SCWEpisode19

From Security Weekly Wiki
Revision as of 16:44, 3 March 2020 by Matt (talk | contribs)
Jump to navigationJump to search

Recorded on March 3, 2020, @G-Unit Studios in Rhode Island!

Reflections on RSAC!!!! Let's talk about the grand festival of infosec consumerism that is RSA Conference!!! Was it worth catching the Coronavirus? And if so, did you use a lime!???

Hosts

  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Scott Lyons
    CEO at Red Lion
    MISTI Instructor
    Patent Holder
  • Josh Marpet
    COO at Red Lion
    IANS Faculty
    Blockchain Patent Holder
    MISTI Instructor
    Entrepreneurship Curmudgeon
    Board Member BSidesDE
    Board Member BSidesDC
    Ex-cop and Fireman
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Discussion:

    Compliance News

    Jeff's Stories

    1. Dear passwords: Forget you. Here's what is going to protect us instead We promote 2FA but is the issue really which single form is most reliable?
    2. Why ‘no breach’ is bad news for your compliance So a certain amount of FUD is a good thing?
    3. Absolute Survey at RSA Conference 2020 Reveals More than Half of Respondents Very Concerned About the Security of Endpoints
    4. Time for cybersecurity to take back control of its story Because it's not everyday you are cited in the same article as Sulu!

    Matt's Stories

    1. Cyberinsurance coverage reflects a changing threat landscape
    2. The greatest contest ever – privacy versus security

    Scott's Stories

    1. How Compliance Programs Can Create a Better Business Culture "I believe the way we are measuring companies today is this huge force that blinds people from being good people. And we have to find a way to counter this."
    1. Spacex-contractor-hit-by-data-breach "...Rapid7 principal security researcher, Wade Woolwine, argued the case highlights the importance of conducting full incident investigations for all security breaches...."
    2. The Home Office GDPR Violations "...Between March 30 and August 31 2019 the government department admitted a catalog of errors including misplaced passports, documents sent to the wrong recipient’s address and unauthorized disclosure..."
    3. Canada-oag-runs-on-dos "...You can’t turn to a supplier and get updates, because they don’t exist. That’s our reality,..."

    Josh's Stories

    1. Health compliance measures to improve pandemic recovery and reduce issues
    2. World Bank pandemic awareness
    3. IS coronavirus not a flu? Hmmm
    4. The CDC has a specific page for Coronavirus!
    5. Decision science for pandemic planning to mitigate - This is how we do compliance planning!