- 1 Paul's Security Weekly #546
- 2 Announcements
- 3 Interview: Mark Arnold & Will Gragido, InfoSecWorld Speakers - 6:00PM-6:45PM
- 4 Tech Seg: Want to test the MITRE Attack technique matrix? Look no further than Caldera - 6:45-7:45PM
- 5 Security News - 7:45PM-8:30PM
Paul's Security Weekly #546
Recorded February 1, 2018 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
- Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
- InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!
Interview: Mark Arnold & Will Gragido, InfoSecWorld Speakers - 6:00PM-6:45PM
Will Gragido is an internationally recognized information security specialist. He has more than twenty years of experience network and host security, protocol analysis, incident response, design, penetration & red teaming, vulnerability and malware analysis, protocol exploitation, threat intelligence and counterintelligence. He began his career in the United States Marine Corps data communications security and intelligence community. After concluding his military service, Will began applying his skills in national and international consultancies, most notably as a Principal Consultant with the internationally acclaimed International Network Services. His work and experience also led to a contributing role in the creation of the internationally recognized risk management and assessment tool, Trust Check.
Will has worked with some of the industries most respected threat research organizations including the security practice at International Network Services (now BT INS), Internet Security Systems X-Force, McAfee, Damballa, Cassandra Security, HP TippingPoint DVLabs (now TrendMicro), and Digital Shadows. Most recently Will has returned to the world of product management taking on a strategic role with industry data protection luminaries, Digital Guardian.
Will is a sought after international speaker, author, and subject matter expert with years of experience working with the media. Recently, Will has appeared as a subject matter expert on ShowTime’s Darknet series discussing ransomware and has co-authored a number of papers and three books for Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats (Syngress, 2011), Blackhatonomics: An Inside Look at The Economics of Cybercrime (Syngress, 2012), and Threat Forecasting: Leveraging BigData for Predicative Analysis (Syngress, 2016).
Mark Arnold brings more than 20 years of technical and leadership experience to his role as a Senior Director of Security and Compliance and CISO at Navisite. Arnold oversees all aspects of security and compliance including managed security services, security product roadmap, and strategy development. He is building a cloud-focused security framework to mature the security postures of Navisite and its clients. Arnold’s broad security experience spans multiple disciplines, including project management, cloud security, identity and access management, network and application security, penetration testing methodology and risk assessment. Additionally, Arnold is an advisor for SOURCE Conference in charge of content. SOURCE Conference runs shows in 5 cities (Boston, Seattle, Mesa, Austin, and Dublin), bringing together security leaders, researchers, and hackers from cross disciplines. Arnold also serves as an Open Web Application Security Project (OWASP) Boston board member and content advisor to the Source Security Conference, giving him unique access to the security research community. Arnold leveraged this access to co-launch the Boston Application Security Conference (BASC) in 2010. Before joining NaviSite, Arnold served as a cloud security researcher building maturity models to help a broad array of verticals mature and grow efficient cloud security programs. Arnold has also held the role of director of information security at PTC. Before that, Arnold established and maintained vulnerability management programs and security engineering at Thermo Fisher Scientific and TJX, both Fortune 200 companies. Under Arnold’s leadership, TJX formed and led its first advanced threats team. Previously, Arnold served as regional security architect at Computershare, where he was responsible for building the company’s application security practice. He also worked as a security architect at @stake, which was acquired by Symantec in 2004. Arnold holds several industry certifications including the Certified Information Systems Security Professional (CISSP) from ISC2 and a Certified Information Security Management (CISM) from ISACA and the SANS Exploit Researcher and Advanced Pentesting (GXPN) certification. Arnold holds an A.M. and Ph.D. from Harvard University in Comparative Semitics where he was a Harvard Teaching Fellow. Arnold has a bachelor’s degree in electrical engineering from Stanford University and an MDiv from Princeton Theological Seminary.
- How did you get your start in information security?
- With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
- What are the weaknesses ransomware preys upon?
- What is a tabletop exercise?
- Why are they so useful for ransomware?
- For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
- How do you execute on the lessons learned in tabletop exercises?
Tech Seg: Want to test the MITRE Attack technique matrix? Look no further than Caldera - 6:45-7:45PM
This fantastic tool automates the checks for a large portion of MITREs awesome framework.
Security News - 7:45PM-8:30PM
- This smart vibrator can be "easily" hacked and remotely controlled by anyone
- CT, MRI machines face the greatest risk of cyberattack, researchers warn | ZDNet
- Threat or menace? Autosploit tool sparks fears of empowered script kiddies
- Bitcoin exchange robbed by real-life bank robbers with real-life guns
- Subway Elevators and Movie-Plot Threats
- Subway Elevators and Movie-Plot Threats
- Deepfakes AI celebrity porn channel shut down by Discord
- Multiple vulnerabilities in 7-Zip. Get it updated now!
- Millennials, careless with passwords, spur shift to biometrics study
- What is microsegmentation? How getting granular improves network security
- A real-life armed robbery of an online Bitcoin exchange
- California Senate defies FCC, approves net neutrality law
- NSA Exploit Use On Rise For Crypto Currency Mining
- Security Breaches Don't Affect Stock Price
- Dissecting the Latest Koobface Facebook Campaign
- Lies and More Lies
- First Jackpotting Attacks Hit U.S. ATMs
- Estimating the Cost of Internet Insecurity
- Releasing Autosploit: Threat or Menace?
- White House: Strava heat map is a "security risk" (Or is it?)
- IBMPCjr 0-day
- Cisco RCE - also this
- Time to update some TTPs
- Automated hash cracking with Hate_Crack
- SATAN of the future, aka dbautopwn? No, it's AutoSploit!
- Strava, but different. Sure, finding military bases are awesome, but also reveals so much more. Turn this to the personal stalky side too.