Paul's Security Weekly #549
Recorded February 22, 2018 at G-Unit Studios in Rhode Island!
- Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
- Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW89AEE2 to get a $100 discount!
- InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!
- Security Weekly listeners save $100 off their registration for a full Conference Pass. Go to www.secureworldexpo.com and use the discount code SecurityWeekly, and join us at SecureWorld Boston!
Interview: Mary Beth Borgwing, Mach37 (Women in Cyber Con.) - 6:00PM-6:45PM
Mary Beth Borgwing, Executive Entrepreneur, Standish Cyber Corp Mary Beth Borgwing is an Advisor to MACH 37 and Center for Innovation (CIT) as the Cyber Executive Entrepreneur and serves as an advisor to many startups with Standish Cyber Corp. Borgwing is bridging the leadership gap and providing cybersecurity SME for new cyber products for private equity and venture investment as well as Fortune 1000 clients. Borgwing has served as executive leadership, CEO and board member of several technology and security companies: • President & CEO, board member for LemonFish, data breach discovery, AI and analytics proprietary product for finding your crown jewels, (IP) that are exposed on the open, deep and dark web. Company was acquired March 2017, private equity investors, LLR Partners and Egis Capital. • President of Cyber Risk Practice, Advisen, Ltd, cyber data analytics and technology company that focuses on data and risk analytics in the insurance industry. • Board Advisor, Chief Financial Officer at Vigilant (sold to Deloitte), a SEIM security company. Vigilant provides perimeter security for money-center financial institution, Federal Reserve Bank of New York, Global banks and hedge fund companies. • Board member, CFO of Sentillion (sold to Microsoft), a single sign-on security technology company. Raised $50+M, C round with Merrill Lynch Private Equity, Polaris Partners, InterSouth Partners, Dresdner Klein Worth. Mary Beth has extensive experience in equity funding, financing for technology companies, Enterprise Risk Management(ERM) and executive leadership in the cybersecurity sector. She brings decades of expertise to start-ups in strategy, operations, product development from building many technology companies in Boston, New York and Virginia. She is the Co-Chair Cyber Advisory Board, CompTIA, Advisor to ICMCP, International Minority Cyber Group and Eleven Canterbury, a technology international consultancy in NYC. Borgwing is a frequent speaker on cyber risk at global cyber conferences and contributing author to many national cyber publications.
- How did you get your start in information security?
- With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
- What are the weaknesses ransomware preys upon?
- What is a tabletop exercise?
- Why are they so useful for ransomware?
- For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
- How do you execute on the lessons learned in tabletop exercises?
Interview: Bruce Sussman, SecureWorld Boston - 6:45-7:45PM
Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. A journalist, certified meteorologist, and public speaker, Sussman has been telling stories about InfoSec and cybersecurity for several years now. He is SecureWorld’s MMJ (multi-media journalist) and leads media development at the company. “This is cybersecurity’s prime time,” he says. “The world depends on leaders in InfoSec. I cannot believe I get to interview so many of them at our regional cybersecurity conferences, as they share best practices with their peers.” Sussman graduated from the University of Missouri School of Journalism back in the dark ages. If you have a news tip for him, his email is email@example.com.
Security News - 7:45PM-8:30PM
- Quickjack Advanced Clickjacking & Frame Slicing Attack Tool
- How to Fight Mobile Number Port-out Scams
- Russians Hacked the Olympics
- Top Five Ways Security Vulnerabilities Hide in Your IT Systems
- Attackers Using Memcached Servers to Amplify DDoS Attacks
- GitHub Hit By Largest DDoS Attack Ever Recorded at 1.35 Tbps
- Two Thirds Of Organizations Not Prepared For GDPR Right To Be Forgotten
- 23,000 HTTPS Certs Will Be Axed In Next 24 Hours Amid Bitter Turf War
- Bad AI is still AI
- Detecting Lateral movement
- combine this with even better FB facial recognition...
- Bettercap 2.0!
- Cert compromises and a bit WTF moment - Also, more findings and WTAF
- FUD or REAL: N. Korean malware can jump air gaps
Don't forget your CPE's! Chip writes in: "You might remind your listeners, at least those with one or more security related certifications, to keep track of their listening and submit the hours they spend watching/listening as CPE hours to their various agencies. I racked up 35 hours in the last few months of last year.
I listen on my iphone, enter the listen date, show date, and duration into a spreadsheet and total it up every once in a while and submit it.
I’ve heard from several peers that they forgot to do CPE work for their CISSP and had to do a mad scramble in the month(s) before their 3 year cert expired. While keeping track of listening isn’t what I would call fun it is certainly better than going through hell at the end of the cycle.
I have CISSP, PCI-C, and CIPT certifications - I’ve submitted my PSW listening to all of them. "