The ITSPmagazine Podcast

During his keynote at Black Hat 2022, former CISA Director, Chris Krebs, will reflect on 25 years of the information security community, discussing today’s risks and trends and what they mean for tomorrow’s network defenders. We get a sneak peek into some of these items during this Chats on the Road to Las Vegas.Chris Krebs is a Founding Partner of Krebs Stamos Group, founded in 2020 alongside Alex Stamos. He was the first director of U.S. Cybersecurity and Infrastructure Security Agency (CISA), leading the nation’s civilian cyber defense and business resilience and risk management efforts. He will give his talk “Black at 25: Where Do We Go from Here?” on Wednesday, Aug. 10 at 9 a.m.About the keynote, "Black Hat at 25: Where Do We Go from Here?"For twenty-five years, the InfoSec community and industry have been gathering here in the desert. For twenty-five years, we have chipped away at underlying insecurities in the technologies we use every day with new vulnerability research and adversary insights. For twenty-five years we’ve seen vendors and software firms roll out new products and protections. With the last twenty-five years as prologue and as we look forward to the next twenty-five years, we have to ask ourselves: are we on the right track?We certainly aren’t set up for success, given society’s insatiable and almost pathological need to connect everything. We’re constantly serving up more attack surface to the bad guys and always cleaning up after business decisions that we know will drive bad security outcomes. All the while factors out of our hands – namely global market realities and shifting geopolitical dynamics – wreck nearly overnight carefully orchestrated business plans and national strategies. The last few years of geopolitical chaos and autocratic retrenchment might look like the good ol’ days by the end of the 2020s.This talk will work through today’s risk trends and what they mean for tomorrow’s network defenders, suggesting along the way the needed shifts in both mindset and action to successfully deliver better outcomes while recognizing that we’re going to be forever operating in a contested information environment. To rip off a Mitch Hedberg joke (RIP), maybe over the next twenty-five years we can build a safer, more resilient technological future where systems and infrastructure behave more like escalators: when they break, they turn into stairs.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestChris KrebsFounding Partner, Krebs Stamos Group [@KrebsStamos]On LinkedIn | https://www.linkedin.com/in/christopherckrebs/On Twitter | https://twitter.com/C_C_Krebs____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesKeynote | Black Hat at 25: Where Do We Go from Here?https://www.blackhat.com/us-22/briefings/schedule/index.html#keynote-chris-krebs-28699____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Darryl started his journey in the US Army as a tank driver, pistol instructor, and pathfinder, and then discovered information systems which would be a pivotal moment in his role.Darryl's extensive IT experience and Active Directory expertise would lead him to a role in cybersecurity as an Active Directory Security expert. In this episode Darryl shares how the technology needs to be understood before you can truly understand how to secure it or test its security._______________________GuestDarryl BakerSecurity Consultant at Trimarc [@TrimarcSecurity]On Twitter | https://twitter.com/DFIRdeferredOn LinkedIn | https://www.linkedin.com/in/dbaker-cissp-ceh/______________________HostPhillip WylieOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie______________________This Episode’s SponsorsBugcrowd 👉 https://itspm.ag/itspbgcweb______________________Resources______________________For more podcast stories from The Hacker Factory with Phillip Wylie, visit: https://www.itspmagazine.com/the-hacker-factory-podcast______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The state of enterprise and ICS cybersecurity across the public, private, and academia sectors; how to successfully share more information with each other, and so much more ... all on this week's episode with Chuck Brooks.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestChuck BrooksAdjunct Professor at Georgetown University’s Graduate Applied Intelligence Program [@GeorgetownSCS]On LinkedIn | https://www.linkedin.com/in/chuckbrooks/On Twitter | https://twitter.com/ChuckDBrooks________________________________HostAlyssa MillerOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-miller________________________________This Episode’s Sponsors________________________________Resources________________________________Watch the live stream webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllQyN9-nfFOIp711q65pTsSQFor more podcast stories from Securing Bridges Podcast With Alyssa Miller: https://www.itspmagazine.com/securing-bridges-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

It's usually the sum of the parts that paint the best picture and tell the best story. So what does the net sum game of the most recent report from BlackCloak tell us about the so-called gap between the work and personal lives of the executive?Sometimes, it's necessary to connect the dots to answer the questions we have. Sometimes we need to connect the dots to create the questions we need to be asking. In this episode, our guest, Dr. Chris Pierson, takes us through the results of their most recent report, Quantifying The Business Need For Digital Executive Protection, helping to make the connection between how threats and vulnerabilities originating in the personal digital lives of the corporate executive, Board Member, and high-profile employee add new risks to your organization that can lead to lost revenue, decreased productivity, disruption of business continuity and more.About the reportThe attack surface has expanded. The soft-underbelly of enterprise security is now the personal digital lives—the digital privacy, personal devices and home networks— of your executives, board members, and high-profile employees with access to finances, confidential information, and proprietary data.As protected as your company’s leaders are when inside the organization’s four walls, as soon as they head home or switch to working on their personal devices, home networks, or personal email accounts, the security team loses control, and both the individual and the company become exponentially more vulnerable.This report quantifies the personal digital privacy and cybersecurity risks to your executives and other high-value employees in their personal lives. It examines the specific threats posed to them as individuals and to the organization, while also highlighting potential business impacts of concern.Get ready for some number sharing. Prepare yourself for some storytelling. Brace yourself for the findings you may or may not have expected.Note: This story contains promotional content. Learn more.GuestChris PiersonOn Linkedin 👉 https://www.linkedin.com/in/drchristopherpierson/On Twitter 👉 https://twitter.com/drchrispiersonResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebDownload a copy of the BlackCloak Quantifying The Business Need For Digital Executive Protection Report here: https://itspm.ag/blackccyq6Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Vulnerabilities are discovered every day. Once found, they make their way into any number of databases that can be used to help organizations take action to put a patch in place... if one is available. But what about the case where the weakness is actively exposed or being exploited? This is where CSIRT.global comes in.Born from the work being done at the Dutch International for Vulnerability Disclosure (DIVD), a team of volunteers have decided to take things to the next level, helping organizations take action when action matters most ... when a vulnerability exists, when that vulnerability is being exploited in the wild, and when an organization is prone to (or is under) attack. That's when the email is sent from CSITR.global to the affected organization, letting them know what the team uncovered."We don't send marketing emails. We don't send emails promoting conferences. When a company gets an email from us, it really means something.” ~EwardThere's a lot going on in this process, from scanning the entire global Internet for every system exposed, identifying vulnerabilities on those systems, and mapping the proof of concept to those two results to determine whether or not an organization is vulnerable or is showing signs of having been compromised. The next piece of the puzzle is figuring out who or what is behind the IP address that was scanned and flagged. This isn't always easy given how IP addresses are assigned and looked up. The next piece of the puzzle is even harder, in that CSIRT.global needs to find a way to contact the affected entity that lives behind the IP address ... which department or person should receive the info and what is their email address? Good luck finding that in a pinch. And, to top it all off, the receiving party needs to trust that the email they received from CSIRT.gloal is both legitimate and must be taken seriously. The process is rooted in information and built on trust - which is one of the main reasons they sought and receive support from the Dutch government.It's this full circle scenario that delivers the real value provided by this group. It can scale to a global nature, but requires the help of the global community. Listen in to hear more about how this works, how to get involved, and how this non-profit organization is redefining cybersecurity.____________________________GuestsEward DriehuisFounder at 3Eyes Security and Chairman at CSIRT.globalOn LinkedIn | https://www.linkedin.com/in/ewarddriehuis/On Twitter | https://twitter.com/e3huisLennaert OudshoornCSIRT Coordinator And Webmaster at Dutch Institute for Vulnerability Disclosure (DIVD) [@DIVDnl]On Twitter | https://twitter.com/lennaert89On LinkedIn | https://www.linkedin.com/in/lennaertoudshoorn/____________________________This Episode’s SponsorsAsgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vcHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesCSIRT.global: https://csirt.global/ & https://www.divd.nl/DIVD: https://www.divd.nl/ and on LinkedIn: https://www.linkedin.com/company/divd-nl/May Contain Hackers (MCH2022) Hacker Conference: https://mch2022.org/#/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr. Wendy joins Jax and Erika to discuss her transition into the Cybersecurity industry, while sharing hot tips and tricks for our listeners. After earning her Ph.D. in medical genetics from Oxford University, she leveraged her analytics expertise and established a background in infrastructure and cloud security.Dr. Wendy’s impressive experience ranges from aerospace, healthcare, financial services, consulting, telecommunications, transport logistics, and national infrastructure. In this chat, she provides valuable feedback on entering the industry, establishing credibility through thought leadership, and getting more speaking engagements under your belt.__________________________GuestDr. Wendy NgPrincipal Cloud Security Architect at OneWeb [@OpenWebHQ]On LinkedIn | https://uk.linkedin.com/in/wendyng1HostsJax ScottOn ITSPmagazine  👉 http://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/jaclyn-jax-scottErika McDuffieOn ITSPmagazine  👉 http://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/erika-mcduffie__________________________Sponsors__________________________ResourcesArticles and Blogs: https://www.linkedin.com/in/wendyng1/detail/recent-activity/posts/__________________________For more podcast stories from 2 Cyber Chicks with Erika McDuffie and Jax Scott,  visit: 👉 https://www.itspmagazine.com/2-cyber-chicks-podcastFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this conversation, we explore the overall process for creating a culture where applications are secured from the beginning on through to monitoring and response:Which teams are involvedHow do secure products get defined from the beginning (PRDs, architecture, design, planning, etc.)How do they communicate/collaborate (tools/techniques)Tips and tricks to streamline processes, reduce human workload (aka automation)How to define and demonstrate success____________________________GuestsKristy WestphalVP Security Operations at HealthEquity and Adjunct Professor at Arizona State University [@ASU]On LinkedIn | https://www.linkedin.com/in/kmwestphalGiora EngelCEO & Co-Founder at Neosec [@neosec_com]On LinkedIn | https://www.linkedin.com/in/giorae/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebImperva: https://itspm.ag/imperva277117988Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc____________________________ResourcesOWASP API Security Project: https://owasp.org/www-project-api-security/OWASP Top 10: https://owasp.org/www-project-top-ten/White Paper | Scorched Earth: Hacking Banks And Cryptocurrency Exchanges Through Their APIs: https://knightgroup.app.box.com/s/mlmoa5vtw1ktqo8vcwcqtbex70mtvpo0API Security Fundamentals 2022: https://www.neosec.com/api-security____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/application-and-api-security-sometimes-we-see-the-risk-sometimes-its-hidden-inside-an-api-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tradition arrives again as we hit the road to Las Vegas to cover the biggest and most important hacker conference in the world: Black Hat. Celebrating its 25th (silver) anniversary, there is a lot to celebrate and absorb from this year's hybrid conference in Las Vegas and online. Join us as we connect with Black Hat General Manager, Steve Wylie, to get the latest on what everyone can expect this year.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestSteve WylieVice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________Resources____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As we continue this 2nd part of the conversation, we immediately kick things off with Gremlins and quickly move into real-world scenarios where bad bots wreak havoc by enabling high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, skewed marketing analytics, and degraded online services.The implications of account takeover (ATO) are also extensive, where successful attacks can lock customers out of their account, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.How can organizations — actually, the people in them that keep the business running — distinguish between real, authentic traffic versus something that's being driven by a bot? That's exactly what we talk about.We hope you enjoy this Part 2 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For as long as humans have walked the Earth, they have stared up at the night sky and drawn hope, inspiration, and a common sense of identity from it.Today, there are many efforts to revitalize and recognize Indigenous astronomical traditions worldwide. In this new era of space exploration, we must live up to those sacred words, "for all humanity."_______________________HostMatthew S WilliamsOn ITSPmagazine  👉 https://itspmagazine.com/itspmagazine-podcast-radio-hosts/matthew-s-williams______________________This Episode’s Sponsors______________________ResourcesNative Skywatchers: https://www.nativeskywatchers.com/Rothney Astrophysical Observatory - Indigenous Skies: https://science.ucalgary.ca/rothney-observatory/community/Indigenous%20Skies______________________For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.