Difference between revisions of "BSWEpisode155"

From Security Weekly Wiki
Jump to navigationJump to search
 
(2 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
== Episode Audio ==
 
== Episode Audio ==
  
<!--<div align="center">
+
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=543346953
+
|id=726170146
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 12: Line 12:
 
}}
 
}}
 
</div>
 
</div>
-->
+
 
 
== Hosts ==
 
== Hosts ==
{{Template:Matt}}
 
 
{{Template:JasonA}}
 
{{Template:JasonA}}
 
{{Template:Paul}}
 
{{Template:Paul}}
Line 29: Line 28:
 
= Leadership Articles =
 
= Leadership Articles =
 
<!--<center>{{#ev:youtube|Rr3VkFPCT44}}</center>-->
 
<!--<center>{{#ev:youtube|Rr3VkFPCT44}}</center>-->
 +
{{Template:BSWPaul155}}
 
<br>
 
<br>
 
{{Template:SocialMedia}}
 
{{Template:SocialMedia}}

Latest revision as of 16:44, 13 January 2020

Recorded December 9, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: John Ramsey, National Student Clearinghouse

    John Ramsey
    is the Chief Information Security Officer at National Student Clearinghouse.

    John Ramsey is the Chief Information Security Officer (CISO) for the National Student Clearinghouse. Prior to this, he served as the CISO for the U.S. House of Representatives. He was selected as one of the top 100 CISOs globally for 2017 and only one of two government CISOs selected.

    Prior to the House, John has worked in the IT security field for over 25 years. He’s managed security operations for the Department of the Army and Department of State while also serving as the CISO for the Federal Retirement Thrift Investment Board, which oversees the world's largest defined contribution retirement plan at $480 billion for 4.8 million people. He strives to increase his security expertise and work with the philosophy that "Business needs drive IT versus IT driving the business needs." The security slant is that the IT Security team needs to ensure the business needs can operate safely and securely WITHOUT hindering functionality.

    Segment Topic:
    Security in Education

    Segment Description:
    Cybersecurity issues occur everywhere. Within the Education industry, we're more susceptible to being a target than most people realize.


    Leadership Articles

    1. Security Think Tank: In-depth protection is a matter of basic hygiene - Defining "The Basics" is one thing, understanding what level of protection it gives you is another:Start with the basics:
      1. The IT estate is up to date with software and firmware patches.
      2. All default passwords have been changed.
      3. IT administrators and technicians have two accounts, one for day-to-day (email, report writing, and so on) and one for working on the IT estate.
      4. Only IT administrators and technicians have administrator privileges in the live network (users must not be given administrator access, even to their own company-provided PC).
      5. Good password policies are enforced, together with user access privileges and function (for example, sales should not be able to access HR files and people who only need to read files are restricted to read only).
      6. Unused accounts are regularly decommissioned or removed from the access control system.
      7. The IT estate as a whole is regularly backed up and there are easy-to-access policies, standards, procedures and work guides which are maintained and used.
    2. To Build a Strong Culture, Create Rules That Are Unique to Your Company - Could be unique to your team, provided it is aligned with the company goals and culture: Horowitz’s argument is as simple as it is powerful: You can’t create something unique and compelling in the marketplace unless you first create something unique and compelling in the workplace. Truly great organizations work as distinctively as they hope to compete.
    3. Is Air Gapping Really a Solution?
    4. Cyber security: How to avoid a disastrous PICNIC
    5. Why Working Alone Is Smart: 4 Strategies to Find Time for Yourself
    6. What isn't 'as a Service' in enterprise technology? - Failure to adopt to the trend will come at a price, according to the tech leaders, who fear lagging adoption will bring about higher costs of maintenance (41%), office space (33%) and power (31%). It will also make their companies more susceptible to cyberattacks in the future, 35% of respondents said. - Remember, those percentages are not 100%, the "as a Service" decision is a case-by-case basis.
    7. the 3 lists you should be making - I liked one of the graphics here, it suggests a matrix for urgent/not urgent and important / not important. Delegate the tasks that are urgent, but not important. Great ;TLDR: Short-term priorities (break into errands/actual priorities): Don’t focus 100% of your time on these — make sure you’re prioritizing them and working on items that came from list #2 as well. Long-term priorities (things that will move the needle but aren’t necessarily urgent): Break these down into short-term priorities so you will get them done. Things you’ve done: Reflect on these and figure out if you’re spending your time on the appropriate things.
    8. 100 Customers hit by Ransomware Attack MSP - Sometimes saving some $$ upfront is not the best decision. Look at the long term and host with a reputable provider that can grow with you and offer more, and better, services to accommodate growth and more importantly stability and security.
    9. Enterprises muddled over cloud security responsibilities - We talked about this last week, what really got me the second time was how many companies believe they are "cloud-first" or "Already all in the cloud". What does that really mean? Does it matter?
    10. Screw Productivity Hacks: My Morning Routine Is Getting up Late - I love this article: I am not an early riser. I don’t find mornings invigorating, I don’t do yoga with the sun coming up, I don’t read the paper in a quiet corner or sip on hot coffee as I check my email. I hate that shit.


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+