DtSR Episode 418 - TPA Another Security Inflection Point
39 min

Prologue

This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happening right now. As you may notice, everything about security is changing, especially in the AppSec space... listen in and you'll hear John's thoughts on a very interesting time to be in the industry.

Evolve, or die... 

Guest

CISO-Security Vendor Relationship Podcast
CISO-Security Vendor Relationship Podcast
Mike Johnson and David Spark
Why Is 'Pay the Ransom' In Next Year's Budget?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/why-is-pay-the-ransom-in-next-years-budget/) With 25 percent of ransomware victims paying the ransomware, have we waved the white flag to the attackers? Should we just budget for it? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Les McCollum (@doinmorewithles), managing vp, CISO, ICMA-RC. Thanks to our sponsor, BitSight. BitSight is the most widely used Security Ratings service with a mission to change the way the world addresses cyber risk. Learn how BitSight for Third-Party Risk Management helps you efficiently mitigate the growing risk across your vendor ecosystem by taking an automated, data-driven approach. On this week’s episode Why is everybody talking about this now Are culture fit and diversity mutually exclusive? Allan Alford, co-host of Defense in Depth podcast, brought up the conversation of needing diversity in all areas: age, gender, ethnicity, city vs. country, country of origin, military vs. civilian, college educated vs. self-taught, socioeconomic status, and disabilities. But at the same time, I'm thinking we NEVER see those types of groups hanging out together or getting along. So how do you create a culturally sane group among such a diverse group? People are tribal by nature and even if you're successful creating diversity on your team they're going to bond with people of similar types. Won't this introduce new problems? If you haven’t made this mistake you’re not in security At the end of the year when you look at your security budget, what are the costs you didn't expect or budget appropriately at the beginning of the year? On CSO Online, John Edwards has an article about seven overlooked cybersecurity costs that may bust your budget. He mentioned items such as staff acquisition and retention, incident response, third-party analysis, and replacement costs. What has been a surprise for you and has adjusting things for the next year helped, or is there always a surprise? Which is the one everyone should prepare for but they don't? More bad security advice Over a quarter of companies that fall victim to ransomware, pay the ransom, according to a study by Crowdstrike. In a discussion thread on reddit, user yourdigitalmind said they had a client who remarked, "WHEN we get hit, it will force us to start doing things right, but right now, it's cheaper'" So he's accepted being hit by ransomware is inevitable. That falls in line with Crowdstrike's study that found after a ransomware attack 75 percent of the victims do increase their security spend on tools and hiring. Humor for me a moment. Most of us do not want to pay the ransom, but sometimes you can't think of the greater good and you have to think of the survival of the business. Is this where I should put my marketing dollars? What types of vendor stories do you respond to? I bring this up because Mike O'Toole, president of PJA Advertising wrote a great piece about how to build a cybersecurity brand story. In the article, he offers up some really good advice such as "Position yourself against the category, not just your direct competitors," "Fear gets attention, but opportunity can drive purchase behavior," and "The strongest brand stories are about market change." Which advice most resonates with how you're pitched, and can you think of either a customer story or offering that you overheard that pushed you into exploring a vendor's solution?
34 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model
https://www.hak4kidz.com/activities/cdcedu.html Online CTF training using Cisco’s Workshop platform. They did something similar in Spring of 2020. There will be an online panel where kids can ask questions about information security. Occurs on December 12th. Check out the link for more info. Robert M. for upping his patreon to $5 Top 25 Data Security Podcasts You Must Follow in 2020 (feedspot.com) @byt3bl33d3r (Marcello Salvati) @porchetta_ind (porchetta Industries) info@porchetta.industries Wanna sponsor CrackMapExec? Sponsor @byt3bl33d3r on GitHub Sponsors Github sponsors: GitHub Sponsors Introducing Sponsorware: How A Small Open Source Package Increased My Salary By $11k in Two Days | Caleb Porzio How is this different than shareware? “As a developer of one of these tools, you obviously start questioning your life decisions after a while. Especially after putting so much time into these projects.” Adblockers installed 300,000 times are malicious and should be removed now | Ars Technica (spent years supporting the app… the vitriol from ‘unpaid customers’ is deafening… Should be required reading for anyone wanting to open source anything.) [Announcement] Recent and upcoming changes to the Nano projects · Issue #362 · NanoAdblocker/NanoCore (github.com) Business model for typical opensource projects. Where’s the chain broken at? Devs who expect help/support for their project? “Many eyes make for less vulns” (LOL, sounds good, not true anymore --brbr) What is the ‘status quo’ of OSS infosec/hacking tool developer community (in your opinion)? Pull requests, what is ‘meaningful’ contributions? What is the definition of ‘widely-used’? Why support widely-used OSS hacking tools? (2) Marcello on Twitter: "Well also be encouraging community contributions to those same tools by giving out 1 @offsectraining training voucher per quarter to whoever submits the most meaningful pull request to any of the tools in the @porchetta_ind Discord server" / Twitter And now for something completely different... (porchetta.industries) Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec #cybersecurity #informationsecurity #leadership #podcasts #CPEs #CISSP #porchetta #training #sponsorship #github #opensource #crackmapexec #byt3bl33d3r #marcelloSalvati
29 min
Cyber Security Interviews
Cyber Security Interviews
Douglas A. Brush | Weekly Interviews w/ InfoSec Pros
#103 – Jeff Hussey: Try Not To Make More Than One Mistake In a Row
https://www.linkedin.com/in/jeff-hussey-a6628a7/ (Jeff Hussey) is the President and CEO of https://tempered.io/ (Tempered). Jeff, the founder of https://www.f5.com/ (F5 Networks), is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, nonprofit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of https://www.ecofiltro.com/ (Ecofiltro) and https://www.puravidacreategood.com/ (PuraVidaCreateGood). Jeff also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington. In this episode, we discuss adjusting to a remote workforce with a start-up, founding F5 Networks, developing a userbase community, tips for information security product success, IoT and OT cybersecurity, the https://www.security7.net/news/what-is-host-identity-protocol-hip (Host Identity Protocol), healthcare security, prioritizing efforts as a founder, what gets him out of the bed in the morning, and so much more! Where you can find Jeff: https://www.linkedin.com/in/jeff-hussey-a6628a7/ (LinkedIn) https://tempered.io/company/#press-room (Tempered)
47 min
More episodes
Search
Clear search
Close search
Google apps
Main menu