SCW Episode2

From Security Weekly Wiki
Revision as of 15:35, 8 October 2019 by Matt (talk | contribs)
Jump to navigationJump to search

Recorded on October 8, 2019, @G-Unit Studios in Rhode Island!

Hosts

  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Scott Lyons
    CEO at Red Lion
    MISTI Instructor
    Patent Holder
  • Josh Marpet
    COO at Red Lion
    IANS Faculty
    Blockchain Patent Holder
    MISTI Instructor
    Entrepreneurship Curmudgeon
    Board Member BSidesDE
    Board Member BSidesDC
    Ex-cop and Fireman
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Alexander Niejelow, SVP for Cybersecurity Coordination and Advocacy, Mastercard 12:00-12:30PM

    Alexander Niejelow
    is the Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard.

    Alexander Niejelow is senior vice president for cybersecurity coordination and advocacy. In this role, Alex is responsible for coordinating cybersecurity matters across Mastercard’s business units and departments, as well as the company’s global safety, security and technology advocacy efforts. He is a member of the Mastercard Security Council; the executive leadership team responsible for managing company’s global security priorities.

    Prior to joining Mastercard, Alex was director of cybersecurity policy on the National Security Council at the White House, where he focused on efforts to advance the Administration’s cybersecurity, technology, and trade policy priorities. He also served as chief of staff to the U.S. Intellectual Property Enforcement Coordinator, where he helped coordinate the U.S. Government’s intellectual property policy and enforcement strategies beginning in 2012.

    Interview Topics:

    • Cybersecurity Talent Initiative

      Segment Description:
      The Cybersecurity Talent Initiative is the first-of-its-kind public-private partnership aimed at recruiting and training a world-class cybersecurity workforce. The program is a selective opportunity for students in cybersecurity-related fields to gain vital public and private sector work experience and even receive up to $75,000, inclusive of tax, in student loan assistance.

      Participants selected for the program will be guaranteed a two-year placement at a federal agency with cybersecurity needs. Before the end of their federal service, participants will be invited to apply for full-time positions with the program’s private sector partners. Participants hired by these companies will also receive student loan assistance.
      By working for some of the most important federal organizations and cutting-edge private sector companies, participants develop the skills and knowledge needed to protect our country’s digital infrastructure and tackle global cybersecurity threats.


    Segment Resources:

    Interview Questions

    Background

    1. How did you get your start in cybersecurity?
    2. What is your background?
    3. Where do you stand on the continuum of compliance and security?

    Problem

    1. What problem(s) do you see? What are you trying to solve?

    Solution

    1. Describe what you are doing to tackle the problems?

    Wrap-Up

    1. Where do you see these programs going?
    2. What are keys to their success?
    3. How can we help?
    4. How can our listeners help or get involved?

    Security & Compliance News 12:30-1:00PM

    Jeff's Stories

    1. New York’s Breach Law Amendments and New Security Requirements
    2. Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability
    3. Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients
    4. Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches
    5. The Human Factor of Cyber Security

    Matt's Stories

    1. Cyber Risks Force Banks to Rethink Vendor Relationships
    2. THE OFAC COMPLIANCE FRAMEWORK: ELEMENT 1 – MANAGEMENT COMMITMENT
    3. FFIEC Issues Press Release on Cybersecurity Preparedness Assessments (and Muddies the Waters)
    4. What Indicators Can I Reference to Gauge My Organization’s Security Posture?
    5. Court of Justice of the EU: Detailed Consent Needed for Cookies
    6. PCI Security Standards Council Launches New Assessor Qualification Program to Support The PCI Software Security Framework

    Josh's Stories

    PSD2 and Tech Giants. Who will win this battle?

    Scott's Stories

    1. CCPA could cost compaines 55 billion
    2. American express insider breaches cardholder information
    3. Common pitfalls of security monitoring