DrZeroTrust

The dog barks, like always.  What is the Zero Trust market map?  How about Microsoft's new CVE issue, is that something that we should have fixed years ago (the answer is hell yes).  Can I find vulnerable assets with no authentication in real time?  Forrester research published some great data on enterprise breach activity globally, what does it mean and how should we think about it?  What about cyber and nuclear threats, do those relate?  Those questions and more on this episode.

Is cyber insurance worth it?  Do insurers actually know what they are doing, and why are policies not being honored?  Is a strategy useful for better security and helping lower a premium?  What data is being used to validate a policy, or is that even a thing?  Is this a big deal for small business, or is cyber insurance better suited for enterprises?  And am I wrong by saying it's a "rip off"?  Those questions and more on this very cool episode.

Working with big enterprise ZT, how does one engage the leadership effectively?  Is this about more tech?  Who holds the keys to the kingdom on budget?  Where does it make sense to start with a big time roll out?  How hard is it to get ZT in place?  How long is the journey?  Where does one go after they solve their first problem?  And why is Sean Connery on the line for this call?

"The Devil Never Sleeps" is one of the best books out there that can help us better understand how to deal with today's never ending threats.  Juliette Kayyem has done a great job of helping break down a variety of past historical issues and applied realistic and insightful ways to help her readers think more intelligently about accepting the threats and dealing with them, rather than being fearful of them.  Her book is a must read, go get your copy now!

Is #zerotrust happening in Australia?  What problems do the folks doing the work run into?  How does he deal with the business side of the issues he face?  Where did he start?  How should one go about discussing security strategy with folks that aren't in our space?  And what is a no no for getting things done when collaborating with business leaders?

What should we take from the Okta situation?  More legislation to mandate training for government cyber security, really?  Too many agencies are getting involved in cyber, right?  What about the White House's "guidance" on the Russian threats?  Deepfakes and disinformation can influence actual combat, say what?  More bad hiring practices in cyber and some real issues with state and local cyber practices.  Check it out!

Why isn't cyber getting any better nationally with all this legislation?  How should we view CISA's new rules?  What about the Committees that congress and the Senate sit on?  Analysis on a deepfake that has some very interesting implications.  Where can we do better?

Where can you go to learn how to "do" a deepfake, I'll tell you, but be careful.  My thoughts on "getting involved in the conflict" in Ukraine from a cyber perspective.  The Conti group had a leak and some great reporting was published on it, wow!  Analysis on wiper malware, and the "most advanced malware ever", lol.  Also, some finer points on what Zero Trust means and how to enable this strategy from a variety of vendors, and a new report on 9 steps to ZT, most of them are business related!  Say what?

Zero Trust world was a blast, well done Threatlocker!  Microsoft has done some great work in helping people to understand Zero Trust.  Misinformation for critical infrastructure and corporate security is hard to do without a solid technology in place, especially at scale.  Reference architectures for Zero Trust are available.  Is the IRS the agency that can finally help with the ransomware problem and crypto crime?  The Justice Department's three year plan to move to Zero Trust and how they are approaching the issue, and an example of a state and local government that is enabling Zero Trust.  Check it out!

#cyberwarfare and first strike capabilities in the Ukraine conflict?  Finding vulnerable SCADA and electric systems in @shodan isn't hard, how much is out there?  How did the #fbi get back stolen #crypto?  Should we be "afraid" of hacking and cyber threats (weird things are happening everywhere lately, are you worried)?  Some tips on how to read through congressional documents that are available on the hill.  Also, some pork that is being tossed into the new protecting America act that has been passed.  Lastly, how should we think about getting and using threat intelligence without paying for it.  Check it out!