency (OCC) on his second day in his first CISO role to shifting executive mentality around risk profiles and cyber-attacks. 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Join us for the inaugural episode of ReimaginingCyber, hosted by Chief Technology Strategist’s Stan Wisseman and Rob Aragao. In this episode, hear from John Delk, General Manager of Micro Focus’s Security business, as he discusses cyber resiliency, industry trends, and the impact of COVID-19 on the Security field.This podcast is brought to you by Micro Focus where our mission is to deliver cyber resilience by engaging people, process and technology to protect, detect and evolve.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]