From Paul's Security Weekly
Jump to: navigation, search

Recorded October 23, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting, selecting the webcast drop down from the top menu bar and clicking registration.

    Enterprise News

    1. ManageEngine launches holistic take on privileged access security
    2. Trend Micro Buys Cloud Conformity | FinSMEs
    3. Avast Faced A Security Breach Aiming At Messing Up Its CCleaner
    4. Bugcrowd Enters the IT Asset Discovery Business
    5. Recorded Futures Enhanced Partnership With ServiceNow Reduces Organizational Risk
    6. Sophos Cloud Optix Now Available on AWS Marketplace
    7. (2) New Messages!

    Interview: Erich Anderson, ObserveIT

    Erich Anderson is the Insider Threat Principal at ObserveIT
    Erich Anderson serves as a professional consultant for ObserveIT who brings experienced information security knowledge of over 15 years around Insider Threat, cyber security and risk mitigation.
    Previously, Mr. Anderson was responsible for running fusion, analytics, and mitigations at the FBI where his leadership, teams and platforms assisted numerous insider threat investigations, e-discovery requests and complex technical challenges on a regular basis. He is known to build effective insider threat programs and assisted in the creation of national policy and minimum standards for insider threat as directed via EO 13587 and was a founding member of the National Insider Threat Task Force.

    Segment Topic:
    Insider Threat (whistleblowers)

    Segment Description:
    Plan to start with the foundational elements of an insider threat program
    • Authorities, Processes, Staff and Operations
    1. This is commonly overlooked area for insider threat programs
    2. Explore the types of protections employees have in an organization
    3. There are very limited laws and regulations at the Federal level, more at the State level but still not enough
    4. Mention of some of the laws, no deep dive here
    5. Talk about potential processes for whistleblowers (from a program and individual point of view)
    6. Talk about retaliation
    7. Explore some movies that showcase Whistleblowers

    Interview: Kevin O'Brien, GreatHorn

    Kevin O'Brien is the CEO & Co-Founder at GreatHorn
    Currently CEO and co-founder of email security company GreatHorn, Kevin O’Brien is a frequent speaker, commentator, and author that advises customers and the public on data security and privacy issues. With 20 years of deep cybersecurity expertise, most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec), Kevin also serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group. Beyond security, he holds a black belt in the Japanese martial art of Aikido and is also an amateur wood worker.

    Segment Description:
    • Pen testers and phishing
    • Social engineering and why user training isn't the answer
    • In moments of stress, you should rely on your training, but perspective is lost in the moment of pressure
    • What to look out for in an email (for the non-technical person)