ESWEpisode158

From Security Weekly Wiki
Jump to navigationJump to search

Recorded October 23, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. ManageEngine launches holistic take on privileged access security
    2. Trend Micro Buys Cloud Conformity | FinSMEs
    3. Avast Faced A Security Breach Aiming At Messing Up Its CCleaner
    4. Bugcrowd Enters the IT Asset Discovery Business
    5. Recorded Futures Enhanced Partnership With ServiceNow Reduces Organizational Risk
    6. Sophos Cloud Optix Now Available on AWS Marketplace
    7. (2) New Messages!


    Interview: Erich Anderson, ObserveIT

    Erich Anderson is the Insider Threat Principal at ObserveIT

    Erich Anderson serves as a professional consultant for ObserveIT who brings experienced information security knowledge of over 15 years around Insider Threat, cyber security and risk mitigation.
    Previously, Mr. Anderson was responsible for running fusion, analytics, and mitigations at the FBI where his leadership, teams and platforms assisted numerous insider threat investigations, e-discovery requests and complex technical challenges on a regular basis. He is known to build effective insider threat programs and assisted in the creation of national policy and minimum standards for insider threat as directed via EO 13587 and was a founding member of the National Insider Threat Task Force.

    Segment Topic:
    Insider Threat (whistleblowers)

    Segment Description:
    Plan to start with the foundational elements of an insider threat program

    • Authorities, Processes, Staff and Operations
    1. This is commonly overlooked area for insider threat programs
    2. Explore the types of protections employees have in an organization
    3. There are very limited laws and regulations at the Federal level, more at the State level but still not enough
    4. Mention of some of the laws, no deep dive here
    5. Talk about potential processes for whistleblowers (from a program and individual point of view)
    6. Talk about retaliation
    7. Explore some movies that showcase Whistleblowers


    Interview: Kevin O'Brien, GreatHorn

    Kevin O'Brien is the CEO & Co-Founder at GreatHorn

    Currently CEO and co-founder of email security company GreatHorn, Kevin O’Brien is a frequent speaker, commentator, and author that advises customers and the public on data security and privacy issues. With 20 years of deep cybersecurity expertise, most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec), Kevin also serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group. Beyond security, he holds a black belt in the Japanese martial art of Aikido and is also an amateur wood worker.

    Segment Description:

    • Pen testers and phishing
    • Social engineering and why user training isn't the answer
    • In moments of stress, you should rely on your training, but perspective is lost in the moment of pressure
    • What to look out for in an email (for the non-technical person)