Security Matters

Too often when we think of the human element in cybersecurity it's the insider threats. But more often it's the hardworking protectors inside the organization who, while passionate about their jobs, would rather work to live rather than live to work. Although that reality can easily flip due to the nature of the cyber world. That's where today's guest Omar Khawaja, who’s been the CISO at Highmark Health for nine years, comes into the picture. As you'll hear, Khawaja’s been on the cutting edge of cultivating talent and creating a cyber culture that empowers the human element of an organization with more than 37,000 employees. What you'll learn: How the power of language, relationships and story can be used to effectively communicate cybersecurity strategies and best practices with partners outside of the space. And how the benefits of this can lead to better culture, retention of talent and business growth.  

Today's episode is a bit of a year-end cybersecurity fortune cookie. Its focus is an attack trend that's surged in 2022: Cookie hijacking (aka stolen cookies). Session cookies, that is. And it’s an attack trend CyberArk Labs researchers predict will continue to flourish in 2023. To dig into the stolen cookies trend and what's coming next, host David Puner talks with VP of CyberArk Red Team Shay Nahari, and Research Evangelist of CyberArk Labs, Andy Thompson, both of whom have spent a considerable amount of time popping the hood on the trend. And it's something you should be thinking about too in preparing for 2023 cybersecurity challenges.

In the spring of 2022, Costa Rica was hit with a series of large-scale, long-lasting ransomware attacks, which wreaked havoc on the government and healthcare system – and paralyzed imports and exports. The ripple effects were far-reaching and the economy was crippled. President Rodrigo Chaves declared a national state of emergency. Trust was shaken. On today’s episode, Vinicio Chaves Alvarado, acting CISO at BAC Credomatic, the Costa Rica-based international bank, talks with host David Puner about being on the frontlines of stabilizing and building back trust. As he puts it, "We are not only cybersecurity professionals – we not only create cybersecurity controls or detect or react to threats. We create trust."

Being a Chief Information Security Officer is a tough job. CISOs are on the front lines, protecting against the unknown day after day, week after week. It's no wonder mental health issues such as depression and anxiety are surging in our industry. There are a lot of things that need to change, but on a positive note, this once-taboo subject is starting to get the attention it so desperately deserves. This is in part thanks to security leaders like Kirsten Davies, CISO at Unilever, stepping forward. On today’s episode, host David Puner talks with Davies about some of her passions, including the humanization of the teams in our cybersecurity community. She's equally passionate about being an innovative cyber protector and finding solutions to the multitude of challenges high-level CISOs face on a daily basis. The timing of the episode is apropos because October is both Cybersecurity Awareness Month and Depression and Mental Health Awareness and Screening Month. Time to elevate this critical conversation, advocate against stigma, and bring awareness to the various resources available to those who need them.

Even when looking at layered enterprise solutions designed to thwart attacks and contain them, we must always go back to cybersecurity basics at the individual level. And that’s what, on today's episode, guest Bryan Murphy, CyberArk’s Senior Director of Architecture Services and Incident Response stops by to talk with host David Puner about. Murphy also dives into the importance of cyber hygiene as an essential preventive measure for protecting identities, as part of a defense-in-depth strategy. It’s a perfect fit for October, which happens to be Cybersecurity Awareness Month (CSAM). Raise your awareness and give it a listen!   

U.S. government agencies are warning that ransomware actors are "disproportionately targeting the education sector," especially K-12. That’s because sensitive student data, overworked staff and competing priorities make investing in cybersecurity talent and tools a major challenge. On today's episode, host David Puner checks in with Matt Kenslea, CyberArk's Director of State, Local and Education (SLED), for a discussion about these targeted cyberattacks, the challenges they pose – and what schools can do.

Len Noe – our favorite cyborg and CyberArk resident technical evangelist and white hat hacker – is back! On today’s episode, he’s talking with host David Puner about risky QR codes. On first blush it may seem like a simple subject, but attackers are having a field day with them and there seems to be a general lack of awareness about it. Help stop the havoc-wreaking and find out what you can do to protect yourself.

Sports, at their highest levels, are shaped by lifetimes dedicated to practicing, strategizing and anticipating. The same goes for cybersecurity. Although, in our world, it's not a game and there are no set parameters. On today’s episode, host David Puner speaks with Clarence Hinton, CyberArk Chief Strategy Officer, Head of Corporate Development about looking into the future and preparing for the unknown. Like hockey, it’s about skating to where the puck’s going – not where it’s been. 

If you're in the business of collecting consumer data these days, you better be in the business of protecting that data. Or you could find yourself with no business. On today's episode, host David Puner talks with Thomas Tschersich, Chief Security Officer of Deutsche Telekom (parent company of T-Mobile) and Chief Technical Officer of Telekom Security, about the new rules of data privacy and protection and how telecommunication providers must live and breathe trust as they operate critical infrastructure. 

Udi Mokady, Founder, Chairman, and CEO of CyberArk, delves into the fascinating world of identity security, where machine identities outnumber human ones by 45 times. He shares insights from the recent Impact Conference, emphasizing collaboration and innovative solutions in cybersecurity. The conversation uncovers rising challenges, spotlighting a ransomware attack on Costa Rica. Udi also discusses CyberArk's pivotal role in safeguarding businesses and the importance of proactive measures like zero trust in an evolving digital landscape, all while sharing a lighter note about guitar playing.